F-Secure Trojan Information Pages : Romride.B
SymbOS/Romride.B is a malicious SIS trojan that installs malfunctioning system configuration components that cause different behaviour depending on the ROM software version on the device. Different effects witnessed range from start up failure to no apparent effect on the device at all.
If you have rebooted the phone and the phone will not start again, the phone can be recovered with a hard format key code that is entered in the phone at boot.
Disinfection for the cases when phone cannot start up
CAUTION! this method will remove all data on the device including calendar and phone numbers: - Power off the phone
- Hold the following three buttons down - "answer call" + "*" + "3"
- Keep holding down the buttons and power on the phone
- Depending on the model, you will either get text that reads "formatting" or a start-up dialog that asks for the initial phone settings
- Your phone is now formatted and can be used again
Spreading in Data Update By MSF.sis
Installation to System
SymbOS/Romride.B installs a malfunctioning system configuration files into the C: drive of the phone. This is followed by different effect depending on the version of the ROM software on the device. Effects witnessed vary from start up failure, to no apparent effect at all.
Payload
Replaces system configuration files with corrupted configuration files
F-Secure Mobile Anti-Virus for Symbian detects this malware starting from the update build number 94.
Write-up: Mika Tolvanen, May 31, 2006
Technical Details: Mika Tolvanen, May 31, 2006
F-Secure Corporation
|
