Tuesday, June 17, 2014
How to remove Bill Gates botnet (Fedora)
1) identify and kill process running
#top
#killall cupsdd
. . .
2) verify crontab
#ss -t (show current socket connections)
#crontab -l (list entries)
#crontab -e (edit current)
#crontab -r (remove all entries)
3) remove calls from start scripts
#vi /etc/rc.local (here anotate entries )
#vi /etc/init.d
#rm /etc/*.lock (bill.lock and gates.lock)
4) remove physical files
atddd, cupsdd, cupsddh,ksapdd, kysadd,sksapdd, skysapdd
References
[1] http://lpages.info/billgates-linux-botnet/
[2] https://isc.sans.edu/forums/diary//17282
[3] crontab https://help.1and1.com/hosting-c37630/scripts-and-programming-languages-c85099/cron-jobs-c37727/delete-a-cron-job-a757264.html
Subscribe to:
Post Comments (Atom)
-
Sunedu Renacyt 1) https://ctivitae.concytec.gob.pe/appDirectorioCTI/ 2) http://regina.concytec.gob.pe 3) https://www.gob.pe/9648-ser-p...
-
Resources: [1] Hela https://ome.grc.nia.nih.gov/iicbu2008/hela/index.html
-
en inglés se llama “A potentially dangerous Request.Form value was detected from the client”. varias páginas indican dos cosas: 1. agrega...
Firefox open multiple private window
/opt/firefox/firefox-bin --profile $(mktemp -d) --private-window www.google.com www.bing.com
2 comments:
This is completely incorrect. The only correct way to remove this botnet or any other malware is to format and re-install. YOU CAN NEVER AGAIN TRUST A SYSTEM THAT HAS BEEN COMPROMISED. You do not know what else an attacker may have done to the system that you did not find.
AVG Antivirus Support like your page.
Post a Comment