A few characteristics of the mining virus:
First, the cpu occupies a high, is the beginning of the text said, because the purpose of the mining virus is to make the machine non-stop calculations to profit, so the cpu utilization will be very high.
Second, the process name is very strange, or hidden process name. After the discovery of machine anomalies, use the top command to view, the situation is good can see the process name, name named strange, I have seen on linux poisoning is to . exe. For the hidden process name of this case, to find more trouble, need to see have linux-related system knowledge.
Third, kill the resurrection, after finding the process, use the kill command to find that it will soon be resurrected, mining viruses generally have a daemon, to kill the daemon to work.
Fourth, in an intranet environment, a machine is infected, spreads rapidly, and will soon infect other machines.
The defense of the mining virus
The best defense of the mining virus focuses on the usual security specifications, the intranet machine do not privately open the service to the company, you need to go to the company's unified interface, unified interface in the request to enter the intranet before there will be security measures, is the company's entrance to the first security door. There is also the company's intranet to do a good job of isolation, mainly to prevent an environment infected with viruses, spread to the whole network.
For the already infected case, you can hijack the domain name of the virus access through dns, the public network exit filtering access to the address, these means to prevent the virus from expanding the means for the already infected machine, can only be through the beginning of the several ways to find and kill the virus.