Page 1 of 2 12 LastLast
Results 1 to 10 of 13

Thread: NOKIA SYMBIAN VIRUS & SOLUTIONS

  1. #1
    Join Date
    Aug 2005
    Posts
    12

    Default NOKIA SYMBIAN VIRUS & SOLUTIONS

    VIRUS

    Cabir.A

    Info

    Cabir is a bluetooth using worm that runs in Symbian mobile phones that support Series 60 platform.

    Cabir replicates over bluetooth connections and arrives to phone messaging inbox as caribe.sis file what contains the worm. When user clicks the caribe.sis and chooses to install the Caribe.sis file the worm activates and starts looking for new devices to infect over bluetooth.

    When Cabir worm finds another bluetooth device it willstart sending infected SIS files to it, and lock to that phone so that it won't look other phones even when the target moves out of range.

    Please note that Cabir worm can reach only mobile phones that support bluetooth, and are in discoverable mode.

    Setting you phone into non-discoverable (hidden) Bluetooth mode will protect your phone from Cabir worm.

    But once the phone is infected it will try to infect other systems even as user tries to disable bluetooth from system settings.

    Disinfection

    Delete this files:

    c:\system\apps\caribe\caribe.rsc
    c:\system\apps\caribe\caribe.app
    c:\system\apps\caribe\flo.mdl
    c:\system\recogs\flo.mdl
    c:\system\symbiansecuredata\caribesecuritymanager\ caribe.app
    c:\system\symbiansecuredata\caribesecuritymanager\ caribe.rsc

    Cabir.B

    Info

    Cabir.B is a minor variant of Cabir.A the only significant difference is that the Cabir.B displays different text on the start dialog when worm starts the first time or phone reboots.

    Cabir.A displays text "Caribe-VZ/29a" while Cabir.B displays text that contains just "Caribe".

    There is also repacked version of Cabir.B that is packed into SIS file, which installs the worm into different directory and shows text popup at SIS install. But this is not a new variant as worm executables are fully identical to original Cabir.B and all differences are due to settings in the repacked SIS file.

    Disinfection

    Same as for Cabir.A

    Cabir.C


    Info

    Cabir.C is a minor variant of Cabir.B the only significant differences are that the Cabir.C displays different text on the start dialog when worm starts and that the Cabir.C spreads as MYTITI.SIS instead of Cabir.SIS.

    Cabir.C displays text "Mytiti" while Cabir.B displays text that contains just "Caribe".

    Disinfection

    Same as for Cabir.A

    Cabir.D

    Info

    Cabir.D is a minor variant of Cabir.B the only significant differences are that the Cabir.D displays different text on the start dialog when worm starts and that the Cabir.D spreads as [YUAN].SIS instead of Cabir.SIS.

    Cabir.D displays text "[YUAN]" while Cabir.B displays text that contains just "Caribe".

    Disinfection

    Same as for Cabir.A

    Cabir.E

    Info

    Cabir.E is a minor variant of Cabir.B the only significant differences are that the Cabir.E displays different text on the start dialog when worm starts and that the Cabir.E spreads as Ni&Ai-.SIS instead of Cabir.SIS.

    Cabir.E displays text "Ni&Ai-" while Cabir.B displays text that contains just "Caribe".

    Disinfection

    Same as for Cabir.A

    Cabir.Dropper

    Info

    Cabir.Dropper is Symbian installation file that will install Cabir.B, Cabir.C and Cabir.D into the device and disables the Bluetooth control application. The original version of Cabir.Dropper is named Norton AntiVirus 2004 Professional.sis

    The Cabir.Dropper installs different Cabir variants into several places in the device file system. Some of the installed Cabirs replace common third party applications so that if user has one of those applications installed into system it gets replaced with Cabir.D and it's Icon in the menu will go blank.

    If user clicks on one of the replaced icons in the menu, the Cabir.D that has replaced that application will start and try to spread to other devices. If Cabir.D starts it will spread as Cabir.D ([YUAN].SIS) without other Cabir variants or Cabir.Dropper.

    The Cabir.Dropper will also install autostart component that tries to automatically start Cabir.D upon system reboot, but fails as the autostart component points into directory that is not installed on the device.

    Disinfection

    Delete cabir files from:

    c:\images\
    c:\sounds\digital
    c:\system\apps
    c:\system\install
    c:\system\recogs
    c:\system\apps\btui
    c:\system\apps\fexplorer
    c:\system\apps\file
    c:\system\apps\freakbtui
    c:\system\apps\smartfileman
    c:\system\apps\smartmovie
    c:\system\apps\systemexplorer
    c:\system\apps\[yuan]

    Skulls.A

    Info

    Skulls is a malicious SIS file trojan that will replace the system applications with non-functional versions, so that all but the phone functionality will be disabled.

    The Skulls SIS file is named "Extended theme.SIS", it claims to be theme manager for Nokia 7610 smart phone, written by "Tee-222".

    If Skulls is installed it will cause all application icons to be replaced with picture of skull and cross bones, and the icons don't refer to the actual applications any more so none of the Phone System applications will be able to start.

    This basically means that if Skulls is installed only the calling from the phone and answering calls works. All functions which need some system application, such as SMS and MMS messaging, web browsing and camera no longer function.

    If you have installed Skulls, the most important thing is not to reboot the phone and follow the disinfection instruction in this description.

    Disinfection

    Install third-party file manager and delete these files:

    c:\System\Apps\About\About.aif
    c:\System\Apps\About\About.app
    c:\System\Apps\AppInst\AppInst.aif
    c:\System\Apps\AppInst\Appinst.app
    c:\System\Apps\AppMngr\AppMngr.aif
    c:\System\Apps\AppMngr\Appmngr.app
    c:\System\Apps\Autolock\Autolock.aif
    c:\System\Apps\Autolock\Autolock.app
    c:\System\Apps\Browser\Browser.aif
    c:\System\Apps\Browser\Browser.app
    c:\System\Apps\BtUi\BtUi.aif
    c:\System\Apps\BtUi\BtUi.app
    c:\System\Apps\bva\bva.aif
    c:\System\Apps\bva\bva.app
    c:\System\Apps\Calcsoft\Calcsoft.aif
    c:\System\Apps\Calcsoft\Calcsoft.app
    c:\System\Apps\Calendar\Calendar.aif
    c:\System\Apps\Calendar\Calendar.app
    c:\System\Apps\Camcorder\Camcorder.aif

    c:\System\Apps\Camcorder\Camcorder.app
    c:\System\Apps\CbsUiApp\CbsUiApp.aif
    c:\System\Apps\CbsUiApp\CbsUiApp.app
    c:\System\Apps\CERTSAVER\CERTSAVER.aif
    c:\System\Apps\CERTSAVER\CERTSAVER.APP
    c:\System\Apps\Chat\Chat.aif
    c:\System\Apps\Chat\Chat.app
    c:\System\Apps\ClockApp\ClockApp.aif
    c:\System\Apps\ClockApp\ClockApp.app
    c:\System\Apps\CodViewer\CodViewer.aif
    c:\System\Apps\CodViewer\CodViewer.app
    c:\System\Apps\ConnectionMonitorUi\ConnectionMonit orUi.aif
    c:\System\Apps\ConnectionMonitorUi\ConnectionMonit orUi.app
    c:\System\Apps\Converter\Converter.aif
    c:\System\Apps\Converter\converter.app
    c:\System\Apps\cshelp\cshelp.aif
    c:\System\Apps\cshelp\cshelp.app
    c:\System\Apps\DdViewer\DdViewer.aif
    c:\System\Apps\DdViewer\DdViewer.app
    c:\System\Apps\Dictionary\Dictionary.aif
    c:\System\Apps\Dictionary\dictionary.app
    c:\System\Apps\FileManager\FileManager.aif
    c:\System\Apps\FileManager\FileManager.app
    c:\System\Apps\GS\GS.aif
    c:\System\Apps\GS\gs.app
    c:\System\Apps\ImageViewer\ImageViewer.aif
    c:\System\Apps\ImageViewer\ImageViewer.app
    c:\System\Apps\location\location.aif
    c:\System\Apps\location\location.app
    c:\System\Apps\Logs\Logs.aif
    c:\System\Apps\Logs\Logs.app
    c:\System\Apps\mce\mce.aif
    c:\System\Apps\mce\mce.app
    c:\System\Apps\MediaGallery\MediaGallery.aif
    c:\System\Apps\MediaGallery\MediaGallery.app
    c:\System\Apps\MediaPlayer\MediaPlayer.aif
    c:\System\Apps\MediaPlayer\MediaPlayer.app
    c:\System\Apps\MediaSettings\MediaSettings.aif
    c:\System\Apps\MediaSettings\MediaSettings.app
    c:\System\Apps\Menu\Menu.aif
    c:\System\Apps\Menu\Menu.app
    c:\System\Apps\mmcapp\mmcapp.aif
    c:\System\Apps\mmcapp\mmcapp.app
    c:\System\Apps\MMM\MMM.app
    c:\System\Apps\MmsEditor\MmsEditor.aif
    c:\System\Apps\MmsEditor\MmsEditor.app
    c:\System\Apps\MmsViewer\MmsViewer.aif
    c:\System\Apps\MmsViewer\MmsViewer.app
    c:\System\Apps\MsgMailEditor\MsgMailEditor.aif
    c:\System\Apps\MsgMailEditor\MsgMailEditor.app
    c:\System\Apps\MsgMailViewer\MsgMailViewer.aif
    c:\System\Apps\MsgMailViewer\MsgMailViewer.app
    c:\System\Apps\MusicPlayer\MusicPlayer.aif
    c:\System\Apps\MusicPlayer\MusicPlayer.app
    c:\System\Apps\Notepad\Notepad.aif
    c:\System\Apps\Notepad\Notepad.app
    c:\System\Apps\NpdViewer\NpdViewer.aif
    c:\System\Apps\NpdViewer\NpdViewer.app
    c:\System\Apps\NSmlDMSync\NSmlDMSync.aif
    c:\System\Apps\NSmlDMSync\NSmlDMSync.app
    c:\System\Apps\NSmlDSSync\NSmlDSSync.aif
    c:\System\Apps\NSmlDSSync\NSmlDSSync.app
    c:\System\Apps\Phone\Phone.aif
    c:\System\Apps\Phone\Phone.app
    c:\System\Apps\Phonebook\Phonebook.aif
    c:\System\Apps\Phonebook\Phonebook.app
    c:\System\Apps\Pinboard\Pinboard.aif
    c:\System\Apps\Pinboard\Pinboard.app
    c:\System\Apps\PRESENCE\PRESENCE.aif
    c:\System\Apps\PRESENCE\PRESENCE.APP
    c:\System\Apps\ProfileApp\ProfileApp.aif
    c:\System\Apps\ProfileApp\profileapp.app
    c:\System\Apps\ProvisioningCx\ProvisioningCx.aif
    c:\System\Apps\ProvisioningCx\ProvisioningCx.app
    c:\System\Apps\PSLN\PSLN.aif
    c:\System\Apps\PSLN\PSLN.app
    c:\System\Apps\PushViewer\PushViewer.aif
    c:\System\Apps\PushViewer\PushViewer.app
    c:\System\Apps\Satui\Satui.aif
    c:\System\Apps\Satui\Satui.app
    c:\System\Apps\SchemeApp\SchemeApp.aif
    c:\System\Apps\SchemeApp\SchemeApp.app
    c:\System\Apps\ScreenSaver\ScreenSaver.aif
    c:\System\Apps\ScreenSaver\ScreenSaver.app
    c:\System\Apps\Sdn\Sdn.aif
    c:\System\Apps\Sdn\Sdn.app
    c:\System\Apps\SimDirectory\SimDirectory.aif
    c:\System\Apps\SimDirectory\SimDirectory.app
    c:\System\Apps\SmsEditor\SmsEditor.aif
    c:\System\Apps\SmsEditor\SmsEditor.app
    c:\System\Apps\SmsViewer\SmsViewer.aif
    c:\System\Apps\SmsViewer\SmsViewer.app
    c:\System\Apps\Speeddial\Speeddial.aif
    c:\System\Apps\Speeddial\Speeddial.app
    c:\System\Apps\Startup\Startup.aif
    c:\System\Apps\Startup\Startup.app
    c:\System\Apps\SysAp\SysAp.aif
    c:\System\Apps\SysAp\SysAp.app
    c:\System\Apps\ToDo\ToDo.aif
    c:\System\Apps\ToDo\ToDo.app
    c:\System\Apps\Ussd\Ussd.aif
    c:\System\Apps\Ussd\Ussd.app
    c:\System\Apps\VCommand\VCommand.aif
    c:\System\Apps\VCommand\VCommand.app
    c:\System\Apps\Vm\Vm.aif
    c:\System\Apps\Vm\Vm.app
    c:\System\Apps\Voicerecorder\Voicerecorder.aif
    c:\System\Apps\Voicerecorder\Voicerecorder.app
    c:\System\Apps\WALLETAVMGMT\WALLETAVMGMT.aif
    c:\System\Apps\WALLETAVMGMT\WALLETAVMGMT.APP
    c:\System\Apps\WALLETAVOTA\WALLETAVOTA.aif
    c:\System\Apps\WALLETAVOTA\WALLETAVOTA.APP
    c:\System\Libs\licencemanager20s.dll
    c:\System\Libs\lmpro.r01
    c:\System\Libs\lmpro.r02
    c:\System\Libs\notification.cmd
    c:\System\Libs\softwarecopier200.dll
    c:\System\Libs\ZLIB.DLL

    Skulls.B

    Info

    Skulls.B is a variant of SymbOS/Skulls.A trojan, which has similar functionality to the Skulls.A but uses different files.

    Skulls.B is a malicious SIS file trojan that will replace the system applications with non-functional versions and drops SymbOS/Cabir.B worm in to the phone.

    The Cabir dropped by Skulls.B does not activate automatically, but if user goes to the cabir icon in the phone menu and runs Cabir from there. The Cabir.B will activate and try to infect other phones.

    The Original Skulls.B SIS file is named "Icons.SIS". Unlike Skulls.A, the Skulls.B variant does not show any pop-up messages during install (except the "Installation security warning - unable to verify supplier" message shown by the operating system).

    The Skulls.B replaces standard application icons with generic application icon instead of skull and cross bones like Skulls.A did.

    If Skulls.B is installed only the calling from the phone and answering calls works. All functions which need some system application, such as SMS and MMS messaging, web browsing and camera no longer function. And in addition of applications being disabled the phone is also infected with Cabir.B, which fortunately, is not able to activate automatically.

    If you have installed Skulls.B, the most important thing is not to reboot the phone and follow the disinfection instruction in this description.

    Disinfection

    Same as for Skulls.A, but you need to delete a few more folders:

    c:\system\apps\CamTimer\camtimer.app
    c:\system\apps\CamTimer\camtimer.rsc
    c:\system\apps\caribe\caribe.rsc
    c:\system\apps\caribe\caribe.app
    c:\system\apps\caribe\flo.mdl
    c:\system\recogs\flo.mdl
    c:\system\symbiansecuredata\caribesecuritymanager\ caribe.app
    c:\system\symbiansecuredata\caribesecuritymanager\ caribe.rsc
    c:\system\symbiansecuredata\caribesecuritymanager\ camtimer.sis

    Qdial.A

    Info

    This Trojan on a phone is a cracked version of the Mosquitos game, which runs on phones using the Symbian Series 60 Platform.

    It is obtained by downloading a copy of the game from the Internet or through peer-to-peer networks.

    It sends an SMS message to specific premium rate numbers and can charge affected users for the sent messages. Apparently, the affected numbers are from the United Kingdom (UK), Germany, Netherlands, and Switzerland regions only.

    Unlike worms, it does not spread itself to other contacts in the phone.

    Disinfection

    Quit the Mosquitos game then perform the uninstallation procedure of the program.

    -------------------------------------------------------------------------------------
    Malware file sizes:

    Cabir.A - 14.7kb
    Cabir.B - 14.7kb
    Cabir.Bv2 - 9.63kb
    Cabir.C -
    Cabir.D -
    Cabir.E -
    Cabir.Dropper -
    Qdial.A - 137kb
    Skulls.A - 1.13mb
    Skulls.B - 775kb

    Cabir.H is a bluetooth using worm that runs in Symbian mobile phones that support Series 60 platform.

    The Cabir.H variant is a recompiled version of the original Cabir, the main difference being that Cabir.H has fixed replication routine and is capable of spreading faster than earlier variants.

    Cabir.H replicates over bluetooth connections and arrives to phone messaging inbox as velasco.sis file that contains the worm. When user clicks the velasco.sis and chooses to install the velasco.sis file the worm activates and starts looking for new devices to infect over bluetooth.

    When Cabir worm finds another bluetooth device it will start sending infected SIS files to it, as long as the target phone is in range. Unlike earlier variants of Cabir, the Cabir.H is capable of finding a new target, after the first one has gone out of range. Thus the Cabir.H will most likely spread faster than previous variants, if ever found in the wild.

    Cabir.I

    Cabir.I is a minor variant of Cabir.H being functionally identical to Cabir.H variant, with the exception that the I variant is recompiled and uses different binary.

    Cabir.J

    Cabir.J is a minor variant of Cabir.H being functionally identical to Cabir.H variant, with the exception that the I variant is recompiled and uses different binary.

    Cabir.K

    Cabir.K is a minor variant of Cabir.H being functionally identical to Cabir.H variant, with the exception that the Cabir.K variant is recompiled and uses different binary.

    Cabir.L

    Cabir.L is a minor variant of Cabir.B the only significant differences are that the Cabir.L displays different text on the start dialog when worm starts and that the Cabir.L spreads as Skulls.SIS instead of Cabir.SIS.

    Cabir.L displays text "Skulls" while Cabir.B displays text that contains just "Caribe".

    Please note that while Cabir.L displays text skulls when it starts, it is still Cabir variant. Not Skulls variant .

    Cabir.M

    Cabir.M is a minor variant of Cabir.B the only significant differences are that the Cabir.M displays different text on the start dialog when worm starts and that the Cabir.M spreads as free$8.SIS instead of Cabir.SIS.

    Cabir.M displays text "free$8" while Cabir.B displays text that contains just "Caribe".

    Skulls.D

    Skulls.D is a malicious SIS file trojan, that pretends to be Macromedia Flash player for Symbian Series 60 devices.
    Skulls.D drops SymbOS/Cabir.M worm into the phone, disables system applications and third party applications needed to disinfect it and displays animation that shows flashing skull picture.

    Unlike earlier Skulls versions the Skulls.D disables only few phone system applications. The only system applications that are disabled, are the ones that are needed in disinfecting it.

