FOR CUSTOMERS

Close

My library

+ Add to library

24/7 Tech support | Rules regarding submitting

Send a message

A query form

Call us

+7 (495) 789-45-86

Forum

Your tickets

Total: -
Active: -
Latest: -

New ticket

Call us

+7 (495) 789-45-86

RU CN DE EN ES FR IT JP KZ UZ PL BY

Close

Support services

Scanners

Dr.Web vxCube

Trial

VCI investigations

Virus library

Knowledge base

Technologies

Terminology

Training and education

Myths

Myths about anti-viruses

News

Linux.Packed.303

Added to the Dr.Web virus database: 2019-02-07

Virus description added: 2019-02-07

Technical Information

Malicious functions:

Launches itself as a daemon

Substitutes application name for:

hinc
vrye
sdxh
jelj

Launches processes:

sh -c /usr/bin/mand vrye
/usr/bin/mand vrye
sh -c /root/esmg sdxh
/root/esmg sdxh
sh -c /root/jelj jelj
/root/jelj jelj

Kills system processes:

sshd

Kills the following processes:

atd
bash
(sd-pam)

Performs operations with the file system:

Modifies file access rights:

/usr/bin/mand
/root/esmg
/root/jelj
/bin/bash
/usr/bin/wget
/usr/bin/python3.4
/usr/bin/python2.7
/usr/bin/perl
/bin/echo

Creates or modifies files:

/usr/bin/mand
/root/esmg
/root/p
/root/jelj

Deletes files:

/usr/bin/mand
/root/esmg
/root/p

Network activity:

HTTP GET requests:

18#.###.169.6/jp/sds
18#.###.169.6/jp/jpp
18#.###.169.6/jp/nvn

Curing recommendations

Linux

After booting up, run a full scan of all disk partitions with Dr.Web Anti-virus for Linux.

Free trial

One month (no registration) or three months (registration and renewal discount)

Download Dr.Web

Download by serial number