Dampig.A

Classification

Malware

-

-

Dampig.A, SymbOS/Dampig.A, FSCaller crack trojan

Summary

Dampig.A is a malicious SIS file dropper, that pretends to be a crack for version 3.2 of FSCaller application. The Dampig.A disables some system applications and third party file managers and installs several variants of Cabir worm on the phone.

The Dampig.A trojan disables Bluetooth UI, system file manager, Messaging application and phone book on the infected handheld. Also the Dampig.A will corrupt the uninstallation information in the system installer, so that it cannot be uninstalled without being disinfected first.

The menu application is not disabled, so the user is able to use his phone, and download Anti-Virus to disinfect the phone without any special tool.

None of the Cabir variants installed on the phone will start automatically, but some of the applications that are replaced with Cabir executables, such as Messaging application, will be most likely called and thus executed by the user.

All of the Cabir variants worm dropped by Dampig.A are already detected. So the Dampig.A is already detected and stopped without need for updated Anti-Virus database.

Please note, that even as the FSCaller application that Dampig.A prenteds to crack, has similar name to our product naming. It has nothing to do with F-Secure. FSCaller is software made by SymbianWare OHG in Germany.

Removal

Manual Disinfection

Kill the Cabir variants that are currently running in the system:

1. Press menu button until you get a list of running applications

2. Kill all applications that look suspicious by pressing 'C' button

Automatic action

F-Secure Mobile Security will detect the installed Cabir variants and delete the worm components. After deleting worm files you can delete go to application manager and uninstall the Fscaller3.2Crack7610.sis

If your phone is infected with some Cabir variant and you cannot install files over bluetooth, you can download F-Secure Mobile Anti-Virus directly to your phone.

1. Open web browser on the phone

2. Go to https://mobile.f-secure.com

3. Select link "Download F-Secure Mobile Anti-Virus" and then select phone model

4. Download the file and select open after download

5. Install F-Secure Mobile Anti-Virus

6. Go to applications menu and start Anti-Virus

7. Activate Anti-Virus and scan all files

Suspect a file is incorrectly detected (a False Positive)?

A False Positive is when a file is incorrectly detected as harmful, usually because its code or behavior resembles known harmful programs. A False Positive will usually be fixed in a subsequent database update without any action needed on your part. If you wish, you may also:

  • Check for the latest database updates

    First check if your F-Secure security program is using the latest detection database updates, then try scanning the file again.

  • Submit a sample

    After checking, if you still believe the file is incorrectly detected, you can submit a sample of it for re-analysis.

    NOTE If the file was moved to quarantine, you need to collect the file from quarantine before you can submit it.

  • Exclude a file from further scanning

    If you are certain that the file is safe and want to continue using it, you can exclude it from further scanning by the F-Secure security product.

    Note You need administrative rights to change the settings.

Find out more

Knowledge Base

Find the latest advice in our Community Knowledge Base.

User Guide

See the user guide for your product on the Help Center.

Contact Support

Chat with or call an expert for help.

Submit a sample

Submit a file or URL for further analysis.

Technical Details

Installation to system

When installed Dampig.A will replace most common third party file managers, and key system applications with non-functional versions.

Spreading in: Fscaller3.2Crack7610.sis or vir.sis

Payload

Disables following applications:

  • Bluetooth UI
  • Camera
  • FExplorer
  • Messaging
  • Phonebook
  • SmartFileManager
  • Smartmovie
  • SystemExplorer
  • UltraMP3