Select local site

| Japanese | Simplified Chinese | Traditional Chinese (Hong Kong) | Traditional Chinese (Taiwan)

F-Secure Malware Information Pages: AppDisabler.A
[Summary] | [Detailed Description]

Name : AppDisabler.A
Alias:Trojan:SymbOS/AppDisabler.A, SymbOS/AppDisabler.A
Type:Trojan
Category:Malware
Platform:SymbOS
Radar

Summary
Appdisabler.A is a malicious SIS file dropper, which is dropped by the Skulls.J trojan.

Appdisabler.A tries to disable third party file managers and drops
Trojan:SymbOS/Locknut.B and Bluetooth-Worm:SymbOS/Cabir.Y.
Back to the Top

Detailed Description
Installation to the System

When installed, AppDisabler.A will replace many third-party file managers as well as other third party applications with non-functional application files. It also drops Locknut.B and Cabir.Y onto the system.

Cabir.Y will not start automatically, but it will attempt to start at the next boot. However, on most devices Locknut.B will cause application loading to fail. This prevent Cabir.Y from starting.

Appdisabler.A also contains a bootstrap component that attempts to start a component of Skulls.J showing animation of flashing skull. But this functionality is also hampered by Locknut.B.

Payload

Disables following applications:

  • EFileman
  • FExplorer
  • File
  • SmartFileManager
  • Smartmovie
  • SystemExplorer
  • Yewsprite
  • UltraMP3
Back to the Top



F-Secure Corporation

Last Modified: September 06, 2007