|Date of Discovery:||April 04, 2006|
Depending on the effect caused by SymbOS/RommWar.D, removal of the malfunctioning components might be possible by going to the application manager and uninstalling the SIS file in which SymbOS/RommWar.D arrived.
Disinfection for the cases when phone cannot start up
CAUTION! this method will remove all data on the device including the calendar and phone numbers:
Installation to SystemSymbOS/RommWar.D installs a malfunctioning system binary into the C: drive of the phone and a bootstrap component that executes the malfunctioning system binary. This is followed by different effects depending on the version of the ROM software on the device. Effects witnessed vary from the freezing of the device, to disabling of the power button, or sometimes no apparent effect at all.
SymbOS/RommWar.D also installs a trial version of Kaspersky Anti-Virus Mobile for S60 on the phone.
Installs a corrupted system binary and a bootstrap component.
F-Secure Mobile Anti-Virus for Symbian detects this malware starting from the update build number 84.
Write-up: Mika Tolvanen, May 10, 2006
Technical Details: Mika Tolvanen, May 10, 2006