Threat Descriptions

Trojan:SymbOS/Bootton.A

Classification

Category :

Malware

Type :

Trojan

Platform :

SymbOS

Aliases :

SymbOS/Bootton.A, Trojan:SymbOS/Bootton.A, SymbOS/Bootton.A

Summary

Bootton.A is a trojan distributed by Trojan:SymbOS/Onehop.A over Bluetooth as a malicious SIS file named 'ILoveU.sis'.

Removal

A False Positive is when a file is incorrectly detected as harmful, usually because its code or behavior resembles known harmful programs. A False Positive will usually be fixed in a subsequent database update without any action needed on your part. If you wish, you may also:

  • Check for the latest database updates

    First check if your F-Secure security program is using the latest updates, then try scanning the file again.

  • Submit a sample

    After checking, if you still believe the file is incorrectly detected, you can submit a sample of it for re-analysis.

    Note: If the file was moved to quarantine, you need to collect the file from quarantine before you can submit it.

  • Exclude a file from further scanning

    If you are certain that the file is safe and want to continue using it, you can exclude it from further scanning by the F-Secure security product.

    Note: You need administrative rights to change the settings.

Technical Details

Bootton.A is structurally quite similar to Trojan:SymbOS/Skulls. It replaces built in and third party applications with component that causes device to reboot when executed.

Bootton.A also installs the modified Cabir that SymbOS/Onehop.A uses to distribute Bootton.A. Fortunately, it does not function as intended.

Execution

On installation, Bootton.A installs small component that resets the device if executed, this component is installed into locations where it replaces system and third party applications.

Bootton.A disables most of critical system functions and third party file managers. It also uses an application that causes device to reboot. If a device is infected with Bootton.A, pressing the menu button or any system application button will immediately reboot the device.

Only making and answering calls on the phone works. Other functions that need some system application such as SMS and MMS messaging, web browsing and using camera no longer work.Even if the device wouldn't immediately reboot, it is still unusable before it is disinfected.

Like Skulls.A, Bootton.A replaces the application icons with its own icon, which is a heart icon with the text "I-Love-U"

Bootton.A also installs the modified Cabir that SymbOS/Onehop.A uses to distribute Bootton.A. Fortunately, it does not function as intended.

The modified Cabir file installed by Bootton does not get executed automatically, and even if started by user, it is unable to send anything as the file it is trying to send does not exist on the system.