Library
My library

+ Add to library

Contact us
24/7 Tech support | Rules regarding submitting

Send a message

Your tickets

Profile

Linux.Packed.589

Added to the Dr.Web virus database: 2019-09-06

Virus description added:

Technical Information

Malicious functions:
Launches itself as a daemon
Launches processes:
  • /bin/sh -c clear
  • clear
  • /bin/sh -c echo Infected By Arh
  • /bin/sh -c rm -rf /tmp/* /var/* /var/run/* /var/tmp/*
  • rm -rf /tmp/* /var/backups /var/cache /var/lib /var/local /var/lock /var/log /var/mail /var/opt /var/run /var/spool /var/tmp /var/run/atd.pid /var/run/crond.pid /var/run/crond.reboot /var/run/dbus /var/run/dhclient.eth0.pid /var/run/exim4 /var/run/initctl /var/run/initramfs /var/run/lock /var/run/log /var/run/mount /var/run/network /var/run/rpc.statd.pid /var/run/rpc_pipefs /var/run/rpcbind /var/run/rpcbind.lock /var/run/rpcbind.pid /var/run/rpcbind.sock /var/run/rsyslogd.pid /var/run/sendsigs.omit.d /var/run/shm /var/run/sm-notify.pid /var/run/sshd /var/run/sshd.pid /var/run/systemd /var/run/tmpfiles.d /var/run/udev /var/run/user /var/run/utmp /var/tmp/*
Kills system processes:
  • sshd
Kills the following processes:
  • rpc.idmapd
Performs operations with the file system:
Creates or modifies files:
  • /etc/resolv.conf
Deletes files:
  • /tmp/*
  • /dpkg.diversions.2.gz
  • /dpkg.statoverride.1.gz
  • /dpkg.statoverride.6.gz
  • /dpkg.status.4.gz
  • /dpkg.status.5.gz
  • /dpkg.statoverride.2.gz
  • /shadow.bak
  • /dpkg.statoverride.0
  • /dpkg.diversions.3.gz
  • /dpkg.status.3.gz
  • /dpkg.statoverride.3.gz
  • /dpkg.status.2.gz
  • /alternatives.tar.0
  • /dpkg.status.0
  • /dpkg.diversions.1.gz
  • /dpkg.diversions.5.gz
  • /passwd.bak
  • /dpkg.diversions.6.gz
  • /dpkg.status.6.gz
  • /gshadow.bak
  • /apt.extended_states.0
  • /dpkg.status.1.gz
  • /group.bak
  • /dpkg.statoverride.5.gz
  • /dpkg.diversions.0
  • /dpkg.diversions.4.gz
  • /dpkg.statoverride.4.gz
  • /passwords.dat
  • /templates.dat-old
  • /config.dat-old
  • /config.dat
  • /templates.dat
  • /hunspell.db
  • /wordlist.db
  • /ispell-dicts-list.txt
  • /aspell.db
  • /ispell-default
  • /ispell.db
  • /emacsen-ispell-dicts.el
  • /wordlist-default
  • /sqspell.php
  • /jed-ispell-dicts.sl
  • /emacsen-ispell-default.el
  • /linux-libc-dev_3.16.7-ckt25-2_armel.deb
  • /libatomic1_4.9.2-10_armel.deb
  • /g++_4%3a4.9.2-2_armel.deb
  • /libfile-fcntllock-perl_0.22-1+b1_armel.deb
  • /gcc_4%3a4.9.2-2_armel.deb
  • /gcc-4.8_4.8.4-1_armel.deb
  • /libssl1.0.0_1.0.1t-1+deb8u5_armel.deb
  • /zlib1g-dev_1%3a1.2.8.dfsg-2+b1_armel.deb
  • /libc-dev-bin_2.19-18+deb8u4_armel.deb
  • /linux-headers-3.16.0-4-common_3.16.7-ckt25-2_armel.deb
