[SOLVED] How to kill Unix processes that keep restarting!

Amazon On my Linux Ubuntu machine I noticed it was running many processes started by a strange user called ftp_user and the program's name and parameters was ./bssh 22 500. They were causing my Digital Ocean to complain that my droplet is attacking other hosts. So I had to shut down these rogue processes. Read on to see exactly how to kill the Unix process that keeps restarting endlessly.

Here's what "ps aux | grep ftp_test" looks like:

ftp_test 21967 0.0 0.1 2684 676 ? S 13:17 0:00 ./bssh 22 500
ftp_test 22248 0.0 0.1 2684 676 ? S 13:17 0:00 ./bssh 22 500

I tried the following command in vain:

sudo kill -9 21967 && sudo userdel ftp_test

The console keeps saying "userdel: user ftp_test is currently used by process xxx" because as soon as I killed one process, the next one immediately re-spawned.

I use "ps aux | grep ftp_test | wc -l" to find out that there's over 500 of such processes! Definitely virus if you ask me.

So what's the Unix command that removes the unwanted Unix processes and keeps them from re-spawning?

Solution

Log in as root. The Unix command that kills the Unix processes that keep restarting is this, assuming the user is ftp_test:

pgrep -U ftp_test | xargs kill -9

This command deletes all processes owned by ftp_test. Then, you do the following command to remove ftp_test from your user list:

userdel ftp_test

Your virus processes should have been removed. Questions? Let me know!