Event ID - 635

Port No635
Service NameADM.WORM
RFC Doc0
ProtocolTCP
DescriptionSolutions:

Type in the following commands on the Linux command prompt:
To delete SUID Root Shell created by the malware, type:
/bin/rm -rf /tmp/.w0rm
To terminate the running malware process from memory, type:
/usr/bin/killall -9 ADMw0rm
To delete worm’s files located in its created subfolder, type:
/bin/rm -rf /tmp/.w0rm0r
To remove the worm user account created by the malware, type:
/usr/sbin/userdel -r w0rm
Reference LinkADM.WORM
AttackSolutions:

Type in the following commands on the Linux command prompt:
To delete SUID Root Shell created by the malware, type:
/bin/rm -rf /tmp/.w0rm
To terminate the running malware process from memory, type:
/usr/bin/killall -9 ADMw0rm
To delete worm’s files located in its created subfolder, type:
/bin/rm -rf /tmp/.w0rm0r
To remove the worm user account created by the malware, type:
/usr/sbin/userdel -r w0rm

Catch threats immediately

We work side-by-side with you to rapidly detect cyberthreats
and thwart attacks before they cause damage.

See what we caught

Did this information help you to resolve the problem?

Yes: My problem was resolved.
No: The information was not helpful / Partially helpful.
 Refresh