F-Secure Trojan Information Pages : Bootton.E [Summary] | [Disinfection] | [Detailed Description] | [Detection] Name: Bootton.E Category: Trojan Platform: SymbOS Date of Discovery: January 16, 2006 Summary Bootton.E is a SIS file that installs small software component that resets the device if executed. This component is installed as reset application. Bootton.E installs also corrupted system components that cause reboot to fail. Thus leaving phone in unusable state. Disinfection Disinfection F-Secure Mobile Anti-Virus is capable to detecting and deleting the Bootton.E trojan. It can be also removed by uninstalling it with Symbian application manager. Disinfection for the cases when phone is already rebooted and cannot start up CAUTION! This method will remove all data on the device including calendar and phone numbers Power off the phone Hold following three buttons down "answer call" + "*" + "3" Keep holding the buttons and power on the phone Depending on the model, you either get text "formatting" or start-up dialog that asks for initial phone settings Your phone is now formatted and can be used again Back to the Top Detailed Description In its structure Bootton.E is quite similar to SymbOS/Bootton.C. With the exception that instead of replacing system files with corrupted binaries the Bootton.E uses application that causes device to reboot. In the device that is infected with Bootton.E, executing reboot application reboots device immediately. Installed corrupted system components cause reboot to fail. Thus leaving phone in unusable state after reboot. Back to the Top Detection F-Secure Mobile Anti-Virus for Symbian detects this malware starting from the update build number 44. Back to the Top Write-up: Mika Tolvanen Technical Details: Mika Tolvanen, January 16, 2006 F-Secure Corporation