Eng
  1. Skip to navigation
  2. Skip to content
  3. Skip to sidebar


RommWar.B


Discovered:
Aliases:


April 04, 2006
RommWar.B
ROMSilly.A

Malware
Trojan
SymbOS

Summary

SymbOS/RommWar.B is a malicious SIS trojan that installs a malfunctioning system component that causes the device to reboot and prevents the device from starting up after the reboot.



Disinfection & Removal


Disinfection for the cases when phone cannot start up

CAUTION! this method will remove all data on the device including calendar and phone numbers:

  • Power off the phone
  • Hold the following three buttons down - "answer call" + "*" + "3"
  • Keep holding down the buttons and power on the phone
  • Depending on the model, you will either get text that reads "formatting" or a start-up dialog that asks for the initial phone settings
  • Your phone is now formatted and can be used again


Technical Details


Installation to System

SymbOS/RommWar.B installs a malfunctioning system binary into the C: drive of the phone as a bootstrap component. This is followed by different effects depending on the version of the ROM software on the device. Effects witnessed include a reboot of the device and failing to start up after the reboot.


Payload

Installs a corrupted system binary as a bootstrap component.



Detection

F-Secure Mobile Anti-Virus for Symbian detects this malware starting from the

Detection Type: Mobile
Database: update build number 90



Description Created: Mika Tolvanen, May 9, 2006
Technical Details: Mika Tolvanen, May 9, 2006



Submit a sample




Wondering if a file or URL is malicious? Submit a sample to our Lab for analysis via the Sample Analysis System (SAS)

Keep your mobile device protected




F-Secure Mobile Security will keep your mobile device protected on the go and enable you to find it in case you lose it