SymbOS/Bootton.A, Trojan:SymbOS/Bootton.A, SymbOS/Bootton.A


Bootton.A is a trojan distributed by Trojan:SymbOS/Onehop.A over Bluetooth as a malicious SIS file named 'ILoveU.sis'.

Disinfection with two Series 60 phones

Download the F-Skulls tool either onto a computer or directly to the phone :

  • Install F-Skulls.sis into infected phones memory card with a clean phone
  • Put the memory card with F-Skulls into the infected phone
  • Start up the infected phone, the application menu should work now
  • Press menu button until you get Symbian process menu, look for any applications with heart icon. Kill the application processes with 'C' button.
  • Go to application manager and uninstall the SIS file in which you installed the Bootton.A
  • Download F-Secure Mobile Anti-Virus from and activate the Anti-Virus
  • Scan the phone and remove any remaining components of Bootton.A
  • Remove the F-Skulls with application manager as the phone is now clean.

Suspect a file is incorrectly detected (a False Positive)?

A False Positive is when a file is incorrectly detected as harmful, usually because its code or behavior resembles known harmful programs. A False Positive will usually be fixed in a subsequent database update without any action needed on your part. If you wish, you may also:

  • Check for the latest database updates

    First check if your F-Secure security program is using the latest detection database updates, then try scanning the file again.

  • Submit a sample

    After checking, if you still believe the file is incorrectly detected, you can submit a sample of it for re-analysis.

    NOTE If the file was moved to quarantine, you need to collect the file from quarantine before you can submit it.

  • Exclude a file from further scanning

    If you are certain that the file is safe and want to continue using it, you can exclude it from further scanning by the F-Secure security product.

    Note You need administrative rights to change the settings.

For more Support


Find the latest advice in our Community.

User Guide

See the user guide for your product on the Help Center.

Contact Support

Chat with or call an expert for help.

Submit a sample

Submit a file or URL for further analysis.

Technical Details

Bootton.A is structurally quite similar to Trojan:SymbOS/Skulls. It replaces built in and third party applications with component that causes device to reboot when executed.

Bootton.A also installs the modified Cabir that SymbOS/Onehop.A uses to distribute Bootton.A. Fortunately, it does not function as intended.


On installation, Bootton.A installs small component that resets the device if executed, this component is installed into locations where it replaces system and third party applications.

Bootton.A disables most of critical system functions and third party file managers. It also uses an application that causes device to reboot. If a device is infected with Bootton.A, pressing the menu button or any system application button will immediately reboot the device.

Only making and answering calls on the phone works. Other functions that need some system application such as SMS and MMS messaging, web browsing and using camera no longer work.Even if the device wouldn't immediately reboot, it is still unusable before it is disinfected.

Like Skulls.A, Bootton.A replaces the application icons with its own icon, which is a heart icon with the text "I-Love-U"

Bootton.A also installs the modified Cabir that SymbOS/Onehop.A uses to distribute Bootton.A. Fortunately, it does not function as intended.

The modified Cabir file installed by Bootton does not get executed automatically, and even if started by user, it is unable to send anything as the file it is trying to send does not exist on the system.