Kill The Malware PHP Process
-
Hello.
i’m referring here about malware on my website need to be kill. i already open support ticket on Github Bitnami here github.com/bitnami/vms/issues/118. They said need to refer to WordPress support..
I need to know can i know the malware php process?
This is the code after i run the
ps auxcommandUSER PID %CPU %MEM VSZ RSS TTY STAT START TIME COMMAND root 1 0.0 0.0 170564 6036 ? Ss Apr13 0:53 /sbin/init root 2 0.0 0.0 0 0 ? S Apr13 0:00 [kthreadd] root 3 0.0 0.0 0 0 ? I< Apr13 0:00 [rcu_gp] root 4 0.0 0.0 0 0 ? I< Apr13 0:00 [rcu_par_gp] root 6 0.0 0.0 0 0 ? I< Apr13 0:00 [kworker/0:0H-k root 8 0.0 0.0 0 0 ? I< Apr13 0:00 [mm_percpu_wq] root 9 0.0 0.0 0 0 ? S Apr13 0:23 [ksoftirqd/0] root 10 0.0 0.0 0 0 ? I Apr13 31:22 [rcu_sched] root 11 0.0 0.0 0 0 ? I Apr13 0:00 [rcu_bh] root 12 0.0 0.0 0 0 ? S Apr13 0:13 [migration/0] root 14 0.0 0.0 0 0 ? S Apr13 0:00 [cpuhp/0] root 15 0.0 0.0 0 0 ? S Apr13 0:00 [cpuhp/1] root 16 0.0 0.0 0 0 ? S Apr13 0:13 [migration/1] root 17 0.0 0.0 0 0 ? S Apr13 0:16 [ksoftirqd/1] root 19 0.0 0.0 0 0 ? I< Apr13 0:00 [kworker/1:0H-k root 20 0.0 0.0 0 0 ? S Apr13 0:00 [cpuhp/2] root 21 0.0 0.0 0 0 ? S Apr13 0:13 [migration/2] root 22 0.0 0.0 0 0 ? S Apr13 0:14 [ksoftirqd/2] root 24 0.0 0.0 0 0 ? I< Apr13 0:00 [kworker/2:0H-k root 25 0.0 0.0 0 0 ? S Apr13 0:00 [cpuhp/3] root 26 0.0 0.0 0 0 ? S Apr13 0:13 [migration/3] root 27 0.0 0.0 0 0 ? S Apr13 0:14 [ksoftirqd/3] root 29 0.0 0.0 0 0 ? I< Apr13 0:00 [kworker/3:0H-k root 30 0.0 0.0 0 0 ? S Apr13 0:00 [cpuhp/4] root 31 0.0 0.0 0 0 ? S Apr13 0:13 [migration/4] root 32 0.0 0.0 0 0 ? S Apr13 0:14 [ksoftirqd/4] root 34 0.0 0.0 0 0 ? I< Apr13 0:00 [kworker/4:0H-k root 35 0.0 0.0 0 0 ? S Apr13 0:00 [cpuhp/5] root 36 0.0 0.0 0 0 ? S Apr13 0:13 [migration/5] root 37 0.0 0.0 0 0 ? S Apr13 0:13 [ksoftirqd/5] root 39 0.0 0.0 0 0 ? I< Apr13 0:00 [kworker/5:0H-k root 40 0.0 0.0 0 0 ? S Apr13 0:00 [cpuhp/6] root 41 0.0 0.0 0 0 ? S Apr13 0:13 [migration/6] root 42 0.0 0.0 0 0 ? S Apr13 0:13 [ksoftirqd/6] root 44 0.0 0.0 0 0 ? I< Apr13 0:00 [kworker/6:0H-k root 45 0.0 0.0 0 0 ? S Apr13 0:00 [cpuhp/7] root 46 0.0 0.0 0 0 ? S Apr13 0:12 [migration/7] root 47 0.0 0.0 0 0 ? S Apr13 0:15 [ksoftirqd/7] root 49 0.0 0.0 0 0 ? I< Apr13 0:00 [kworker/7:0H-k root 50 0.0 0.0 0 0 ? S Apr13 0:00 [kdevtmpfs] root 51 0.0 0.0 0 0 ? I< Apr13 0:00 [netns] root 52 0.0 0.0 0 0 ? S Apr13 0:00 [kauditd] root 54 0.0 0.0 0 0 ? S Apr13 0:12 [khungtaskd] root 55 0.0 0.0 0 0 ? S Apr13 0:00 [oom_reaper] root 56 0.0 0.0 0 0 ? I< Apr13 0:00 [writeback] root 57 0.0 0.0 0 0 ? S Apr13 0:00 [kcompactd0] root 58 0.0 0.0 0 0 ? SN Apr13 0:00 [ksmd] root 59 0.0 0.0 0 0 ? SN Apr13 7:11 [khugepaged] root 60 0.0 0.0 0 0 ? I< Apr13 0:00 [crypto] root 61 0.0 0.0 0 0 ? I< Apr13 0:00 [kintegrityd] root 62 0.0 0.0 0 0 ? I< Apr13 0:00 [kblockd] root 63 0.0 0.0 0 0 ? S Apr13 0:00 [watchdogd] root 70 0.0 0.0 0 0 ? S Apr13 4:06 [kswapd0] root 86 0.0 0.0 0 0 ? I< Apr13 0:00 [kthrotld] root 87 0.0 0.0 0 0 ? I< Apr13 0:00 [ipv6_addrconf] root 98 0.0 0.0 0 0 ? I< Apr13 0:00 [kstrp] root 155 0.0 0.0 0 0 ? I< Apr13 0:00 [ena] root 156 0.0 0.0 0 0 ? I< Apr13 0:00 [nvme-wq] root 157 0.0 0.0 0 0 ? I< Apr13 0:00 [nvme-reset-wq] root 158 0.0 0.0 0 0 ? I< Apr13 0:00 [nvme-delete-wq root 224 0.0 0.0 0 0 ? I< Apr13 0:00 [kworker/u17:0] root 226 0.1 0.0 0 0 ? S Apr13 239:03 [jbd2/nvme1n1p1 root 227 0.0 0.0 0 0 ? I< Apr13 0:00 [ext4-rsv-conve root 269 0.0 0.0 0 0 ? I< Apr13 0:18 [kworker/2:1H-k root 287 0.0 0.1 99580 52012 ? Ss Apr13 2:32 /lib/systemd/sy root 300 0.0 0.0 20216 2528 ? Ss Apr13 0:06 /lib/systemd/sy root 396 0.0 0.0 8080 7204 ? Ss Apr13 7:24 /usr/sbin/haveg root 452 0.0 0.0 9732 3176 ? Ss Apr13 0:03 /sbin/dhclient root 551 0.0 0.0 9496 2844 ? Ss Apr13 0:08 /sbin/dhclient root 636 0.0 0.0 8472 1684 ? Ss Apr13 0:05 /usr/sbin/cron message+ 637 0.0 0.0 8712 1984 ? Ss Apr13 8:00 /usr/bin/dbus-d root 638 0.0 0.0 19492 2952 ? Ss Apr13 5:37 /lib/systemd/sy root 642 0.0 0.0 0 0 ? I< Apr13 0:16 [kworker/0:1H-k root 643 0.0 0.0 0 0 ? I< Apr13 0:18 [kworker/7:1H-k root 644 0.0 0.0 0 0 ? I< Apr13 0:17 [kworker/4:1H-k _chrony 649 0.0 0.0 4812 1240 ? S Apr13 0:06 /usr/sbin/chron _chrony 659 0.0 0.0 4812 268 ? S Apr13 0:00 /usr/sbin/chron root 667 0.0 0.0 27608 9680 ? Ss Apr13 9:24 /usr/bin/python root 686 0.0 0.0 13812 3368 ? Ss Apr13 0:34 /usr/sbin/sshd root 1120 0.0 0.0 0 0 ? I< Apr13 0:17 [kworker/3:1H-k root 1121 0.0 0.0 0 0 ? I< Apr13 0:17 [kworker/6:1H-k root 1256 0.0 0.0 1590368 16028 ? Ssl Apr13 2:50 /usr/bin/gonit root 2619 0.0 0.0 0 0 ? I 13:26 0:00 [kworker/4:2-cg root 2663 0.0 0.0 0 0 ? I Jul12 0:02 [kworker/3:0-mm root 3427 0.0 0.0 0 0 ? I< Apr13 0:17 [kworker/5:1H-k root 3429 0.0 0.0 0 0 ? I< Apr13 0:18 [kworker/1:1H-k root 3955 0.2 0.0 14564 7664 ? Ss 13:38 0:00 sshd: bitnami [ bitnami 3965 0.0 0.0 14564 4524 ? R 13:39 0:00 sshd: bitnami@p bitnami 3966 1.0 0.0 7820 4380 pts/0 Ss 13:39 0:00 -bash bitnami 3974 0.0 0.0 10628 3036 pts/0 R+ 13:39 0:00 ps aux daemon 4462 0.1 0.5 616232 184712 ? S 02:15 1:00 php-fpm: pool w daemon 4463 0.1 0.5 613608 183432 ? S 02:15 0:49 php-fpm: pool w daemon 4464 0.1 0.5 610676 179316 ? S 02:15 0:56 php-fpm: pool w daemon 4465 0.1 0.6 625184 194072 ? S 02:15 1:05 php-fpm: pool w daemon 4466 0.1 0.5 620108 189064 ? S 02:15 0:52 php-fpm: pool w daemon 4467 0.1 0.5 610128 179576 ? S 02:15 0:46 php-fpm: pool w daemon 4468 0.1 0.5 618712 187300 ? S 02:15 0:46 php-fpm: pool w daemon 4469 0.1 0.5 610860 179736 ? S 02:15 0:56 php-fpm: pool w daemon 4470 0.1 0.5 615680 183872 ? S 02:15 0:52 php-fpm: pool w daemon 4471 0.1 0.5 610600 180852 ? S 02:15 0:44 php-fpm: pool w daemon 4472 0.1 0.5 618772 187584 ? S 02:15 0:43 php-fpm: pool w daemon 4473 0.1 0.6 626148 196360 ? S 02:15 0:52 php-fpm: pool w daemon 4474 0.1 0.5 613656 183052 ? S 02:15 1:04 php-fpm: pool w daemon 4475 0.1 0.5 617772 186956 ? S 02:15 0:59 php-fpm: pool w daemon 4476 0.1 0.5 610352 180404 ? S 02:15 0:47 php-fpm: pool w daemon 4477 0.1 0.5 611028 180160 ? S 02:15 1:01 php-fpm: pool w daemon 4478 0.1 0.5 610084 178636 ? S 02:15 1:00 php-fpm: pool w daemon 4479 0.1 0.5 619124 188480 ? S 02:15 0:50 php-fpm: pool w daemon 4480 0.1 0.5 610416 179456 ? S 02:15 0:51 php-fpm: pool w daemon 4481 0.1 0.5 620704 190820 ? S 02:15 0:50 php-fpm: pool w daemon 4482 0.1 0.5 615880 185312 ? S 02:15 1:02 php-fpm: pool w daemon 4483 0.1 0.5 613808 182928 ? S 02:15 1:04 php-fpm: pool w daemon 4484 0.1 0.5 610148 179472 ? S 02:15 0:57 php-fpm: pool w daemon 4485 0.1 0.5 613352 181912 ? S 02:15 1:00 php-fpm: pool w daemon 4486 0.1 0.5 613216 182756 ? S 02:15 1:00 php-fpm: pool w daemon 4487 0.1 0.5 611748 180812 ? S 02:15 0:44 php-fpm: pool w daemon 4488 0.1 0.5 617348 186308 ? S 02:15 1:13 php-fpm: pool w daemon 4489 0.1 0.5 611092 180440 ? S 02:15 0:55 php-fpm: pool w daemon 4490 0.1 0.5 610432 179368 ? S 02:15 0:58 php-fpm: pool w daemon 4491 0.1 0.6 635648 204900 ? S 02:15 0:49 php-fpm: pool w daemon 