Mi sistema 12.04 acaba de ser infectado con un virus y se está autoreplicando una gran cantidad de directorios basura en el /proc/área.
Esto puede bloquear mi computadora por completo pronto. No puedo eliminar nada de esta basura ni siquiera como root.
¿Cómo desinfecto un sistema Ubuntu que tiene un virus ejecutándose como root?
Respuesta1
/proces un sistema de archivos virtual; se supone que tiene un montón de cosas que ni siquiera pueden eliminarse como root. Contiene carpetas que representan cada proceso que se ejecuta en el sistema y varios otros archivos para proporcionar otra información del kernel. Los archivos /procno corresponden a nada en el disco; en su mayor parte la acción desupresiónno tendría sentido; No correspondería a ninguna acción específica que se pueda tomar sobre los procesos y otras estructuras representadas.
Aquí está mi normal /proc:
ek@Kip:~$ ls -l /proc
total 0
dr-xr-xr-x 8 root root 0 Apr 2 02:15 1
dr-xr-xr-x 8 root root 0 Apr 2 09:56 10
dr-xr-xr-x 8 ek ek 0 Apr 1 20:28 10204
dr-xr-xr-x 8 messagebus messagebus 0 Apr 2 09:56 1094
dr-xr-xr-x 8 root root 0 Apr 2 09:56 1119
dr-xr-xr-x 8 root root 0 Apr 2 09:56 1120
dr-xr-xr-x 8 root root 0 Apr 2 09:56 11231
dr-xr-xr-x 8 root root 0 Apr 2 09:56 1127
dr-xr-xr-x 8 ek ek 0 Mar 26 21:29 11396
dr-xr-xr-x 8 ek ek 0 Mar 26 21:29 11398
dr-xr-xr-x 8 ek ek 0 Mar 26 21:29 11399
dr-xr-xr-x 8 ek ek 0 Mar 26 21:29 11400
dr-xr-xr-x 8 ek ek 0 Mar 26 21:29 11404
dr-xr-xr-x 8 ek ek 0 Mar 26 21:29 11428
dr-xr-xr-x 8 ek ek 0 Mar 26 21:29 11436
dr-xr-xr-x 8 ek ek 0 Mar 26 21:29 11461
dr-xr-xr-x 8 ek ek 0 Mar 26 21:29 11481
dr-xr-xr-x 8 ek ek 0 Mar 26 21:29 11489
dr-xr-xr-x 8 root root 0 Apr 2 09:56 1150
dr-xr-xr-x 8 ek ek 0 Mar 26 21:29 11510
dr-xr-xr-x 8 ek ek 0 Mar 26 21:29 11518
dr-xr-xr-x 8 ek ek 0 Mar 26 21:29 11536
dr-xr-xr-x 8 root root 0 Apr 2 09:56 1155
dr-xr-xr-x 8 ek ek 0 Mar 26 21:29 11550
dr-xr-xr-x 8 ek ek 0 Mar 26 21:29 11557
dr-xr-xr-x 8 ek ek 0 Mar 26 21:29 11564
dr-xr-xr-x 8 ek ek 0 Mar 26 21:29 11609
dr-xr-xr-x 8 ek ek 0 Mar 26 21:29 11627
dr-xr-xr-x 8 ek ek 0 Mar 26 21:29 11646
dr-xr-xr-x 8 ek ek 0 Mar 26 21:30 11688
dr-xr-xr-x 8 ek ek 0 Mar 26 21:30 11696
dr-xr-xr-x 8 root root 0 Apr 2 09:56 1171
dr-xr-xr-x 8 root root 0 Apr 2 09:56 1172
dr-xr-xr-x 8 root root 0 Apr 2 09:56 1175
dr-xr-xr-x 8 ek ek 0 Mar 26 21:30 11811
dr-xr-xr-x 8 root root 0 Apr 2 09:56 1183
dr-xr-xr-x 8 avahi avahi 0 Apr 2 09:56 1184
