Home > Threat descriptions >



Category: Malware

Type: Trojan

Platform: SymbOS

Aliases: SymbOS/Bootton.A, Trojan:SymbOS/Bootton.A, SymbOS/Bootton.A


Bootton.A is a trojan distributed by Trojan:SymbOS/Onehop.A over Bluetooth as a malicious SIS file named 'ILoveU.sis'.


Disinfection with two Series 60 phones

Download the F-Skulls tool either onto a computer or directly to the phone :

  • Install F-Skulls.sis into infected phones memory card with a clean phone
  • Put the memory card with F-Skulls into the infected phone
  • Start up the infected phone, the application menu should work now
  • Press menu button until you get Symbian process menu, look for any applications with heart icon. Kill the application processes with 'C' button.
  • Go to application manager and uninstall the SIS file in which you installed the Bootton.A
  • Download F-Secure Mobile Anti-Virus from http://mobile.f-secure.com and activate the Anti-Virus
  • Scan the phone and remove any remaining components of Bootton.A
  • Remove the F-Skulls with application manager as the phone is now clean.
Knowledge Base

Find the latest advice in our Community Knowledge Base.

About the product

See the manual for your F-Secure product on the Help Center.

Contact Support

Chat with or call an expert for help.

Submit a sample

Submit a file or URL for further analysis.

Technical Details

Bootton.A is structurally quite similar to Trojan:SymbOS/Skulls. It replaces built in and third party applications with component that causes device to reboot when executed.

Bootton.A also installs the modified Cabir that SymbOS/Onehop.A uses to distribute Bootton.A. Fortunately, it does not function as intended.


On installation, Bootton.A installs small component that resets the device if executed, this component is installed into locations where it replaces system and third party applications.

Bootton.A disables most of critical system functions and third party file managers. It also uses an application that causes device to reboot. If a device is infected with Bootton.A, pressing the menu button or any system application button will immediately reboot the device.

Only making and answering calls on the phone works. Other functions that need some system application such as SMS and MMS messaging, web browsing and using camera no longer work.Even if the device wouldn't immediately reboot, it is still unusable before it is disinfected.

Like Skulls.A, Bootton.A replaces the application icons with its own icon, which is a heart icon with the text "I-Love-U"

Bootton.A also installs the modified Cabir that SymbOS/Onehop.A uses to distribute Bootton.A. Fortunately, it does not function as intended.

The modified Cabir file installed by Bootton does not get executed automatically, and even if started by user, it is unable to send anything as the file it is trying to send does not exist on the system.