F-Secure: Be Sure
Main
F-Secure Logo - Be Sure
Select local site


Privacy Policy
Contact Us

F-Secure Trojan Information Pages : Doomboot.M

[ Summary ] | [ Disinfection ] | [ Detailed Description ] | [ Detection ]

Name:Doomboot.M
Type:Trojan
Category:Trojan
Platform:SymbOS

Summary

Doomboot.M is a malicious SIS file trojan that drops corrupted system binaries into the infected device. The system files dropped by Doomboot.M cause the device to fail at its next reboot. In addition to corrupted binaries, Doomboot.M also installs SymbOS/Commwarrior.F.

If you have installed Doomboot.M, the most important thing is to not reboot the phone and to follow the disinfection instructions in the section below.

If you have rebooted the phone and the phone will not start again, the phone can be recovered with a hard format key code that is entered during the phone boot.

Disinfection

F-Secure Mobile Anti-Virus will detect and delete the trojan components.

If your phone is infected with Doomboot.M and you cannot install files over bluetooth, you can download F-Secure Mobile Anti-Virus directly to your phone:

  1. Open the phone's web browser
  2. Go to http://mobile.f-secure.com
  3. Select link "Download F-Secure Mobile Anti-Virus" and then select phone model
  4. Download the file and select open after download
  5. Install F-Secure Mobile Anti-Virus
  6. Go to applications menu and start Anti-Virus
  7. Activate Anti-Virus and scan all files
  8. Reboot the phone to remove any malware processes that are still running
After disinfecting the phone, you can remove any remaining empty directories by going to the application manager and uninstalling the SIS file in which Doomboot.M arrived.


Disinfection for the cases when the phone is already rebooted and cannot start up

CAUTION! this method will remove all data on the device including calendar and phone numbers:

  1. Power off the phone
  2. Hold the following three buttons down - "answer call" + "*" + "3"
  3. Keep holding down the buttons and power on the phone
  4. Depending on the model, you will either get text that reads "formatting" or a start-up dialog that asks for the initial phone settings
  5. Your phone is now formatted and can be used again


Back to the Top


Detailed Description

Installation to System
Doomboot.M installs a corrupted system binary into the C:\ drive of the phone. When the phone boots this corrupted binary will be loaded instead of the correct one, and the phone will crash.

Payload
Installs a corrupted system binary and SymbOS/Commwarrior.F.


Back to the Top


Detection

F-Secure Mobile Anti-Virus for Symbian detects this malware starting from the update build number 28.


Back to the Top


Write-up: Juha-Pekka Heikkilä, March 29, 2006

Technical Details: Juha-Pekka Heikkilä, March 29, 2006

Description Updated: Sean Sullivan, March 30, 2006

F-Secure Corporation