FOR CUSTOMERS

Library
My library

+ Add to library

Contact us
24/7 Tech support | Rules regarding submitting

Send a message

Your tickets

Profile

Linux.Siggen.1209

Added to the Dr.Web virus database: 2018-10-20

Virus description added:

Technical Information

Malicious functions:
Removes itself
Substitutes application name for:
  • s79s2s11f
Launches processes:
  • sh -c rm -rf /tmp/* /var/* /var/run/* /var/tmp/*
  • rm -rf /tmp/* /var/backups /var/cache /var/lib /var/local /var/lock /var/log /var/mail /var/opt /var/run /var/spool /var/tmp /var/run/atd.pid /var/run/crond.pid /var/run/crond.reboot /var/run/dbus /var/run/dhclient.eth0.pid /var/run/exim4 /var/run/initctl /var/run/lock /var/run/log /var/run/mount /var/run/network /var/run/rpc.statd.pid /var/run/rpc_pipefs /var/run/rpcbind /var/run/rpcbind.lock /var/run/rpcbind.pid /var/run/rpcbind.sock /var/run/rsyslogd.pid /var/run/sendsigs.omit.d /var/run/shm /var/run/sm-notify.pid /var/run/sshd /var/run/sshd.pid /var/run/systemd /var/run/tmpfiles.d /var/run/udev /var/run/user /var/run/utmp /var/tmp/*
Performs operations with the file system:
Deletes files:
  • /tmp/*
  • /srcpkgcache.bin
  • /pkgcache.bin
  • /libssl1.0.0_1.0.1t-1+deb8u5_mips.deb
  • /libmpfr4_3.1.2-2_mips.deb
  • /python2.7-minimal_2.7.9-2+deb8u1_mips.deb
  • /libssl-dev_1.0.1t-1+deb8u5_mips.deb
  • /python-dev_2.7.9-1_mips.deb
  • /python2.7_2.7.9-2+deb8u1_mips.deb
  • /libpython2.7_2.7.9-2+deb8u1_mips.deb
  • /libc-dev-bin_2.19-18+deb8u3_mips.deb
  • /libc6-dev_2.19-18+deb8u3_mips.deb
  • /zlib1g-dev_1%3a1.2.8.dfsg-2+b1_mips.deb
  • /libexpat1_2.1.0-6+deb8u3_mips.deb
  • /libisl10_0.12.2-2_mips.deb
  • /g++_4%3a4.9.2-2_mips.deb
  • /gcc-4.8_4.8.4-1_mips.deb
  • /libpython-dev_2.7.9-1_mips.deb
  • /linux-headers-3.16.0-4-4kc-malta_3.16.7-ckt20-1+deb8u3_mips.deb
  • /python2.7-dev_2.7.9-2+deb8u1_mips.deb
  • /dpkg-dev_1.17.26_all.deb
  • /libpython2.7-dev_2.7.9-2+deb8u1_mips.deb
  • /libpython2.7-minimal_2.7.9-2+deb8u1_mips.deb
  • /cpp-4.8_4.8.4-1_mips.deb
  • /manpages-dev_3.74-1_all.deb
  • /gcc_4%3a4.9.2-2_mips.deb
  • /libstdc++-4.9-dev_4.9.2-10_mips.deb
  • /libalgorithm-diff-xs-perl_0.04-3+b1_mips.deb
  • /linux-libc-dev_3.16.7-ckt20-1+deb8u3_mips.deb
  • /lock
  • /libfile-fcntllock-perl_0.22-1+b1_mips.deb
  • /libfakeroot_1.20.2-1_mips.deb
  • /cpp-4.9_4.9.2-10_mips.deb
  • /build-essential_11.7_mips.deb
  • /cpp_4%3a4.9.2-2_mips.deb
  • /linux-headers-3.16.0-4-common_3.16.7-ckt20-1+deb8u3_mips.deb
  • /linux-kbuild-3.16_3.16.7-ckt20-1_mips.deb
  • /libssl-doc_1.0.1t-1+deb8u5_all.deb
  • /make_4.0-8.1_mips.deb
  • /libexpat1-dev_2.1.0-6+deb8u3_mips.deb
  • /gcc-4.9_4.9.2-10_mips.deb
  • /libcloog-isl4_0.18.2-1+b2_mips.deb
  • /libdpkg-perl_1.17.26_all.deb
  • /libgomp1_4.9.2-10_mips.deb
  • /libatomic1_4.9.2-10_mips.deb
  • /libpython2.7-stdlib_2.7.9-2+deb8u1_mips.deb
  • /libgcc-4.8-dev_4.8.4-1_mips.deb
  • /libalgorithm-merge-perl_0.08-2_all.deb
  • /binutils_2.25-5_mips.deb
  • /libgcc-4.9-dev_4.9.2-10_mips.deb
  • /fakeroot_1.20.2-1_mips.deb