  • /libalgorithm-diff-xs-perl_0.04-3+b1_armel.deb
  • /libssl-doc_1.0.1t-1+deb8u5_all.deb
  • /python2.7-minimal_2.7.9-2+deb8u1_armel.deb
  • /make_4.0-8.1_armel.deb
  • /libexpat1_2.1.0-6+deb8u3_armel.deb
  • /g++-4.9_4.9.2-10_armel.deb
  • /libpython2.7-minimal_2.7.9-2+deb8u1_armel.deb
  • /linux-headers-3.16.0-4-versatile_3.16.7-ckt25-2_armel.deb
  • /cpp-4.9_4.9.2-10_armel.deb
  • /libexpat1-dev_2.1.0-6+deb8u3_armel.deb
  • /dpkg-dev_1.17.26_all.deb
  • /libgcc-4.9-dev_4.9.2-10_armel.deb
  • /manpages-dev_3.74-1_all.deb
  • /libalgorithm-diff-perl_1.19.02-3_all.deb
  • /libssl-dev_1.0.1t-1+deb8u5_armel.deb
  • /linux-compiler-gcc-4.8-arm_3.16.7-ckt25-2_armel.deb
  • /cpp-4.8_4.8.4-1_armel.deb
  • /linux-kbuild-3.16_3.16.7-ckt20-1_armel.deb
  • /libstdc++-4.9-dev_4.9.2-10_armel.deb
  • /gcc-4.9_4.9.2-10_armel.deb
  • /libasan1_4.9.2-10_armel.deb
  • /lock
  • /python2.7-dev_2.7.9-2+deb8u1_armel.deb
  • /libalgorithm-merge-perl_0.08-2_all.deb
  • /libmpc3_1.0.2-1_armel.deb
  • /fakeroot_1.20.2-1_armel.deb
  • /cpp_4%3a4.9.2-2_armel.deb
  • /libcloog-isl4_0.18.2-1+b2_armel.deb
  • /libmpfr4_3.1.2-2_armel.deb
  • /build-essential_11.7_armel.deb
  • /libasan0_4.8.4-1_armel.deb
  • /libpython2.7_2.7.9-2+deb8u1_armel.deb
  • /libubsan0_4.9.2-10_armel.deb
  • /binutils_2.25-5_armel.deb
  • /libfakeroot_1.20.2-1_armel.deb
  • /libgomp1_4.9.2-10_armel.deb
  • /libpython2.7-dev_2.7.9-2+deb8u1_armel.deb
  • /libpython2.7-stdlib_2.7.9-2+deb8u1_armel.deb
  • /libisl10_0.12.2-2_armel.deb
  • /python2.7_2.7.9-2+deb8u1_armel.deb
  • /libpython-dev_2.7.9-1_armel.deb
  • /libgcc-4.8-dev_4.8.4-1_armel.deb
  • /libdpkg-perl_1.17.26_all.deb
  • /libc6-dev_2.19-18+deb8u4_armel.deb
  • /python-dev_2.7.9-1_armel.deb
  • /pkgcache.bin
  • /srcpkgcache.bin
  • /aux-cache
  • /3830d5c3ddfd5cd38a049b759396e72e-le32d8.cache-4
  • /d589a48862398ed80a3d6066f4f56f4c-le32d8.cache-4
  • /7ef2298fde41cc6eeb7af42e48b7d293-le32d8.cache-4
  • /CACHEDIR.TAG
  • /4c599c202bc5c08e2d34565a40eac3b2-le32d8.cache-4
  • /database
  • /random-seed
  • /ssh.socket.dsh-also
  • /syslog.service
  • /atd.service.dsh-also
  • /rsyslog.service.dsh-also
  • /ssh.service.dsh-also
  • /sshd.service
  • /cron.service.dsh-also
  • /rsyslog.service
  • /ssh.service
  • /cron.service
  • /atd.service
  • /texinfo.list
  • /iamerican
  • /ibritish
  • /wamerican
  • /catalog
  • /xml-core
  • /docutils-common
  • /python-support
  • /british.remove
  • /american.hash
  • /american.remove
  • /british.hash
  • /british.compat
  • /american.compat
  • /machine-id
  • /3.16.0-4-versatile
  • /auto-update
  • /dictionaries-common
  • /emacsen-common
  • /state
  • /supercatalog.old
