A trojan, or trojan horse, is a seemingly legitimate program which secretly performs other, usually malicious, functions. It is usually user-initiated and does not replicate.
Disinfection & Removal
Disinfection with two Series 60 phones
Download F-Skulls tool from ftp://ftp.f-secure.com/anti-virus/tools/f-skulls.zip or directly with phone http://www.europe.f-secure.com/tools/f-skulls.sis
- 1. Install F-Skulls.sis into infected phones memory card with a clean phone
- 2. Put the memory card with F-Skulls into infected phone
- 3. Start up the infected phone, the application menu should work now
- 4. Go to application manager and uninstall the SIS file in which you installed the skulls variant
- 5. Download and install F-Secure Mobile Anti-Virus (http://mobile.f-secure.com) to remove any Cabirs dropped by the Skulls variant
- 6. Remove the F-Skulls with application manager as the phone is now cleaned
If you have a file manager on the phone that still works
This disinfection method works on a single phone if you have a working third party file manager on the phone.
- 1. Go to c:\System\apps\appinst and delete:
- 2. Open the applications menu
- 3. Look for web browser, it's icon should still be normal
- 4. Download F-Secure Mobile Anti-Virus (http://mobile.f-secure.com) for your device
- 5. Install F-Secure Mobile Anti-Virus
- 6. Start F-Secure mobile Anti-Virus
- 7. Scan your device to remove files used to block critical system applications
- 8. Go to application manager
- 9. Uninstall "Extended theme.sis"
Trojan:SymbOS/Skulls is distributed in a malicious SIS file named "Extended theme.SIS", allegedly a theme manager for Nokia 7610 smart phone (authored by "Tee-222").
Skulls.A and other Skulls trojans are targeted against Symbian Series 60 devices, but can also affect other Symbian devices, for example Nokia 9500, which is a Series 80 device. However when trying to install Skulls trojan on Nokia 9500, the user will get a warning that the SIS file is not intended for the device, so risk of accidental infection is low.
On installation, the trojan will replace the system applications with non-functional versions, so that all but the phone functionality will be disabled. It will also cause all application icons to be replaced with picture of skull and cross bones; the icons don't refer to the actual applications anymore so none of the phone's normal applications will be able to start.
This basically means that if Skulls is installed, only calling from the phone and answering calls works. All functions which need some system application, such as SMS and MMS messaging, web browsing and camera no longer function.
If you have installed Skulls, the most important thing is:
do not to reboot the phone; follow the disinfection instructions in this description.
Skulls SIS file does not contain any malicious code as such, it is just a Symbian Installation file that installs critical System ROM binaries into C: drive in with exact same names and locations as in the ROM drive.
Symbian operating system has a feature which causes any file that is in C: drive replace file in ROM drive with identical name and location.
The application files installed by Skulls are normal Symbian OS files extracted from the phone ROM. However due to feature in Symbian OS, copying them into correct locations in the device C: drive, causes critical system applications fail to function.