  • /g++-4.9_4.9.2-10_mips.deb
  • /libalgorithm-diff-perl_1.19.02-3_all.deb
  • /libmpc3_1.0.2-1_mips.deb
  • /hunspell.db
  • /ispell-dicts-list.txt
  • /jed-ispell-dicts.sl
  • /wordlist-default
  • /ispell.db
  • /ispell-default
  • /emacsen-ispell-dicts.el
  • /aspell.db
  • /sqspell.php
  • /wordlist.db
  • /emacsen-ispell-default.el
  • /index.db
  • /CACHEDIR.TAG
  • /templates.dat
  • /config.dat
  • /config.dat-old
  • /templates.dat-old
  • /passwords.dat
  • /aux-cache
  • /f06766f883c12b9298ca893082d31aea-be32d8.cache-4
  • /910726c8ef460ef39ce8f05e32ab3996-be32d8.cache-4
  • /e48ff2ab1dbaaa018303ba3fdc970657-be32d8.cache-4
  • /a05d7f1ef0bc433f2a2d30111abdc3d0-be32d8.cache-4
  • /state
  • /ftp.ru.debian.org_debian_dists_jessie-updates_main_i18n_Translation-en.IndexDiff
  • /ftp.ru.debian.org_debian_dists_jessie_main_binary-mips_Packages
  • /security.debian.org_dists_jessie_updates_InRelease
  • /ftp.ru.debian.org_debian_dists_jessie_main_source_Sources
  • /ftp.ru.debian.org_debian_dists_jessie-updates_InRelease
  • /ftp.ru.debian.org_debian_dists_jessie_Release.gpg
  • /ftp.ru.debian.org_debian_dists_jessie_main_i18n_Translation-en
  • /ftp.ru.debian.org_debian_dists_jessie-updates_main_binary-mips_Packages
  • /ftp.ru.debian.org_debian_dists_jessie-updates_main_source_Sources
  • /security.debian.org_dists_jessie_updates_main_i18n_Translation-en
  • /ftp.ru.debian.org_debian_dists_jessie-updates_main_i18n_Translation-en
  • /ftp.ru.debian.org_debian_dists_jessie-updates_main_binary-mips_Packages.IndexDiff
  • /security.debian.org_dists_jessie_updates_main_source_Sources
  • /security.debian.org_dists_jessie_updates_main_binary-mips_Packages
  • /ftp.ru.debian.org_debian_dists_jessie_Release
  • /extended_states
  • /listchanges.db
  • /wamerican
  • /ibritish
  • /iamerican
  • /random-seed
  • /session-noninteractive
  • /password
  • /seen
  • /auth
  • /account
  • /session
  • /usb.ids
  • /update-initramfs
  • /Unincorp
  • /update-default-wordlist
  • /File
  • /pysupport
  • /update-ca-certificates
  • /aspell-autobuildhash
  • /Lock
  • /update-default-ispell
  • /ldconfig
  • /ispell-autobuildhash
  • /update-ca-certificates-fresh
  • /statoverride
  • /available
  • /status-old
  • /status
  • /diversions
  • /diversions-old
  • /python-apt.list
  • /man-db.list
  • /ucf.templates
  • /liblzma5:mips.shlibs
  • /libtinfo5:mips.list
  • /libtokyocabinet9:mips.shlibs
  • /libgdbm3:mips.shlibs
  • /libgtk2.0-0:mips.triggers
Network activity:
Establishes connection:
  • 8.#.8.8:53
  • 15#.##.34.227:252
Sends data to the following servers:
  • 15#.##.34.227:252

Curing recommendations


Linux

After booting up, run a full scan of all disk partitions with Dr.Web Anti-virus for Linux.

Free trial

One month (no registration) or three months (registration and renewal discount)

Download Dr.Web

Download by serial number

Dr.Web © Doctor Web
2003 — 2022

Doctor Web is a Russian cybersecurity company focused on threat detection, prevention and response technologies.