내 12.04 시스템이 방금 바이러스에 감염되어 해당 지역의 수많은 쓰레기 디렉토리를 자체 복제하고 있습니다 /proc/.
이로 인해 내 컴퓨터가 곧 완전히 중단될 수 있습니다. 루트로서도 이 쓰레기를 삭제할 수 없습니다.
루트로 실행되는 바이러스가 있는 Ubuntu 시스템을 어떻게 치료합니까?
답변1
/proc가상 파일 시스템입니다. 그 안에는 루트로 삭제할 수도 없는 많은 것들이 포함되어 있어야 합니다. 여기에는 시스템에서 실행 중인 각 프로세스를 나타내는 폴더와 커널의 기타 정보를 제공하는 다양한 기타 파일이 포함되어 있습니다. 의 파일은 /proc디스크의 어떤 것과도 일치하지 않습니다. 대부분의 행동은삭제말이 안 돼요. 이는 표현된 프로세스 및 기타 구조에 대해 취할 수 있는 특정 작업에 해당하지 않습니다.
내 정상은 다음과 같습니다 /proc.
ek@Kip:~$ ls -l /proc
total 0
dr-xr-xr-x 8 root root 0 Apr 2 02:15 1
dr-xr-xr-x 8 root root 0 Apr 2 09:56 10
dr-xr-xr-x 8 ek ek 0 Apr 1 20:28 10204
dr-xr-xr-x 8 messagebus messagebus 0 Apr 2 09:56 1094
dr-xr-xr-x 8 root root 0 Apr 2 09:56 1119
dr-xr-xr-x 8 root root 0 Apr 2 09:56 1120
dr-xr-xr-x 8 root root 0 Apr 2 09:56 11231
dr-xr-xr-x 8 root root 0 Apr 2 09:56 1127
dr-xr-xr-x 8 ek ek 0 Mar 26 21:29 11396
dr-xr-xr-x 8 ek ek 0 Mar 26 21:29 11398
dr-xr-xr-x 8 ek ek 0 Mar 26 21:29 11399
dr-xr-xr-x 8 ek ek 0 Mar 26 21:29 11400
dr-xr-xr-x 8 ek ek 0 Mar 26 21:29 11404
dr-xr-xr-x 8 ek ek 0 Mar 26 21:29 11428
dr-xr-xr-x 8 ek ek 0 Mar 26 21:29 11436
dr-xr-xr-x 8 ek ek 0 Mar 26 21:29 11461
dr-xr-xr-x 8 ek ek 0 Mar 26 21:29 11481
dr-xr-xr-x 8 ek ek 0 Mar 26 21:29 11489
dr-xr-xr-x 8 root root 0 Apr 2 09:56 1150
dr-xr-xr-x 8 ek ek 0 Mar 26 21:29 11510
dr-xr-xr-x 8 ek ek 0 Mar 26 21:29 11518
dr-xr-xr-x 8 ek ek 0 Mar 26 21:29 11536
dr-xr-xr-x 8 root root 0 Apr 2 09:56 1155
dr-xr-xr-x 8 ek ek 0 Mar 26 21:29 11550
dr-xr-xr-x 8 ek ek 0 Mar 26 21:29 11557
dr-xr-xr-x 8 ek ek 0 Mar 26 21:29 11564
dr-xr-xr-x 8 ek ek 0 Mar 26 21:29 11609
dr-xr-xr-x 8 ek ek 0 Mar 26 21:29 11627
dr-xr-xr-x 8 ek ek 0 Mar 26 21:29 11646
dr-xr-xr-x 8 ek ek 0 Mar 26 21:30 11688
dr-xr-xr-x 8 ek ek 0 Mar 26 21:30 11696
dr-xr-xr-x 8 root root 0 Apr 2 09:56 1171
dr-xr-xr-x 8 root root 0 Apr 2 09:56 1172
dr-xr-xr-x 8 root root 0 Apr 2 09:56 1175
dr-xr-xr-x 8 ek ek 0 Mar 26 21:30 11811
dr-xr-xr-x 8 root root 0 Apr 2 09:56 1183
dr-xr-xr-x 8 avahi avahi 0 Apr 2 09:56 1184
dr-xr-xr-x 8 root root 0 Apr 2 09:56 1185
dr-xr-xr-x 8 avahi avahi 0 Apr 2 09:56 1188
dr-xr-xr-x 8 root root 0 Apr 2 09:56 1190
dr-xr-xr-x 8 root root 0 Apr 2 09:56 1191
dr-xr-xr-x 8 daemon daemon 0 Apr 2 09:56 1192
dr-xr-xr-x 8 root root 0 Apr 2 09:56 12
dr-xr-xr-x 8 ek ek 0 Apr 2 01:25 12174