4492 0.1 0.5 615536 185036 ? S 02:15 0:53 php-fpm: pool w daemon 4493 0.1 0.5 620416 190352 ? S 02:15 1:08 php-fpm: pool w daemon 4494 0.1 0.5 619080 188504 ? S 02:15 1:06 php-fpm: pool w daemon 4495 0.1 0.5 619000 188692 ? S 02:15 0:48 php-fpm: pool w daemon 4496 0.1 0.5 611332 180600 ? S 02:15 1:02 php-fpm: pool w daemon 4497 0.1 0.5 612176 182820 ? S 02:15 0:54 php-fpm: pool w daemon 4498 0.1 0.5 616716 186176 ? S 02:15 1:05 php-fpm: pool w daemon 4499 0.1 0.5 611844 180696 ? S 02:15 0:54 php-fpm: pool w daemon 4500 0.1 0.5 616456 186704 ? S 02:15 1:04 php-fpm: pool w daemon 4501 0.1 0.5 620588 189276 ? S 02:15 0:41 php-fpm: pool w daemon 4502 0.1 0.5 616180 185764 ? S 02:15 1:00 php-fpm: pool w daemon 4503 0.1 0.5 611364 180708 ? S 02:15 1:02 php-fpm: pool w daemon 4504 0.1 0.5 611520 179884 ? S 02:15 0:46 php-fpm: pool w daemon 4505 0.1 0.6 631240 200724 ? S 02:15 0:52 php-fpm: pool w daemon 4506 0.1 0.5 610540 179048 ? S 02:15 1:00 php-fpm: pool w daemon 4507 0.1 0.5 614484 183504 ? S 02:15 0:52 php-fpm: pool w daemon 4508 0.1 0.6 642468 211080 ? S 02:15 0:49 php-fpm: pool w daemon 4509 0.1 0.5 611912 181272 ? S 02:15 0:43 php-fpm: pool w daemon 4510 0.1 0.5 610080 179056 ? S 02:15 0:54 php-fpm: pool w daemon 4511 0.1 0.5 614376 183632 ? S 02:15 0:55 php-fpm: pool w daemon 4512 0.1 0.5 616468 185044 ? S 02:15 0:55 php-fpm: pool w daemon 4513 0.1 0.5 614092 181576 ? S 02:15 0:56 php-fpm: pool w daemon 4514 0.1 0.5 610580 179496 ? S 02:15 0:51 php-fpm: pool w daemon 4515 0.1 0.5 610916 180368 ? S 02:15 1:05 php-fpm: pool w daemon 4516 0.1 0.6 632688 202064 ? S 02:15 0:49 php-fpm: pool w daemon 4517 0.1 0.5 610640 179892 ? S 02:15 0:59 php-fpm: pool w daemon 4518 0.1 0.5 611496 180116 ? S 02:15 0:49 php-fpm: pool w daemon 4519 0.1 0.5 613868 183412 ? S 02:15 0:54 php-fpm: pool w daemon 4520 0.1 0.5 612444 181408 ? S 02:15 0:55 php-fpm: pool w daemon 4521 0.1 0.5 619460 189132 ? S 02:15 1:15 php-fpm: pool w daemon 4522 0.1 0.5 611160 180184 ? S 02:15 0:42 php-fpm: pool w daemon 4523 0.1 0.5 612308 183324 ? S 02:15 0:43 php-fpm: pool w daemon 4524 0.1 0.5 613668 182124 ? S 02:15 0:48 php-fpm: pool w daemon 4525 0.1 0.5 613864 183220 ? S 02:15 1:01 php-fpm: pool w daemon 4526 0.1 0.6 625924 194620 ? S 02:15 1:03 php-fpm: pool w daemon 4529 0.0 0.0 5484 2036 ? Ss 02:15 