McAfee > Theat Center > Virus Detail Page

Overview

This is a trojan detection. Unlike viruses, trojans do not self-replicate. They are spread manually, often under the premise that they are beneficial or wanted. The most common installation methods involve system or security exploitation, and unsuspecting users manually executing unknown programs. Distribution channels include email, malicious or hacked web pages, Internet Relay Chat (IRC), peer-to-peer networks, etc.

Characteristics

Detection was added to cover for a malicious unix file originally called in.rexedcs .

The file is an ELF type binary, having a filesize of 18028 bytes.

Upon execution it tries to bind and listen for remote instructions. 

However during testing it failed to execute properly, it didn't load itself successfully, the binary file hung.

It may display the following message on the screen: "dispari in pula mea !"

It doesn't have initial exploit code so even if executed manually it shouldn't be able to activate successfully on a properly configured system.

Symptoms

• Presence of the file/filesize as mentioned above
• Weird message on the screen.

Method of Infection

• Infection starts with manual execution of the ELF type binary file. It shouldn't be able to activate successfully on a properly configured/updated system.

Removal

Detection is included in the specified DAT release.

In addition to the DAT version requirements for detection, the specified engine version (or greater) must also be used.

Delete files identified by the scanner, replace them with clean ones from backup or re-install them using the original packages. Reboot the system.

Administrators should regularly check for availability of important security updates/patches.

Recommended links:

Caldera

Debian

FreeBSD

Redhat

Sun

SuSe

Variants

Variants

N/A

All Information

Overview -

This is a trojan detection. Unlike viruses, trojans do not self-replicate. They are spread manually, often under the premise that they are beneficial or wanted. The most common installation methods involve system or security exploitation, and unsuspecting users manually executing unknown programs. Distribution channels include email, malicious or hacked web pages, Internet Relay Chat (IRC), peer-to-peer networks, etc.

Characteristics

Characteristics -

Detection was added to cover for a malicious unix file originally called in.rexedcs .

The file is an ELF type binary, having a filesize of 18028 bytes.

Upon execution it tries to bind and listen for remote instructions. 

However during testing it failed to execute properly, it didn't load itself successfully, the binary file hung.

It may display the following message on the screen: "dispari in pula mea !"

It doesn't have initial exploit code so even if executed manually it shouldn't be able to activate successfully on a properly configured system.

Symptoms

Symptoms -

• Presence of the file/filesize as mentioned above
• Weird message on the screen.

Method of Infection

Method of Infection -

• Infection starts with manual execution of the ELF type binary file. It shouldn't be able to activate successfully on a properly configured/updated system.

Removal -

Removal -

Detection is included in the specified DAT release.

In addition to the DAT version requirements for detection, the specified engine version (or greater) must also be used.

Delete files identified by the scanner, replace them with clean ones from backup or re-install them using the original packages. Reboot the system.

Administrators should regularly check for availability of important security updates/patches.

Recommended links:

Caldera

Debian

FreeBSD

Redhat

Sun

SuSe

Variants

Variants -

N/A