dr-xr-xr-x 8 root root 0 Apr 2 09:56 1224
dr-xr-xr-x 8 root root 0 Apr 2 09:56 1232
dr-xr-xr-x 8 root root 0 Apr 2 09:56 1248
dr-xr-xr-x 8 root root 0 Apr 2 09:56 1251
dr-xr-xr-x 8 whoopsie whoopsie 0 Apr 2 09:56 1272
dr-xr-xr-x 8 root root 0 Apr 2 09:56 13
dr-xr-xr-x 8 root root 0 Apr 2 09:56 1314
dr-xr-xr-x 8 ek ek 0 Mar 22 07:50 13357
dr-xr-xr-x 8 root root 0 Apr 2 09:56 13643
dr-xr-xr-x 8 root root 0 Apr 2 09:56 14
dr-xr-xr-x 8 root root 0 Apr 2 09:56 1477
dr-xr-xr-x 8 root root 0 Apr 2 09:56 1495
dr-xr-xr-x 8 root root 0 Apr 2 09:56 15
dr-xr-xr-x 8 root root 0 Apr 2 09:56 15968
dr-xr-xr-x 8 root root 0 Apr 2 09:56 15969
dr-xr-xr-x 8 root root 0 Apr 2 09:56 15970
dr-xr-xr-x 8 root root 0 Apr 2 09:56 15971
dr-xr-xr-x 8 root root 0 Apr 2 09:56 15981
dr-xr-xr-x 8 root root 0 Apr 2 09:56 15982
dr-xr-xr-x 8 root root 0 Apr 2 09:56 15983
dr-xr-xr-x 8 root root 0 Apr 2 09:56 15984
dr-xr-xr-x 8 root root 0 Apr 2 09:56 16
dr-xr-xr-x 8 ek ek 0 Apr 2 03:35 16019
dr-xr-xr-x 8 root root 0 Apr 2 09:56 1610
dr-xr-xr-x 8 root root 0 Apr 2 09:56 1660
dr-xr-xr-x 8 root root 0 Apr 2 09:56 1664
dr-xr-xr-x 8 nobody dip 0 Apr 2 09:56 1667
dr-xr-xr-x 8 ek ek 0 Apr 2 04:09 16987
dr-xr-xr-x 8 root root 0 Apr 2 09:00 17930
dr-xr-xr-x 8 root root 0 Apr 2 09:56 18
dr-xr-xr-x 8 root root 0 Apr 2 09:00 18046
dr-xr-xr-x 8 ek ek 0 Apr 2 09:01 18098
dr-xr-xr-x 8 root root 0 Apr 2 09:15 18196
dr-xr-xr-x 8 root root 0 Apr 2 09:23 18245
dr-xr-xr-x 8 root root 0 Apr 2 09:23 18287
dr-xr-xr-x 8 root root 0 Apr 2 09:56 1856
dr-xr-xr-x 8 ek ek 0 Apr 2 09:49 18659
dr-xr-xr-x 8 root root 0 Apr 2 09:56 19
dr-xr-xr-x 8 root root 0 Apr 2 10:38 19096
dr-xr-xr-x 8 root root 0 Apr 2 10:45 19188
dr-xr-xr-x 8 root root 0 Apr 2 11:00 19262
dr-xr-xr-x 8 root root 0 Apr 2 11:06 19298
dr-xr-xr-x 8 ek ek 0 Apr 2 11:06 19315
dr-xr-xr-x 8 colord colord 0 Mar 21 06:52 1992
dr-xr-xr-x 8 root root 0 Apr 2 09:56 2
dr-xr-xr-x 8 root root 0 Apr 2 09:56 20
dr-xr-xr-x 8 root root 0 Apr 2 09:56 2006
dr-xr-xr-x 8 rtkit rtkit 0 Apr 2 09:56 2065
dr-xr-xr-x 8 root root 0 Apr 2 09:56 21
dr-xr-xr-x 8 ntp ntp 0 Mar 21 06:53 2101
dr-xr-xr-x 8 root root 0 Apr 2 09:56 214
dr-xr-xr-x 8 ek ek 0 Mar 21 06:53 2161
dr-xr-xr-x 8 ek ek 0 Mar 21 06:53 2172
dr-xr-xr-x 8 root root 0 Apr 2 09:56 22
dr-xr-xr-x 8 ek ek 0 Mar 21 06:55 2215
