Skip to content

Instantly share code, notes, and snippets.

View LuizGlauco's full-sized avatar

Glauco L E Santo LuizGlauco

4 followers · 11 following
View GitHub Profile
@LuizGlauco
LuizGlauco / cleancrap.md
Created October 18, 2023 00:16 — forked from yoyosan/cleancrap.md
How to clean kdetmpdevfsi or .ICEd-unix suspicious files/folders or processes

Problem

I've recently been hacked on my VPS(using Centos 7.6 and CWP up to date) and the following files/folders were created:

  • /tmp/.ICEd-unix
  • /var/tmp/.ICEd-unix
  • /tmp/kdevtmpfsi
  • /var/tmp/kinsing

The following processes were running and using 100% CPU and Memory: