Select local site

| Japanese | Simplified Chinese | Traditional Chinese (Hong Kong) | Traditional Chinese (Taiwan)

F-Secure Trojan Information Pages: Appdisabler.O
[Summary] | [Disinfection] | [Detailed Description] | [Detection]

Name : Appdisabler.O
Type:Trojan
Category:Trojan
Platform:SymbOS
Date of Discovery:November 06, 2006
Radar

Summary
Appdisabler.O is a malicious SIS file trojan, which tries to disable number of Symbian OS system and third party applications.
Back to the Top

Disinfection

Disinfection with two Series 60 phones

Use F-Skulls to allow for installation of F-Secure Mobile Anti-Virus
Install F-Secure Mobile Anti-Virus

Download F-Skulls tool from ftp://ftp.f-secure.com/anti-virus/tools/f-skulls.zip or directly to a clean phone from http://www.f-secure.com/tools/f-skulls.sis.

  1. Install F-Skulls.sis onto the infected phone's memory card with a clean phone
  2. Put the memory card with the F-Skulls tool into the infected phone
  3. Start up the infected phone and the application installer should now work
  4. Go to the application manager and uninstall the SIS file in which you installed the malware
  5. Download F-Secure Mobile Anti-Virus from http://f-secure.mobi and activate the Anti-Virus
  6. Scan the phone and remove any remaining components of the malware
  7. Remove the F-Skulls tool with the application manager as the phone should now be clean


Disinfection for the cases when phone cannot start up
CAUTION! this method will remove all data on the device including calendar and phone numbers:

  1. Power off the phone
  2. Hold the following three buttons down - "answer call" + "*" + "3"
  3. Keep holding down the buttons and power on the phone
  4. Depending on the model, you will either get text that reads "formatting" or a start-up dialog that asks for the initial phone settings
  5. Your phone is now formatted and can be used again

To prevent future infections, please download F-Secure Mobile Anti-Virus from here: http://f-secure.mobi.
Back to the Top

Detailed Description
Installation to System

When installed, Appdisabler.O will replace the main executable of several system and third party applications by overwriting their main executable file.


If any third party applications targeted by the trojan are installed on the device, their main executable will be overwritten, and must be reinstalled to repair the damage.


Payload

Attempts to disable following applications:

  • Anti-Virus
  • antivirus
  • Appinst
  • Appmngr
  • Browser
  • BtUi
  • Duality
  • FileManager
  • IrApp
  • IrRemote
  • mce
  • MediaGallery
  • MediaPlayer
  • Menu
  • MM
  • mmcapp
  • MmsViewer
  • MsgMailViewer
  • NSmlDSSync
  • Opera
  • Phone
  • Phonebook
  • s60zip
  • SmsViewer
  • Startup
  • symcs
  • symlu
  • SysAp
  • SystemExplorer
  • UltraMP3

Appdisabler.O also overwrites the install log in the telephone attempting to prevent removal of the trojan with the phone's application manager.
Back to the Top

Detection

F-Secure Mobile Anti-Virus for Symbian detects this malware starting from the update build number 112.
Back to the Top



F-Secure Corporation

Last Modified: November 06, 2006