Hobbes.A is a malicious SIS file trojan that drops corrupted
binary that causes the application loader to crash on older
phones that use Symbian OS.
The Hobbes.A affects only phones that use Symbian OS version 6.1,
which means that only old models such as Nokia NGage and Nokia 3650
are affected by the trojan.
Hobbes.A pretends to be a pirated copy of Symantec Anti-Virus
for Symbian phones. The installation package contains texts
that instruct user to reboot after installation.
The corrupted binary in Hobbes.A causes OS to fail at boot so
that none of the system applications are started. This means that
all smartphone functionalities are disabled, calling and receiving
calls on the phone works as normal.
Users who have a phone that is infected with Hobbes.A must not
reboot their phone, as the damage caused by Hobbes.A is activated
only on reboot.
Disinfection
Disinfection if user has not rebooted the phone
1. Uninstall the Symantec.sis using application manager
Disinfection is user has rebooted the phone
1. Remove memory card from the phone and boot it again
2. Install some file manager on the phone
3. Go to the memory card and delete file
\system\recogs\recAutoExec.mdl
4. Uninstall the Symantec.sis using application manager
When installed to the system the Hobbes.A installs corrupted version
of FExplorer trying to disable FExplorer file manager, but fails as
it installs it into incorrect directory.
Hobbes.A also installs several recognizer components to C: and E: drives,
one of the components is a corrupted version of legitimate application
which is missing it's other components and thus crashing on boot on
older Symbian versions.
Spreading in
Symantec.SIS
Payload
Crashes the operating system application loading mechanism on
reboot. Thus preventing applications menu or other programs from
starting-
![](/images/pixel.gif"){kind=tracking}
