1

jd_clean_muma.py

@@ -1,127 +0,0 @@
-# !/usr/bin/env python3
-# -*- coding: utf-8 -*-
-#最近由于很多中木马病毒，仅对该木马做检测清除
-'''
-new Env('病毒检测清除');
-8 8 29 2 * jd_clean_muma.py
-'''
-import os
-import shutil
-import subprocess
-import sys
-
-def get_malicious_pids(process_name):
-    try:
-        result = subprocess.run(['pgrep', '-f', process_name], capture_output=True, text=True)
-        if result.returncode == 0:
-            return result.stdout.strip().split('\n')
-    except Exception:
-        pass
-    return []
-
-def clean_config_file(config_file_path):
-    if not os.path.exists(config_file_path):
-        return False
-
-    # 备份原始文件
-    backup_file_path = f"{config_file_path}.bak"
-    try:
-        shutil.copyfile(config_file_path, backup_file_path)
-    except Exception as e:
-        print(f"警告：备份文件失败: {e}")
-
-    try:
-        with open(config_file_path, 'r', encoding='utf-8', errors='ignore') as f:
-            lines = f.readlines()
-    except Exception as e:
-        print(f"错误：读取文件 {config_file_path} 失败: {e}")
-        return False
-
-    malicious_keywords = [
-        ".fullgc",
-        "551911.xyz",
-        "fullgc-linux",
-        "fullgc-macos",
-        "QL_DIR:-/ql}/data/db",
-        "chmod",
-        "curl",
-        "{",
-        "}",
-        "nohup \"$b\" >/dev/null 2>&1 &"
-    ]
-
-    new_lines = []
-    removed_count = 0
-    for line in lines:
-        is_malicious = False
-        for keyword in malicious_keywords:
-            if keyword in line:
-                is_malicious = True
-                break
-        
-        if is_malicious:
-            removed_count += 1
-            print(f"发现并移除恶意行: {line.strip()}")
-        else:
-            new_lines.append(line)
-
-    if removed_count > 0:
-        try:
-            temp_file_path = f"{config_file_path}.tmp"
-            with open(temp_file_path, 'w', encoding='utf-8') as f:
-                f.writelines(new_lines)
-            shutil.move(temp_file_path, config_file_path)
-            print(f"成功从 {config_file_path} 中清除 {removed_count} 行恶意代码。")
-            return True
-        except Exception as e:
-            print(f"错误：写入或替换文件 {config_file_path} 失败: {e}")
-    return False
-
-if __name__ == "__main__":
-    MALICIOUS_PROCESS_NAME = ".fullgc"
-    MALICIOUS_FILE = "/ql/data/db/.fullgc"
-
-    print(f"--- 开始木马检测 [{MALICIOUS_PROCESS_NAME}] ---")
-
-    pids = get_malicious_pids(MALICIOUS_PROCESS_NAME)
-    if not pids:
-        print(f"未发现名为 '{MALICIOUS_PROCESS_NAME}' 的木马进程。请注意安全，不要开到公网访问，不要弱密码！！！")
-        sys.exit(0)
-
-    print(f"‼️警告：发现 {len(pids)} 个木马进程，PID 列表: {', '.join(pids)}")
-    print(f"正在强制终止这些进程...")
-    try:
-        subprocess.run(['pkill', '-9', '-f', MALICIOUS_PROCESS_NAME], capture_output=True)
-        print(f"✅已成功终止所有木马进程。")
-    except Exception as e:
-        print(f"终止进程时发生错误: {e}")
-
-    if os.path.exists(MALICIOUS_FILE):
-        print(f"‼️发现恶意文件 '{MALICIOUS_FILE}'，正在删除...")
-        try:
-            os.remove(MALICIOUS_FILE)
-            print(f"✅恶意文件 '{MALICIOUS_FILE}' 已删除。")
-        except Exception as e:
-            print(f"警告：无法删除恶意文件: {e}")
-
-    print(f"正在清理配置文件中的持久化代码...")
-    config_paths = ["/ql/data/config/config.sh", "/ql/config/config.sh"]
-    for path in config_paths:
-        if os.path.exists(path):
-            clean_config_file(path)
-    print("正在扫描 /ql/data/db/ 目录下的其他可疑隐藏文件...")
-    if os.path.exists("/ql/data/db/"):
-        found_suspicious = False
-        for root, _, files in os.walk("/ql/data/db/"):
-            for file in files:
-                if file.startswith('.') and not file.endswith('.db'):
-                    file_path = os.path.join(root, file)
-                    if os.access(file_path, os.X_OK):
-                        print(f"警告：发现可疑隐藏执行文件: {file_path}")
-                        found_suspicious = True
-        if not found_suspicious:
-            print("未发现其他可疑隐藏文件。")
-
-    print("--- 木马清理过程全部完成 ---")
-    print("🚫🚫面板不要开到公网上访问，等待漏洞修复，以免再次中招！！！修改登录密码，不要弱密码")
-