Threat description




Bluetooth-Worm:SymbOS/Cabir.B is a minor variant of Bluetooth-Worm:SymbOS/Cabir.A; the only significant difference is that the Cabir.B displays the text "Caribe-VZ/29a" on the start dialog when the worm first or when the phone reboots (Cabir.A displays "Caribe").


F-Secure Anti-Virus for Symbian series 60 phones will detect the Cabir and delete the worm components.

After deleting worm files you can delete this directory:

  • c:\system\symbiansecuredata\caribesecuritymanager\
Special Disinfection Tool

Or you can use our free disinfection tool, available for download as a SIS file or a zipped file . The tool can also be downloaded directly to the phone:

  • Open web browser on the phone
  • Go to
  • Select link "Removal tool for Cabir"
  • Download the file and select open after download
  • Install F-Cabir tool
  • Go to applications menu and start F-Cabir
  • Select scan and answer yes when tool asks do you want to disinfect
Manual Disinfection

Alternatively, you can disinfect the system manually by installing a file manager application and manually deleting these files:

  • c:\system\apps\caribe\caribe.rsc
  • c:\system\apps\caribe\
  • c:\system\apps\caribe\flo.mdl
  • c:\system\recogs\flo.mdl
  • c:\system\symbiansecuredata\caribesecuritymanager\
  • c:\system\symbiansecuredata\caribesecuritymanager\caribe.rsc

Technical Details

There is also repacked version of Cabir.B that is packed into an SIS file which installs the worm into different directory and shows a text popup at SIS install. This is not a new variant however, as the worm executables are fully identical to the original Cabir.B; all differences are due to settings in the repacked SIS file.

For more details, see description of Bluetooth-Worm:SymbOS/Cabir.A

Submit a Sample

Suspect a file or URL was wrongly detected? Send it to our Labs for further analysis

Submit a Sample

Protect your life on every device

F-Secure SAFE looks out for you and the people close to you, on every device

More Info