Cardtrap.F is a Symbian SIS file trojan that disables Symbian built in system
applications, installs several Cabir variants, drops SymbOS/Cabir.C worm and
copies Windows worms Win32.Rays,Win32.Padobot.Z and Win32.Cydog.B to the phone memory card.
The Win32/Rays is copied with name System.exe and has the same icon as System folder
in the memory card. So that if user is trying to read the contents of card with PC
he might accidentally execute the Win32/Rays.
Cardtrap.F also drops components from SymbOS/Doomboot.A, which prevent the phone from
booting. So if your phone is infected with Cardtrap.F it is important not to reboot the phone
before disinfecting it.
Disinfection
The Cardtrap.F disables Application manager to prevent it's uninstallation
and application installer to prevent installation of Anti-Virus. So the only
working disinfection method works only in phones in which the MMC card
can be installed without powering off the phone.
For this disinfection method you need help of someone with clean Series 60 phone
1. Install F-Skulls.sis into clean memory card with a clean phone
2. Put the memory card with F-Skulls into infected phone
3. Application manager and application installer should work again
4. Go to application manager and uninstall the SIS file in which you installed the trojan
5. Download and install F-Secure Mobile Anti-Virus to remove any Cabirs dropped by the trojan
http://www.europe.f-secure.com/estore/avmobile.shtml
or with mobile itself
http://mobile.f-secure.com
6. Remove the F-Skulls with application manager as the phone is now cleaned
Disables most of the phone built in applications, copies Windows worm Win32.Rays,
Win32.Padobot.Z and Win32.Cydog.B to the memory card and drops components from
SymbOS/Doomboot.A