dr-xr-xr-x 8 root root 0 Apr 2 09:56 1185
dr-xr-xr-x 8 avahi avahi 0 Apr 2 09:56 1188
dr-xr-xr-x 8 root root 0 Apr 2 09:56 1190
dr-xr-xr-x 8 root root 0 Apr 2 09:56 1191
dr-xr-xr-x 8 daemon daemon 0 Apr 2 09:56 1192
dr-xr-xr-x 8 root root 0 Apr 2 09:56 12
dr-xr-xr-x 8 ek ek 0 Apr 2 01:25 12174
dr-xr-xr-x 8 root root 0 Apr 2 09:56 1224
dr-xr-xr-x 8 root root 0 Apr 2 09:56 1232
dr-xr-xr-x 8 root root 0 Apr 2 09:56 1248
dr-xr-xr-x 8 root root 0 Apr 2 09:56 1251
dr-xr-xr-x 8 whoopsie whoopsie 0 Apr 2 09:56 1272
dr-xr-xr-x 8 root root 0 Apr 2 09:56 13
dr-xr-xr-x 8 root root 0 Apr 2 09:56 1314
dr-xr-xr-x 8 ek ek 0 Mar 22 07:50 13357
dr-xr-xr-x 8 root root 0 Apr 2 09:56 13643
dr-xr-xr-x 8 root root 0 Apr 2 09:56 14
dr-xr-xr-x 8 root root 0 Apr 2 09:56 1477
dr-xr-xr-x 8 root root 0 Apr 2 09:56 1495
dr-xr-xr-x 8 root root 0 Apr 2 09:56 15
dr-xr-xr-x 8 root root 0 Apr 2 09:56 15968
dr-xr-xr-x 8 root root 0 Apr 2 09:56 15969
dr-xr-xr-x 8 root root 0 Apr 2 09:56 15970
dr-xr-xr-x 8 root root 0 Apr 2 09:56 15971
dr-xr-xr-x 8 root root 0 Apr 2 09:56 15981
dr-xr-xr-x 8 root root 0 Apr 2 09:56 15982
dr-xr-xr-x 8 root root 0 Apr 2 09:56 15983
dr-xr-xr-x 8 root root 0 Apr 2 09:56 15984
dr-xr-xr-x 8 root root 0 Apr 2 09:56 16
dr-xr-xr-x 8 ek ek 0 Apr 2 03:35 16019
dr-xr-xr-x 8 root root 0 Apr 2 09:56 1610
dr-xr-xr-x 8 root root 0 Apr 2 09:56 1660
dr-xr-xr-x 8 root root 0 Apr 2 09:56 1664
dr-xr-xr-x 8 nobody dip 0 Apr 2 09:56 1667
dr-xr-xr-x 8 ek ek 0 Apr 2 04:09 16987
dr-xr-xr-x 8 root root 0 Apr 2 09:00 17930
dr-xr-xr-x 8 root root 0 Apr 2 09:56 18
dr-xr-xr-x 8 root root 0 Apr 2 09:00 18046
dr-xr-xr-x 8 ek ek 0 Apr 2 09:01 18098
dr-xr-xr-x 8 root root 0 Apr 2 09:15 18196
dr-xr-xr-x 8 root root 0 Apr 2 09:23 18245
dr-xr-xr-x 8 root root 0 Apr 2 09:23 18287
dr-xr-xr-x 8 root root 0 Apr 2 09:56 1856
dr-xr-xr-x 8 ek ek 0 Apr 2 09:49 18659
dr-xr-xr-x 8 root root 0 Apr 2 09:56 19
dr-xr-xr-x 8 root root 0 Apr 2 10:38 19096
dr-xr-xr-x 8 root root 0 Apr 2 10:45 19188
dr-xr-xr-x 8 root root 0 Apr 2 11:00 19262
dr-xr-xr-x 8 root root 0 Apr 2 11:06 19298
dr-xr-xr-x 8 ek ek 0 Apr 2 11:06 19315
dr-xr-xr-x 8 colord colord 0 Mar 21 06:52 1992
dr-xr-xr-x 8 root root 0 Apr 2 09:56 2
dr-xr-xr-x 8 root root 0 Apr 2 09:56 20
dr-xr-xr-x 8 root root 0 Apr 2 09:56 2006
dr-xr-xr-x 8 rtkit rtkit 0 Apr 2 09:56 2065
dr-xr-xr-x 8 root root 0 Apr 2 09:56 21
dr-xr-xr-x 8 ntp ntp 0 Mar 21 06:53 2101
