RommWar.B

Classification

RommWar.B, ROMSilly.A

Summary

SymbOS/RommWar.B is a malicious SIS trojan that installs a malfunctioning system component that causes the device to reboot and prevents the device from starting up after the reboot.

Removal

Disinfection for cases when phone cannot start up

Caution: This method will remove all data on the device, including calendar and phone numbers.

Power off the phone
Hold the following three buttons down - "answer call" + "*" + "3"
Keep holding down the buttons and power on the phone
Depending on the model, you will either get text that reads "formatting" or a start-up dialog that asks for the initial phone settings
Your phone is now formatted and can be used again

A False Positive is when a file is incorrectly detected as harmful, usually because its code or behavior resembles known harmful programs. A False Positive will usually be fixed in a subsequent database update without any action needed on your part. If you wish, you may also:

Check for the latest database updates
First check if your F-Secure security program is using the latest updates, then try scanning the file again.
Submit a sample
After checking, if you still believe the file is incorrectly detected, you can submit a sample of it for re-analysis.
Note: If the file was moved to quarantine, you need to collect the file from quarantine before you can submit it.
Exclude a file from further scanning
If you are certain that the file is safe and want to continue using it, you can exclude it from further scanning by the F-Secure security product.
Note: You need administrative rights to change the settings.

Technical Details

Installation to System

SymbOS/RommWar.B installs a malfunctioning system binary into the C: drive of the phone as a bootstrap component. This is followed by different effects depending on the version of the ROM software on the device. Effects witnessed include a reboot of the device and failing to start up after the reboot.