  • /supercatalog
  • /cmethopt
  • /diversions
  • /libharfbuzz0b:armel.shlibs
  • /libxau6:armel.list
  • /systemd.triggers
  • /linux-headers-3.16.0-4-versatile.md5sums
  • /libdpkg-perl.list
  • /libustr-1.0-1:armel.shlibs
  • /procps.preinst
  • /libpango-1.0-0:armel.postrm
  • /libdbus-1-3:armel.symbols
  • /fontconfig-config.templates
  • /dash.list
  • /apt.prerm
  • /libkrb5support0:armel.shlibs
  • /libaudit1:armel.postinst
  • /libpng12-0:armel.postrm
  • /libexpat1:armel.postrm
  • /ftp.md5sums
  • /libmount1:armel.postinst
  • /iproute2.conffiles
  • /libwrap0:armel.md5sums
  • /libsmartcols1:armel.shlibs
  • /xkb-data.md5sums
  • /libpcre3:armel.list
  • /dictionaries-common.md5sums
  • /libio-html-perl.md5sums
  • /libnettle4:armel.postrm
  • /mawk.list
  • /python-docutils.postinst
  • /iputils-ping.md5sums
  • /libncursesw5:armel.postrm
  • /libgtk2.0-bin.md5sums
  • /libgomp1:armel.list
  • /logrotate.conffiles
  • /libgnutls-deb0-28:armel.postinst
  • /debconf.list
  • /libudev1:armel.symbols
  • /bash-completion.list
  • /libfcgi-perl.md5sums
  • /libgssapi-krb5-2:armel.md5sums
  • /libnetfilter-acct1:armel.md5sums
  • /linux-libc-dev:armel.md5sums
  • /emacsen-common.md5sums
  • /init.md5sums
  • /locales.md5sums
  • /wamerican.md5sums
  • /libssh2-1:armel.symbols
  • /mime-support.triggers
  • /bash.postrm
  • /apt.md5sums
  • /discover.templates
  • /libxcb-render0:armel.shlibs
  • /tzdata.list
  • /sensible-utils.postinst
  • /libc6:armel.prerm
  • /libusb-0.1-4:armel.postinst
  • /libwebp5:armel.postinst
  • /login.list
  • /libfontconfig1:armel.shlibs
  • /libglib2.0-0:armel.md5sums
  • /librtmp1:armel.list
  • /libmnl0:armel.postinst
  • /python-apt.prerm
  • /bzip2.md5sums
  • /libatomic1:armel.md5sums
  • /python-dev.md5sums
  • /libc-bin.conffiles
  • /python-apt-common.list
  • /libpixman-1-0:armel.list
  • /apt-listchanges.templates
  • /ucf.conffiles
  • /libpam-modules-bin.list
  • /pinentry-gtk2.list
  • /xdg-user-dirs.list
  • /libharfbuzz0b:armel.postrm
  • /reportbug.md5sums
  • /apt-listchanges.config
  • /openssh-server.prerm
  • /python-debianbts.prerm
  • /gcc.md5sums
  • /cron.prerm
  • /dmsetup.list
  • /libfontconfig1:armel.md5sums
  • /uclibc:armel.postinst
  • /libcap-ng0:armel.md5sums
  • /libcairo2:armel.symbols
  • /dbus.postinst
  • /libcairo2:armel.md5sums
  • /exim4-config.list
  • /libcwidget3:armel.md5sums
  • /libblkid1:armel.postinst
  • /libxml-namespacesupport-perl.md5sums
  • /libparams-util-perl.md5sums
  • /e2fsprogs.list
  • /libapt-pkg4.12:armel.postinst
  • /netbase.postinst
  • /libisccfg-export90.shlibs
  • /shared-mime-info.postinst
  • /libpython2.7-dev:armel.md5sums
