Cardtrap.I is a Symbian SIS file trojan that disables Symbian built in system
applications, installs several Cabir variants, drops SymbOS/Cabir.A worm and
copies Windows worms Win32.Rays and Win32.Padobot.Z to the phone memory card.
The Win32/Rays is copied with name System.exe and has the same icon as System
folder in the memory card. So, if user is trying to read the contents of card
with PC he might accidentally execute the Win32/Rays.
Cardtrap.I also drops corrupted system components that cause installation failure
and leaves phone in unusable state. So the only way to recover is to make hard
reset for the phone.
Disinfection
CAUTION! this method will remove all data on the device including calendar and phone numbers
1. Power off the phone
2. Hold following three buttons down "answer call" + "*" + "3"
3. Keep holding the buttons and power on the phone
4. Depending on the model, you either get text "formatting" or startup dialog that asks for initial phone settings
5. Your phone is now formatted and can be used again
Disables most of the phone built in and 3rd party filemanager applications, copies Windows
worms Win32.Rays and Win32.Padobot.Z to the memory card and drops corrupted system components
that make phone unusable.
