F-Secure
Tools
Skulls.V
| ALIAS: | SymbOS/Skulls.V |
Summary
Skulls.V is a SIS file trojan that pretends to be installation file for Battery Extender software.
When installed Skulls.V disables several built in applications, drops component files from Locknut.A, Doomboot.A and installs Cabir.B and Cabir.X
In addition of directly installing damaging files, Skulls.V also drops MGDropper.A into the device.
Skulls.V also installs a pirate copied version of Simworks Anti-Virus into the device.
Disinfection
Disinfection with two Series 60 phones
Download F-Skulls from ftp://ftp.f-secure.com/anti-virus/tools/f-skulls.zip or directly with phone http://www.europe.f-secure.com/tools/f-skulls.sis
- 1. Install F-Skulls.sis into infected phones memory card with a clean phone
- 2. Put the memory card with F-Skulls into infected phone
- 3. The F-Skulls starts automatically upon insertion and frees menu and application manager
- 4. Go to application manager and uninstall the SIS file in which you installed the Skulls.V
- 5. Download and install F-Secure Mobile Anti-Virus on your computer to remove other malware dropped by the Skulls.V, or directly onto the mobile itself
- 6. Remove the F-Skulls with application manager as the phone is now cleaned
Additional Details
Spreading in
Ximplyfy Battery Extender.sisDetection
Generic detection that detects Skulls.V was published for F-Secure Mobile Anti-Virus on December 13th, 2004 in database build number 15.Write-up:Mika Tolvanen and Jarno Niemela November 18th, 2005;