  • /libencode-locale-perl.md5sums
  • /libcurl3-gnutls:armel.list
  • /libssl-doc.md5sums
  • /libpci3:armel.md5sums
  • /man-db.md5sums
  • /libxmuu1:armel.postrm
  • /libgpm2:armel.postinst
  • /libhttp-date-perl.list
  • /libxau6:armel.postinst
  • /mlocate.prerm
  • /libpython2.7:armel.symbols
  • /python-docutils.md5sums
  • /libxrandr2:armel.postinst
  • /libssl-dev:armel.list
  • /libjasper1:armel.md5sums
  • /libjbig0:armel.shlibs
  • /pinentry-gtk2.prerm
  • /shared-mime-info.md5sums
  • /libdns100.postrm
  • /libmount1:armel.md5sums
  • /libassuan0:armel.postrm
  • /libusb-0.1-4:armel.list
  • /libpackage-constants-perl.list
  • /linux-image-3.16.0-4-versatile.postrm
  • /libselinux1:armel.postrm
  • /dbus.postrm
  • /liblwp-mediatypes-perl.list
  • /libdns-export100.md5sums
  • /libavahi-client3:armel.postinst
  • /libdata-section-perl.md5sums
  • /libfreetype6:armel.shlibs
  • /psmisc.postrm
  • /libpixman-1-0:armel.postrm
  • /libattr1:armel.shlibs
  • /libtext-charwidth-perl.list
  • /openssh-server.postinst
  • /liblockfile1:armel.shlibs
  • /libxcb-render0:armel.postinst
  • /libgtk2.0-0:armel.prerm
  • /python-soappy.list
  • /libxdamage1:armel.postinst
  • /libtasn1-6:armel.list
  • /libgnutls-deb0-28:armel.shlibs
  • /kbd.list
  • /grep.list
  • /openssh-server.list
  • /uclibc:armel.prerm
  • /libgtk2.0-common.list
  • /bash-completion.md5sums
  • /libparse-debianchangelog-perl.list
  • /libc6-dev:armel.md5sums
  • /libcurl3-gnutls:armel.postinst
  • /perl-modules.preinst
  • /libsoftware-license-perl.md5sums
  • /libsystemd0:armel.postrm
  • /dictionaries-common.triggers
  • /mime-support.md5sums
  • /gnupg-agent.conffiles
  • /liblwres90.list
  • /base-files.postinst
  • /gcc.postinst
  • /libedit2:armel.symbols
  • /linux-headers-3.16.0-4-common.list
  • /patch.list
  • /libpaper1:armel.shlibs
  • /shared-mime-info.list
  • /libpaper-utils.list
  • /python-minimal.md5sums
  • /libtirpc1:armel.list
  • /fakeroot.list
  • /debconf.postinst
  • /libwww-perl.list
  • /libirs-export91.shlibs
  • /e2fsprogs.conffiles
  • /libk5crypto3:armel.shlibs
  • /ca-certificates.md5sums
  • /openssh-server.md5sums
  • /python-pkg-resources.prerm
  • /perl-base.shlibs
  • /libxcb-render0:armel.list
  • /tar.postinst
  • /liblockfile-bin.md5sums
Network activity:
Establishes connection:
  • 8.#.8.8:53
  • 18#.###.25.169:12984
Sends data to the following servers:
  • 18#.###.25.169:12984

Curing recommendations


Linux

After booting up, run a full scan of all disk partitions with Dr.Web Anti-virus for Linux.

Free trial

One month (no registration) or three months (registration and renewal discount)

Download Dr.Web

Download by serial number