Threat Descriptions

Trojan:SymbOS/Doomboot.A

Classification

Category :

Malware

Type :

Trojan

Platform :

SymbOS

Aliases :

Trojan:SymbOS/Doomboot.A

Summary

Trojan:SymbOS/Doomboot.A installs corrupted binary files onto the device, causing it to fail to start at the next reboot.

Removal

Disinfection with F-Secure Anti-Virus

F-Secure Mobile Security will detect both Doomboot.A and Commwarrior.B and disinfect the phone. If your phone is infected with Comwarrior and you cannot install files over bluetooth, you can download F-Secure Mobile Anti-Virus directly to your phone.

  • 1. Open web browser on the phone.
  • 2. Go to http://phoneav.com
  • 3. Select link "Download antivirus software for your smartphone" and then select phone model.
  • 4. Download the file and select open after download.
  • 5. Install F-Secure Mobile Anti-Virus.
  • 6. Go to applications Menu and start Anti-Virus.
  • 7. Activate Anti-Virus and scan all files.

  • 1. Go to application manager and uninstall the Doomboot.A SIS file the original name of the SIS file is
    • Doom_2_wad_cracked_by_DFT_S60_v1.0.sis
  • 2. Go to http://phoneav.com
  • 3. Download the F-Commwarrior disinfection tool.
  • 4. Download the file and select open after download.
  • 5. Install F-Commwarrior.
  • 6. Go to applications menu and start F-Commwarrior
  • 7. Use F-Commwarrior to disinfect your phone from the Commwarrior worm.

A False Positive is when a file is incorrectly detected as harmful, usually because its code or behavior resembles known harmful programs. A False Positive will usually be fixed in a subsequent database update without any action needed on your part. If you wish, you may also:

  • Check for the latest database updates

    First check if your F-Secure security program is using the latest updates, then try scanning the file again.

  • Submit a sample

    After checking, if you still believe the file is incorrectly detected, you can submit a sample of it for re-analysis.

    Note: If the file was moved to quarantine, you need to collect the file from quarantine before you can submit it.

  • Exclude a file from further scanning

    If you are certain that the file is safe and want to continue using it, you can exclude it from further scanning by the F-Secure security product.

    Note: You need administrative rights to change the settings.

Technical Details

Trojan:SymbOS/Doomboot.A drops corrupted system binaries and Worm:SymbOS/Commwarrior.B onto the infected device. The system files dropped by Doomboot.A cause the device to fail at the next reboot.Doomboot.A is distributed in a malicious SIS file named 'Doom_2_wad_cracked_by_DFT_S60_v1.0.sis ', which is presented as being cracked versions of Doom 2 for Symbian. If you have installed Doomboot.A, the most important thing is not to reboot the phone. If you have rebooted the phone and the phone will not start again, the phone can be recovered with hard format key code that is entered in the phone boot.

Execution

Doomboot.A installs corrupted system binaries into C:\ drive of the phone. No social engineering messages or extra icons in the phone application menu are display, and as Commwarrior.B hides its process from process list, the user has no way of noticing that phone is actually infected. When the phone boots, this corrupted binaries will be loaded instead of the correct ones, and the phone will crash at boot. The Commwarrior.B dropped by Doomboot will start automatically and start to spread. Bluetooth spreading of the Commwarrior.B causes battery drain and thus the phone will run quickly out of battery. In the case of Doomboot.A infection, this is problematic as the phone will not boot again after the power runs out.