Trojan.SymbOS.Fontal.g
| Alert Level : | Medium |
| Discovered: | Sep 05 2007 |
| Tag: | Trojans |
| Discoverer and Source: | http://www.kaspersky.com/ |
Malware Behavior and Technical Description
Trojan.SymbOS.Fontal.g
This Trojan runs on mobile devices running Symbian. The installer archive is 66 283 bytes in size.
InstallationThis Trojan spreads in the guise of Nokia Anti-Virus.
When installing, the Trojan displays the following message:
It then causes the following message to be displayed:
If the user clicks "OK", the following files will be unpacked to the device:
C:\System\apps\KAS\b.dat C:\System\apps\KAS\Engine.exe C:\System\apps\KAS\KAS C:\System\apps\KAS\KaS.aif C:\System\apps\KAS\KAS.r01 C:\System\apps\KAS\KAS_caption.r01 C:\System\apps\KAS\limages.mbm C:\System\apps\KAS\lnotify.app C:\System\apps\KAS\lnotify.mbm C:\System\apps\KAS\lnotify.rsc C:\System\apps\KAS\s.mid C:\System\Fonts\Kaspersky.gdr C:\System\help\KasAntivirusHelp.hlp C:\System\libs\kasdll.dll C:\System\recogs\kas_antivirus.mdlPayload
C:\System\Fonts\Kaspersky.gdr (11 335 bytes in size) is a fonts file which is incompatible with the system. Once the device is rebooted, the operating system will detect an incompatible font in the system, and reboot itself.
The Trojan will also prevent Kaspersky Mobile (if installed on the device) from functioning correctly by overwriting the following files:
C:\system\Apps\KLAntivirus\Settings.dat C:\system\Apps\KLAntiVirus\b.dat C:\system\Apps\KLAntivirus\KLAntivirus.app
Removal Trojan.SymbOS.Fontal.g instructions:
- Perform a hard reset of the device.
- Perform a full scan of the device (download a trial version of Kaspersky Anti-Virus).
Need help? Live computer support via remote at SupportSpace |