dr-xr-xr-x 8 root root 0 Apr 2 09:56 214
dr-xr-xr-x 8 ek ek 0 Mar 21 06:53 2161
dr-xr-xr-x 8 ek ek 0 Mar 21 06:53 2172
dr-xr-xr-x 8 root root 0 Apr 2 09:56 22
dr-xr-xr-x 8 ek ek 0 Mar 21 06:55 2215
dr-xr-xr-x 8 ek ek 0 Mar 21 06:53 2218
dr-xr-xr-x 8 ek ek 0 Mar 21 06:55 2219
dr-xr-xr-x 8 ek ek 0 Mar 21 06:53 2230
dr-xr-xr-x 8 ek ek 0 Mar 21 06:53 2234
dr-xr-xr-x 8 ek ek 0 Mar 21 06:53 2243
dr-xr-xr-x 8 ek ek 0 Mar 21 06:53 2249
dr-xr-xr-x 8 root root 0 Apr 2 09:56 225
dr-xr-xr-x 8 ek ek 0 Mar 29 09:39 22514
dr-xr-xr-x 8 ek ek 0 Mar 21 06:53 2256
dr-xr-xr-x 8 ek ek 0 Mar 21 06:53 2257
dr-xr-xr-x 8 ek ek 0 Mar 21 06:53 2258
dr-xr-xr-x 8 ek ek 0 Mar 21 06:53 2260
dr-xr-xr-x 8 ek ek 0 Mar 21 06:53 2264
dr-xr-xr-x 8 ek ek 0 Mar 21 06:53 2268
dr-xr-xr-x 8 ek ek 0 Mar 21 06:53 2271
dr-xr-xr-x 8 ek ek 0 Mar 21 06:53 2275
dr-xr-xr-x 8 ek ek 0 Mar 21 06:53 2278
dr-xr-xr-x 8 ek ek 0 Mar 21 06:53 2280
dr-xr-xr-x 8 ek ek 0 Mar 21 06:53 2287
dr-xr-xr-x 8 root root 0 Mar 21 06:53 2290
dr-xr-xr-x 8 root root 0 Apr 2 09:56 23
dr-xr-xr-x 8 ek ek 0 Mar 21 06:53 2303
dr-xr-xr-x 8 ek ek 0 Mar 21 06:53 2305
dr-xr-xr-x 8 ek ek 0 Mar 21 06:53 2307
dr-xr-xr-x 8 ek ek 0 Mar 21 06:53 2311
dr-xr-xr-x 8 ek ek 0 Mar 21 06:53 2317
dr-xr-xr-x 8 ek ek 0 Mar 21 06:53 2331
dr-xr-xr-x 8 ek ek 0 Mar 21 06:53 2335
dr-xr-xr-x 8 ek ek 0 Mar 21 06:53 2346
dr-xr-xr-x 8 ek ek 0 Mar 21 06:53 2348
dr-xr-xr-x 8 ek ek 0 Mar 21 06:53 2357
dr-xr-xr-x 8 ek ek 0 Mar 21 06:53 2372
dr-xr-xr-x 8 root root 0 Apr 2 09:56 24
dr-xr-xr-x 8 ek ek 0 Mar 21 06:53 2425
dr-xr-xr-x 8 ek ek 0 Apr 2 01:25 24576
dr-xr-xr-x 8 ek ek 0 Mar 21 06:53 2461
dr-xr-xr-x 8 ek ek 0 Mar 29 13:56 25198
dr-xr-xr-x 8 ek ek 0 Mar 21 06:54 2528
dr-xr-xr-x 8 ek ek 0 Mar 21 06:55 2588
dr-xr-xr-x 8 root root 0 Apr 2 09:56 26
dr-xr-xr-x 8 root root 0 Apr 2 09:56 2603
dr-xr-xr-x 8 root root 0 Apr 2 09:56 2679
dr-xr-xr-x 8 root root 0 Apr 2 09:56 2680
dr-xr-xr-x 8 root root 0 Apr 2 09:56 27
dr-xr-xr-x 8 root root 0 Apr 2 09:56 2700
dr-xr-xr-x 8 root root 0 Apr 2 09:56 2701
dr-xr-xr-x 8 ek ek 0 Mar 21 06:54 2727
dr-xr-xr-x 8 ek ek 0 Mar 21 07:34 27582
dr-xr-xr-x 8 ek ek 0 Mar 21 07:34 27588
dr-xr-xr-x 8 ek ek 0 Mar 21 08:23 27926
dr-xr-xr-x 8 root root 0 Apr 2 09:56 28
dr-xr-xr-x 8 ek ek 0 Mar 21 09:01 28249
dr-xr-xr-x 8 ek ek 0 Mar 29 14:44 28271
dr-xr-xr-x 8 root root 0 Apr 2 09:56 283
dr-xr-xr-x 8 root root 0 Apr 2 09:56 284