    The third party applications disabled by Skulls, are ones that user would need to disinfect his phone, if it got infected by skulls. However for some reason Skulls.D copies the replacement files to the device memory card, thus disabling the tools only if user has not installed them on the C: drive.

    Skulls.D tries to disable F-Secure Mobile Anti-Virus by replacing it's files with non-functional versions. However as F-Secure Mobile Anti-Virus is capable of detecting Cabir.M contained by Skulls using generic detection. The Anti-Virus will detect the infected SIS file and prevent it from being installed. Provided that the Anti-Virus is in realtime scan mode as it is by default.

    The Cabir.M worm dropped by Skulls.D is already detected with generic detection as Cabir.Gen. So the Skulls.D is already detected and stopped without need for updated Anti-Virus database.

    The Cabir.M dropped by Skulls.C does not activate automatically, but will activate on reboot.

    The Skulls.D does also drop other application that will activate on device reboot, this application displays animation of flashing Skull picture on background, no matter what application user is trying to use.

    Lasco.A

    Lasco.A is a bluetooth using worm that runs in Symbian mobile phones that support Series 60 platform.

    The Lasco.A is based on the same source as Cabir.H and is very similar to it. The main difference between Cabir.H and Lasco.A is that in addition of spreading with bluetooth, Lasco.A will insert itself to any SIS files it finds in the device.

    Lasco.A replicates over bluetooth connections and arrives to phone messaging inbox as velasco.sis file that contains the worm. When user clicks the velasco.sis and chooses to install the velasco.sis file the worm activates and starts looking for new devices to infect over bluetooth.

    When Lasco worm finds another bluetooth device it will start sending infected SIS files to it, as long as the target phone is in range. Like Cabir.H,Lasco.A is capable of finding a new target, after the first one has gone out of range.

    Replication

    Lasco.A replicates over bluetooth in velasco.sis file that contains the worm main executable velasco.app, system recognizer marcos.mdl and resource file velasco.rsc. The SIS file contains autostart settings that will automatically execute velasco.app after the SIS file is being installed.

    The velasco.sis file will not arrive automatically to the target device, so user needs to answer yes to the transfer question while the infected device is still in range.

    When the Lasco.A worm is activated it will start looking for other bluetooth devices, and starts sending infected velasco.sis files to the first device it finds. After the first target phone is out of range the Lasco.A will continue searching and infecting other phones.

    This modification in the replication mechanism, will make it more likely that Lasco.A will spread quickly once in the wild.

    Infection

    When the velasco.sis file is installed the installer will copy the worm executables into following locations:
    c:\system\apps\velasco\velasco.rsc
    c:\system\apps\velasco\velasco.app
    c:\system\apps\velasco\flo.mdl

    When the velasco.app is executed it copies the following files:
    flo.mdl to c:\system\recogs
    velasco.app to c:\system\symbiansecuredata\velasco\
    caribe.rsc to c:\system\symbiansecuredata\velasco\

    This is most likely done in case user installs the application to memory card, or to avoid user trying to disinfect the worm by uninstalling the original SIS file.

    Then the worm will recreate the velasco.sis file from worm component files and data blocks that are in velasco.app.

    After recreating the SIS file the Lasco.A will search for all SIS files in the device, add itself into those files and modify the SIS file header so that the Lasco.A embedded into target SIS files will activate automatically upon install of that SIS file into the device.

    CommWarrior.A

    Security experts have reported that they are analysing what is believed to be the first mobile phone virus able to replicate via Multimedia Messaging Service (MMS).The malicious code, dubbed CommWarrior, runs on the Symbian Series 60 smartphone operating system and can spread using multimedia messages that include an image, audio or video which is sent from one phone to another or by email."Phone viruses so far have been spreading over Bluetooth, so they only affect phones that are within a few metres. A MMS virus can potentially go global in minutes, just like an email worm," warned F-Secure's antivirus laboratory.F-Secure said that it will post more detailed analysis on CommWarrior after investigating the code more closely.

    This virus is still under analysis. We've seen two different versions so far.

    The virus drops these files:


    \system\apps\CommWarrior\commwarrior.exe
    \system\apps\CommWarrior\commrec.mdl


    \system\updates\commrec.mdl
    \system\updates\commwarrior.exe
    \system\updates\commw.sis

    It contains these texts:


    CommWarrior v1.0 2005 by e10d0r
    OTMOP03KAM HET!

    The text "OTMOP03KAM HET!" is Russian and means roughly "No to braindeads".

    Problem vith this virus can be even vorse because installation file can be found really easy on the Internet because author so called "e10d0r" made even website for this mallware.


    --------------------

    Locknut.B

    Locknut.B is a malicious SIS file trojan that pretends to be patch for Symbian Series 60 mobile phones.

    When installed Locknut.B drops a binary that will crash a critical System component, that will prevent any application from being launched in the phone. Thus effectively locking the phone.

    The Locknut.B will also drop a copy of Cabir.V into the device, but it will not start automatically. And is harmless anyway as the Locknut.B kills all applications on the infected phone, including Cabir.V that is installed from the same SIS file.

    Even if Locknut.B is disinfected the Cabir.V still wont start, as it is installed into wrong directory in the infected phone.

    If user starts Cabir.V manually, after disinfecting locknut, the Cabir.B will spread as pure Cabir.V and will not transfer Locknut.B into other devices.

    Detailed Description

    Installation to system Locknut.B is a SIS file that crashes critical system ROM binary with non-functional stub file. When Locknut.B sis file is installed the files will be installed into following locations:
    c:\system\apps\gavnor\gavnor.app
    c:\system\apps\gavnor\gavnor.rsc
    c:\system\apps\gavnoreturn\flo.mdl
    c:\system\apps\gavnoreturn\gavnoreturn.app
    c:\system\apps\gavnoreturn\gavnoreturn.rsc
    c:\system\apps\gavnoreturn\gavnoreturn_caption.rsc

    Some of the file dropped by Gavno contain texts, intended as messages from trojan author.

    Spreading in MMFpatch.sis

    Payload Locknut.B drops corrupted binary file that will cause crash in a critical operating system component. The locknut.B also drops Cabir.V, which does not start on the phone, unless executed on purpose after disinfection.


    Drever.A

    Drever.A is a malicious SIS file trojan that disables the automatic startup from Simworks and Kaspersky Symbian Anti-Virus softwares. Currently it is still unverified whether either of these softwares have protection against such attacks.

    Drever.A does not affect F-Secure Mobile Anti-Virus.


    Disinfection

    Drever.A can be disinfected easily by using F-Secure Mobile Anti-Virus available from http://www.f-secure.com/estore/avmobile.shtml

    Or you can uninstall it by uninstalling the Drever SIS file with application manager


    1. Open the application manager

    2. Uninstall antivirus.sis, if your menu shows several applications with that filename, choose the one that has smallest size

    3. Re-install your Anti-Virus

    Spreading in Anti-Virus.sis

    Payload Drever.A drops non-functional copies of the bootloaders used by Simworks Anti-Virus and Kaspersky Symbian Anti-Virus. These non-functional copies overwrite the original files, causing target softwares not to load automatically when the phone boots.

    Mabir.A

    Mabir is a worm that operates on Symbian Series 60 devices, the Mabir worm is capable of spreading both over Bluetooth and MMS messages.

    When Mabir.A infects a phone it will start searching other phones that in can reach over Bluetooth and send infected SIS files to the phones it finds.

    The SIS files that files that Mabir.A sends have always the same file name "caribe.sis". Please note that while Mabir.A uses the name SIS file name as original Cabir worms, it is different worm than Cabir.

    In addition of spreading over bluetooth the Mabir.A will also listen for any MMS or SMS messages that arrive to the infected phone. And respond to those messages with MMS message that contains Mabir as "info.sis".

    The MMS messages that Mabir sends do not contain any text message, only the info.sis file

    The MMS messages are multimedia messages that can be sent between Symbian phones and other phones that support MMS messaging. As the name says the MMS messages are intended to contain only media content, such as pictures, audio or video, but they can contain anything, including infected Symbian installation files.

    Replication over bluetooth

    Mabir replicates over bluetooth in SIS files that are always named caribe.sis, the SIS file contains the worm component files caribe.app, caribe.rsc and flo.mdl.

    The SIS file contains autostart settings that will automatically execute caribe.app after the SIS file is being installed, thus starting the worm.

    When Mabir worm is activated it will start looking for other bluetooth devices, and start sending itself to first phone it finds. If target phone goes out of range or rejects file transfer, will still try to send messages to the same phone.

    Replication over MMS

    Mabir replicates over MMS by sending MMS messages that contain infected SIS file to other users. The MMS messages contain Mabir SIS file with filename info.sis.

    The MMS sending is triggered by MMS or SMS message that arrives to the phone, causing Mabir to send itself as MMS message to the number from which the message arrived from. Thus the Mabir tries to fool the receiver that it has been sent as reply to the message that user sent to the infected phone.

    The Mabir worm does not use any texts in the MMS messages it sends.

    Infection

    When the Mabir SIS file is installed the installer will copy the worm executables into following locations:

    \system\apps\Caribe\Caribe.app

    \system\apps\Caribe\Caribe.rsc

    \system\apps\Caribe\flo.mdl

    When the Mabir.exe is executed it copies the following files:

    \system\symbiansecuredata\caribesecuritymanager\Ca ribe.app

    \system\symbiansecuredata\caribesecuritymanager\Ca ribe.rsc

    And rebuilds it's SIS file to:

    \system\symbiansecuredata\caribesecuritymanager\In fo.sis

    After recreating the SIS file the worm starts to look for all visible bluetooth devices and start waiting for arriving SMS or MMS messages.

    Fontal.A is a SIS file trojan that installs corrupted Font file into infected device, thus causing the device to fail at next reboot.

    If a phone is infected with Fontal.A, it must not be rebooted as the trojan will prevent the phone from booting again. If the phone is rebooted, it will try to boot, but will be forever stuck on phone startup and cannot be used.

    In addition of installing the corrupted font file the Fontal.A also damages the application manager so that it cannot be uninstalled, and no new applications can be installed before the phone is disinfected.

    Disinfection

    Disinfection

    F-Secure Mobile Anti-Virus will detect Fontal.A and delete the trojan components.

    1. Open web browser on the phone
    2. Go to http://mobile.f-secure.com
    3. Select link "Download F-Secure Mobile Anti-Virus" and then select phone model
    4. Download the file and select open after download
    5. Install F-Secure Mobile Anti-Virus
    6. Go to applications menu and start Anti-Virus
    7. Activate Anti-Virus and scan all files

    After disinfecting you phone, you can remove remaining empty directories by going to application manager and uninstalling the SIS file in which Comwarrior arrived (Kill Saddam By OID500.sis)

    Manual disinfection

    1. Install file manager on the phone
    2. Go to c:\System\apps\appmngr
    3. Delete appmngr.app
    4. Go to the application manager
    5. Uninstall the SIS file in which the Fontal.A was installed in

    Spreading in Kill Saddam By OID500.sis

    Infection

    When the Fontal.A SIS file is installed the installer copies files into following locations:

    \system\apps\appmngr\appmngr.app

    \system\apps\kill sadam\kill sadam.app

    \system\apps\fonts\kill sadam font.gdr

    The appmngr.app is non-functional file that disables application manager, the kill sadam.app is hexedited utility that has been modified to show text reboot, and has no other significant function for the trojan.

  2. #2
    Join Date
    Jan 2006
    Location
    Press F13 to find the location
    Posts
    615

    Default

    One more good info.Ya very big to read.But worth reading the post

    Thank you

  3. #3
    Join Date
    Aug 2005
    Posts
    12

    Default

    THANK U...Nobody is Perfect and I am Nobody!!!

  4. #4
    Join Date
    Aug 2005
    Location
    India
    Posts
    1,544

    Default

    this thread should be in teh general computer forum.
    moving.

  5. #5
    Join Date
    Nov 2005
    Location
    AT DORRS NEAR HEAVEN
    Posts
    2,074

    Default

    Hi Bh Members,

    I Am thinking of Opening A New Thread To Give U Solution Of Series 60 Mobiles Phones,this Include Nokia 6600,7610,6670,6260,7710,n-gage,3230,6680,6681 And Yet To Come Symbian Phones.

    So Guys You Can Put Up Ur Problems,application Needs Queries And I Will Give U Solution Of Ur Problems,u Are Also Requested To Help Oter In This Thread As We Can Make Symbian's Community A Success...

    Guys Pls Always Check The Last Page For Updates And New Application Launches And News I Will Be Updating Regularly.

