JavaScript support is required for our site to be fully operational in your browser.
Linux.BackDoor.Fgt.1386
Added to the Dr.Web virus database:
2018-08-07
Virus description added:
2018-08-07
Technical Information
Malicious functions:
Removes itself
Substitutes application name for:
Launches processes:
sh -c rm -rf /tmp/* /var/* /var/run/* /var/tmp/*
rm -rf /tmp/* /var/backups /var/cache /var/lib /var/local /var/lock /var/log /var/mail /var/opt /var/run /var/spool /var/tmp /var/run/acpid.pid /var/run/acpid.socket /var/run/atd.pid /var/run/crond.pid /var/run/crond.reboot /var/run/dbus /var/run/dhclient.eth0.pid /var/run/exim4 /var/run/initctl /var/run/initramfs /var/run/lock /var/run/log /var/run/mount /var/run/network /var/run/rpc.statd.pid /var/run/rpc_pipefs /var/run/rpcbind /var/run/rpcbind.lock /var/run/rpcbind.pid /var/run/rpcbind.sock /var/run/rsyslogd.pid /var/run/sendsigs.omit.d /var/run/shm /var/run/sm-notify.pid /var/run/sshd /var/run/sshd.pid /var/run/systemd /var/run/tmpfiles.d /var/run/udev /var/run/user /var/run/utmp /var/tmp/*
Network activity:
Establishes connection:
8.#.8.8:53
15#.##.136.66:50
Sends data to the following servers:
Curing recommendations
Linux
Free trial
One month (no registration) or three months (registration and renewal discount)
Download Dr.Web for Android
Free three-month trial
All protection features available
Renew your trial license in AppGallery/on Google Pay
By continuing to use this website, you are consenting to Doctor Web’s use of cookies and other technologies related to the collection of visitor statistics. Learn more
OK