Classification

Category :

Malware

Type :

Trojan

Platform :

SymbOS

Aliases :

SDropper

Summary

This family of trojans drops files from the SymbOS/Skulls family. Members of the SDropper family have no additional interesting functionality apart from dropping and installing an embedded Skulls SIS file along with some additional non-malware software.

Removal

Please see the instructions below for F-Secure's F-Skulls tool. The tool will help in removing the Skulls files that were dropped by the member of the SDropper family.

Disinfection with two Series 60 phones

Use F-Skulls to allow for installation of F-Secure Mobile Anti-Virus

Download F-Skulls tool from ftp://ftp.f-secure.com/anti-virus/tools/f-skulls.zip or directly to a clean phone from https://www.f-secure.com/tools/f-skulls.sis

Install F-Secure Mobile Anti-Virus

  • Install F-Skulls.sis onto the infected phone's memory card with a clean phone
  • Put the memory card with the F-Skulls tool into the infected phone
  • Start up the infected phone and the application installer should now work
  • Go to the application manager and uninstall the SIS file in which you installed the malware
  • Download F-Secure Mobile Security and activate it
  • Scan the phone and remove any remaining components of the malware
  • Remove the F-Skulls tool with the application manager as the phone should now be clean

A False Positive is when a file is incorrectly detected as harmful, usually because its code or behavior resembles known harmful programs. A False Positive will usually be fixed in a subsequent database update without any action needed on your part. If you wish, you may also:

  • Check for the latest database updates

    First check if your F-Secure security program is using the latest updates, then try scanning the file again.

  • Submit a sample

    After checking, if you still believe the file is incorrectly detected, you can submit a sample of it for re-analysis.

    Note: If the file was moved to quarantine, you need to collect the file from quarantine before you can submit it.

  • Exclude a file from further scanning

    If you are certain that the file is safe and want to continue using it, you can exclude it from further scanning by the F-Secure security product.

    Note: You need administrative rights to change the settings.

Technical Details

N/A