1. Skip to navigation
  2. Skip to content
  3. Skip to secondary-content

Where You Are

  1. Labs
  2. Threats
  3. Virus and threat descriptions
  4. Bootton.E

Bootton.E

Category:Trojan
Platform:SymbOS
Date of Discovery:January 16, 2006

Summary

Bootton.E is a SIS file that installs small software component that resets the device if executed. This component is installed as reset application. Bootton.E installs also corrupted system components that cause reboot to fail. Thus leaving phone in unusable state.

Disinfection

F-Secure Mobile Anti-Virus is capable to detecting and deleting the Bootton.E trojan. It can be also removed by uninstalling it with Symbian application manager.


Disinfection for the cases when phone is already rebooted and cannot start up

CAUTION! This method will remove all data on the device including calendar and phone numbers

  • Power off the phone
  • Hold following three buttons down "answer call" + "*" + "3"
  • Keep holding the buttons and power on the phone
  • Depending on the model, you either get text "formatting" or start-up dialog that asks for initial phone settings
  • Your phone is now formatted and can be used again

Additional Details

In its structure Bootton.E is quite similar to SymbOS/Bootton.C. With the exception that instead of replacing system files with corrupted binaries the Bootton.E uses application that causes device to reboot.

In the device that is infected with Bootton.E, executing reboot application reboots device immediately. Installed corrupted system components cause reboot to fail. Thus leaving phone in unusable state after reboot.


Detection

F-Secure Mobile Anti-Virus for Symbian detects this malware starting from the update build number 44.

Write-up: Mika Tolvanen

Technical Details: Mika Tolvanen, January 16, 2006