Eng
  1. Skip to navigation
  2. Skip to content
  3. Skip to sidebar


Trojan:SymbOS/AppDisabler.A


Aliases:


Trojan:SymbOS/AppDisabler.A

Malware
Trojan
SymbOS

Summary

A trojan, or trojan horse, is a seemingly legitimate program which secretly performs other, usually malicious, functions. It is usually user-initiated and does not replicate.



Disinfection & Removal

Automatic Disinfection

Allow F-Secure Anti-Virus to disinfect the relevant files.

For more general information on disinfection, please see Removal Instructions.



Technical Details

Trojan:SymbOS/Appdisabler.A is a malicious SIS file dropper, which is dropped by the Skulls.J trojan.

Appdisabler.A tries to disable third party file managers and drops two other malwares:

  • Trojan:SymbOS/Locknut.B
  • Bluetooth-Worm:SymbOS/Cabir.Y.

Installation

When installed, AppDisabler.A will replace many third-party file managers as well as other third party applications with non-functional application files. It also drops Locknut.B and Cabir.Y onto the system.


Payload

When active, Appdisabler.A disables following applications:

  • EFileman
  • FExplorer
  • File
  • SmartFileManager
  • Smartmovie
  • SystemExplorer
  • Yewsprite
  • UltraMP3

The dropped malware Cabir.Y will not start automatically, but will attempt to start at the next boot. However, on most devices Locknut.B will cause application loading to fail. This prevent Cabir.Y from starting.

Appdisabler.A also contains a bootstrap component that attempts to start a component of Skulls.J showing animation of flashing skull. This functionality is also hampered by Locknut.B.







Submit a sample




Wondering if a file or URL is malicious? Submit a sample to our Lab for analysis via the Sample Analysis System (SAS)

Give And Get Advice




Give advice. Get advice. Share the knowledge on our free discussion forum.

Keep your mobile device protected




F-Secure Mobile Security will keep your mobile device protected on the go and enable you to find it in case you lose it