ユーザー向け情報

閉じる

マイライブラリ
マイライブラリ

+ マイライブラリに追加

検索
検索

電話
テクニカルサポート利用方法

問い合わせ

新規お問い合わせ

電話(英語)

+7 (495) 789-45-86

フォーラム(英語)

お問い合わせ履歴

新規お問い合わせ

電話(英語)

+7 (495) 789-45-86

Profile

JP

RU CN DE EN ES FR IT JP KZ UZ PL BY
閉じる
サービス
スキャナー
Dr.Web vxCube
トライアル
ウイルスライブラリ
ナレッジベース

テクノロジー

用語

トレーニングコースおよび啓蒙プロジェクト

アンチウイルスに関する誤解と噂

ニュース

Linux.Packed.625

Added to the Dr.Web virus database: 2019-10-04

Virus description added:

Technical Information

To ensure autorun and distribution:
Creates or modifies the following files:
  • /var/spool/cron/crontabs/root
Malicious functions:
Removes itself
Launches processes:
  • sh -c ps aux | grep -v grep | grep -v '/sbin/opendkim' | grep 'opendkim' | awk '{print $2}' | xargs kill -9 > /dev/null 2>&1
  • ps aux
  • grep -v grep
  • grep -v /sbin/opendkim
  • grep opendkim
  • awk {print $2}
  • xargs kill -9
  • kill -9
  • sh -c ps aux | grep -v grep | grep -v '/opt/zimbra/libexec/zmmailboxdmgr' | grep 'zmmailboxdmgr' | awk '{print $2}' | xargs kill -9 > /dev/null 2>&1
  • grep -v /opt/zimbra/libexec/zmmailboxdmgr
  • grep zmmailboxdmgr
  • sh -c ps aux | grep -v grep | grep '/opt/zimbra/bin/zmgsaupdate' | awk '{print $2}' | xargs kill -9 > /dev/null 2>&1
  • grep /opt/zimbra/bin/zmgsaupdate
  • sh -c ps aux | grep -v grep | grep '/opt/zimbra/bin/zmqueuelog' | awk '{print $2}' | xargs kill -9 > /dev/null 2>&1
  • grep /opt/zimbra/bin/zmqueuelog
  • sh -c ps aux | grep -v grep | grep '/opt/zimbra/libexec/zmmysqlstatus' | awk '{print $2}' | xargs kill -9 > /dev/null 2>&1
  • grep /opt/zimbra/libexec/zmmysqlstatus
  • sh -c ps aux | grep -v grep | grep '/opt/zimbra/libexec/zmgsaupdate' | awk '{print $2}' | xargs kill -9 > /dev/null 2>&1
  • grep /opt/zimbra/libexec/zmgsaupdate
  • sh -c ps aux | grep -v grep | grep '/opt/zimbra/libexec/zmcertmgr' | awk '{print $2}' | xargs kill -9 > /dev/null 2>&1
  • grep /opt/zimbra/libexec/zmcertmgr
  • sh -c ps aux | grep -v grep | grep '/opt/zimbra/libexec/zmconfigdctl' | awk '{print $2}' | xargs kill -9 > /dev/null 2>&1
  • grep /opt/zimbra/libexec/zmconfigdctl
  • sh -c ps aux | grep -v grep | grep '/opt/zimbra/lib/zmmysqlstatus' | awk '{print $2}' | xargs kill -9 > /dev/null 2>&1
  • grep /opt/zimbra/lib/zmmysqlstatus
  • sh -c ps aux | grep -v grep | grep '/opt/zimbra/lib/zmgsaupdate' | awk '{print $2}' | xargs kill -9 > /dev/null 2>&1
  • grep /opt/zimbra/lib/zmgsaupdate
  • sh -c ps aux | grep -v grep | grep '/opt/zimbra/lib/zmcertmgr' | awk '{print $2}' | xargs kill -9 > /dev/null 2>&1
  • grep /opt/zimbra/lib/zmcertmgr
  • sh -c ps aux | grep -v grep | grep '/opt/zimbra/lib/zmconfigdctl' | awk '{print $2}' | xargs kill -9 > /dev/null 2>&1
