Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- #!/bin/bash
- SHELL=/bin/sh
- PATH=/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin
- me=$( whoami )
- function cleanup() {
- rm -rf /bin/httpntp /bin/ftpsdns
- cat /etc/crontab | grep -v "##" | grep -v "/bin/httpsntp" | grep -v "/bin/ftpsntp" > /etc/crontab.bak && mv /etc/crontab.bak /etc/crontab
- rm -rf /etc/cron.d/root /etc/cron.d/apache /etc/cron.d/system /var/spool/cron/root /var/spool/cron/crontabs/root
- rm -rf /etc/cron.hourly/oanacroane /etc/cron.daily/oanacroane /etc/cron.monthly/oanacroane
- rm -rf /bin/config.json /bin/watchbog /bin/config.txt /bin/cpu.txt /bin/pools.txt
- rm -rf /tmp/systemd-private-afjdhdicjijo473skiosoohxiskl573q-systemd-timesyncc.service-g1g5qf/
- }
- function allcron() {
- for user in $(cut -f1 -d: /etc/passwd);
- do
- pa=$(crontab -u $user -l|grep 'pastebin'|wc -l)
- if [ ${pa} -ne 0 ];then
- echo "$user is infected"
- crontab -u $user -r
- fi
- done
- }
- function killdog() {
- ps auxf|grep -v grep|grep "watchbog" | awk '{print $2}'|xargs kill -9
- pkill -f watchbog
- }
- if [ "$me" == "root" ];then
- echo "Removing All Persistence Methods And Killing Miner"
- cleanup
- allcron
- killdog
- else
- echo "You $me Have To Run This Sctipt For Total Cleanup"
- fi
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement