Library
My library

+ Add to library

Contact us
24/7 Tech support | Rules regarding submitting

Send a message

Your tickets

Profile

Linux.Packed.898

Added to the Dr.Web virus database: 2020-08-27

Virus description added:

Technical Information

Malicious functions:
Substitutes application name for:
  • QThread
Launches processes:
  • sh -c ps -ef | grep hpsum_service_x86 | grep -v grep | tr -s \" \" | cut -d \ -f 8 > /tmp/browseProc
  • ps -ef
  • grep -v grep
  • grep hpsum_service_x86
  • tr -s
  • cut -d -f 8
  • sh -c ps -ef | grep hpsum_service_x64 | grep -v grep | tr -s \" \" | cut -d \ -f 8 > /tmp/browseProc
  • grep hpsum_service_x64
  • sh -c ps -ef | grep SourceClient | grep -v grep | tr -s \" \" | cut -d \ -f 8 > /tmp/browseProc
  • grep SourceClient
  • sh -c which ip 1>&- 2>&-
  • which ip
Performs operations with the file system:
Modifies file access rights:
  • /tmp/HPSUM/7_2_0_0/hpsum.pdb
  • /tmp/HPSUM/hapi
  • /tmp/HPSUM/hpsum.ini
Creates folders:
  • /tmp/HPSUM
  • /var/hp
  • /var/hp/log
  • /tmp/HPSUM/7_2_0_0
  • /tmp/HPSUM/Recipes
Creates or modifies files:
  • /tmp/browseProc
  • /var/hp/log/hpsum_execution_log_08-26-2020_21-15-24.raw
  • /tmp/HPSUM/engine.log
  • /var/hp/log/RunRecord0_0_0_0
  • /tmp/HPSUM/7_2_0_0/hpsum.pdb
  • /tmp/HPSUM/7_2_0_0/hpsum.pdb-journal
  • /tmp/HPSUM/7_2_0_0/hpsum.pdb-wal
  • /tmp/HPSUM/7_2_0_0/hpsum.pdb-shm
  • /var/tmp/etilqs_Cn9ItgSrdAhVaxh
  • /var/tmp/etilqs_Cn9ItgSrdAhVaxh (deleted)
  • /var/tmp/etilqs_QgoNVW0JIeLvpjG
  • /var/tmp/etilqs_QgoNVW0JIeLvpjG (deleted)
  • /var/tmp/etilqs_GiYrgkvKFgiOIw0
  • /var/tmp/etilqs_GiYrgkvKFgiOIw0 (deleted)
  • /var/tmp/etilqs_j3ujgiEcL0srtpg
  • /var/tmp/etilqs_j3ujgiEcL0srtpg (deleted)
  • /var/tmp/etilqs_NHWzR2lOyexi8cT
  • /var/tmp/etilqs_NHWzR2lOyexi8cT (deleted)
  • /var/tmp/etilqs_DJKQGyNPjmnhFas
  • /var/tmp/etilqs_DJKQGyNPjmnhFas (deleted)
  • /var/tmp/etilqs_4JVVPN24ypdTSyC
  • /var/tmp/etilqs_4JVVPN24ypdTSyC (deleted)
  • /var/tmp/etilqs_stBh1ytOoo1eozL
  • /var/tmp/etilqs_stBh1ytOoo1eozL (deleted)
  • /var/tmp/etilqs_vHQnPFAcTEJ63h5
  • /var/tmp/etilqs_vHQnPFAcTEJ63h5 (deleted)
  • /var/tmp/etilqs_laYXTBxpDfInRoL
  • /var/tmp/etilqs_laYXTBxpDfInRoL (deleted)
  • /var/tmp/etilqs_Pexz6Vv0wjgkiWK
  • /var/tmp/etilqs_Pexz6Vv0wjgkiWK (deleted)
  • /tmp/HPSUM/database.log
  • /tmp/HPSUM/qt_temp.MTJ687
  • /tmp/HPSUM/ftpserverIPv4.log
  • /tmp/HPSUM/ftpserverIPv6.log
  • /tmp/HPSUM/MasterDependency.log
  • /tmp/HPSUM/hpsum.ini.LhX687
  • /tmp/HPSUM/hpsum.ini
Deletes files:
  • /tmp/browseProc
  • /tmp/HPSUM/7_2_0_0/hpsum.pdb-wal
  • /tmp/HPSUM/7_2_0_0/hpsum.pdb-journal
  • /var/tmp/etilqs_Cn9ItgSrdAhVaxh
  • /var/tmp/etilqs_QgoNVW0JIeLvpjG
  • /var/tmp/etilqs_GiYrgkvKFgiOIw0
  • /var/tmp/etilqs_j3ujgiEcL0srtpg
  • /var/tmp/etilqs_NHWzR2lOyexi8cT
  • /var/tmp/etilqs_DJKQGyNPjmnhFas
  • /var/tmp/etilqs_4JVVPN24ypdTSyC
  • /var/tmp/etilqs_stBh1ytOoo1eozL
  • /var/tmp/etilqs_vHQnPFAcTEJ63h5
  • /var/tmp/etilqs_laYXTBxpDfInRoL
  • /var/tmp/etilqs_Pexz6Vv0wjgkiWK
  • /tmp/HPSUM/hapi
  • /tmp/HPSUM/hpsum.ini.LhX687
Other:
Collects CPU information
Collects RAM information
Collects information about network activity

Curing recommendations


Linux

After booting up, run a full scan of all disk partitions with Dr.Web Anti-virus for Linux.

Free trial

One month (no registration) or three months (registration and renewal discount)

Download Dr.Web

Download by serial number