Trojan:WinCE/InfoJack

Classification

Malware

Trojan

WinCE

Trojan:WinCE/InfoJack, Trojan:WinCE/InfoJack

Summary

Trojan:WinCE/InfoJack a trojan effecting Windows Mobile devices.

Disinfecting using F-Secure Mobile Security

  • Download F-Secure Mobile Security and activate it
  • Scan the phone and remove any components of the malware
  • Reboot the phone to remove memory resident components

Suspect a file is incorrectly detected (a False Positive)?

A False Positive is when a file is incorrectly detected as harmful, usually because its code or behavior resembles known harmful programs. A False Positive will usually be fixed in a subsequent database update without any action needed on your part. If you wish, you may also:

  • Check for the latest database updates

    First check if your F-Secure security program is using the latest detection database updates, then try scanning the file again.

  • Submit a sample

    After checking, if you still believe the file is incorrectly detected, you can submit a sample of it for re-analysis.

    NOTE If the file was moved to quarantine, you need to collect the file from quarantine before you can submit it.

  • Exclude a file from further scanning

    If you are certain that the file is safe and want to continue using it, you can exclude it from further scanning by the F-Secure security product.

    Note You need administrative rights to change the settings.

For more Support

Knowledge Base

Find the latest advice in our Community Knowledge Base.

User Guide

See the user guide for your product on the Help Center.

Contact Support

Chat with or call an expert for help.

Submit a sample

Submit a file or URL for further analysis.

Technical Details

InfoJack is a trojan effecting Windows Mobile devices that leaks information from the device to a home server when the device connects to the Internet.

As a part of its activity, InfoJack alters the security settings on the device. This causes all software installations to complete without any warning of possible safety precautions.

Trojan:WinCE/InfoJack is a multiple part malware.

The first part is attached to many (.cab) installation files containing legitimate software such as games, mapping software, et cetera. InfoJack pretends to be an additional setup program.

Once InfoJack has infected the device it waits for the device to make an Internet connection. When the device is connected, InfoJack connects to its home server and downloads additional parts for its functionality. While doing so leaks information from the device to the server.

As a component of its functionality, InfoJack changes the security settings on the device to allow all software installations to complete without any warnings.

InfoJack.A was discovered in February 2008.

  • \windows\mservice.exe
  • \windows\setup.cfg

Initial analysis indicates that InfoJack.A attempts to download a zip file which contains at least the following:

  • \windows\mservice2.exe

As of February 29, 2008, the site from which InfoJack.A attempts to connect is offline and is not available. This prevents further analysis of the zip file.