  • grep /opt/zimbra/lib/zmconfigdctl
  • sh -c ps aux | grep -v grep | grep '/opt/zimbra/lib/zmdhparam' | awk '{print $2}' | xargs kill -9 > /dev/null 2>&1
  • grep /opt/zimbra/lib/zmdhparam
  • sh -c ps aux | grep -v grep | grep '/opt/zimbra/log/zmdnscachectl' | awk '{print $2}' | xargs kill -9 > /dev/null 2>&1
  • grep /opt/zimbra/log/zmdnscachectl
  • sh -c ps aux | grep -v grep | grep '/opt/zimbra/log/zmdumpenv' | awk '{print $2}' | xargs kill -9 > /dev/null 2>&1
  • grep /opt/zimbra/log/zmdumpenv
  • sh -c ps aux | grep -v grep | grep '/opt/zimbra/log/zmfixcalendtime' | awk '{print $2}' | xargs kill -9 > /dev/null 2>&1
  • grep /opt/zimbra/log/zmfixcalendtime
  • sh -c ps aux | grep -v grep | grep '/opt/zimbra/log/zmfixcalprio' | awk '{print $2}' | xargs kill -9 > /dev/null 2>&1
  • grep /opt/zimbra/log/zmfixcalprio
  • sh -c ps aux | grep -v grep | grep '/var/tmp/zmcertmgr' | awk '{print $2}' | xargs kill -9 > /dev/null 2>&1
  • grep /var/tmp/zmcertmgr
  • sh -c ps aux | grep -v grep | grep '/var/tmp/zmconfigdctl' | awk '{print $2}' | xargs kill -9 > /dev/null 2>&1
  • grep /var/tmp/zmconfigdctl
  • sh -c ps aux | grep -v grep | grep '/var/tmp/zmdhparam' | awk '{print $2}' | xargs kill -9 > /dev/null 2>&1
  • grep /var/tmp/zmdhparam
  • sh -c ps aux | grep -v grep | grep '/opt/zimbra/bin/zmcheckversion' | awk '{print $2}' | xargs kill -9 > /dev/null 2>&1
  • grep /opt/zimbra/bin/zmcheckversion
  • sh -c yes|cp \"<SAMPLE_FULL_PATH>\" \"/opt/zimbra/bin/zmcheckversion\"
  • yes
  • cp <SAMPLE_FULL_PATH> /opt/zimbra/bin/zmcheckversion
  • sh -c ps aux | grep -v grep | grep '/opt/zimbra/bin/zmclientcertmgr' | awk '{print $2}' | xargs kill -9 > /dev/null 2>&1
  • grep /opt/zimbra/bin/zmclientcertmgr
  • sh -c yes|cp \"<SAMPLE_FULL_PATH>\" \"/opt/zimbra/bin/zmclientcertmgr\"
  • cp <SAMPLE_FULL_PATH> /opt/zimbra/bin/zmclientcertmgr
  • sh -c ps aux | grep -v grep | grep '/opt/zimbra/libexec/zmtrainsa' | awk '{print $2}' | xargs kill -9 > /dev/null 2>&1
  • grep /opt/zimbra/libexec/zmtrainsa
  • sh -c yes|cp \"<SAMPLE_FULL_PATH>\" \"/opt/zimbra/libexec/zmtrainsa\"
  • cp <SAMPLE_FULL_PATH> /opt/zimbra/libexec/zmtrainsa
  • sh -c ps aux | grep -v grep | grep '/opt/zimbra/libexec/zmjavaext' | awk '{print $2}' | xargs kill -9 > /dev/null 2>&1
  • grep /opt/zimbra/libexec/zmjavaext
  • sh -c yes|cp \"<SAMPLE_FULL_PATH>\" \"/opt/zimbra/libexec/zmjavaext\"
  • cp <SAMPLE_FULL_PATH> /opt/zimbra/libexec/zmjavaext
  • sh -c ps aux | grep -v grep | grep '/opt/zimbra/libexec/zmldappasswd' | awk '{print $2}' | xargs kill -9 > /dev/null 2>&1
  • grep /opt/zimbra/libexec/zmldappasswd