dr-xr-xr-x 8 ek ek 0 Mar 29 15:17 28655
dr-xr-xr-x 8 root root 0 Apr 2 09:56 28823
dr-xr-xr-x 8 ek ek 0 Mar 21 10:17 28948
dr-xr-xr-x 8 root root 0 Apr 2 09:56 29
dr-xr-xr-x 8 ek ek 0 Mar 21 10:17 29039
dr-xr-xr-x 8 ek ek 0 Mar 26 09:30 29937
dr-xr-xr-x 8 root root 0 Apr 2 09:56 3
dr-xr-xr-x 8 root root 0 Apr 2 09:56 30
dr-xr-xr-x 8 ek ek 0 Mar 28 10:09 303
dr-xr-xr-x 8 ek ek 0 Mar 22 12:37 30649
dr-xr-xr-x 8 ek ek 0 Mar 31 17:23 30701
dr-xr-xr-x 8 ek ek 0 Mar 29 18:48 30781
dr-xr-xr-x 8 root root 0 Apr 2 09:56 31
dr-xr-xr-x 8 root root 0 Apr 2 09:56 32
dr-xr-xr-x 8 ek ek 0 Mar 21 07:00 3492
dr-xr-xr-x 8 root root 0 Apr 2 09:56 374
dr-xr-xr-x 8 root root 0 Apr 2 09:56 376
dr-xr-xr-x 8 root root 0 Apr 2 09:56 380
dr-xr-xr-x 8 root root 0 Apr 2 09:56 40
dr-xr-xr-x 8 root root 0 Apr 2 09:56 44
dr-xr-xr-x 8 root root 0 Apr 2 09:56 45
dr-xr-xr-x 8 root root 0 Apr 2 09:56 6
dr-xr-xr-x 8 root root 0 Apr 2 09:56 64
dr-xr-xr-x 8 root root 0 Apr 2 09:56 680
dr-xr-xr-x 8 root root 0 Apr 2 09:56 687
dr-xr-xr-x 8 root root 0 Apr 2 09:56 688
dr-xr-xr-x 8 root root 0 Apr 2 09:56 7
dr-xr-xr-x 8 ek ek 0 Apr 1 14:32 7216
dr-xr-xr-x 8 ek utmp 0 Apr 1 14:32 7220
dr-xr-xr-x 8 ek ek 0 Apr 1 14:32 7221
dr-xr-xr-x 8 root root 0 Apr 2 09:56 725
dr-xr-xr-x 8 root root 0 Apr 2 09:56 734
dr-xr-xr-x 8 root root 0 Apr 2 09:56 757
dr-xr-xr-x 8 root root 0 Apr 2 09:56 764
dr-xr-xr-x 8 root root 0 Apr 2 09:56 8
dr-xr-xr-x 8 root root 0 Apr 2 09:56 814
dr-xr-xr-x 8 root root 0 Apr 2 09:56 883
dr-xr-xr-x 8 root root 0 Apr 2 09:56 884
dr-xr-xr-x 8 root root 0 Apr 2 09:56 951
dr-xr-xr-x 8 syslog syslog 0 Apr 2 09:56 987
dr-xr-xr-x 5 root root 0 Mar 21 06:52 acpi
dr-xr-xr-x 5 root root 0 Apr 2 11:06 asound
-r--r--r-- 1 root root 0 Apr 2 11:06 buddyinfo
dr-xr-xr-x 4 root root 0 Apr 2 11:06 bus
-r--r--r-- 1 root root 0 Apr 2 11:06 cgroups
-r--r--r-- 1 root root 0 Apr 2 11:06 cmdline
-r--r--r-- 1 root root 0 Apr 2 11:06 consoles
-r--r--r-- 1 root root 0 Apr 2 11:06 cpuinfo
-r--r--r-- 1 root root 0 Apr 2 11:06 crypto
-r--r--r-- 1 root root 0 Apr 2 11:06 devices
dr-xr-xr-x 2 root root 0 Apr 2 11:06 device-tree
-r--r--r-- 1 root root 0 Apr 2 11:06 diskstats
-r--r--r-- 1 root root 0 Apr 2 11:06 dma
dr-xr-xr-x 3 root root 0 Apr 2 11:06 dri
dr-xr-xr-x 2 root root 0 Apr 2 11:06 driver
-r--r--r-- 1 root root 0 Apr 2 11:06 execdomains
-r--r--r-- 1 root root 0 Apr 2 11:06 fb
-r--r--r-- 1 root root 0 Apr 2 11:06 filesystems
