SymbOS/Romride.C!tr - Released Mar 20, 2007 - Last Updated Mar 26, 2007
|
Alias/esTrojan.SymbOS.Romride.c, SymbOS/Splashstall, Troj/Romride-C, SYMBOS_ROMRIDE.A |
Detection Availability
|
Visible SymptomsAn audio file is played automatically. |
Detailed AnalysisIt is a Symbian virus, packed in SIS format.
Displays the following message prompting the user to install:
install Nokia Live?
Drops the following files:
- !:\system\bootdata\commondata.d00
- !:\system\bootdata\firstboot.dat
- !:\system\bootdata\localedata.d01
- !:\system\mail\00001000
- !:\system\mail\00100000
- !:\system\mail\00100001
- !:\system\nokia\sounds\simple\laugh.wav
- !:\system\programs\splashscreen.exe
- !:\system\schedules\schedules.dat
- !:\system\shareddata\100056c6.ini
- !:\system\shareddata\100058f1.ini
- !:\system\shareddata\10005943.ini
- !:\system\shareddata\101f857a.ini
- !:\system\shareddata\reserve.bin
The audio file laugh.wav is played automatically. All the other files are not malicious. |
Recommended ActionFortiGate Systems
- Check the main screen using the web interface for your FortiGate unit to ensure that the latest AV/NIDS database has been downloaded and installed on your system - if required, enable the "Allow Push Update" option.
FortiClient Systems
- Quarantine/delete files that are detected and replace infected files with clean backup copies.
|