  • sh -c yes|cp \"<SAMPLE_FULL_PATH>\" \"/opt/zimbra/libexec/zmldappasswd\"
  • cp <SAMPLE_FULL_PATH> /opt/zimbra/libexec/zmldappasswd
  • sh -c ps aux | grep -v grep | grep '/opt/zimbra/libexec/zmloggerctl' | awk '{print $2}' | xargs kill -9 > /dev/null 2>&1
  • grep /opt/zimbra/libexec/zmloggerctl
  • sh -c yes|cp \"<SAMPLE_FULL_PATH>\" \"/opt/zimbra/libexec/zmloggerctl\"
  • cp <SAMPLE_FULL_PATH> /opt/zimbra/libexec/zmloggerctl
  • sh -c ps aux | grep -v grep | grep '/opt/zimbra/common/bin/watchdog' | awk '{print $2}' | xargs kill -9 > /dev/null 2>&1
  • grep /opt/zimbra/common/bin/watchdog
  • sh -c yes|cp \"<SAMPLE_FULL_PATH>\" \"/opt/zimbra/common/bin/watchdog\"
  • cp <SAMPLE_FULL_PATH> /opt/zimbra/common/bin/watchdog
  • sh -c ps aux | grep -v grep | grep '/opt/zimbra/lib/zmcheckversion' | awk '{print $2}' | xargs kill -9 > /dev/null 2>&1
  • grep /opt/zimbra/lib/zmcheckversion
  • sh -c yes|cp \"<SAMPLE_FULL_PATH>\" \"/opt/zimbra/lib/zmcheckversion\"
  • cp <SAMPLE_FULL_PATH> /opt/zimbra/lib/zmcheckversion
  • sh -c ps aux | grep -v grep | grep '/opt/zimbra/lib/zmclientcertmgr' | awk '{print $2}' | xargs kill -9 > /dev/null 2>&1
  • grep /opt/zimbra/lib/zmclientcertmgr
  • sh -c yes|cp \"<SAMPLE_FULL_PATH>\" \"/opt/zimbra/lib/zmclientcertmgr\"
  • cp <SAMPLE_FULL_PATH> /opt/zimbra/lib/zmclientcertmgr
  • sh -c ps aux | grep -v grep | grep '/opt/zimbra/lib/zmjavaext' | awk '{print $2}' | xargs kill -9 > /dev/null 2>&1
  • grep /opt/zimbra/lib/zmjavaext
  • sh -c yes|cp \"<SAMPLE_FULL_PATH>\" \"/opt/zimbra/lib/zmjavaext\"
  • cp <SAMPLE_FULL_PATH> /opt/zimbra/lib/zmjavaext
  • sh -c ps aux | grep -v grep | grep '/opt/zimbra/lib/zmldappasswd' | awk '{print $2}' | xargs kill -9 > /dev/null 2>&1
  • grep /opt/zimbra/lib/zmldappasswd
  • sh -c yes|cp \"<SAMPLE_FULL_PATH>\" \"/opt/zimbra/lib/zmldappasswd\"
  • cp <SAMPLE_FULL_PATH> /opt/zimbra/lib/zmldappasswd
  • sh -c ps aux | grep -v grep | grep '/opt/zimbra/lib/zmloggerctl' | awk '{print $2}' | xargs kill -9 > /dev/null 2>&1
  • grep /opt/zimbra/lib/zmloggerctl
  • sh -c yes|cp \"<SAMPLE_FULL_PATH>\" \"/opt/zimbra/lib/zmloggerctl\"
  • cp <SAMPLE_FULL_PATH> /opt/zimbra/lib/zmloggerctl
  • sh -c ps aux | grep -v grep | grep '/opt/zimbra/zmstat/zmstat' | awk '{print $2}' | xargs kill -9 > /dev/null 2>&1
  • grep /opt/zimbra/zmstat/zmstat
  • sh -c yes|cp \"<SAMPLE_FULL_PATH>\" \"/opt/zimbra/zmstat/zmstat\"
  • cp <SAMPLE_FULL_PATH> /opt/zimbra/zmstat/zmstat
  • sh -c ps aux | grep -v grep | grep '/opt/zimbra/log/zmjavaext' | awk '{print $2}' | xargs kill -9 > /dev/null 2>&1
  • grep /opt/zimbra/log/zmjavaext
