Skip to content

Instantly share code, notes, and snippets.

View fernandohs1500's full-sized avatar

Fernando Henrique fernandohs1500

3 followers · 2 following
  • Uberlândia / MG
View GitHub Profile
@yoyosan
yoyosan / cleancrap.md
Last active November 15, 2024 12:41
How to clean kdetmpdevfsi or .ICEd-unix suspicious files/folders or processes

Problem

I've recently been hacked on my VPS(using Centos 7.6 and CWP up to date) and the following files/folders were created:

  • /tmp/.ICEd-unix
  • /var/tmp/.ICEd-unix
  • /tmp/kdevtmpfsi
  • /var/tmp/kinsing

The following processes were running and using 100% CPU and Memory: