Question

6

What do sapd, skysapd, sksapd, and ksapd do?

rated 0 times [ 6] [ 0] / answers: 1 / hits: 2748 / 2 Years ago, thu, december 2, 2021, 4:29:39

Does anyone know what sapd, skysapd, sksapd, ksapd do? Are they viruses? I tried clamav it didn't recognized them as viruses.

my htop

I also realized that my /etc/rc.local has multiple copies of this:

nohup /etc/cupsdd > /dev/null 2>&1&

cd /etc;./ksapd

cd /etc;./kysapd

cd /etc;./atdd

Answers

Only authorized users can answer the question. Please sign in first, or register a free account.

brellked

Add To Favorites

Follow

Total Points: 63

Total Questions: 107

Total Answers: 104

Location: Morocco

Member since Fri, May 22, 2020

4 Years ago

brellked questions

1 RTL8821CE wifi fail after upgrading from 5.15.0-60 to 5.19.0-32

Wed, Jul 20, 22, 23:30, 2 Years ago

1 Errors attempting to run GPT detector under Ubuntu 22.04 WSL

Sun, Apr 10, 22, 19:26, 2 Years ago

1 Grep ignore array of patterns

Mon, Sep 6, 21, 05:31, 3 Years ago

1 Fullscreen System monitor 20.04

Sat, Aug 20, 22, 02:03, 2 Years ago

1 Why yarn key update failes all the time? GPG error: https://dl.yarnpkg.com/debian stable InRelease: The following signatures couldn't be verified

Sun, Aug 21, 22, 07:11, 2 Years ago

View All

answered 2 Years ago sator · Accepted Answer

It's a backdoor / DDoS trojan. Check your /etc/crontab and /etc/cron.* files for multiple cronjobs that download and execute those files. (see https://isc.sans.edu/forums/diary//17282)