dr-xr-xr-x 8 ek ek 0 Mar 21 06:53 2218
dr-xr-xr-x 8 ek ek 0 Mar 21 06:55 2219
dr-xr-xr-x 8 ek ek 0 Mar 21 06:53 2230
dr-xr-xr-x 8 ek ek 0 Mar 21 06:53 2234
dr-xr-xr-x 8 ek ek 0 Mar 21 06:53 2243
dr-xr-xr-x 8 ek ek 0 Mar 21 06:53 2249
dr-xr-xr-x 8 root root 0 Apr 2 09:56 225
dr-xr-xr-x 8 ek ek 0 Mar 29 09:39 22514
dr-xr-xr-x 8 ek ek 0 Mar 21 06:53 2256
dr-xr-xr-x 8 ek ek 0 Mar 21 06:53 2257
dr-xr-xr-x 8 ek ek 0 Mar 21 06:53 2258
dr-xr-xr-x 8 ek ek 0 Mar 21 06:53 2260
dr-xr-xr-x 8 ek ek 0 Mar 21 06:53 2264
dr-xr-xr-x 8 ek ek 0 Mar 21 06:53 2268
dr-xr-xr-x 8 ek ek 0 Mar 21 06:53 2271
dr-xr-xr-x 8 ek ek 0 Mar 21 06:53 2275
dr-xr-xr-x 8 ek ek 0 Mar 21 06:53 2278
dr-xr-xr-x 8 ek ek 0 Mar 21 06:53 2280
dr-xr-xr-x 8 ek ek 0 Mar 21 06:53 2287
dr-xr-xr-x 8 root root 0 Mar 21 06:53 2290
dr-xr-xr-x 8 root root 0 Apr 2 09:56 23
dr-xr-xr-x 8 ek ek 0 Mar 21 06:53 2303
dr-xr-xr-x 8 ek ek 0 Mar 21 06:53 2305
dr-xr-xr-x 8 ek ek 0 Mar 21 06:53 2307
dr-xr-xr-x 8 ek ek 0 Mar 21 06:53 2311
dr-xr-xr-x 8 ek ek 0 Mar 21 06:53 2317
dr-xr-xr-x 8 ek ek 0 Mar 21 06:53 2331
dr-xr-xr-x 8 ek ek 0 Mar 21 06:53 2335
dr-xr-xr-x 8 ek ek 0 Mar 21 06:53 2346
dr-xr-xr-x 8 ek ek 0 Mar 21 06:53 2348
dr-xr-xr-x 8 ek ek 0 Mar 21 06:53 2357
dr-xr-xr-x 8 ek ek 0 Mar 21 06:53 2372
dr-xr-xr-x 8 root root 0 Apr 2 09:56 24
dr-xr-xr-x 8 ek ek 0 Mar 21 06:53 2425
dr-xr-xr-x 8 ek ek 0 Apr 2 01:25 24576
dr-xr-xr-x 8 ek ek 0 Mar 21 06:53 2461
dr-xr-xr-x 8 ek ek 0 Mar 29 13:56 25198
dr-xr-xr-x 8 ek ek 0 Mar 21 06:54 2528
dr-xr-xr-x 8 ek ek 0 Mar 21 06:55 2588
dr-xr-xr-x 8 root root 0 Apr 2 09:56 26
dr-xr-xr-x 8 root root 0 Apr 2 09:56 2603
dr-xr-xr-x 8 root root 0 Apr 2 09:56 2679
dr-xr-xr-x 8 root root 0 Apr 2 09:56 2680
dr-xr-xr-x 8 root root 0 Apr 2 09:56 27
dr-xr-xr-x 8 root root 0 Apr 2 09:56 2700
dr-xr-xr-x 8 root root 0 Apr 2 09:56 2701
dr-xr-xr-x 8 ek ek 0 Mar 21 06:54 2727
dr-xr-xr-x 8 ek ek 0 Mar 21 07:34 27582
dr-xr-xr-x 8 ek ek 0 Mar 21 07:34 27588
dr-xr-xr-x 8 ek ek 0 Mar 21 08:23 27926
dr-xr-xr-x 8 root root 0 Apr 2 09:56 28
dr-xr-xr-x 8 ek ek 0 Mar 21 09:01 28249
dr-xr-xr-x 8 ek ek 0 Mar 29 14:44 28271
dr-xr-xr-x 8 root root 0 Apr 2 09:56 283
dr-xr-xr-x 8 root root 0 Apr 2 09:56 284
dr-xr-xr-x 8 ek ek 0 Mar 29 15:17 28655
dr-xr-xr-x 8 root root 0 Apr 2 09:56 28823
dr-xr-xr-x 8 ek ek 0 Mar 21 10:17 28948
