This application requires Javascript for optimal performance.

SymbOS/Bootton.C!tr - Released Apr 21, 2009 - Last Updated May 18, 2009

Alias/es

Trojan.SymbOS.Bootton.c (KAV), SYMBOS_BOOTTON.F (Trend), Trojan:SymbOS/Bootton.J (F-Secure)

Detection Availability

Active DatabaseExtended Database
FortiGate
low
high
FortiClient
FortiMail N/A

Visible Symptoms

  • The mobile phone reboots.
  • Settings are partly reset.

    • Detailed Analysis

  • The virus arrives on the form of a Symbian SIS archive. The following message is displayed during installation:




    • Figure 1: Post-install display

  • Upon installation, the following Zero-Byte size files are dropped:
    • C:\System\Data\AlarmServer.ini
    • C:\System\Data\Applications.dat
    • C:\System\Data\ScShortcutEngine.ini
    • C:\System\Bootdata\FirstBoot.dat
    This may cause the loss of various phone settings.

  • Then, the following EXE file is dropped and executed, thereby making the phone reboot:
    • C:\System\Programs\Restore.exe

    • Recommended Action

    Delete the EXE file with a file manager application - or run FortiClient Mobile Security.

    Reference: ID - 826275