My library

+ Add to library

Contact us
24/7 Tech support | Rules regarding submitting

Send a message

Your tickets



Added to the Dr.Web virus database: 2018-04-17

Virus description added:

Technical Information

Malicious functions:
Launches processes:
  • /bin/bash <SAMPLE_FULL_PATH> -c exec '<SAMPLE_FULL_PATH>' \"$@\" <SAMPLE_FULL_PATH>
  • /bin/bash <SAMPLE_FULL_PATH> -c
  • chmod 777 xinet NetworkAdapter
  • rm -rf output
  • sed -i s/\r// xinet
  • nohup /usr/sbin/NetworkAdapter --no-daemon
  • /usr/sbin/NetworkAdapter --no-daemon
  • nohup /usr/sbin/xinet -stayalive -pidfile /var/run/
  • /usr/sbin/xinet -stayalive -pidfile /var/run/
  • rm -rf output /usr/sbin/output
  • basename <SAMPLE_FULL_PATH>
Performs operations with the file system:
Creates or modifies files:
  • /usr/sbin"/output
  • /usr/sbin/output
  • /root/.bashrc
Deletes files:
  • /usr/sbin"/output"
  • /usr/sbin/output"
Collects RAM information

Curing recommendations


After booting up, run a full scan of all disk partitions with Dr.Web Anti-virus for Linux.

Free trial

One month (no registration) or three months (registration and renewal discount)

Download Dr.Web

Download by serial number