This application requires Javascript for optimal performance.

SymbOS/LianFeng.A!tr - Released Feb 03, 2007 - Last Updated Feb 12, 2007

Alias/es

LianFeng.A

Detection Availability

Active DatabaseExtended Database
FortiGate
low
high
FortiClient
FortiMail N/A

Visible Symptoms

  • A message is displayed prompting the user to install the package.

    • Detailed Analysis

  • It is a Symbian virus, packed in .sis format.

  • Displays the following message prompting the user to install:
    • install LianFeng?
  • Drops the following files:
    • C:\System\Apps\LianFeng\lianfeng.aif
    • C:\System\Apps\LianFeng\lianfeng.app
    • C:\System\Apps\LianFeng\lianfeng.dat
    • C:\System\Apps\LianFeng\lianfeng.db
    • C:\System\Apps\LianFeng\lianfeng.rsc
    • C:\System\Apps\LianFeng\lianfeng_caption.rsc
    The file lianfeng.db  is a tool on windows. It is used to write a file to the COM port. Once a mobile phone is connected to the COM port, the malware file can be transmitted to it.

  • Executes the file lianfeng.app  which drops the following four files from the file lianfeng.dat:
    • C:\System\Apps\install\Euninstall.exe
    • C:\System\Recogs\AppToolkit.mdl
    • E:\system\Recogs\RecMemCard.mdl
    • C:\System\data\wapstore\settings\Ewapstore.exe
    The files RecMemCard.mdl  and AppToolkit.mdl  serve as autostart entries for Euninstall.exe  and Ewapstore.exe. The files Euninstall.exe  and Ewapstore.exe  both run in the background as system tasks. They monitor the inbox of the compromised mobile phone and delete MMS messages that arrive.

    Recommended Action

  • Delete all the malware files using a file manager program or an AV software for mobile devices.

    • Reference: ID - 330874