畜生行为啊

•

• root@linux:~/sftp# ll

• total 3340

• drwxr-xr-x 2 root root 4096 May 27 01:47 ./

• drwx------ 8 root root 4096 May 27 02:31 ../

• -rwxrwxrwx 1 root root 3980 May 27 01:56 config.json*

• -rwxr-xr-x 1 root root 410 May 27 01:47 xmrig_wrapper.sh*

• -rwxrwxrwx 1 root root 3401080 Apr 27 06:36 xmrigx86*

•

• root@linux:~/sftp# cat ~/sftp/config.json

• {

• "api": {

• "id": null,

• "worker-id": null

• },

• "http": {

• "enabled": false,

• "host": "127.0.0.1",

• "port": 0,

• "access-token": null,

• "restricted": true

• },

• "autosave": true,

• "background": false,

• "colors": false,

• "title": true,

• "randomx": {

• "init": -1,

• "init-avx2": 0,

• "mode": "auto",

• "1gb-pages": false,

• "rdmsr": true,

• "wrmsr": true,

• "cache_qos": false,

• "numa": true,

• "scratchpad_prefetch_mode": 1

• },

• "cpu": {

• "enabled": true,

• "huge-pages": true,

• "huge-pages-jit": false,

• "hw-aes": null,

• "priority": null,

• "memory-pool": true,

• "yield": true,

• "asm": true,

• "argon2-impl": null,

• "argon2": [0, 1],

• "cn": [

• [1, 0],

• [1, 1]

• ],

• "cn-heavy": [

• [1, 0],

• [1, 1]

• ],

• "cn-lite": [

• [1, 0],

• [1, 1]

• ],

• "cn-pico": [

• [2, 0],

• [2, 1]

• ],

• "cn/2": [

• [1, 0],

• [1, 1]

• ],

• "cn/gpu": [

• [1, 0],

• [1, 1]

• ],

• "cn/upx2": [

• [2, 0],

• [2, 1]

• ],

• "flex": [0, 1],

• "ghostrider": [

• [8, 0],

• [8, 1]

• ],

• "panthera": [0, 1],

• "rx": [0, 1],

• "rx/wow": [0, 1],

• "cn-lite/0": false,

• "cn/0": false,

• "rx/xeq": "rx/wow",

• "rx/arq": "rx/wow",

• "rx/keva": "rx/wow"

• },

• "log-file": null,

• "donate-level": 0,

• "donate-over-proxy": 1,

• "pools": [

• {

• "algo": null,

• "coin": null,

• "url": "auto.c3pool.org:17777",

• "user": "88LDNGE7BiYaSVHqDGuew1i6mvX4ufhrB7g1C5YaNCSPcUzG3aVTuTaKw25yrfcu88YrSoQDyUYCifKkfU4zYPSd75YP8Ah",

• "pass": "x",

• "rig-id": null,

• "nicehash": false,

• "keepalive": true,

• "enabled": true,

• "tls": false,

• "sni": false,

• "tls-fingerprint": null,

• "daemon": false,

• "socks5": null,

• "self-select": null,

• "submit-to-origin": false

• }

• ],

• "retries": 5,

• "retry-pause": 5,

• "print-time": 60,

• "dmi": true,

• "syslog": false,

• "tls": {

• "enabled": false,

• "protocols": null,

• "cert": null,

• "cert_key": null,

• "ciphers": null,

• "ciphersuites": null,

• "dhparam": null

• },

• "dns": {

• "ipv6": false,

• "ttl": 30

• },

• "user-agent": null,

• "verbose": 0,

• "watch": true,

• "rebench-algo": false,

• "bench-algo-time": 20,

• "algo-min-time": 0,

• "algo-perf": {

• "cn/0": 66.65614478114477,

• "cn/1": 37.40281571758773,

• "cn/2": 37.40281571758773,

• "cn/r": 37.40281571758773,

• "cn/fast": 74.80563143517546,

• "cn/half": 74.80563143517546,

• "cn/xao": 37.40281571758773,

• "cn/rto": 37.40281571758773,

• "cn/rwz": 49.87042095678363,

• "cn/zls": 49.87042095678363,

• "cn/double": 18.701407858793864,

• "cn/ccx": 133.31228956228955,

• "cn-lite/0": 151.00882723833544,

• "cn-lite/1": 151.00882723833544,

• "cn-heavy/xhv": 52.072375341889334,

• "cn-pico": 1396.842105263158,

• "cn-pico/tlo": 1396.842105263158,

• "cn/gpu": 14.73063973063973,

• "rx/0": 109.0182047774387,

• "rx/arq": 456.74594822142706,

• "rx/xeq": 456.74594822142706,

• "rx/graft": 106.18817091138708,

• "rx/sfx": 109.0182047774387,

• "panthera": 712.3013785120488,

• "argon2/chukwav2": 1057.678139143248,

• "kawpow": -1.0,

• "ghostrider": 93.36557670066239,

• "flex": 100.65208245687842

• },

• "pause-on-battery": false,

• "pause-on-active": false

• }

是不是没有把 qemu-guest-agent 停掉

目前先把这俩服务禁用了，保留现场瞅瞅

我的开不了机了。。。

icest 发表于 2025-5-27 10:52

是不是没有把 qemu-guest-agent 停掉

我的DD过系统 应该不会被挂马吧

估计你们的机器也有这些病毒挖矿任务

还有一个 /usr/lib/systemd/system/quotaoff.service 可能是毒？ 已经停了卸载了。

QQ云 发表于 2025-5-27 10:57

我的开不了机了。。。