바이러스에 걸린것 같아요~

Virus name: Linux/Siilov
Virus type: Linux
Known Variants: .6065
Infected objects: ELF (UNIX)
Distribution: Only found in Virus Collections
Detection added: 2000-01-16
Disinfection added: 2000-01-16

Description:
This is a harmless Linux virus, infecting ELF executable files. It acts like a direct action infector (technique that was already used in Linux viruses) but also as a per-process memory resident virus - the first memory resident Linux virus. The technique used for infecting files and for the residence are related to the techniques used by most of Windows viruses.

Technical details:
Siilov will search the current directory for ELF executable files. When such files are found, it will modify the file's section table - it will add another section named .data1, which will contain the virus code. If the section is already present in the file, Siilov will assume the file as being infected. The new section table will be stored at the end of an infected file, and the fields from the ELF header are also changed to point to the new table.

While infecting a file, the virus does not modify the program entry-point. Instead, it writes a short loader that will execute the virus body, which is located at the end of the infected files.

To achieve memory residence, the virus patches the import table - it will hook the "execve" function in order to infect all files that are executed by the infected application. This means that if the virus infects /sbin/init (or a shell) all files executed will be infected, making Siilov a "fast-infector".

Compatibility issues

Since it does use only syscalls and no library function, Siilov is compatible with most of the Linux distributions. The method is reliable enough to be implemented in the upcoming Linux viruses - this makes Siilov a proof-of-concept virus.

Evilness: Benign (only replicates)
Analyst: Adrian Marinescu

이 놈은 바이러스 아니고 뮌지?
http://www.ravantivirus.com/index.php
나 sophie 에서 리녹스 백신 구할수 잇죠