The premier place for symbian users, supported with the No. one smarth phone discussion forum

Current:

Doomboot.A
New Symbian Trojan

Go back to
NEWS

.:Related stories:.

+ Lasco

+ Skulls

+ Cabir

+ CommWarrior

+ Drever

+ Locknut

+ Dampig

+ Mabir

+ Fontal

+ Hobbes



	Name: Email: Website: Message: ..help..

+ New Symbian Trojan Doomboot.A

03 July 2005

New Symbian trojan that drops Commwarrior.B
and drains the life from phones...

Doomboot in action

Virus info

NAME: Doomboot.A
ALIAS: SymbOS/Doomboot.A

Summary

Doomboot.A is a malicious SIS file trojan that drops corrupted system binaries and Commwarrior.B into the infected device. The system files dropped by Doomboot.A cause the device to fail at next reboot.

Doomboot.A pretends to be cracked version of Symbian version of Doom 2. If user installs the Doomboot.A he will not get any social engineering messages or extra icons in the phone application menu. And as Commwarrior.B hides its process from process list, user has no way of noticing that phone is actually infected.

.: Symbian viruses :.

+ Skull.L

+ Lasco

+ Skulls

+ Cabir

+ CommWarrior

+ Drever

+ Locknut

+ Dampig

+ Mabir

+ Fontal

+ Hobbes

The Commwarrior.B dropped by Doomboot will start automatically and start to spread. Bluetooth spreading of the Commwarrior.B causes battery drain and thus the phone will run quickly out of battery. And in case of Doomboot.A this is problematic as the phone will not boot again after the power runs out.

If you have installed Doomboot.A, the most important thing is not to reboot the phone and follow the disinfection instruction in this description.

If you have rebooted the phone and the phone will not start again, the phone can be recovered with hard format key code that is entered in the phone boot. Please refer to your phone manual for the code.

Disinfection

Disinfection with F-Secure Anti-Virus

F-Secure Mobile Anti-Virus will detect both Doomboot.A and Commwarrior.B and disinfect the phone.

If your phone is infected with Comwarrior and you cannot install files over bluetooth, you can download F-Secure Mobile Anti-Virus directly to your phone

1. Open web browser on the phone
2. Go to http://phoneav.com
3. Select link "Download antivirus software for your smartphone" and then select phone model
4. Download the file and select open after download
5. Install F-Secure Mobile Anti-Virus
6. Go to applications menu and start Anti-Virus
7. Activate Anti-Virus and scan all files

Disinfection

Manual disinfection

1. Go to application manager and uninstall the Doomboot.A SIS file the original name of the SIS file is Doom_2_wad_cracked_by_DFT_S60_v1.0.sis
2. 2. Go to http://phoneav.com
3. Download the F-Commwarrior disinfection tool
4. Download the file and select open after download
5. Install F-Commwarrior
6. Go to applications menu and start F-Commwarrior
7. Use F-Commwarrior to disinfect your phone from the Commwarrior worm

Detailed Description

Installation to system Doomboot.A installs corrupted system binaries into C:\ drive of the phone. When phone boots this corrupted binaries will be loaded instead of the correct ones, and the phone will crash at boot.

Spreading in Doom_2_wad_cracked_by_DFT_S60_v1.0.sis

Payload Installs corrupted system binaries and drops Commwarrior.B worm on the device.

Detection

Generic detection that detects Doomboot.A was published for F-Secure Mobile Anti-Virus on March 7th, 2005 in database build number 28.

Exact detection and disinfection has published in July 1st, 2005 in database build number 28.

F-Secure Corporation

Source: F-secure

Author: Apocalypso

-=[ Click Here To Have Your Say On This Story ]=-

Back to news..