This application requires Javascript for optimal performance.

SymbOS/Skulls.E - Released Jun 30, 2005 - Last Updated Jan 11, 2007

Alias/es

Trojan.SymbOS.Skuller.d, SymbOS/Skulls.e trojan, Troj/Skulls-E

Detection Availability

Active DatabaseExtended Database
FortiGate
low
high
FortiClient
FortiMail N/A

Visible Symptoms

  • Many applications no longer work after infection by this virus.
  • The icon of some applications shown in the menu becomes a picture of skull.

    • Detailed Analysis

  • It is a Symbian virus, packed in .sis format.

  • Displays the following message prompting the user to install:
    • Install Mariya?
  • Drops the following non-functioning files to disable the relevant applications in the phone:
    • C:\System\Apps\Appctrl\Appctrl.aif
    • C:\System\Apps\Appctrl\Appctrl.app
    • C:\System\Apps\BtUi\BtUi.aif
    • C:\System\Apps\BtUi\BtUi.app
    • C:\System\Apps\efileman\efileman.aif
    • C:\System\Apps\efileman\efileman.app
    • C:\System\Apps\FExplorer\FExplorer.aif
    • C:\System\Apps\FExplorer\FExplorer.app
    • C:\System\Apps\File\File.aif
    • C:\System\Apps\File\File.app
    • C:\System\Apps\FileManager\FileManager.aif
    • C:\System\Apps\FileManager\FileManager.app
    • C:\System\Apps\FileView\FileView.aif
    • C:\System\Apps\FileView\FileView.app
    • C:\System\Apps\MediaGallery\MediaGallery.aif
    • C:\System\Apps\MediaGallery\MediaGallery.app
    • C:\System\Apps\mmcapp\mmcapp.aif
    • C:\System\Apps\mmcapp\mmcapp.app
    • C:\System\Apps\Phone\Phone.aif
    • C:\System\Apps\Phone\Phone.app
    • C:\System\Apps\Phonebook\Phonebook.aif
    • C:\System\Apps\Phonebook\Phonebook.app
    • C:\System\Apps\ProfileApp\ProfileApp.aif
    • C:\System\Apps\ProfileApp\profileapp.app
    • C:\System\Apps\SmartFileMan\SmartFileMan.aif
    • C:\System\Apps\SmartFileMan\SmartFileMan.app
    • C:\System\Apps\Startup\Startup.aif
    • C:\System\Apps\Startup\Startup.app
    • C:\System\Apps\SystemExplorer\SystemExplorer.aif
    • C:\System\Apps\SystemExplorer\SystemExplorer.app
    • C:\System\Apps\ThNdRbRd\ThNdRbRd.aif
    • C:\System\Apps\ThNdRbRd\ThNdRbRd.app
    • C:\System\Apps\Voicerecorder\Voicerecorder.aif
    • C:\System\Apps\Voicerecorder\Voicerecorder.app
  • Drops the following files:
    • C:\System\Apps\Mariya\Mariya.APP (Fortinet detects it as SymbOS/Cabir.A!worm)
    • C:\System\Apps\Mariya\Mariya.RSC
    • C:\System\Apps\Mariya\Naw.MDL (Fortinet detects it as SymbOS/Cabir_ezboot.V)
    • C:\System\data\Backgroundimage.mbm
    • C:\System\Nawrasxsecuredata\NawraSSECURITYMANAGER\Mariya.SIS (Fortinet detects it as SymbOS/Cabir.D!worm)
    • C:\System\Nawrasxsecuredata\NawraSSECURITYMANAGER\Mariya.APP (Fortinet detects it as SymbOS/Cabir.A!worm)
    • C:\System\Nawrasxsecuredata\NawraSSECURITYMANAGER\Mariya.RSC
    • C:\System\Recogs\Naw.MDL
  • Attempts to send the virus file Mariya.SIS  to other mobile phones via bluetooth.

    • Recommended Action

    • Delete all modules and binary files associated with this threat. Replace affected applications with backup copies.

    Reference: ID - 63907