F-Secure
Tools
Skulls.T
| ALIAS: | SymbOS/Skulls.T |
Summary
Skulls.T is a SIS file trojan that pretends to be installation file
for Bluetooth range extender software.
When installed Skulls.T disables several built in applications, drops component files from Locknut.A, Doomboot.A and installs Cabir.B and Cabir.M
In addition of directly installing damaging files, Skulls.T also drops Locknut.C and Commwarrior.C into the device.
Skulls.T also installs a pirate copied version of Simworks Anti-Virus into the device.
Disinfection
Disinfection with two Series 60 phones
Download F-Skulls tool from our FTP server to your computer or to a clean phone, then:
- 1. Install F-Skulls.sis into infected phones memory card with a clean phone
- 2. Put the memory card with F-Skulls into infected phone
- 3. The F-Skulls starts automatically upon insertion and frees menu and application manager
- 4. Go to application manager and uninstall the SIS file in which you installed the Skulls.U
- 5. Download and install F-Secure Mobile Anti-Virus on your computer to remove other malware dropped by the Skulls.T, or directly onto the mobile itself
- 6. Remove the F-Skulls with application manager as the phone is now cleaned
Additional Details
Spreading in
Bluetoothextender.sisDetection
Generic detection that detects Skulls.T was published for F-Secure Mobile Anti-Virus on December 13th, 2004 in database build number 15.
Write-up:Jarno Niemela November 11th, 2005;