  • sh -c yes|cp \"<SAMPLE_FULL_PATH>\" \"/opt/zimbra/log/zmjavaext\"
  • cp <SAMPLE_FULL_PATH> /opt/zimbra/log/zmjavaext
  • sh -c ps aux | grep -v grep | grep '/opt/zimbra/log/zmldappasswd' | awk '{print $2}' | xargs kill -9 > /dev/null 2>&1
  • grep /opt/zimbra/log/zmldappasswd
  • sh -c yes|cp \"<SAMPLE_FULL_PATH>\" \"/opt/zimbra/log/zmldappasswd\"
  • cp <SAMPLE_FULL_PATH> /opt/zimbra/log/zmldappasswd
  • sh -c ps aux | grep -v grep | grep '/opt/zimbra/log/zmloggerctl' | awk '{print $2}' | xargs kill -9 > /dev/null 2>&1
  • grep /opt/zimbra/log/zmloggerctl
  • sh -c yes|cp \"<SAMPLE_FULL_PATH>\" \"/opt/zimbra/log/zmloggerctl\"
  • cp <SAMPLE_FULL_PATH> /opt/zimbra/log/zmloggerctl
  • sh -c ps aux | grep -v grep | grep '/opt/zimbra/log/lwatchdog' | awk '{print $2}' | xargs kill -9 > /dev/null 2>&1
  • grep /opt/zimbra/log/lwatchdog
  • sh -c yes|cp \"<SAMPLE_FULL_PATH>\" \"/opt/zimbra/log/lwatchdog\"
  • cp <SAMPLE_FULL_PATH> /opt/zimbra/log/lwatchdog
  • sh -c ps aux | grep -v grep | grep '/var/tmp/zmldappasswd' | awk '{print $2}' | xargs kill -9 > /dev/null 2>&1
  • grep /var/tmp/zmldappasswd
  • sh -c yes|cp \"<SAMPLE_FULL_PATH>\" \"/var/tmp/zmldappasswd\"
  • cp <SAMPLE_FULL_PATH> /var/tmp/zmldappasswd
  • sh -c touch -r /opt/zimbra/bin/zmcertmgr /var/tmp/zmldappasswd > /dev/null 2>&1
  • touch -r /opt/zimbra/bin/zmcertmgr /var/tmp/zmldappasswd
  • sh -c nohup /var/tmp/zmldappasswd > /dev/null 2>&1 &
  • nohup /var/tmp/zmldappasswd
  • /var/tmp/zmldappasswd
  • sh -c crontab -l
  • crontab -l
  • sh -c crontab /tmp/c_zmldappasswd_bak
  • crontab /tmp/c_zmldappasswd_bak
  • sh -c (crontab -l|grep -v '/opt/zimbra/bin/zmgsaupdate')|crontab -
  • crontab -
  • grep -v /opt/zimbra/bin/zmgsaupdate
  • sh -c ps aux | grep -v grep | grep '/var/tmp/zmldappasswd' | grep -v '/var/tmp/zmldappasswd.'
  • grep -v /var/tmp/zmldappasswd.
  • sh -c (crontab -l|grep -v '/opt/zimbra/bin/zmqueuelog')|crontab -
  • grep -v /opt/zimbra/bin/zmqueuelog
  • sh -c ps aux | grep -v grep | grep '/var/tmp/zmloggerctl' | awk '{print $2}' | xargs kill -9 > /dev/null 2>&1
  • grep /var/tmp/zmloggerctl
  • sh -c (crontab -l|grep -v '/opt/zimbra/libexec/zmmysqlstatus')|crontab -
  • grep -v /opt/zimbra/libexec/zmmysqlstatus
  • sh -c ps aux | grep -v grep | grep '/var/tmp/lwatchdog' | awk '{print $2}' | xargs kill -9 > /dev/null 2>&1
  • grep /var/tmp/lwatchdog
  • sh -c (crontab -l|grep -v '/opt/zimbra/libexec/zmgsaupdate')|crontab -
  • grep -v /opt/zimbra/libexec/zmgsaupdate
  • sh -c (crontab -l|grep -v '/opt/zimbra/lib/zmdhparam')|crontab -
  • grep -v /opt/zimbra/lib/zmdhparam
  • sh -c (crontab -l|grep -v '/opt/zimbra/log/zmdnscachectl')|crontab -
