F-Secure Trojan Information Pages : RommWar.B [ Summary ] | [ Disinfection ] | [ Detailed Description ] | [ Detection ] Name: RommWar.B Alias: ROMSilly.A Type: Trojan Category: Trojan Platform: SymbOS Date of Discovery: April 04, 2006 Summary SymbOS/RommWar.B is a malicious SIS trojan that installs a malfunctioning system component that causes the device to reboot and prevents the device from starting up after the reboot. Disinfection CAUTION! this method will remove all data on the device including calendar and phone numbers: Power off the phone Hold the following three buttons down - "answer call" + "*" + "3" Keep holding down the buttons and power on the phone Depending on the model, you will either get text that reads "formatting" or a start-up dialog that asks for the initial phone settings Your phone is now formatted and can be used again Back to the Top Detailed Description Installation to System SymbOS/RommWar.B installs a malfunctioning system binary into the C: drive of the phone as a bootstrap component. This is followed by different effects depending on the version of the ROM software on the device. Effects witnessed include a reboot of the device and failing to start up after the reboot. Payload Installs a corrupted system binary as a bootstrap component. Back to the Top Detection F-Secure Mobile Anti-Virus for Symbian detects this malware starting from the update build number 90. Back to the Top Write-up: Mika Tolvanen, May 9, 2006 Technical Details: Mika Tolvanen, May 9, 2006 F-Secure Corporation