Threat Descriptons



Category :


Type :


Platform :


Aliases :

Trojan:SymbOS/CDropper, SymbOS/Cdropper


Trojan:SymbOS/CDropper is a large family of malware that drop malicious files onto the affected device.


A False Positive is when a file is incorrectly detected as harmful, usually because its code or behavior resembles known harmful programs. A False Positive will usually be fixed in a subsequent database update without any action needed on your part. If you wish, you may also:

  • Check for the latest database updates

    First check if your F-Secure security program is using the the latest updates, then try scanning the file again.

  • Submit a sample

    After checking, if you still believe the file is incorrectly detected, you can submit a sample of it for re-analysis.

    Note: If the file was moved to quarantine, you need to collect the file from quarantine before you can submit it.

  • Exclude a file from further scanning

    If you are certain that the file is safe and want to continue using it, you can exclude it from further scanning by the F-Secure security product.

    Note: You need administrative rights to change the settings.

Technical Details

Trojan:SymbOS/CDropper functions, as its name suggests, as a dropper. On arriving on a new system, it installs Cabir variant(s) into several places in the device file system.

Some of the installed Cabirs will replace system or common third party applications. If the user has one of these applications installed, it will be replaced with Cabir and its icon in the menu will go blank.If the user clicks on one of the replaced icons in the menu, the Cabir executable will execute and try to spread to other devices.

For more details, see Trojan:SymbOS/CDropper.A

More Support


Ask questions in our Community .

User Guides

Check the user guide for instructions.

Contact Support

Chat with or call an expert.

Submit a Sample

Submit a file or URL for analysis.