Trojan:W32/Romride.J

Threat description

Details

CATEGORYMalware
TYPETrojan
DATE DISCOVEREDSeptember 25, 2006

Summary

Trojan:SymbOS/Romride.J affects devices running the Symbian S60 operating system. It is distributed in a malicious SIS file and when executed, installs components that cause the phone to 'crash', essentially becoming useless.



Removal

Automatic action

CAUTION! This method will remove all data on the device, including calendar and phone numbers:

  • Power off the phone
  • Hold the following three buttons down - "answer call" + "*" + "3"
  • Keep holding down the buttons and power on the phone
  • Depending on the model, you will either get text that reads "formatting" or a start-up dialog that asks for the initial phone settings
  • Your phone is now formatted and can be used again
Prevention

Prevent future infections with F-Secure Mobile Security

Technical Details

On execution, Romride.J installs malfunctioning system component configurations. These components are designed to cause effects on the device, which may differ based on the version of ROM software installed. The message "Attack Successfully" is displayed, then the phone is immediately rebooted.

The effects produced by the system components are not seen, as Romride.J also installs a bootstrap component that reboots the phone every time it attempts to complete startup, leaving the phone in a continuous reboot loop.

Submit a Sample

Suspect a file or URL was wrongly detected?
Send it to our Labs for further analysis

Submit a Sample

Give And Get Advice

Give advice. Get advice. Share the knowledge on our free discussion forum.

More Info