F-Secure: Be Sure
Main
F-Secure Logo - Be Sure
Select local site


Privacy Policy
Contact Us

F-Secure Trojan Information Pages : Romride.B

[ Summary ] | [ Disinfection ] | [ Detailed Description ] | [ Detection ]

Name:Romride.B
Category:Trojan
Platform:SymbOS
Date of Discovery:May 18, 2006

Summary

SymbOS/Romride.B is a malicious SIS trojan that installs malfunctioning system configuration components that cause different behaviour depending on the ROM software version on the device. Different effects witnessed range from start up failure to no apparent effect on the device at all.

If you have rebooted the phone and the phone will not start again, the phone can be recovered with a hard format key code that is entered in the phone at boot.

Disinfection

Disinfection for the cases when phone cannot start up
CAUTION! this method will remove all data on the device including calendar and phone numbers:

  1. Power off the phone
  2. Hold the following three buttons down - "answer call" + "*" + "3"
  3. Keep holding down the buttons and power on the phone
  4. Depending on the model, you will either get text that reads "formatting" or a start-up dialog that asks for the initial phone settings
  5. Your phone is now formatted and can be used again


Back to the Top


Detailed Description

Spreading in Data Update By MSF.sis

Installation to System
SymbOS/Romride.B installs a malfunctioning system configuration files into the C: drive of the phone. This is followed by different effect depending on the version of the ROM software on the device. Effects witnessed vary from start up failure, to no apparent effect at all.

Payload
Replaces system configuration files with corrupted configuration files



Back to the Top


Detection

F-Secure Mobile Anti-Virus for Symbian detects this malware starting from the update build number 94.


Back to the Top


Write-up: Mika Tolvanen, May 31, 2006

Technical Details: Mika Tolvanen, May 31, 2006

F-Secure Corporation