    I Hope This Thread Will Be A Succesful One

    Thanking U.

  6. #6
    Join Date
    Nov 2005
    Location
    AT DORRS NEAR HEAVEN
    Posts
    2,074

    Default

    tip and trick for symbian
    tip 1 :
    Do u know how to use the edit button (abc or pencil button)?
    Heres how... in the inbox for example; u wanna delete multiple sms, simply hold the edit button, scroll down, and then, press c to delete the marked sms. The edit button can also b used to copy and past text in sms, simply hold it and scroll across, choose copy. pretty good for placing song names in ngages
    Tip 2 :
    Shit happens, on a smartphone, its inevitable u do something wrong, and tis calls for a format of fone. to format the fone, press *#7370#, then enter the lock code, which is the sec code of the fone. NOTE: batt must b full, else if format is disrupted by low batt, consequences will b disatrous
    I heard the code *#7780# works too, pretty much the same i tink.
    for 6600 users, to format the fone, theres an alternative way. Press and hold <3>, <*> and Call (Send) buttons, then power on fone, keep holding on the 3 buttons, till u come to a format screen. this method ONLY works on 6600, and need not enter the sec code. BUT sec code would be reset to default 12345.
    Tip 3 :
    TO NGAGE USERS; Did u know u can install .sis files simply using the cable given? Juz plug it in, place the .sis file anywhere on e: (the mmc), not in any folders, root of e:, disconnect, then look for it in manager.

    Tip 4:
    Save on battery and system memory being used by regulary checking the task manager which can be accessed by holding down the menu button!!
    Tip 5:
    Type *#06# to display your IMEI serial number, very valuable for the unlocking your phone to other sim cards
    Tip 6:
    Type *#0000# to view which firmware version you are running
    Tip 4a:
    Set the screen saver to a short time out period to prolong battery life.
    Tip 4b:
    Avoid restarting the phone, or repeatedly turning it on and off. This helps increase battery life.
    Tip 7:
    If you would like to avoid being "blue jacked", keep bluetooth turned off, or set your phone's visibility to hidden.
    Tip 8:
    Don't want to carry a watch and a phone? Set the screen saver to show date and time, then you can ditch the watch.
    Tip 9:
    Save memory when installing apps, by installing over bluetooth. This can be done using the nokia phone suite and a bluetooth serial connection. Only works with .SIS files, so java still has to be sent to the phone, but will save space when using .SIS files.
    Tip 10:
    Operator logos
    Use a filemanager like FExplorer or SeleQ to add the folders: "c:/system/Apps/phone/oplogo". Add a .bmp picture to folder "oplogo" and restart your phone! The .bmp picture size needs to be: 97 x 25 pixels
    Tip 11:
    Check if the recepients phone is on
    Delivery reports
    or
    Type *0# your message in the message composer window space then write your message, the recipient will not see the star zero hash bit - just the message When they read it it will relay a message back to your fone showing the time they recieved it. (haven't yet tried it myself though)
    Tip 12:
    BlueJacking
    First up, you need to know what Bluetooth is. There are lots of types of modern devices that incorporate Bluetooth as one of their many features. PDAs, mobile phones and laptops are a few of these modern devices. Bluetooth means that Bluetooth enabled devices can send things like phonebook/address book contacts, pictures & notes to other Bluetooth enabled devices wirelessly over a range of about 10 metres. So, we've got past the boring part. Now, using a phone with Bluetooth, you can create a phonebook contact and write a message, eg. 'Hello, you've been bluejacked', in the 'Name' field. Then you can search for other phones with Bluetooth and send that phonebook contact to them. On their phone, a message will popup saying "'Hello, you've been bluejacked' has just been received by Bluetooth" or something along those lines. For most 'victims' they will have no idea as to how the message appeared on their phone.

    Tip 13:
    While you are viewing a picture in your phone's gallery, press one of these shortcut keys (definitely works on 6600, not sure about other symbians)
    1 - turn image anticlockwise
    3 - turn image clockwise
    * - toggle on/off of full screen

  7. #7
    Join Date
    Nov 2005
    Location
    AT DORRS NEAR HEAVEN
    Posts
    2,074

    Default

    5 - zoom in
    0 - zoom out

    to be contd......

  8. #8
    Join Date
    Nov 2005
    Location
    AT DORRS NEAR HEAVEN
    Posts
    2,074

