G
G
grkiril2015-11-18 13:00:24
System administration
grkiril, 2015-11-18 13:00:24

How to get rid of a malicious process on a centOS server?

We hacked the server through a recent vulnerability in redis (a port was opened) and planted a process (/bin/unama) that is clearly doing something bad and eating 80% of the CPU.
The ports are closed, but the process cannot be killed. I do kill 9 and then delete the file from / bin /, but after a minute the process starts again. I don't understand what makes it run again. The PPID process has 1.
Tell me, how can I get rid of this stuff?

Answer the question

In order to leave comments, you need to log in

3 answer(s)
A
alexxandr, 2015-11-18
@alexxandr

Complete reinstallation of the server - 100%

V
Vladimir Martyanov, 2015-11-18
@vilgeforce

Can you upload the /bin/unama file to VT and give a link? I'll pass it on to our Linux specialist. But in general, the compromise of the server should end with its complete reinstallation.

R
Ruslan Fedoseev, 2015-11-18
@martin74ua

check cron, at, other processes
A complete reinstallation is desirable, but in principle it can be cleaned out.
rpm -Va
did you do it? if not, do it. if there are modified not config files, but binaries or libraries - yum reinstall the package

Didn't find what you were looking for?

Ask your question

Ask a Question

731 491 924 answers to any question