Summary
SymbOS/RommWar.B is a malicious SIS trojan that installs a malfunctioning system component that causes the device to reboot and prevents the device from starting up after the reboot.
Disinfection & Removal
Disinfection for the cases when phone cannot start up
CAUTION! this method will remove all data on the device including calendar and phone numbers:
- Power off the phone
- Hold the following three buttons down - "answer call" + "*" + "3"
- Keep holding down the buttons and power on the phone
- Depending on the model, you will either get text that reads "formatting" or a start-up dialog that asks for the initial phone settings
- Your phone is now formatted and can be used again
Technical Details
Installation to System
SymbOS/RommWar.B installs a malfunctioning system binary into the C: drive of the phone as a bootstrap component. This is followed by different effects depending on the version of the ROM software on the device. Effects witnessed include a reboot of the device and failing to start up after the reboot.
Payload
Installs a corrupted system binary as a bootstrap component.
Detection
F-Secure Mobile Anti-Virus for Symbian detects this malware starting from the
Detection Type: Mobile
Database: update build number 90
Description Created: Mika Tolvanen, May 9, 2006
Technical Details: Mika Tolvanen, May 9, 2006
Submit a sample
Wondering if a file or URL is malicious? Submit a sample to our Lab for analysis via the Sample Analysis System (SAS)
F-Secure Community
Give advice. Get advice. Share the knowledge on our free discussion forum.