Library
My library

+ Add to library

Contact us
24/7 Tech support | Rules regarding submitting

Send a message

Your tickets

Profile

Linux.Siggen.651

Added to the Dr.Web virus database: 2018-06-06

Virus description added:

Technical Information

Malicious functions:
Removes itself
Launches processes:
  • sh -c rm -rf /*
  • rm -rf /bin /boot /dev /etc /home /initrd.img /lib /lost+found /media /mnt /opt /proc /root /run /sbin /srv /sys /tmp /usr /var /vmlinuz
Performs operations with the file system:
Deletes folders:
  • /var/run/vpnfilterw
  • /var/run/vpnfilterm
  • /var/run/tord/hidden_ssh
  • /var/run/tord
  • /flash/nova/etc/init
  • /flash/nova/etc/loader
Deletes files:
  • /flash/.mikrotik.
  • /flash/mikrotik.o
  • /var/pckg/.mikrotik.
  • /var/pckg/mikrotik.o
  • /var/run/tor
  • /var/run/torrc
  • /var/run/vpnfilter
  • /var/run/vpn.pid
  • /var/run/vpn.tmp
  • /var/client.crt
  • /var/client.key
  • /var/client_ca.crt
  • /var/run/client.crt
  • /var/run/client.key
  • /var/run/client_ca.crt
  • /var/tmp/client.crt
  • /var/tmp/client.key
  • /var/tmp/client_ca.crt
  • /tmp/client.crt
  • /tmp/client.key
  • /tmp/client_ca.crt
  • /var/run/msvf.pid
  • /var/msvf.pid
  • /flash/nova/etc/devel-login
  • /var/run/vpnfilterm/htpx
  • /var/run/tord/hidden_ssh/hostname
  • /var/run/tord/hidden_ssh/private_key
  • /flash/nova/etc/init/security
  • /flash/nova/etc/loader/init.x3
  • /root/egrep
  • /root/netcat
  • /root/loadkeys
  • /root/unicode_start
  • /root/domainname
  • /root/rmdir
  • /root/fgconsole
  • /root/chmod
  • /root/tar
  • /root/hostname
  • /root/readlink
  • /root/chvt
  • /root/systemd-notify
  • /root/systemd-tty-ask-password-agent
  • /root/dmesg
  • /root/login
  • /root/journalctl
  • /root/zmore
  • /root/echo
  • /root/mktemp
  • /root/dumpkeys
  • /root/nisdomainname
  • /root/zforce
  • /root/less
  • /root/dd
  • /root/uname
  • /root/machinectl
  • /root/zegrep
  • /root/systemctl
  • /root/mountpoint
  • /root/bzmore
  • /root/ypdomainname
  • /root/bzdiff
  • /root/nano
  • /root/sync
  • /root/tempfile
  • /root/bzfgrep
  • /root/ping
  • /root/dnsdomainname
  • /root/zdiff
  • /root/systemd-inhibit
  • /root/chgrp
  • /root/ln
  • /root/grep
  • /root/open
  • /root/systemd-machine-id-setup
  • /root/which
  • /root/gzexe
  • /root/ip
  • /root/kbd_mode
  • /root/systemd-ask-password
  • /root/mknod
  • /root/lsblk
  • /root/zcmp
  • /root/mt
  • /root/uncompress
  • /root/lesspipe
  • /root/pwd
  • /root/systemd-escape
  • /root/umount
  • /root/bzip2recover
  • /root/bzexe
  • /root/fuser
  • /root/touch
  • /root/bash
  • /root/setupcon
  • /root/df
  • /root/lsmod
  • /root/bzegrep
  • /root/lesskey
  • /root/cat
  • /root/udevadm
  • /root/tailf
  • /root/rm
  • /root/bzcat
  • /root/cpio
  • /root/ss
  • /root/bunzip2
  • /root/mv
  • /root/kill
  • /root/netstat
  • /root/chacl
  • /root/ps
  • /root/busybox
  • /root/zless
  • /root/kmod
  • /root/rnano
  • /root/sh
  • /root/run-parts
  • /root/false
  • /root/gzip
  • /root/sh.distrib
  • /root/stty
  • /root/ping6
