Windows system users may find some unusual processes in the task manager. Names of such processes generally do not conform to English grammar conventions or naming conventions of computers, or carry the characteristics of random character strings:
- The process name does not conform to English spelling conventions, such as eeosec.exe.
- The process name is composed of numbers, such as 117466363.exe.
- The process name is random to some extent, such as lkdhpec.exe.
- The process name carries obvious characteristics of Chinese expressions, such as SB360.exe and caonima.exe.
If you are using a Linux system, you can check whether the /usr/bin/dpkgd directory contains ps, ss, lsof, and netstat files.
If any of the preceding cases exists, we can assume that the user machine is hacked and embedded with Trojans. We recommend that you submit a ticket to contact Alibaba Cloud security experts for an all-round security check on the server.
Note: Snapshot rollback does not fundamentally solve the problem, because the vulnerability remains and hackers are still likely to exploit the vulnerability again to intrude into the machine.