How to remove virus from server on ubuntu?

B

BoneFletcher2016-02-02 17:04:52

Malware

BoneFletcher, 2016-02-02 17:04:52

A virus appeared on a server with Ubuntu 14.04, arranging a ddos attack about once a day on 40 GB of traffic.
I installed Clamav antivirus, it deleted several infected files (I didn’t remember the names), rebooted the system, but the attacks did not stop. Is there a way to get rid of this virus? And how could he appear?
Root's password is complex, there are no viruses on the local machine.
There are only common packages on the server:
nginx, mysql, redis, nodejs
nodejs is used as a web server (via express and socket.io) - but the functionality in it is very simple, hacking through it is unlikely. But nodejs itself is run as root.

Reply

Answer the question

In order to leave comments, you need to log in

2 answer(s)

I

Ilya, 2016-02-02
@BoneFletcher

You can try a firewall to prohibit, monitor and log traffic.
Try to catch the left traffic through tcpdump.
It's easier to install from scratch than to search.
Take a snapshot of the system and already locally, for example, search in a virtual machine.

S

synapse_people, 2016-02-02
@synapse_people

but they say there are no viruses
Use netstat to see what process generates connections and find its binary, set it to -x