JavaScript support is required for our site to be fully operational in your browser.
Linux.Siggen.1394
Added to the Dr.Web virus database:
2019-02-06
Virus description added:
2019-02-06
Technical Information
Malicious functions:
Removes itself
Substitutes application name for:
Modifies firewall settings:
Manages services:
systemctl daemon-reload
systemctl enable systemd-hwdb-upgrade.service
Launches processes:
/tmp/tmpFAJDao
/proc/self/exe /sbin/rpcbind -w
sh -c systemctl daemon-reload &>/dev/null
sh -c systemctl enable systemd-hwdb-upgrade.service &>/dev/null
sh -c /sbin/iptables -S
Performs operations with the file system:
Modifies file access rights:
/tmp/tmpFAJDao
/etc/iproute2/rt_ksfield
/usr/lib/libXxf86dag.so.1.0.0
Creates symlinks:
Creates or modifies files:
/tmp/tmpFAJDao
/tmp/.X11-unix/Xa
/etc/iproute2/rt_ksfield
/lib/systemd/system/systemd-hwdb-upgrade.service
Network activity:
Awaits incoming connections on ports:
HTTP GET requests:
10#.##.###.###########y/uploadxx/1461C493-38BF-4E72-B118-BE35839A8914/image2.jpg
Sends data to the following servers:
21#.##.211.108:51709
21#.###.128.168:53994
16#.##4.87.53:35167
12#.##0.43.45:49252
Curing recommendations
Linux
Free trial
One month (no registration) or three months (registration and renewal discount)
By continuing to use this website, you are consenting to Doctor Web’s use of cookies and other technologies related to the collection of visitor statistics. Learn more
OK