    Default

    #15
    u can select all files in a folder by selecting THE folder and copy it then paste it somewhere. however u need to make a new directory. fexplorer wun let u copy that folder together. well seleQ can mark files to copy but it really takes time!
    #16:
    A soft and Hard reset
    A Soft-reset - the process of resetting all the settings of the phone to the factory default! No applications are deleted! A Hard-reset is like formatting a drive! It does format the memory. Everything that has been installed after the first use of the phone is deleted! It will recover the memory of the phone to the state you purchased it! It is done by inputing the following code: *#7370# NOTE: The battery must be full or the charger has to be connected to the phone so that it does not run out of power and make the phone unusable.
    #17:
    Formats of images
    supported ones: JPG UPF GIF87a/89a WBMB MBM TIFF/F PNG EXIF
    How to copy & paste text in your Nokia 3650:
    Press and hold the pencil key and select your text using the scroll key.
    Left function key will change to 'Copy'. Press it to copy the selected text to clipboard.
    You can paste the clipboard contents the same way:
    press and hold the pencil key and press 'Paste'. Or, press pencil key once and select 'Paste'.
    Press and hold the Menu key to open the application switching window, where you can *duh* switch between applications.
    If a program hangs and you can't shut it down, select the application in the
    application switching window and press 'C' to kill it. It's also a faster way to exit programs.
    Turn on/off the "click" sound made by the camera by selecting the 'Silent' profile or by turning warning tones on/off:
    Menu > Profiles > "select your activated profile" > Personalise > Warning tones > On/Off.
    (This also effects the sound of Java games and apps).
    To change background image go to:
    Menu > Tools > Settings > Phone > Standby mode > Background image > Yes > "choose an image".
    The best size for background images is 174x132 pixels.
    Only got blue, green and purple in your 3650 colour palette?
    This free app adds 3 more colours: Palette Extender.
    Display an image when someone's calling:
    Menu > Contacts > "select a contact card" > Options > Edit > Options > Add thumbnail > "choose an image".
    Add a personal ringing tone to a contact:
    Menu > Contacts > "select a contact card" > Options > Open > Options > Ringing tone > "choose a ringing tone".
    Delete all messages from your Inbox at once:
    Menu > Messaging > Inbox > Options > Mark/Unmark > Mark all > Options > Delete.
    Send or hide your caller ID: Go to: Menu > Tools > Settings > Call > Send My
    Caller ID > 'Yes', 'No' or 'Set By Network' to follow the default settings of your home network.
    If you often copy large files to your MultiMedia Card, I recommend a card reader.
    E.g. With a card reader it takes only 12 seconds to copy a 10 MB file!
    Record the sound of a phone call using the (sound) Recorder.
    Menu > Extra's > Recorder > Options > Record sound clip.
    Note: short beeps are audible during call registration.
    But there is a 60 second limitation so if you want unlimited sound recording get this app: Extended Recorder.
    While writing text, press "#" to switch between upper and lower case and Dictonary on/off (predictive text input).
    Press and hold "#" to switch between Alpha mode and Number mode.
    Keyboard shortcuts for zooming and rotating images in Images:
    1 = zoom in, 0 = zoom out, press and hold to return to the normal view.
    2 = rotate anticlockwise, 9 = rotate clockwise, * = full screen.
    In standby mode, press and hold the right soft key to activate voice dialling.
    To add a voice tag to a phone number, open a contact card and scroll to the phone number and select:
    Options > Add voice tag.
    You can customize both soft keys located below the screen (in standby mode):
    Menu > Tools > Settings > Phone > Standby mode > Left/Right selection key > "select an application".
    In standby mode. press scroll key center (joystick) to go directly to Contacts.
    In standby mode, press and hold 0 to launch your wap home page.
    In Menu or any subfolder, press numbers 1 - 9 to start the application at that location.
    123
    456
    789
    In standby mode,
    45# + dials the number on your sim in memory slot 45.
    50# + dials slot 50 and so on.
    If you have your keylock activated just press the on/off button to turn on your backlight
    to look at the time when it's dark without having to unlock the keypad.
    Never, ever, in your whole life, install WildSkinz on your Nokia 3650!!! WildSkinz screws up
    the whole 3650 system. It was never intended to work on the 3650, only on the 7650.


    Why assigning Video Recorder in the right or left soft key does not work?


    (Sound Recorder is launched instead of Video Recorder)
    It's a bug with firmware version 2.50.
    How to check your firmware version:


    A "Firmware" is the phone's operating system stored in internal Flash memory of the device (disk Z.
    Manufacturers release new firmware versions containing bug fixes, improvements and - sometimes - offering new functions.
    Firmware upgrade can only be made in authorized Nokia service centre (point).
    To check your current firmware version simply type *#0000# on main Phone screen.


    How to check your IMEI (International Mobile Equipment Identity)?


    Type *#06# on main Phone screen.


    Start up in Safe Mode so no 'auto start' apps will be running:


    To make sure that no memory-resident programs start when you reboot your phone,
    hold down the pencil key when you turn on the phone and hold it on untill you have to enter your PIN code.
    (When you have trouble booting up the phone with the MMC in it because it got corrupted for some reason, this trick will
    almost always let you boot up the phone so you can remove the latest installed app which might have caused the
    problem or if your phone is "unrepairable" you can still back up your important data before you do a format.)
    Q: How to totally format your Nokia 3650 and remove all installed applications, user files and restore all
    settings to default like it's new out of the box? (OEM apps won't be deleted like Camera and RealOne Player).


    A: First Format your MMC: Menu > Extras > Memory > Options > Format mem. card > Yes.
    Note: It is very important to format your MMC before you format your phone!
    Then format your phone by typing *#7370# on main Phone screen.
    Phone will ask: "Restore all original phone settings? Phone will restart." Press 'Yes' and enter your Lock code (default is 12345).
    Tip: Formatting takes several minutes so you'd better connect your Nokia 3650
    to a charger to ensure that your battery doesn't get empty in the middle of formatting.
    Note: All your created acces points and mailboxes will be lost so take a note of them. And all application settings will be reset.
    E.g. In Camera, image quality is set back to normal and memory in use is set back to phone memory. And also in Messages,
    memory in use is set back to phone memory, etc. Also backup your contacts with PC Suite or a program like Contacts Manager.

    To reset your wallet, should you forget your code,
    Type in:
    *#7370925538#
    this will reset the wallet code, the wallet contents will be deleted.
    -------------------------------------------------------------------------------------------

    How to free more RAM on your phone >>>


    >>> Method 1: Flight mode:

    Put your phone in "Flight mode" with Psiloc System Tools. Install System Tools, open it and select "Flight mode". This way you can restart the phone without your SIM card so there will be no running phone tasks in the background. Now you can have up to 3,5 MB of free RAM!

    Note: ironically enough, Flight mode doesn't work when Smart Launcher is installed, at least in my case.
    But i've also heard several reports of people who have both apps running without any problems.



    >>> Method 2: Smart Launcher trick:

    Install Smart Launcher and open it. Go to Options, Settings and put Launcher ON.
    Now plug in your charger and switch off your phone. Wait untill the battery meter appears and short press the Menu button (don't hold).
    The menu should appear and now you can have 3,5 to 4,5 MB free RAM! (Hold Menu button to check RAM).

    The trick is that with the charger plugged in, the phone must get a minimum software support for charging, even when
    the phone is switched off. And somehow Smart Launcher has still got it's shortcut running and that's the Menu button. So when
    you press the Menu button, you go directly to the Menu without any other phone tasks running in the background so
    you trick the phone and you have more free RAM!
    Note: when you unplug the charger, the phone will switch off.
    >>> Method 3: Menu :

    This method I found it by myself, it frees a little about 100~200 KB but I guess it's useful sometime

    Close your menu not by selecting the right selection key "exit", or pressing the menu key another time, they only hide the menu app but do not close it, to close it select the left selection key "option" and scroll down and select "exit"

    So when you open an app needs more ram reopen menu and close it, it's useful when play low bit rate video in realplayer paradis.

