F-Secure
Tools
Skulls.Q
| ALIAS: | SymbOS/Skulls.Q |
Summary
Skulls.Q is a combination of several previous Skulls variants.
Skulls.Q contains component files from Skulls.D and Skulls.N among
other variants. Skulls.Q also drops SymbOS/Commwarrior.B and several Cabir variants on the
phone and component files from SymbOS/Doomboot.A trojan. The Doomboot files are dropped into folder where they cannot affect the system,
so even as the phone is infected with Skulls.Q it can still boot normally. Skulls.Q also contains bluetooth distribution component from SymbOS/Onehop.A,
but the component is installed so that it does not start automatically and user
cannot execute it.
Disinfection
Disinfection with two Series 60 phones
Download F-Skulls tool from our FTP server to your computer or to a clean phone, then:
- 1. Install F-Skulls.sis into infected phones memory card with a clean phone
- 2. Put the memory card with F-Skulls into infected phone
- 3. The F-Skulls starts automatically upon insertion and frees menu and application manager
- 4. Go to application manager and uninstall the SIS file in which you installed the Skulls.Q
- 5. Download and install F-Secure Mobile Anti-Virus on your computer to remove other malware dropped by the Skulls.Q, or download directly onto the mobile phone itself
- 6. Remove the F-Skulls with application manager as the phone is now cleaned
Additional Details
Spreading in
FireStorm_English_PATCH_by_SMPDA.sis
Detection
Generic detection that detects Skulls.Q was published for F-Secure Mobile Anti-Virus on December 13th, 2004 in database build number 15.
Write-up:Jarno Niemela September 27th, 2005;