Doomboot.A is a malicious SIS file trojan that drops corrupted system
binaries and Commwarrior.B into the infected device. The system files
dropped by Doomboot.A cause the device to fail at next reboot.
Doomboot.A pretends to be cracked version of Symbian version of Doom 2.
If user installs the Doomboot.A he will not get any social engineering messages
or extra icons in the phone application menu. And as Commwarrior.B hides its
process from process list, user has no way of noticing that phone is actually
infected.
The Commwarrior.B dropped by Doomboot will start automatically and start to spread.
Bluetooth spreading of the Commwarrior.B causes battery drain and thus the phone
will run quickly out of battery. And in case of Doomboot.A this is problematic
as the phone will not boot again after the power runs out.
If you have installed Doomboot.A, the most important thing is not to
reboot the phone and follow the disinfection instruction in this
description.
If you have rebooted the phone and the phone will not start again, the phone
can be recovered with hard format key code that is entered in the phone boot.
Disinfection
Disinfection with F-Secure Anti-Virus
F-Secure Mobile Anti-Virus will detect both Doomboot.A and Commwarrior.B
and disinfect the phone.
If your phone is infected with Comwarrior and you cannot install files
over bluetooth, you can download F-Secure Mobile Anti-Virus directly
to your phone
1. Open web browser on the phone
2. Go to http://phoneav.com
3. Select link "Download antivirus software for your smartphone" and then
select phone model
4. Download the file and select open after download
5. Install F-Secure Mobile Anti-Virus
6. Go to applications menu and start Anti-Virus
7. Activate Anti-Virus and scan all files
Manual disinfection
1. Go to application manager and uninstall the Doomboot.A SIS file
the original name of the SIS file is Doom_2_wad_cracked_by_DFT_S60_v1.0.sis
2. Go to http://phoneav.com
3. Download the F-Commwarrior disinfection tool
4. Download the file and select open after download
5. Install F-Commwarrior
6. Go to applications menu and start F-Commwarrior
7. Use F-Commwarrior to disinfect your phone from the Commwarrior worm
Disinfection for the cases when phone is already rebooted and cannot start up
CAUTION! this method will remove all data on the device including calendar and
phone numbers
1. Power off the phone
2. Hold following three buttons down "answer call" + "*" + "3"
3. Keep holding the buttons and power on the phone
4. Depending on the model, you either get text "formatting" or startup dialog that
asks for initial phone settings
5. Your phone is now fomatted and can be used again
Installation to system
Doomboot.A installs corrupted system binaries into C:\ drive of the phone.
When phone boots this corrupted binaries will be loaded instead of the correct
ones, and the phone will crash at boot.
Spreading in
Doom_2_wad_cracked_by_DFT_S60_v1.0.sis
Payload
Installs corrupted system binaries and drops Commwarrior.B worm on the device.
![](/images/pixel.gif"){kind=tracking}