dr-xr-xr-x 8 root root 0 Apr 2 09:56 29
dr-xr-xr-x 8 ek ek 0 Mar 21 10:17 29039
dr-xr-xr-x 8 ek ek 0 Mar 26 09:30 29937
dr-xr-xr-x 8 root root 0 Apr 2 09:56 3
dr-xr-xr-x 8 root root 0 Apr 2 09:56 30
dr-xr-xr-x 8 ek ek 0 Mar 28 10:09 303
dr-xr-xr-x 8 ek ek 0 Mar 22 12:37 30649
dr-xr-xr-x 8 ek ek 0 Mar 31 17:23 30701
dr-xr-xr-x 8 ek ek 0 Mar 29 18:48 30781
dr-xr-xr-x 8 root root 0 Apr 2 09:56 31
dr-xr-xr-x 8 root root 0 Apr 2 09:56 32
dr-xr-xr-x 8 ek ek 0 Mar 21 07:00 3492
dr-xr-xr-x 8 root root 0 Apr 2 09:56 374
dr-xr-xr-x 8 root root 0 Apr 2 09:56 376
dr-xr-xr-x 8 root root 0 Apr 2 09:56 380
dr-xr-xr-x 8 root root 0 Apr 2 09:56 40
dr-xr-xr-x 8 root root 0 Apr 2 09:56 44
dr-xr-xr-x 8 root root 0 Apr 2 09:56 45
dr-xr-xr-x 8 root root 0 Apr 2 09:56 6
dr-xr-xr-x 8 root root 0 Apr 2 09:56 64
dr-xr-xr-x 8 root root 0 Apr 2 09:56 680
dr-xr-xr-x 8 root root 0 Apr 2 09:56 687
dr-xr-xr-x 8 root root 0 Apr 2 09:56 688
dr-xr-xr-x 8 root root 0 Apr 2 09:56 7
dr-xr-xr-x 8 ek ek 0 Apr 1 14:32 7216
dr-xr-xr-x 8 ek utmp 0 Apr 1 14:32 7220
dr-xr-xr-x 8 ek ek 0 Apr 1 14:32 7221
dr-xr-xr-x 8 root root 0 Apr 2 09:56 725
dr-xr-xr-x 8 root root 0 Apr 2 09:56 734
dr-xr-xr-x 8 root root 0 Apr 2 09:56 757
dr-xr-xr-x 8 root root 0 Apr 2 09:56 764
dr-xr-xr-x 8 root root 0 Apr 2 09:56 8
dr-xr-xr-x 8 root root 0 Apr 2 09:56 814
dr-xr-xr-x 8 root root 0 Apr 2 09:56 883
dr-xr-xr-x 8 root root 0 Apr 2 09:56 884
dr-xr-xr-x 8 root root 0 Apr 2 09:56 951
dr-xr-xr-x 8 syslog syslog 0 Apr 2 09:56 987
dr-xr-xr-x 5 root root 0 Mar 21 06:52 acpi
dr-xr-xr-x 5 root root 0 Apr 2 11:06 asound
-r--r--r-- 1 root root 0 Apr 2 11:06 buddyinfo
dr-xr-xr-x 4 root root 0 Apr 2 11:06 bus
-r--r--r-- 1 root root 0 Apr 2 11:06 cgroups
-r--r--r-- 1 root root 0 Apr 2 11:06 cmdline
-r--r--r-- 1 root root 0 Apr 2 11:06 consoles
-r--r--r-- 1 root root 0 Apr 2 11:06 cpuinfo
-r--r--r-- 1 root root 0 Apr 2 11:06 crypto
-r--r--r-- 1 root root 0 Apr 2 11:06 devices
dr-xr-xr-x 2 root root 0 Apr 2 11:06 device-tree
-r--r--r-- 1 root root 0 Apr 2 11:06 diskstats
-r--r--r-- 1 root root 0 Apr 2 11:06 dma
dr-xr-xr-x 3 root root 0 Apr 2 11:06 dri
dr-xr-xr-x 2 root root 0 Apr 2 11:06 driver
-r--r--r-- 1 root root 0 Apr 2 11:06 execdomains
-r--r--r-- 1 root root 0 Apr 2 11:06 fb