  • /root/loginctl
  • /root/sleep
  • /root/vdir
  • /root/cfgmtd
  • /root/date
  • /root/openvt
  • /root/lessecho
  • /root/cp
  • /root/zcat
  • /root/bzgrep
  • /root/dir
  • /root/nvram
  • /root/dash
  • /root/sed
  • /root/setfont
  • /root/gunzip
  • /root/znew
  • /root/nc
  • /root/mkdir
  • /root/more
  • /root/bzip2
  • /root/ls
  • /root/bzless
  • /root/chown
  • /root/zfgrep
  • /root/mount
  • /root/mt-gnu
  • /root/systemd-tmpfiles
  • /root/bzcmp
  • /root/getfacl
  • /root/setfacl
  • /root/systemd
  • /root/su
  • /root/nc.traditional
  • /root/fgrep
  • /root/pidof
  • /root/rbash
  • /root/zgrep
  • /root/lessfile
  • /root/true
  • /root/wdctl
  • /root/findmnt
  • /root/initrd.img-3.16.0-4-686-pae
  • /root/config-3.16.0-4-686-pae
  • /root/vmlinuz-3.16.0-4-686-pae
  • /root/System.map-3.16.0-4-686-pae
  • /root/grub.cfg
  • /root/unicode.pf2
  • /root/grubenv
  • /root/en@piglatin.mo
  • /root/sv.mo
  • /root/en@greek.mo
  • /root/pt_BR.mo
  • /root/pl.mo
  • /root/es.mo
  • /root/it.mo
  • /root/en@arabic.mo
  • /root/zh_CN.mo
  • /root/zh_TW.mo
  • /root/de_CH.mo
  • /root/sl.mo
  • /root/da.mo
  • /root/ja.mo
  • /root/lt.mo
  • /root/ru.mo
  • /root/pa.mo
  • /root/de.mo
  • /root/de@hebrew.mo
  • /root/id.mo
  • /root/en@hebrew.mo
  • /root/nl.mo
  • /root/ca.mo
  • /root/fr.mo
  • /root/gl.mo
  • /root/fi.mo
  • /root/eo.mo
  • /root/en@cyrillic.mo
  • /root/en@quot.mo
  • /root/tr.mo
  • /root/hu.mo
  • /root/uk.mo
  • /root/ast.mo
  • /root/vi.mo
  • /root/pata.mod
  • /root/play.mod
  • /root/relocator.mod
  • /root/gcry_arcfour.mod
  • /root/usbtest.mod
  • /root/ata.mod
  • /root/ufs2.mod
  • /root/crc64.mod
  • /root/terminfo.mod
  • /root/loopback.mod
  • /root/serial.mod
  • /root/part_acorn.mod
  • /root/part_dfly.mod
  • /root/procfs.mod
  • /root/video_fb.mod
  • /root/video_cirrus.mod
  • /root/trig.mod
  • /root/btrfs.mod
  • /root/command.lst
  • /root/part_bsd.mod
  • /root/video_bochs.mod
  • /root/ls.mod
  • /root/cryptodisk.mod
  • /root/sendkey.mod
  • /root/hwmatch.mod
  • /root/at_keyboard.mod
  • /root/terminal.mod
  • /root/time.mod
  • /root/test_blockarg.mod
  • /root/backtrace.mod
  • /root/mmap.mod
  • /root/loadenv.mod
  • /root/reboot.mod
  • /root/morse.mod
  • /root/crypto.lst
  • /root/lspci.mod
  • /root/cpuid.mod
  • /root/crypto.mod
  • /root/part_sun.mod
  • /root/uhci.mod
  • /root/gcry_rijndael.mod
  • /root/romfs.mod
  • /root/usb_keyboard.mod
  • /root/part_plan.mod
  • /root/part_dvh.mod
  • /root/scsi.mod
  • /root/multiboot2.mod
  • /root/gcry_idea.mod
  • /root/hexdump.mod
  • /root/video.mod
  • /root/true.mod
  • /root/moddep.lst
  • /root/tga.mod
  • /root/adler32.mod
  • /root/hashsum.mod
  • /root/bufio.mod
  • /root/cbmemc.mod
  • /root/affs.mod
  • /root/aout.mod
  • /root/vbe.mod
  • /root/lzopio.mod
  • /root/odc.mod
  • /root/extcmd.mod
  • /root/cat.mod
  • /root/gcry_md5.mod
  • /root/cpio.mod
  • /root/memrw.mod
  • /root/minix.mod
  • /root/minix_be.mod
  • /root/spkmodem.mod
  • /root/boot.mod
  • /root/drivemap.mod
  • /root/acpi.mod
