Threat Descriptions

RommWar.A

Classification

Category :

Malware

Type :

Trojan

Platform :

SymbOS

Aliases :

RommWar.A

Summary

SymbOS/RommWar.A is a malicious SIS trojan that installs a malfunctioning system component that cause different behaviour depending on the ROM software version in the device. Different effects witnessed range from freezing of the device requiring a restart, to disabling the power button on the device, or in some cases no apparent effect on device at all.

Removal

Based on the effect caused by SymbOS/RommWar.A, removal of the malfunctioning components might be possible by going to application manager and uninstalling the SIS file in which SymbOS/RommWar.A arrived.

A False Positive is when a file is incorrectly detected as harmful, usually because its code or behavior resembles known harmful programs. A False Positive will usually be fixed in a subsequent database update without any action needed on your part. If you wish, you may also:

  • Check for the latest database updates

    First check if your F-Secure security program is using the latest updates, then try scanning the file again.

  • Submit a sample

    After checking, if you still believe the file is incorrectly detected, you can submit a sample of it for re-analysis.

    Note: If the file was moved to quarantine, you need to collect the file from quarantine before you can submit it.

  • Exclude a file from further scanning

    If you are certain that the file is safe and want to continue using it, you can exclude it from further scanning by the F-Secure security product.

    Note: You need administrative rights to change the settings.

Technical Details

Installation to System

SymbOS/RommWar.A installs a malfunctioning system binary into the C: drive of the phone and a bootstrap component that executes the malfunctioning system binary. This is followed by different effect depending on the version of the ROM software in the device. Effects witnessed vary from the freezing of the device, to disabling of the power button, or sometimes no apparent effect at all.

Payload

Installs a corrupted system binary and a bootstrap component.

In the case of freezing the device, shortly after the device infected with SymbOS/RommWar.A restarts, it shows a notification similar to the picture above. When this notification is displayed the only working function on the device is the option to power-off.