F-Secure
Tools
Appdisabler.K
| Name : | Appdisabler.K |
| Category: | Trojan |
| Type: | Trojan |
| Platform: | SymbOS |
| Date of Discovery: | October 24, 2006 |
Summary
Appdisabler.K is a malicious SIS file trojan, which tries to disable number of Symbian OS system and third party applications.
Disinfection
Disinfection with two Series 60 phones
Use F-Skulls to allow for installation of F-Secure Mobile Anti-Virus
Install F-Secure Mobile Anti-Virus
Download F-Skulls tool from ftp://ftp.f-secure.com/anti-virus/tools/f-skulls.zip or directly to a clean phone from http://www.f-secure.com/tools/f-skulls.sis.
Use F-Skulls to allow for installation of F-Secure Mobile Anti-Virus
Install F-Secure Mobile Anti-Virus
Download F-Skulls tool from ftp://ftp.f-secure.com/anti-virus/tools/f-skulls.zip or directly to a clean phone from http://www.f-secure.com/tools/f-skulls.sis.
• Install F-Skulls.sis onto the infected phone's memory card with a clean phone
• Put the memory card with the F-Skulls tool into the infected phone
• Start up the infected phone and the application installer should now work
• Go to the application manager and uninstall the SIS file in which you installed the malware
• Download F-Secure Mobile Anti-Virus from http://f-secure.mobi and activate the Anti-Virus
• Scan the phone and remove any remaining components of the malware
• Remove the F-Skulls tool with the application manager as the phone should now be clean
Additional Details
Installation to System
When installed, Appdisabler.K will replace the main executable of several system and third party applications by overwriting their main executable file.
If any third party applications targeted by the trojan are installed on the device, their main executable will be overwritten, and must be reinstalled to repair the damage.
Payload
Disables following applications:
When installed, Appdisabler.K will replace the main executable of several system and third party applications by overwriting their main executable file.
If any third party applications targeted by the trojan are installed on the device, their main executable will be overwritten, and must be reinstalled to repair the damage.
Payload
Disables following applications:
• About
• Appinst
• Appmngr
• Browser
• BtUi
• Camera
• ClockApp
• CodViewer
• DdViewer
• FileManager
• gs
• IrApp
• Logs
• mce
• MediaGallery
• MediaPlayer
• mmcapp
• NpdViewer
• NSmlDSSync
• Phonebook
• PSLN
• SchemeApp
• SmsViewer
• Startup
• SysAp
• ToDo
• Voicerecorder
Detection
F-Secure Mobile Anti-Virus for Symbian detects this malware starting from the update build number 112.