A type of worm that spreads on vulnerable Bluetooth networks.
F-Secure Anti-Virus for Symbian series 60 phones will detect the Cabir and delete the worm components.
After deleting worm files you can delete this directory:
Special Disinfection Tool
- Open web browser on the phone
- Go to http://mobile.f-secure.com
- Select link "Removal tool for Cabir"
- Download the file and select open after download
- Install F-Cabir tool
- Go to applications menu and start F-Cabir
- Select scan and answer yes when tool asks do you want to disinfect
Alternatively, you can disinfect the system manually by installing a file manager application and manually deleting these files:
Bluetooth-Worm:SymbOS/Cabir.B is a minor variant of Bluetooth-Worm:SymbOS/Cabir.A; the only significant difference is that the Cabir.B displays the text "Caribe-VZ/29a" on the start dialog when the worm first or when the phone reboots (Cabir.A displays "Caribe").
There is also repacked version of Cabir.B that is packed into an SIS file which installs the worm into different directory and shows a text popup at SIS install. This is not a new variant however, as the worm executables are fully identical to the original Cabir.B; all differences are due to settings in the repacked SIS file.
For more details, see description of Bluetooth-Worm:SymbOS/Cabir.A