hello
The malware keeps coming back. It takes a maximum of 3 hours to get it back.
I have adapted the script a little and run it all as a cron.
I have already created a ticket - but it is currently not being edited.
I have done everything mentioned here:
- Changed password to phpMyAdmin
- Maleware-Remover 3.3.1 installed
- Reboot the NAS
It does not help anything - after max. 3h the part is back.
Unfortunately the developers were so clever and switched off all kernel parameters or suppressed their output. So I can't get any information about it.
Let's see if it can be controlled that way.
Code: Select all
#!/bin/sh
NOW=$(date '+%Y%m%d%H%M%S')
LOG_FILE=/share/CACHEDEV1_DATA/homes/admin/clean.log
if [ ! -f ${LOG_FILE} ]; then
touch ${LOG_FILE}
fi
echo "Running at ${NOW}" >> ${LOG_FILE}
ps | grep '/tmp/compma' | grep -v grep | awk '{print $1}' | xargs -r kill -9
ps | grep 'pionai' | grep -v grep | awk '{print $1}' | xargs -r kill -9
ps | grep 'kthreaddnai' | grep -v grep | awk '{print $1}' | xargs -r kill -9
find /tmp -type f -user httpdusr -perm 0750 -exec rm -f {} \;
find /tmp -type f -user httpdusr -perm 0700 -exec rm -f {} \;
find /tmp -type f -user httpdusr -perm 0640 -exec rm -f {} \;