F-Secure Trojan Information Pages : Cdropper
CDropper is a family of Symbian SIS file trojan that will install Cabir variant(s) into the device. Effect on the device is depending on the Cabir variant and place where it’s dropped.
F-Secure Mobile Anti-Virus will detect the installed Cabir variants and delete the worm components. After deleting worm files you can use application manager to uninstall the SIS file that dropped the worm. If your phone is infected with Cabir variant and you cannot install files over Bluetooth, you can download F-Secure Mobile Anti-Virus directly to your phone - Open web browser on the phone
- Go to http://mobile.f-secure.com
- Select link "Download F-Secure Mobile Anti-Virus" and select phone model
- Download the file and select open after download
- Install F-Secure Mobile Anti-Virus Go to applications menu and start Anti-Virus
- Scan all files
The CDropper installs Cabir variant(s) into several places in the device file system. Some of the installed Cabirs will replace system or common third party applications. If user has one of those applications installed into system it gets replaced with Cabir and its icon in the menu will go blank. If user clicks on one of the replaced icons in the menu, the Cabir that has replaced that application will start and try to spread to other devices. Some of the Cdropper variants will also install auto start component that tries to automatically start Cabir upon system reboot.
Write-up: Mika Tolvanen
Technical Details: Mika Tolvanen, January 13, 2006
Description Updated: Jarno Niemelä, January 13, 2006
F-Secure Corporation
|
![](/images/pixel.gif"){kind=tracking}