0:00 /usr/sbin/atd - daemon 4530 0.0 0.1 4799308 33076 ? Sl 02:15 0:01 /opt/bitnami/ap daemon 4597 0.0 0.0 4798632 31748 ? Sl 02:15 0:01 /opt/bitnami/ap daemon 4664 0.0 0.1 4798764 32488 ? Sl 02:15 0:01 /opt/bitnami/ap daemon 4731 0.0 0.0 4798916 32024 ? Sl 02:15 0:01 /opt/bitnami/ap daemon 4798 0.0 0.1 4798632 33532 ? Sl 02:15 0:01 /opt/bitnami/ap daemon 4867 0.0 0.0 4798632 32220 ? Sl 02:15 0:01 /opt/bitnami/ap daemon 4935 0.0 0.1 4798764 33364 ? Sl 02:15 0:01 /opt/bitnami/ap daemon 5002 0.0 0.0 4798632 31916 ? Sl 02:15 0:01 /opt/bitnami/ap daemon 5070 0.0 0.1 4798632 34720 ? Sl 02:15 0:01 /opt/bitnami/ap daemon 5137 0.0 0.1 4798632 36472 ? Sl 02:15 0:01 /opt/bitnami/ap daemon 5204 0.0 0.1 4798764 37380 ? Sl 02:15 0:01 /opt/bitnami/ap daemon 5272 0.0 0.1 4798916 42480 ? Sl 02:15 0:01 /opt/bitnami/ap daemon 5273 0.0 0.1 4798900 41720 ? Sl 02:15 0:01 /opt/bitnami/ap daemon 5406 0.0 0.1 4798916 46172 ? Sl 02:15 0:02 /opt/bitnami/ap daemon 5407 0.0 0.1 4798824 51780 ? Sl 02:15 0:06 /opt/bitnami/ap daemon 6206 0.0 0.0 136256 23988 ? S 02:33 0:34 /opt/bitnami/ph root 7074 0.0 0.0 0 0 ? I 06:30 0:00 [kworker/3:1-cg root 9756 0.0 0.0 0 0 ? I Jun20 0:15 [kworker/7:0-mm root 9956 0.0 0.0 0 0 ? I 09:14 0:00 [kworker/1:2] root 10404 0.0 0.0 0 0 ? I 09:01 0:00 [kworker/u16:1- root 11222 0.0 0.0 0 0 ? I 09:25 0:00 [kworker/0:1] root 11860 0.0 0.0 14564 7780 ? Ss 09:28 0:00 sshd: bitnami [ bitnami 11866 0.1 0.0 16016 6596 ? S 09:28 0:20 sshd: bitnami@n bitnami 11868 0.2 0.0 2616 2100 ? Ss 09:28 0:35 /usr/lib/openss root 11889 0.0 0.0 14564 7948 ? Ss 09:28 0:00 sshd: bitnami [ bitnami 11896 0.0 0.0 14564 5424 ? S 09:28 0:00 sshd: bitnami@n bitnami 11898 0.0 0.0 2452 1600 ? Ss 09:28 0:00 /usr/lib/openss root 16174 0.0 0.0 0 0 ? I 10:27 0:00 [kworker/2:2-mm root 17502 0.0 0.0 0 0 ? I 10:40 0:00 [kworker/5:2] root 17991 0.0 0.0 128692 9804 ? Ss Jul11 0:10 /opt/bitnami/ap root 19113 0.0 0.0 0 0 ? I 10:56 0:00 [kworker/7:2] root 19759 0.0 0.0 0 0 ? I Jul13 0:04 [kworker/0:0-mm root 20330 0.0 0.0 0 0 ? I Jul13 0:01 [kworker/6:2-ev root 20574 0.0 0.0 0 0 ? I Jun16 0:15 [kworker/2:1-cg root 23056 0.0 0.0 0 0 ? I Jul08 0:07 [kworker/4:0-mm root 23285 0.0 0.0 0 0 ? I Jul10 0:24 [kworker/u16:0+ daemon 23293 0.5 0.3 4799172 111812 ? Sl 11:42 0:36 /opt/bitnami/ap root 23683 0.0 0.0 2396 1560 ? S Jul10 