  9. #9
    Join Date
    Nov 2005
    Location
    AT DORRS NEAR HEAVEN
    Posts
    2,074

    Default

    SmartMovie.v3.11.S60.SymbianOS with Converter Versions:

    3.11 - Right-handed landscape rotation, Adpcm audio decoder


    How it works:

    Locate source on your hard disk

    Load it into Converter utility

    Let PC converter make it smaller

    Transfer to your mobile device

    Use mobile player to play the clip


    Play your videos on your mobile device, anywhere, anytime, you need just a few steps:

    * Convert any video file on your PC into a phone-friendly video file.
    * Upload video into device/memory card.
    * Play the video in SmartMovie Player installed on your mobile device.


    Intuitive PC converter.



    Features:

    * Standard AVI format, allowing you to preview converted files on your PC.
    * Uses downloadable video codecs, allowing you to compress and play back videos in your favorite format.
    * Player uses the phone screen in portrait or landscape mode, utilizing the full screen size of the device.
    * PC converter allows you to split video file into multiple segments, so that it fits onto your memory card, if not entire, then cut to more parts - you may watch your favorite video in parts, e.g. while traveling to work/school.
    * First mobile player which supports subtitles - allowing you to watch movies in different languages.
    * Friendly PC converter - preview videos on PC, select parts you want to convert, alter quality.
    * Supports DirectShow codecs, so you may use video codecs downloadable from the internet.
    * Very fast conversion, on standard PC conversion is 5x faster than video clip playback time. You will convert entire movie in just a few minutes
    * Batch conversion - convert many videos overnight. It can even turn off PC after finishing.
    * Adjustable quality parameters for video and audio streams, allowing to tune target video to your needs.
    * Customizable video Player (brightness, audio sync, volume , and more).
    * Playback through Bluetooth headset.

  10. #10
    Join Date
    Nov 2005
    Location
    AT DORRS NEAR HEAVEN
    Posts
    2,074

    Default

    HELLO PEOPLE!!This post was made all people to know the games of the N-GAGE that runs in its phones!The list of: Nokia:3230;3650;6600;6630;6670;6680;7610
    Panasonic:X700

    _____________....:::n_joy:::....____________


    NOKIA 3230:

    games that dont run:
    1.fifa 2005(doesnt even start)
    2.splinter cell : team stealth action (bad colours)
    3.red faction(doesnt start)
    4.call of duty(app closed)

    games that run:
    1.fifa 2004
    2.rayman 3
    3.shadow ops
    4.virtua tennis(runs only with bluetooth on.. lol)
    5.motogp

    NOKIA 3650:

    N-gage games work 3650:
    -Sonic
    -Puyo Pop
    -Fifa 2004
    -NCAA Football 2004
    -MLB Slam!
    -Puzzle bobble vs
    -Rayman 3

    N-gage games not working:
    -Tomb Rayder
    -Pandemonium
    -Super Monkey Ball
    -Tony Hank's Pro Skater

    NOKIA 6600:


    -asphalt urban gt (need fix to COLOURS!)
    -ashen(need anti-mosquito)
    -tony hanks pro skater
    -virtual tennis
    -KOF(put kof ex in folder of the game)
    -spiderman 2
    -fifa 2004 and 2005
    -tomb raider
    -crash nitro kartn
    -red faction
    -sonic
    -operation shadow
    -bomberman
    -super monkey ball
    -xanadu next
    -pandemonium(need anti-mosquito)
    -wwe afters hock
    -puyo pop
    -rayman 3
    -moto gp
    -call of duty
    -ssx
    -mlb slam
    -pocket kingdom
    -requiem of hell (need a fix)
    -Puzzle bobble(need a puzfix)
    -Sega rally (mp3 trick)
    -Glimmerati (install BINPIDIA and put libs of stc chaos
    theory)
    -Mile High Pinball-Demo
    -ONE-Demo
    -X-MEN II-Demo (need a fix anti-mosquito)
    -Fifa 06


    I tested the games in my 6600!




    NOKIA 6680

    -SanGo,
    -SplinterCell - Team Stealth Action!
    -Sims
    -MLB slam,
    -Xandu Next
    -Rayman 3
    -Sonic






    Nokia 6630:

    -CALL OF DUTY (BETA)
    -FIFA 2004
    -FLO BOARDING
    -MLB SLAM 2004
    -MOTO GP
    -NCAA 2004
    -OPERATION SHADOW
    -POCKET KINGDOM(NO SOUND)
    -PUYO POP
    -PUZZLE BOBBLE
    -RAYMAN 3
    -RED FACTION
    -SEGA RALLY CHAMPIONSHIP
    -SHADOWKEY - THE ELDER SCROLLS
    -SONIC THE HEDGEHOG
    -SPLINTER CELL,SPLINTERCELL
    -SUPER MONKEYBALL(NO SOUND)
    -TIGER WOODS 2004


    NOKIA 6670:

    -sega rally
    -operation shadow
    -call of duty
    -spider-man
    -red faction
    -virtua tennis
    -requiem of hell

    I tested this games!!!
    it can have more games ...

    NOKIA 7610:

    -Sonic N
    -Flo Boarding
    -Super Monkey Ball
    -Moto GP
    -Call of duty
    -Elder Scrols:Traveler
    -MLB Slam
    -Puyo Pop
    -Spider-Man 2
    -Virtual Tennis
    -Operation Shadow
    -Rayman 3
    -Red Faction (need to turn on bluetooth)
    -Sega rally (works with UltraMp3 trick)
    -Ashen (works with UltraMp3 trick)
    -FIFA Soccer 2004 (works with UltraMp3 trick)
    -Bomberman (need libs fix)

    Games with color problem:
    -Marcel Desailly Pro Soccer
    -Splinter Cell
    -Asphalt: Urban GT
    -Worms World Party
    -X-MEN Legends
    -Colin McRae rally 2005

    Games which dont work 7610:
    -Tony Hawk's Pro Skater
    -The Sims Bustin' Out
    -Crash Nitro Kart
    -Pandemonium
    -Tomb Raider
    -FIFA 2005


    Sega rally trickn6600)

    - They put a music mp3 to touch
    - saim of the program but does not close it
    - play sega rally(music always to touch)
    - select track
    - when to finish to read the track and they will be to see the car close mp3
    - n-joy



    PanasonicX700:

    -Rayman3
    -SonicN
    -MLB Slam
    -NCAA
    -Puyao Pop
    -Spiderman2 (stops when game play starts after intro/game options)
    -XanaduNEXT (works)
    -MotoGp (sound only)
    -Super Monkey Ball
    -Tomb Raider

Page 1 of 2 12 LastLast

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •