How to remove Bill Gates BotNet
Remove Bill Gates BotNet
- Identify and kill process running
[root@linggeh /]#top
[root@linggeh /]#killall cupsdd
- Verify crontab
 |
[root@linggeh /]#ss -t (show current socket connections)
[root@linggeh /]#crontab -l (list entries)
[root@linggeh /]#crontab -e (edit current)
[root@linggeh /]#crontab -r (remove all entries)
- Remove calls from start scripts
[root@linggeh /]#nano /etc/rc.local (here anotate entries )
[root@linggeh /]#nano /etc/init.d
[root@linggeh /]#rm /etc/*.lock (bill.lock and gates.lock)
- Remove physical files
atddd, cupsdd, cupsddh,ksapdd, kysadd,sksapdd, skysapdd
References
- http://lpages.info/billgates-linux-botnet/
- https://isc.sans.edu/forums/diary//17282
- https://help.1and1.com/hosting-c37630/scripts-and-programming-languages-c85099/cron-jobs-c37727/delete-a-cron-job-a757264.html
0 comments:
Post a Comment