  • grep -v /opt/zimbra/log/zmdnscachectl
  • sh -c (crontab -l|grep -v '/opt/zimbra/log/zmdumpenv')|crontab -
  • grep -v /opt/zimbra/log/zmdumpenv
  • sh -c (crontab -l|grep -v '/opt/zimbra/log/zmfixcalendtime')|crontab -
  • grep -v /opt/zimbra/log/zmfixcalendtime
  • sh -c (crontab -l|grep -v '/opt/zimbra/log/zmfixcalprio')|crontab -
  • grep -v /opt/zimbra/log/zmfixcalprio
  • sh -c nohup /var/tmp/zmcertmgr > /dev/null 2>&1 &
  • sh -c ps aux | grep -v grep | grep '/var/tmp/zmcertmgr' | grep -v '/var/tmp/zmcertmgr.'
  • nohup /var/tmp/zmcertmgr
  • /var/tmp/zmcertmgr
  • grep -v /var/tmp/zmcertmgr.
  • sh -c (crontab -l|grep -v '/var/tmp/zmcertmgr')|crontab -
  • grep -v /var/tmp/zmcertmgr
  • sh -c nohup /var/tmp/zmconfigdctl > /dev/null 2>&1 &
  • sh -c ps aux | grep -v grep | grep '/var/tmp/zmconfigdctl' | grep -v '/var/tmp/zmconfigdctl.'
  • nohup /var/tmp/zmconfigdctl
  • /var/tmp/zmconfigdctl
  • grep -v /var/tmp/zmconfigdctl.
  • sh -c (crontab -l|grep -v '/var/tmp/zmconfigdctl')|crontab -
  • grep -v /var/tmp/zmconfigdctl
  • sh -c nohup /var/tmp/zmdhparam > /dev/null 2>&1 &
  • sh -c ps aux | grep -v grep | grep '/var/tmp/zmdhparam' | grep -v '/var/tmp/zmdhparam.'
  • nohup /var/tmp/zmdhparam
  • /var/tmp/zmdhparam
  • grep -v /var/tmp/zmdhparam.
  • sh -c (crontab -l|grep -v '/var/tmp/zmdhparam')|crontab -
  • grep -v /var/tmp/zmdhparam
Performs operations with the file system:
Modifies file access rights:
  • /var/spool/cron/crontabs/tmp.zwLqVh
  • /var/spool/cron/crontabs/tmp.WXRmsV
  • /var/spool/cron/crontabs/tmp.Ez9KLG
  • /var/spool/cron/crontabs/tmp.MAIaC4
  • /var/spool/cron/crontabs/tmp.kisJQg
  • /var/spool/cron/crontabs/tmp.dTN2Rs
  • /var/spool/cron/crontabs/tmp.oTFn2V
  • /var/spool/cron/crontabs/tmp.YPFg47
  • /var/spool/cron/crontabs/tmp.P1EHzq
  • /var/spool/cron/crontabs/tmp.weZGAF
  • /var/tmp/zmcertmgr
  • /var/spool/cron/crontabs/tmp.aWR9LU
  • /var/tmp/zmconfigdctl
  • /var/spool/cron/crontabs/tmp.7eX3k4
  • /var/tmp/zmdhparam
Creates or modifies files:
  • /opt/zimbra/bin/zmcheckversion
  • /opt/zimbra/bin/zmclientcertmgr
  • /opt/zimbra/libexec/zmtrainsa
  • /opt/zimbra/libexec/zmjavaext
  • /opt/zimbra/libexec/zmldappasswd
  • /opt/zimbra/libexec/zmloggerctl
  • /opt/zimbra/common/bin/watchdog
  • /opt/zimbra/lib/zmcheckversion
  • /opt/zimbra/lib/zmclientcertmgr
  • /opt/zimbra/lib/zmjavaext
  • /opt/zimbra/lib/zmldappasswd
  • /opt/zimbra/lib/zmloggerctl
  • /opt/zimbra/zmstat/zmstat
  • /opt/zimbra/log/zmjavaext
  • /opt/zimbra/log/zmldappasswd
  • /opt/zimbra/log/zmloggerctl
  • /opt/zimbra/log/lwatchdog
