用户服务中心

Close

My library

+ Add to library

24/7 Tech support | Rules regarding submitting

Send a message

A query form

Call us

+7 (495) 789-45-86

Forum

Your tickets

Total: -
Active: -
Latest: -

New ticket

Call us

+7 (495) 789-45-86

RU CN DE EN ES FR IT JP KZ UZ PL BY

Close

服务

扫描仪

Dr.Web vxCube

试用

打开分析仪

计算机病毒事件调查

病毒知识库

知识库

技术

术语

教育培训

误区

有关反病毒软件的误区

新闻

Linux.Siggen.837

Added to the Dr.Web virus database: 2018-08-12

Virus description added: 2018-08-11

Technical Information

Malicious functions:

Launches processes:

sh -c mkdir \"/log\" > /dev/null 2>&1
mkdir /log
uname -a
sh -c route | grep default | grep -v grep
grep -v grep
route
grep default

Performs operations with the file system:

Creates folders:

/log

Creates or modifies files:

//bin/.xCloudClientRunOne.pid
/bin/.xCloudClientRunOne.pid
/etc/xCloud.db
/log/Log.txt
/bin/.version
/etc/xCloud.db-journal
/bin/.pid

Deletes files:

/etc/xCloud.db-wal
/etc/xCloud.db-journal

Network activity:

Awaits incoming connections on ports:

0.0.0.0:61617
0.0.0.0:15008

Establishes connection:

<LOCAL_DNS_SERVER>

DNS ASK:

1.###.##8.192.in-addr.arpa

Sends data to the following servers:

23#.###.255.250:1900
<LOCAL_DNS_SERVER>

Receives data from the following servers:

<LOCAL_DNS_SERVER>

Other:

Collects CPU information

Curing recommendations

Linux

After booting up, run a full scan of all disk partitions with Dr.Web Anti-virus for Linux.

Free trial

One month (no registration) or three months (registration and renewal discount)

Download Dr.Web

Download by serial number