Library
My library

+ Add to library

Contact us
24/7 Tech support | Rules regarding submitting

Send a message

Your tickets

Profile

Linux.BackDoor.Fgt.2056

Added to the Dr.Web virus database: 2019-03-06

Virus description added:

Technical Information

Malicious functions:
Launches itself as a daemon
Substitutes application name for:
  • sshd
Modifies firewall settings:
  • iptables -F
Launches processes:
  • /bin/sh -c rm -rf /tmp/*
  • rm -rf /tmp/*
  • /bin/sh -c iptables -F
  • /bin/sh -c echo \"kohanV3 just hit the wip nae nae on them niggas\" >> /tmp/README
Performs operations with the file system:
Creates or modifies files:
  • /tmp/README
Deletes files:
  • /tmp/*
Network activity:
Establishes connection:
  • 8.#.8.8:53
  • 10#.##1.134.30:9532

Curing recommendations


Linux

After booting up, run a full scan of all disk partitions with Dr.Web Anti-virus for Linux.

Free trial

One month (no registration) or three months (registration and renewal discount)

Download Dr.Web

Download by serial number