用户服务中心

My library

+ Add to library

Search

24/7 Tech support | Rules regarding submitting

Send a message

Call us

+7 (495) 789-45-86

Forum

Your tickets

Total: -
Active: -
Latest: -

Call us

+7 (495) 789-45-86

CN

RU CN DE EN ES FR IT JP KZ UZ PL BY

Dr.Web vxCube

打开分析仪

计算机病毒事件调查

病毒知识库

技术

术语

教育培训

误区

有关反病毒软件的误区

Linux.BackDoor.Fgt.1662

Added to the Dr.Web virus database: 2018-11-19

Virus description added: 2018-11-19

Technical Information

Malicious functions:

Removes itself

Substitutes application name for:

c6ecayxipi62t4wvetdv

Modifies firewall settings:

iptables -F

Manages services:

service iptables stop
systemctl stop iptables.service
service firewalld stop
systemctl stop firewalld.service

Launches processes:

sh -c rm -rf /tmp/*
rm -rf /tmp/*
sh -c iptables -F
sh -c pkill -9 busybox
pkill -9 busybox
sh -c pkill -9 perl
pkill -9 perl
sh -c pkill -9 python
pkill -9 python
sh -c service iptables stop
sh -c service firewalld stop
sh -c rm -rf ~/.bash_history
rm -rf /root/.bash_history
sh -c history -c

Performs operations with the file system:

Creates or modifies files:

/etc/resolv.conf

Deletes files:

/tmp/*
/root/.bash_history

Network activity:

Establishes connection:

8.#.8.8:53
89.##.237.189:75

Sends data to the following servers:

89.##.237.189:75

Receives data from the following servers:

89.##.237.189:75

Other:

Collects CPU information

Curing recommendations

Linux

After booting up, run a full scan of all disk partitions with Dr.Web Anti-virus for Linux.

One month (no registration) or three months (registration and renewal discount)

Download Dr.Web

Download by serial number