0

I have an Ubuntu LTE instance that underwent a security compromise (now fixed)

We discovered a DDOS virus on the system which was promptly removed. We subsequently found that the process self-replicates on kill commands, even kill -9

I have the process frozen with a kill -SIGSTOP at the moment and no further unknown files have appeared in the filesystem.

What will happen if I now reboot and there is a frozen process. will it be unfrozen and sent the normal commands by the shutdown process or will it just die and I will have cleaned up the virus ..

Mark Cupitt
  • 101
  • 2
  • Depends on what is running the process. Is there a startup script hidden somewhere? Is it somewhere in your start process? is there a hidden cron job? Definitely a possibility that on reboot everything could be fine...but also the possibility that the startup process that launches it will relaunch it and it will continue on with great gusto – Gravy Feb 13 '15 at 05:59
  • agreed, am looking now, but I cannot find anything that says how the frozen process is handled on a shutdown, if it unfreezes the process on shutodown, I have a bigger probelm – Mark Cupitt Feb 13 '15 at 06:23

0 Answers0