1. Skip to navigation
  2. Skip to content
  3. Skip to secondary-content

Where You Are

  1. Labs
  2. Threats
  3. Virus and threat descriptions
  4. Skulls.P

Skulls.P

ALIAS:SymbOS/Skulls.P

Summary

Skulls.P is a combination of several previous Skulls variants. Skulls.P contains component files from Skulls.D and Skulls.N among other variants. Skulls.P also drops SymbOS/Mabir.A and several Cabir variants on the phone and component files from Fontal and Doomboot trojans. The Doomboot component dropped by Skulls.P prevents phone from rebooting, so if your phone is infected with Skulls.P, it is critical not to reboot the phone. As Skulls.P breaks the application manager and application installer, the only currently working method of disinfection works with phones that have removable memory card.

Disinfection

Disinfection with two Series 60 phones

CAUTION! This method will work only with phones where memory card can be inserted without removing the phone battery.

First, download the F-Skulls tool from from our FTP server to your computer or directly onto a clean phone, then:

  • 1. Install F-Skulls.sis into infected phones memory card with a clean phone
  • 2. Put the memory card with F-Skulls into infected phone
  • 3. The F-Skulls starts automatically upon insertion and frees menu and application manager
  • 4. Go to application manager and uninstall the SIS file in which you installed the Skulls.P
  • 5. Download and install F-Secure Mobile Anti-Virus onto your computer to remove other malware dropped by the Skulls.P, or download directly onto the mobile phone itself
  • 6. Remove the F-Skulls with application manager as the phone is now cleaned

Disinfection for the cases when phone is already rebooted and cannot start up

CAUTION! this method will remove all data on the device including calendar and phone numbers

Sometimes Doomboot.F installs the corrupted file on memory card, so try to boot without the card. If the phone still does not boot use the instructions below.

  • 1. Power off the phone
  • 2. Hold following three buttons down "answer call" + "*" + "3"
  • 3. Keep holding the buttons and power on the phone
  • 4. Depending on the model, you either get text "formatting" or startup dialog that
  • asks for initial phone settings
  • 5. Your phone is now fomatted and can be used again

Additional Details

Spreading in

Doom_v1.5_with_Sound_MMC__by_NewLC.sis


Detection

Generic detection that detects Skulls.P was published for F-Secure Mobile Anti-Virus on December 13th, 2004 in database build number 15.

Write-up:Jarno Niemela September 26th, 2005;