-r--r--r-- 1 root root 0 Apr 2 11:06 filesystems
dr-xr-xr-x 8 root root 0 Apr 2 11:06 fs
-r--r--r-- 1 root root 0 Mar 21 06:53 interrupts
-r--r--r-- 1 root root 0 Apr 2 11:06 iomem
-r--r--r-- 1 root root 0 Apr 2 11:06 ioports
dr-xr-xr-x 28 root root 0 Apr 2 11:06 irq
-r--r--r-- 1 root root 0 Apr 2 11:06 kallsyms
-r-------- 1 root root 1065349120 Apr 2 11:06 kcore
-r--r--r-- 1 root root 0 Apr 2 11:06 key-users
-r-------- 1 root root 0 Mar 21 06:52 kmsg
-r-------- 1 root root 0 Apr 2 11:06 kpagecount
-r-------- 1 root root 0 Apr 2 11:06 kpageflags
-rw-r--r-- 1 root root 0 Apr 2 11:06 latency_stats
-r--r--r-- 1 root root 0 Apr 2 11:06 loadavg
-r--r--r-- 1 root root 0 Apr 2 11:06 locks
-r--r--r-- 1 root root 0 Apr 2 11:06 mdstat
-r--r--r-- 1 root root 0 Apr 2 11:06 meminfo
-r--r--r-- 1 root root 0 Apr 2 11:06 misc
-r--r--r-- 1 root root 0 Apr 2 11:06 modules
lrwxrwxrwx 1 root root 11 Apr 2 11:06 mounts -> self/mounts
-r--r--r-- 1 root root 0 Apr 2 11:06 mtd
-rw-r--r-- 1 root root 0 Mar 21 06:52 mtrr
lrwxrwxrwx 1 root root 8 Apr 2 11:06 net -> self/net
-r--r--r-- 1 root root 0 Apr 2 11:06 pagetypeinfo
-r--r--r-- 1 root root 0 Apr 2 11:06 partitions
-r--r--r-- 1 root root 0 Apr 2 11:06 sched_debug
-r--r--r-- 1 root root 0 Apr 2 11:06 schedstat
dr-xr-xr-x 4 root root 0 Apr 2 11:06 scsi
lrwxrwxrwx 1 root root 64 Mar 24 08:06 self -> 19315
-r-------- 1 root root 0 Apr 2 11:06 slabinfo
-r--r--r-- 1 root root 0 Apr 2 11:06 softirqs
-r--r--r-- 1 root root 0 Apr 2 11:06 stat
-r--r--r-- 1 root root 0 Mar 21 06:53 swaps
dr-xr-xr-x 1 root root 0 Mar 21 02:52 sys
--w------- 1 root root 0 Apr 2 11:06 sysrq-trigger
dr-xr-xr-x 2 root root 0 Apr 2 11:06 sysvipc
-r--r--r-- 1 root root 0 Apr 2 11:06 timer_list
-rw-r--r-- 1 root root 0 Apr 2 11:06 timer_stats
dr-xr-xr-x 4 root root 0 Apr 2 11:06 tty
-r--r--r-- 1 root root 0 Apr 2 11:06 uptime
-r--r--r-- 1 root root 0 Apr 2 11:06 version
-r--r--r-- 1 root root 0 Apr 2 11:06 version_signature
-r-------- 1 root root 0 Apr 2 11:06 vmallocinfo
-r--r--r-- 1 root root 0 Apr 2 11:06 vmstat
-r--r--r-- 1 root root 0 Apr 2 11:06 zoneinfo
귀하의 파일과 디렉토리에는 유사한 파일과 디렉토리가 있어야 합니다. 이름에 숫자가 포함된 모든 폴더가 표시됩니다. 나는 이것이 당신이 "쓰레기 디렉토리"라고 부르는 것이라고 생각합니다. 그것과는 거리가 멀다. 각각은 현재 시스템에서 실행 중인 프로세스를 나타낸다. 당신은 그것에 들어갈 수도 있습니다 (만약에프로세스를 소유하고 있거나 루트인 경우) 프로세스에 대한 정보를 검사합니다.