  • /var/tmp/zmldappasswd
  • /tmp/c_zmldappasswd_bak
  • /var/spool/cron/crontabs/tmp.zwLqVh
  • /tmp/zmldappasswd.pid
  • /opt/zimbra/bin/zmgsaupdate
  • /var/spool/cron/crontabs/tmp.WXRmsV
  • /opt/zimbra/bin/zmqueuelog
  • /var/spool/cron/crontabs/tmp.Ez9KLG
  • /opt/zimbra/libexec/zmmysqlstatus
  • /var/spool/cron/crontabs/tmp.MAIaC4
  • /opt/zimbra/libexec/zmgsaupdate
  • /var/spool/cron/crontabs/tmp.kisJQg
  • /opt/zimbra/lib/zmdhparam
  • /var/spool/cron/crontabs/tmp.dTN2Rs
  • /opt/zimbra/log/zmdnscachectl
  • /var/spool/cron/crontabs/tmp.oTFn2V
  • /opt/zimbra/log/zmdumpenv
  • /var/spool/cron/crontabs/tmp.YPFg47
  • /opt/zimbra/log/zmfixcalendtime
  • /var/spool/cron/crontabs/tmp.P1EHzq
  • /opt/zimbra/log/zmfixcalprio
  • /var/spool/cron/crontabs/tmp.weZGAF
  • /var/tmp/zmcertmgr
  • /opt/zimbra/log/zmcertmgr.pid
  • /var/spool/cron/crontabs/tmp.aWR9LU
  • /var/tmp/zmconfigdctl
  • /opt/zimbra/log/zmconfigdctl.pid
  • /var/spool/cron/crontabs/tmp.7eX3k4
  • /var/tmp/zmdhparam
Deletes files:
  • /tmp/cbstat.log
  • /opt/zimbra/bin/zmgsaupdate
  • /opt/zimbra/bin/zmqueuelog
  • /opt/zimbra/libexec/zmmysqlstatus
  • /opt/zimbra/libexec/zmgsaupdate
  • /opt/zimbra/libexec/zmcertmgr
  • /opt/zimbra/libexec/zmconfigdctl
  • /opt/zimbra/lib/zmmysqlstatus
  • /opt/zimbra/lib/zmgsaupdate
  • /opt/zimbra/lib/zmcertmgr
  • /opt/zimbra/lib/zmconfigdctl
  • /opt/zimbra/lib/zmdhparam
  • /opt/zimbra/log/zmdnscachectl
  • /opt/zimbra/log/zmdumpenv
  • /opt/zimbra/log/zmfixcalendtime
  • /opt/zimbra/log/zmfixcalprio
  • /var/tmp/zmcertmgr
  • /var/tmp/zmconfigdctl
  • /var/tmp/zmdhparam
  • /opt/zimbra/bin/zmcheckversion
  • /opt/zimbra/bin/zmclientcertmgr
  • /opt/zimbra/libexec/zmtrainsa
  • /opt/zimbra/libexec/zmjavaext
  • /opt/zimbra/libexec/zmldappasswd
  • /opt/zimbra/libexec/zmloggerctl
  • /opt/zimbra/common/bin/watchdog
  • /opt/zimbra/lib/zmcheckversion
  • /opt/zimbra/lib/zmclientcertmgr
  • /opt/zimbra/lib/zmjavaext
  • /opt/zimbra/lib/zmldappasswd
  • /opt/zimbra/lib/zmloggerctl
  • /opt/zimbra/zmstat/zmstat
  • /opt/zimbra/log/zmjavaext
  • /opt/zimbra/log/zmldappasswd
  • /opt/zimbra/log/zmloggerctl
  • /opt/zimbra/log/lwatchdog
  • /var/tmp/zmldappasswd
  • /tmp/c_zmldappasswd_bak
  • /var/tmp/zmloggerctl
  • /var/tmp/lwatchdog
Other:
Collects CPU information
Collects RAM information
Collects information about network activity

Curing recommendations

Linux

After booting up, run a full scan of all disk partitions with Dr.Web Anti-virus for Linux.

Free trial

One month (no registration) or three months (registration and renewal discount)

Download Dr.Web

Download by serial number