I have a process named "stealth" that has infected my server (slamming my CPU) and I can't figure out where it is to remove it for good. Everytime I kill the process it somehow starts itself again…
ps -ef | grep stealth gives me this:
But I have no idea where ./stealth would be since it's a relative path?
Also when I try using locate or find, I get nothing.
Any ideas how I can find and remove this process?
Best Answer
If I’m not mistaken,
ls -l /proc/11377/exewill tell you where the file is located. Removing it might be a whole other matter though.