dr-xr-xr-x 8 root root 0 Apr 2 11:06 fs
-r--r--r-- 1 root root 0 Mar 21 06:53 interrupts
-r--r--r-- 1 root root 0 Apr 2 11:06 iomem
-r--r--r-- 1 root root 0 Apr 2 11:06 ioports
dr-xr-xr-x 28 root root 0 Apr 2 11:06 irq
-r--r--r-- 1 root root 0 Apr 2 11:06 kallsyms
-r-------- 1 root root 1065349120 Apr 2 11:06 kcore
-r--r--r-- 1 root root 0 Apr 2 11:06 key-users
-r-------- 1 root root 0 Mar 21 06:52 kmsg
-r-------- 1 root root 0 Apr 2 11:06 kpagecount
-r-------- 1 root root 0 Apr 2 11:06 kpageflags
-rw-r--r-- 1 root root 0 Apr 2 11:06 latency_stats
-r--r--r-- 1 root root 0 Apr 2 11:06 loadavg
-r--r--r-- 1 root root 0 Apr 2 11:06 locks
-r--r--r-- 1 root root 0 Apr 2 11:06 mdstat
-r--r--r-- 1 root root 0 Apr 2 11:06 meminfo
-r--r--r-- 1 root root 0 Apr 2 11:06 misc
-r--r--r-- 1 root root 0 Apr 2 11:06 modules
lrwxrwxrwx 1 root root 11 Apr 2 11:06 mounts -> self/mounts
-r--r--r-- 1 root root 0 Apr 2 11:06 mtd
-rw-r--r-- 1 root root 0 Mar 21 06:52 mtrr
lrwxrwxrwx 1 root root 8 Apr 2 11:06 net -> self/net
-r--r--r-- 1 root root 0 Apr 2 11:06 pagetypeinfo
-r--r--r-- 1 root root 0 Apr 2 11:06 partitions
-r--r--r-- 1 root root 0 Apr 2 11:06 sched_debug
-r--r--r-- 1 root root 0 Apr 2 11:06 schedstat
dr-xr-xr-x 4 root root 0 Apr 2 11:06 scsi
lrwxrwxrwx 1 root root 64 Mar 24 08:06 self -> 19315
-r-------- 1 root root 0 Apr 2 11:06 slabinfo
-r--r--r-- 1 root root 0 Apr 2 11:06 softirqs
-r--r--r-- 1 root root 0 Apr 2 11:06 stat
-r--r--r-- 1 root root 0 Mar 21 06:53 swaps
dr-xr-xr-x 1 root root 0 Mar 21 02:52 sys
--w------- 1 root root 0 Apr 2 11:06 sysrq-trigger
dr-xr-xr-x 2 root root 0 Apr 2 11:06 sysvipc
-r--r--r-- 1 root root 0 Apr 2 11:06 timer_list
-rw-r--r-- 1 root root 0 Apr 2 11:06 timer_stats
dr-xr-xr-x 4 root root 0 Apr 2 11:06 tty
-r--r--r-- 1 root root 0 Apr 2 11:06 uptime
-r--r--r-- 1 root root 0 Apr 2 11:06 version
-r--r--r-- 1 root root 0 Apr 2 11:06 version_signature
-r-------- 1 root root 0 Apr 2 11:06 vmallocinfo
-r--r--r-- 1 root root 0 Apr 2 11:06 vmstat
-r--r--r-- 1 root root 0 Apr 2 11:06 zoneinfo
El suyo debería tener archivos y directorios similares. Notarás todas las carpetas con números como nombre. Supongo que estos son lo que usted llama "directorios basura". Lejos de ello, cada uno representa un proceso que se ejecuta actualmente en el sistema; incluso puedes entrar en él (sies propietario del proceso o es root) y examina la información sobre el proceso.