Linux.Siggen.825
Added to the Dr.Web virus database:
2018-07-31
Virus description added:
2018-07-30
Technical Information
Malicious functions:
Launches itself as a daemon
Launches processes:
- /sbin/dhclient-script
- run-parts --list /etc/dhcp/dhclient-enter-hooks.d
- ip link set dev eth0 up
- run-parts --list /etc/dhcp/dhclient-exit-hooks.d
- ip -4 addr add 192.168.217.50/255.255.255.0 broadcast 192.168.217.255 dev eth0 label eth0
- ip -4 route add default via <LOCAL_GATE> dev eth0
- rm -f /etc/resolv.conf.dhclient-new
- chown --reference=/etc/resolv.conf /etc/resolv.conf.dhclient-new
- chmod --reference=/etc/resolv.conf /etc/resolv.conf.dhclient-new
- mv -f /etc/resolv.conf.dhclient-new /etc/resolv.conf
Performs operations with the file system:
Modifies file access rights:
- /etc/resolv.conf.dhclient-new
Creates or modifies files:
- /var/run/dhclient.pid
- /run/dhclient.pid
- /var/lib/dhclient/dhclient.leases
- /etc/resolv.conf.dhclient-new
Deletes files:
- /etc/resolv.conf.dhclient-new
Network activity:
Awaits incoming connections on ports:
Curing recommendations
Linux
Free trial
One month (no registration) or three months (registration and renewal discount)
欢迎下载
Dr.Web for Android
-
免费3个月
-
可使用所有保护组件
-
可在AppGallery/Google Pay延期
继续使用此网站意味着您同意我们使用Cookie文件和其他用于收集网站访问统计信息的技术手段。详细信息