F-Secure: Be Sure
Main
F-Secure Logo - Be Sure
Select local site


Privacy Policy
Legal Notices
Contact Us

F-Secure Virus Descriptions : Doomboot.G

[Summary] | [Disinfection] | [Detailed Description] | [Detection]



NAME:Doomboot.G
ALIAS:SymbOS/Doomboot.G

Summary

Doomboot.G is a variant of Doomboot.A that contains a pirate copy of ExoVirusStop application and claims to be installation package for ExoVirusStop.

However in addition to pirate copied anti virus the Doomboot.G also contains corrupted system files from Doomboot.A and empty files that have the same filenames and directories as Lasco.A.

The version of ExoVirusStop included in with the Doomboot.G does not detect the Doomboot files or the file with same as Lasco.A does. So if user scans his device with that version he will not get any warning about Doomboot.

However as the phone is infected with Doomboot files, the phone will start up again if user tries to reboot the phone or the phone crashes.

If you have installed Doomboot.G, the most important thing is not to reboot the phone and follow the disinfection instruction in this description.

If you have rebooted the phone and the phone will not start again, the phone can be recovered with hard format key code that is entered in the phone boot.

Disinfection

Disinfection with F-Secure Anti-Virus

F-Secure Mobile Anti-Virus will detect and disinfect Doomboot.G

1. Remove the SIS file in which the Doomboot.G was installed
2. Open web browser on the phone
3. Go to http://phoneav.com
4. Select link "Download antivirus software for your smartphone" and then select phone model
5. Download the file and select open after download
7. Install F-Secure Mobile Anti-Virus
8. Go to applications menu and start Anti-Virus
9. Activate Anti-Virus and scan all files

Disinfection for the cases when phone is already rebooted and cannot start up

CAUTION! this method will remove all data on the device including calendar and phone numbers

1. Power off the phone
2. Hold following three buttons down "answer call" + "*" + "3"
3. Keep holding the buttons and power on the phone
4. Depending on the model, you either get text "formatting" or startup dialog that asks for initial phone settings
5. Your phone is now fomatted and can be used again


Back to the Top


Detailed Description

Installation to system Doomboot.G installs corrupted system binary into C:\ drive of the phone. When phone boots this corrupted binary will be loaded instead of the correct ones, and the phone will crash at boot.

Spreading in

"exoVirusStop v2.13.16.sis"

Payload Installs corrupted system binaries and pirate copied version of ExoVirusStop anti virus.


Back to the Top


Detection

Generic detection for Doomboot.G for F-Secure Mobile Anti-Virus has been published at on September 7th, 2005 in database build number 48.


Back to the Top


Write-up: Jarno Niemela November 8th, 2005;

F-Secure Corporation