SymbOS/Skulls.T!tr - Released Oct 12, 2006
|
Alias/esTrojan.SymbOS.Skuller.n, Troj/Skulls-T, SymbOS/Skulls.O |
Detection Availability
|
Visible Symptoms. |
Detailed AnalysisIt is a Symbian virus, packed in .sis format.
Pretends to be a sis pack of "Double Process Speed v6.13" to cheat user to install it.
Displays the following message prompting the user to install:
This Installation was created with KVT Symbian Installer.
Get it free from :
www.kvtsoft.vze.com
by Kheng Vantha
---------------
This will incrase the speed to the doubble, so it requires the devise to be rebooted!
Took a lot of hard works, so enjoy!
Regards DFT!
Installs the following corrupted Font file into infected device:
C:\Fonts\Yeah Im in da house!!.gdr
Drops the following files:
- C:\EICAR Test.sis (EICAR_TEST_FILE)
- C:\Part 2.sis (a worm "SymbOS/Comwar.B!worm")
- C:\ETel.dll
- C:\Your Welcome.gif
- C:\nokia\images\nokias\malaysia\johor\pj\pj\pj\jb\jb\jb\imos\yuan\yuan\yuanyuan\blue\a-team\terence\ownpda\fuyuan.gif
- C:\System\Apps\bootdata\bootdata.app
- C:\System\Apps\bootdata\bootdata_CAPTION.rsC
- C:\System\Apps\data\data.app
- C:\System\Apps\data\data_CAPTION.rsC
- C:\System\Apps\file\file.app
- C:\System\Apps\freakappctrl\freakappctrl.app
- C:\System\Apps\freakbtui\freakbtui.app
- C:\System\Apps\nokiaapps\nokiaapps.app
- C:\System\Apps\nokiaapps\nokiaapps_CAPTION.rsC
- C:\System\Apps\nokiafile\data.cfg
- C:\System\Apps\nokiafile\img.mbm
- C:\System\Apps\nokiafile\nokiafile.aif
- C:\System\Apps\nokiafile\nokiafile.app
- C:\System\Apps\nokiafile\nokiafile.rsc
- C:\System\Apps\nokiafile\nokiafile_caption.rsc
- C:\System\Apps\pjBLUE\pjBLUE.aif
- C:\System\Apps\pjBLUE\pjBLUE.APP
- C:\System\Apps\pjBLUE\pjBLUE_CAPTION.rsC
- C:\System\MALAYSIAJOHOR--jb\yuanV3-diy-by-7022207\free$8.APP
- C:\System\MALAYSIAJOHOR--jb\yuanV3-diy-by-7022207\free$8.RSC
- C:\System\RECOGS\$$$.MDL
- C:\System\RECOGS\YYSBootRec.mdl
|
