FOR CUSTOMERS

My library

+ Add to library

Search

24/7 Tech support | Rules regarding submitting

Send a message

Call us

+7 (495) 789-45-86

Forum

Your tickets

Total: -
Active: -
Latest: -

Call us

+7 (495) 789-45-86

EN

RU CN DE EN ES FR IT JP KZ UZ PL BY

Support services

Dr.Web vxCube

Sign in to Dr.Web vxCube

VCI investigations

Virus library

Knowledge base

Technologies

Terminology

Training and education

Myths

Myths about anti-viruses

Linux.Packed.47

Added to the Dr.Web virus database: 2018-01-29

Virus description added: 2018-01-29

Technical Information

Malicious functions:

Launches itself as a daemon

Modifies router settings:

/bin/nvram

Launches processes:

sh -c echo \"nameserver 8.8.8.8\" > /etc/resolv.conf &
sh -c /bin/uname -n
sh -c nvram get router_name
/bin/uname -n

Performs operations with the file system:

Creates or modifies files:

/etc/resolv.conf

Network activity:

Awaits incoming connections on ports:

127.0.0.1:35226

Connects to the following servers over the IRC protocol:

Server: 14#.#6.102.30; Command: NICK x86|x|0|598889|unknown\nUSER op localhost localhost :...\n
Server: 14#.#6.102.30; Command: PONG :FCB027DE\n
Server: 14#.#6.102.30; Command: NICK x86|x|0|598889|unknown\n
Server: 14#.#6.102.30; Command: MODE x86|x|0|598889|unknown -xi\n
Server: 14#.#6.102.30; Command: JOIN #pruebass :777\n

Other:

Collects OS information

Curing recommendations

Linux

After booting up, run a full scan of all disk partitions with Dr.Web Anti-virus for Linux.

One month (no registration) or three months (registration and renewal discount)

Download Dr.Web

Download by serial number