Trojan.SymbOS.Appdisabler.j
| Alert Level : | Medium |
| Discovered: | Mar 17 2006 |
| Tag: | Trojans |
| Discoverer and Source: | http://www.kaspersky.com/ |
Malware Behavior and Technical Description
This Trojan infects mobile phones running Symbian OS. The Trojan substitutes non-functioning or corrupted files for antivirus applications.
The Trojan itself is a Symbian application, an SIS installation file.
The file may be called Symbian_Anti-Virus.SIS and it is 27362 bytes in size.
InstallationWhen launching, the Trojan installs the following files to the victim handset:
\ApMIME.dll (8620 bytes)\system\apps\About SymbianAV.txt (673 bytes)
The contents of the directories below will be overwritten. If the directories do not exist, the worm will create them.
system\apps\Anti-Virussystem\apps\AntiCommWarrior
system\apps\Antivirus
system\apps\AppMngr
system\apps\CabirFix
system\apps\CalvinStinger
system\apps\Decabir
system\apps\Disinfect
system\apps\efileman
system\apps\EVS
system\apps\F-Secure
system\apps\FCommwarrior
system\apps\FExplorer
system\apps\Kaspersky
system\apps\KLAntivirus
system\apps\MAV
system\apps\mobilesecurity
system\apps\NEWFILESCAN
system\apps\ProfiMail
system\apps\SmartFileMan
system\apps\symcs
system\apps\symlu
system\apps\SystemExplorer
system\apps\TrendMicro
system\apps\virem
system\apps\virusguard
system\apps\VirusScan
A file with the same name as the directory and an .app extension will be created in each directory. This file is between 3 and 12 bytes and size, and does not function; it is created in order to cause the antivirus solutions listed above to malfunction.
The file «About SymbianAV.txt» contains the following text:
-------------------------------------------------------
Symbian Anti-Virus
Version 1.10
Copyright é2006 Symbian Ltd.
* Phone Protection *
^
Damage < by > Helzim
V
--------------------------------------------------------
0
Removal Trojan.SymbOS.Appdisabler.j instructions:
0
Need help? Live computer support via remote at SupportSpace |