  • /root/efiemu64.o
  • /root/ntfscomp.mod
  • /root/raid5rec.mod
  • /root/macho.mod
  • /root/sfs.mod
  • /root/gcry_sha256.mod
  • /root/fat.mod
  • /root/vga_text.mod
  • /root/lvm.mod
  • /root/pbkdf2.mod
  • /root/hfs.mod
  • /root/linux.mod
  • /root/ufs1.mod
  • /root/plan9.mod
  • /root/ohci.mod
  • /root/video.lst
  • /root/gcry_crc.mod
  • /root/core.img
  • /root/nativedisk.mod
  • /root/cbfs.mod
  • /root/bitmap.mod
  • /root/cbtable.mod
  • /root/raid6rec.mod
  • /root/gcry_rmd160.mod
  • /root/minix3_be.mod
  • /root/help.mod
  • /root/part_gpt.mod
  • /root/testload.mod
  • /root/date.mod
  • /root/modinfo.sh
  • /root/xzio.mod
  • /root/luks.mod
  • /root/pxe.mod
  • /root/div_test.mod
  • /root/password.mod
  • /root/geli.mod
  • /root/partmap.lst
  • /root/setpci.mod
  • /root/jpeg.mod
  • /root/disk.mod
  • /root/fs.lst
  • /root/progress.mod
  • /root/freedos.mod
  • /root/syslinuxcfg.mod
  • /root/gfxterm_background.mod
  • /root/legacycfg.mod
  • /root/boot.img
  • /root/multiboot.mod
  • /root/gcry_seed.mod
  • /root/video_colors.mod
  • /root/keylayouts.mod
  • /root/password_pbkdf2.mod
  • /root/xnu_uuid_test.mod
  • /root/normal.mod
  • /root/cpio_be.mod
  • /root/minicmd.mod
  • /root/gcry_tiger.mod
  • /root/hfsplus.mod
  • /root/videotest_checksum.mod
  • /root/915resolution.mod
  • /root/eval.mod
  • /root/efiemu.mod
  • /root/gcry_serpent.mod
  • /root/gcry_blowfish.mod
  • /root/usb.mod
  • /root/iso9660.mod
  • /root/pxechain.mod
  • /root/legacy_password_test.mod
  • /root/xfs.mod
  • /root/part_apple.mod
  • /root/zfs.mod
  • /root/file.mod
  • /root/configfile.mod
  • /root/png.mod
  • /root/mpi.mod
  • /root/iorw.mod
  • /root/hello.mod
  • /root/gfxterm.mod
  • /root/hdparm.mod
  • /root/truecrypt.mod
  • /root/elf.mod
  • /root/datetime.mod
  • /root/msdospart.mod
  • /root/minix2_be.mod
  • /root/chain.mod
  • /root/bitmap_scale.mod
  • /root/gcry_cast5.mod
  • /root/setjmp.mod
  • /root/blocklist.mod
  • /root/sleep.mod
  • /root/pci.mod
  • /root/hfspluscomp.mod
  • /root/ahci.mod
  • /root/mdraid09_be.mod
  • /root/reiserfs.mod
  • /root/afs.mod
  • /root/xnu_uuid.mod
  • /root/part_msdos.mod
  • /root/all_video.mod
  • /root/pcidump.mod
  • /root/gcry_sha1.mod
  • /root/videotest.mod
  • /root/tr.mod
  • /root/usbserial_pl2303.mod
  • /root/bfs.mod
  • /root/search_fs_file.mod
  • /root/mdraid1x.mod
  • /root/usbserial_common.mod
  • /root/search.mod
  • /root/tftp.mod
  • /root/linux16.mod
  • /root/diskfilter.mod
  • /root/gcry_sha512.mod
  • /root/squash4.mod
  • /root/cs5536.mod
  • /root/http.mod
  • /root/search_fs_uuid.mod
  • /root/gptsync.mod
  • /root/ext2.mod
  • /root/cmp.mod
  • /root/dm_nv.mod
  • /root/signature_test.mod
  • /root/cmosdump.mod
  • /root/memdisk.mod
  • /root/zfscrypt.mod
  • /root/offsetio.mod
  • /root/parttool.mod
  • /root/echo.mod
  • /root/gcry_whirlpool.mod
  • /root/gcry_camellia.mod
  • /root/gcry_rsa.mod
  • /root/search_label.mod
  • /root/lsapm.mod
  • /root/mdraid09.mod
  • /root/usbms.mod
  • /root/part_amiga.mod
  • /root/gfxterm_menu.mod
