We have finished analyzing the latest Commwarrior variant - Commwarrior.Q.
While we were reverse engineering the sample we found an interesting feature within. The Commwarrior.Q and C variants both have an internal deactivation mechanism. Creating a file named "noboot" in the e:\system\temp folder will prevent Commwarrior.Q and C from starting when phone is rebooted.
So to disinfect Commwarrior.Q and C:
Kill the Commwarrior Process 1. Install a third-party file manager 2. Create a file using the file manager named "noboot" in the E:\System\Temp\ folder 3. Reboot the phone
Install F-Secure Mobile Anti-Virus to finish cleaning up your phone 1. Open the phone's web browser 2. Go to http://mobile.f-secure.com 3. Select the "Downloads" link and then select the phone model 4. Download the file and select open after download 5. Install F-Secure Mobile Anti-Virus 6. Go to Applications Menu and start Anti-Virus 7. Activate Anti-Virus and scan all files