F-Secure Virus Descriptions : Skulls.U

Summary

Skulls.U is a SIS file trojan that pretends to be installation file for Battery Extender software.

When installed Skulls.U disables several built in applications, drops component files from Locknut.A, Doomboot.A and installs Cabir.B and Cabir.X

In addition of directly installing damaging files, Skulls.U also drops Locknut.C and MGDropper.A into the device.

Skulls.U also installs a pirate copied version of Simworks Anti-Virus into the device.

Back to the Top

Disinfection

Disinfection with two Series 60 phones

Download F-Skulls tool from ftp://ftp.f-secure.com/anti-virus/tools/f-skulls.zip or directly with phone http://www.europe.f-secure.com/tools/f-skulls.sis

1. Install F-Skulls.sis into infected phones memory card with a clean phone
2. Put the memory card with F-Skulls into infected phone
3. The F-Skulls starts automatically upon insertion and frees menu and application manager
4. Go to application manager and uninstall the SIS file in which you installed the Skulls.U
5. Download and install F-Secure Mobile Anti-Virus to remove other malware dropped by the Skulls.U
http://www.f-secure.com/wireless/download/
or with mobile itself
http://mobile.f-secure.com
6. Remove the F-Skulls with application manager as the phone is now cleaned

Back to the Top

Detailed Description

Spreading in Ximplyfy Battery Extender.sis

Back to the Top

Detection

Generic detection that detects Skulls.U was published for F-Secure Mobile Anti-Virus on December 13th, 2004 in database build number 15.

Back to the Top

Write-up: Jarno Niemela November 14th, 2005;

F-Secure Corporation