  • /root/keystatus.mod
  • /root/cbtime.mod
  • /root/priority_queue.mod
  • /root/cmdline_cat_test.mod
  • /root/newc.mod
  • /root/ldm.mod
  • /root/datehook.mod
  • /root/nilfs2.mod
  • /root/gettext.mod
  • /root/parttool.lst
  • /root/pbkdf2_test.mod
  • /root/font.mod
  • /root/efiemu32.o
  • /root/cbls.mod
  • /root/exfat.mod
  • /root/lsacpi.mod
  • /root/usbserial_ftdi.mod
  • /root/minix2.mod
  • /root/vga.mod
  • /root/gfxmenu.mod
  • /root/videoinfo.mod
  • /root/terminal.lst
  • /root/bsd.mod
  • /root/functional_test.mod
  • /root/testspeed.mod
  • /root/ehci.mod
  • /root/gcry_dsa.mod
  • /root/setjmp_test.mod
  • /root/part_sunpc.mod
  • /root/macbless.mod
  • /root/gcry_rfc2268.mod
  • /root/gdb.mod
  • /root/archelp.mod
  • /root/lsmmap.mod
  • /root/ntldr.mod
  • /root/jfs.mod
  • /root/xnu.mod
  • /root/verify.mod
  • /root/gcry_twofish.mod
  • /root/fshelp.mod
  • /root/regexp.mod
  • /root/test.mod
  • /root/udf.mod
  • /root/ufs1_be.mod
  • /root/zfsinfo.mod
  • /root/exfctest.mod
  • /root/net.mod
  • /root/gcry_md4.mod
  • /root/read.mod
  • /root/ntfs.mod
  • /root/usbserial_usbdebug.mod
  • /root/minix3.mod
  • /root/halt.mod
  • /root/gzio.mod
  • /root/gcry_des.mod
  • /root/cmostest.mod
  • /root/mda_text.mod
  • /root/sleep_test.mod
  • /root/biosdisk.mod
  • /root/probe.mod
  • /root/tar.mod
  • /root/vcsa6
  • /root/vcs6
  • /root/vcsa5
  • /root/vcs5
  • /root/vcsa4
  • /root/vcs4
  • /root/vcsa3
  • /root/vcs3
  • /root/vcsa2
  • /root/vcs2
  • /root/parport0
  • /root/dvd
  • /root/cdrom
  • /root/fb0
  • /root/card0
  • /root/controlD64
  • /root/xconsole
  • /root/seq
  • /root/timer
  • /root/vhost-net
  • /root/uhid
  • /root/vhci
  • /root/control
  • /root/uinput
  • /root/ppp
  • /root/tun
  • /root/loop-control
  • /root/btrfs-control
  • /root/cuse
  • /root/fuse
  • /root/log
  • /root/initctl
  • /root/autofs
  • /root/41731a16-0198-479b-ad40-1108084881c2
  • /root/5cccb240-9385-4f5e-8411-74b965499bbf
  • /root/ata-QEMU_HARDDISK_QM00001-part5
  • /root/ata-QEMU_HARDDISK_QM00001-part1
  • /root/ata-QEMU_HARDDISK_QM00001-part2
  • /root/ata-QEMU_HARDDISK_QM00001
  • /root/ata-QEMU_DVD-ROM_QM00003
  • /root/sda5
  • /root/sda2
  • /root/sda1
  • /root/sg1
  • /root/sg0
  • /root/sda
  • /root/sr0
  • /root/1:0:0:0
  • /root/0:0:0:0
  • /root/8:5
  • /root/8:1
  • /root/8:2
  • /root/8:0
  • /root/11:0
  • /root/2:0
  • /root/rtc
  • /root/7:134
  • /root/7:6
  • /root/7:133
  • /root/7:5
  • /root/7:132
  • /root/7:4
  • /root/7:131
  • /root/7:3
  • /root/7:130
  • /root/7:2
  • /root/13:32
  • /root/13:67
  • /root/99:0
  • /root/226:0
  • /root/226:64
  • /root/13:64
  • /root/29:0
  • /root/13:65
  • /root/ptmx
  • /root/network_throughput
  • /root/network_latency
  • /root/cpu_dma_latency
  • /root/rtc0
  • /root/psaux

Curing recommendations


Linux

After booting up, run a full scan of all disk partitions with Dr.Web Anti-virus for Linux.

Free trial

One month (no registration) or three months (registration and renewal discount)

Download Dr.Web

Download by serial number