My library

+ Add to library

Contact us
24/7 Tech support | Rules regarding submitting

Send a message

Your tickets



Added to the Dr.Web virus database: 2018-01-29

Virus description added:

Technical Information

Malicious functions:
Launches itself as a daemon
Modifies router settings:
  • /bin/nvram
Launches processes:
  • sh -c echo \"nameserver\" > /etc/resolv.conf &
  • sh -c /bin/uname -n
  • sh -c nvram get router_name
  • /bin/uname -n
Performs operations with the file system:
Creates or modifies files:
  • /etc/resolv.conf
Network activity:
Awaits incoming connections on ports:
Connects to the following servers over the IRC protocol:
  • Server: 14#.#6.102.30; Command: NICK x86|x|0|598889|unknown\nUSER op localhost localhost :...\n
  • Server: 14#.#6.102.30; Command: PONG :FCB027DE\n
  • Server: 14#.#6.102.30; Command: NICK x86|x|0|598889|unknown\n
  • Server: 14#.#6.102.30; Command: MODE x86|x|0|598889|unknown -xi\n
  • Server: 14#.#6.102.30; Command: JOIN #pruebass :777\n
Collects OS information

Curing recommendations


After booting up, run a full scan of all disk partitions with Dr.Web Anti-virus for Linux.

Free trial

One month (no registration) or three months (registration and renewal discount)

Download Dr.Web

Download by serial number