マイライブラリ
マイライブラリ

+ マイライブラリに追加

電話

お問い合わせ履歴

電話(英語)

+7 (495) 789-45-86

Profile

Linux.Siggen.7129

Added to the Dr.Web virus database: 2024-04-18

Virus description added:

Technical Information

Malicious functions:
Launches itself as a daemon
Substitutes application name for:
  • e28081
Kills the following processes:
  • systemd
  • kthreadd
  • ksoftirqd/0
  • kworker/0:0
  • kworker/0:0H
  • watchdog/0
  • khelper
  • kdevtmpfs
  • netns
  • khungtaskd
  • writeback
  • ksmd
  • crypto
  • kintegrityd
  • bioset
  • kblockd
  • kswapd0
  • fsnotify_mark
  • kthrotld
  • ipv6_addrconf
  • deferwq
  • kworker/u2:1
  • kpsmoused
  • scsi_eh_0
  • scsi_tmf_0
  • kworker/0:1H
  • kworker/u2:2
  • jbd2/sda1-8
  • ext4-rsv-conver
  • kauditd
  • kworker/0:3
  • systemd-journal
  • systemd-udevd
  • rpciod
  • nfsiod
  • systemd-logind
  • kworker/0:1
  • dhclient
  • kworker/0:2
  • 9bc2fd2a
  • systemd-cgroups
Network activity:
Awaits incoming connections on ports:
  • 127.0.0.1:33337
Establishes connection:
  • 8.#.8.8:53
  • 45.###.232.208:33335
Attacks using a special dictionary (brute-force technique) via the Telnet protocol.
DNS ASK:
  • ro##me.xyz
Sends data to the following servers:
  • 45.###.232.208:33335
Receives data from the following servers:
  • 45.###.232.208:33335

Curing recommendations


Linux

After booting up, run a full scan of all disk partitions with Dr.Web Anti-virus for Linux.

Free trial

One month (no registration) or three months (registration and renewal discount)

Download Dr.Web

Download by serial number