0:00 /bin/sh /opt/bi mysql 24002 9.5 15.7 9212300 5082872 ? Sl Jul10 542:16 /opt/bitnami/my root 24071 0.0 0.0 270792 9960 ? Ss Jul10 0:06 php-fpm: master root 26660 0.0 0.0 0 0 ? I Jun06 0:24 [kworker/5:0-mm daemon 29140 0.6 0.2 4799044 77624 ? Sl 12:33 0:23 /opt/bitnami/ap root 29628 0.0 0.0 223772 7120 ? Ssl May29 0:15 /usr/sbin/rsysl root 30233 0.0 0.0 0 0 ? I Jul12 0:02 [kworker/1:0-mm bitnami 30627 0.0 0.0 21032 4596 ? Ss Jul10 0:00 /lib/systemd/sy bitnami 30628 0.0 0.0 171528 2572 ? S Jul10 0:00 (sd-pam) root 31183 0.0 0.0 0 0 ? I Jul13 0:00 [kworker/6:1-cg daemon 32508 0.9 0.2 4798948 69136 ? Sl 13:06 0:17 /opt/bitnami/ap daemon 32630 0.2 0.5 608328 163860 ? S 13:06 0:04 php-fpm: pool w daemon 32635 0.6 0.4 611116 158768 ? S 13:06 0:13 php-fpm: pool w daemon 32636 0.3 0.4 608224 154752 ? S 13:06 0:06 php-fpm: pool w daemon 32641 0.2 0.4 607708 154276 ? S 13:06 0:04 php-fpm: pool w daemon 32642 0.3 0.5 630752 177456 ? S 13:06 0:07 php-fpm: pool w daemon 32643 0.4 0.4 607968 155992 ? S 13:06 0:09 php-fpm: pool w daemon 32644 0.6 0.5 621292 169072 ? S 13:06 0:12 php-fpm: pool w daemon 32653 0.4 0.4 608224 155636 ? S 13:06 0:09 php-fpm: pool w daemon 32654 0.4 0.5 608200 163836 ? S 13:06 0:09 php-fpm: pool w daemon 32655 1.1 0.5 617328 166140 ? S 13:06 0:21 php-fpm: pool w daemon 32656 0.3 0.4 607968 154388 ? S 13:06 0:06 php-fpm: pool w daemon 32657 0.5 0.4 608364 155660 ? S 13:06 0:09 php-fpm: pool w daemon 32658 0.4 0.4 610400 156936 ? S 13:06 0:08 php-fpm: pool w daemon 32659 0.3 0.4 608364 155632 ? S 13:06 0:06 php-fpm: pool w daemon 32674 0.3 0.5 615084 164272 ? S 13:06 0:07 php-fpm: pool w daemon 32675 0.5 0.5 608768 162860 ? S 13:06 0:11 php-fpm: pool w daemon 32676 0.3 0.4 608512 157016 ? S 13:06 0:06 php-fpm: pool w daemon 32677 0.5 0.4 608432 155048 ? S 13:06 0:10 php-fpm: pool w daemon 32678 0.0 0.4 362220 129992 ? S 13:06 0:01 php-fpm: pool w daemon 32679 0.3 0.5 629056 175664 ? S 13:06 0:06 php-fpm: pool w daemon 32680 0.3 0.5 613828 161896 ? S 13:06 0:06 php-fpm: pool w daemon 32688 0.7 0.4 608748 155060 ? S 13:06 0:15 php-fpm: pool w daemon 32689 0.5 0.4 608332 156164 ? S 13:06 0:10 php-fpm: pool w
Viewing 4 replies - 1 through 4 (of 4 total)
Viewing 4 replies - 1 through 4 (of 4 total)
- The topic ‘Kill The Malware PHP Process’ is closed to new replies.