F-Secure
Tools
RommWar.B
| Alias: | ROMSilly.A |
| Type: | Trojan |
| Category: | Trojan |
| Platform: | SymbOS |
| Date of Discovery: | April 04, 2006 |
Summary
SymbOS/RommWar.B is a malicious SIS trojan that installs a malfunctioning system component that causes the device to reboot and prevents the device from starting up after the reboot.Disinfection
CAUTION! this method will remove all data on the device including calendar and phone numbers:- Power off the phone
- Hold the following three buttons down - "answer call" + "*" + "3"
- Keep holding down the buttons and power on the phone
- Depending on the model, you will either get text that reads "formatting" or a start-up dialog that asks for the initial phone settings
- Your phone is now formatted and can be used again
Additional Details
Installation to SystemSymbOS/RommWar.B installs a malfunctioning system binary into the C: drive of the phone as a bootstrap component. This is followed by different effects depending on the version of the ROM software on the device. Effects witnessed include a reboot of the device and failing to start up after the reboot.
Payload
Installs a corrupted system binary as a bootstrap component.
Detection
F-Secure Mobile Anti-Virus for Symbian detects this malware starting from the update build number 90.
Write-up: Mika Tolvanen, May 9, 2006
Technical Details: Mika Tolvanen, May 9, 2006