Viraus Tips For S60

Cabir.AInfoCabir is a bluetooth using worm that runs in Symbian mobile phones that support Series 60 platform.Cabir replicates over bluetooth connections and arrives to phone messaging inbox as caribe.sis file what contains the worm. When user clicks the caribe.sis and chooses to install theCaribe.sis file the worm activates and starts looking for new devices to infect over bluetooth.When Cabir worm finds another bluetooth device it willstart sending infected SIS files to it, and lock to that phone so that it won't look other phones even when the target moves out of range.Please note that Cabir worm can reach only mobile phones that support bluetooth, and are in discoverable mode.Setting you phone into non-discoverable (hidden) Bluetooth mode will protect your phone from Cabir worm.But once the phone is infected it will try to infect other systems even as user tries to disable bluetooth from system settings
Disinfection Delete this files:c:systemappscaribecaribe.rscc:systemappscaribecaribe.appc:systemappscaribeflo.mdl c:systemrecogsflo.mdl c:systemsymbiansecuredatacaribesecuritymanagercaribe.rsc Cabir.B Info Cabir.B is a minor variant of Cabir.A the only significant difference is that the Cabir.B displays different text on the start dialog when worm starts the first time or phone reboots.Cabir.A displays text"Caribe-VZ/29a"while Cabir.B displays text that contains just "Caribe".There is also repacked version of Cabir.B that is packed into SIS file,which installs the worm into different directory and shows text popup at SIS install.But this is not a new variant as worm executables are fully identical to original Cabir.B and all differences are due to settings in the repacked SIS file.Disinfection Same as for Cabir.A
Cabir.C.InfoCabir.C is a minor variant of Cabir.B the only significant differences are that the Cabir.C displays different text on the start dialog when worm starts and that the Cabir.Cspreads as MYTITI.SIS instead of Cabir.SIS.Cabir.C displays text"Mytiti" while Cabir.B displays text that contains just "Caribe".DisinfectionSame as for Cabir.AaEcCabir.D.InfoCabir.D is a minor variant of Cabir.B the only significant differences are that the Cabir.D displays different text on the start dialog when worm starts and that the Cabir.D.spreads as [YUAN].SIS instead of Cabir.SIS.Cabir.D displays text "[YUAN]" while Cabir.B displays text that contains just "Caribe".Disinfection.Same as for Cabir.A
Cabir.E.Info.Cabir.E is a minor variant of Cabir.B the only significant differences are that the Cabir.E displays different text on the start dialog when worm starts and that the Cabir.E spreads as Ni&Ai-.SIS instead of Cabir.SIS.Cabir.E displays text "Ni&Ai-" while Cabir.B displays text that contains just "Caribe".Disinfection.Same as for Cabir.A.Cabir.Dropper.Info.Cabir.Dropper is Symbian installation file that will install Cabir.B,Cabir.C and Cabir.D into the device and disables the Bluetooth control application.The original version of Cabir.Dropper is named Norton AntiVirus 2004 Professional.sis The Cabir.Dropper installs different Cabir variants into several places in the device file system.Some of the installed Cabirs replace common third party applications so that if user has one of those applications installed into system it gets replaced with Cabir.D and it's Icon in the menu will go blank.
If user clicks on one of the replaced icons in the menu,the Cabir.D that has replaced that application will start and try to spread to other devices. If Cabir.D starts it will spread as Cabir.D ([YUAN].SIS)without other Cabir variants or Cabir.Dropper.The Cabir.Dropper will also install autostart component that tries to automatically start Cabir.D upon system reboot,but fails as the autostart component points into directory that is not installed on the device
Disinfection delete cabir files from c:images c:soundsdigital c:systemapps c:systeminstall c:systemrecogs c:systemappsbtui c:systemappsfexplower c:systemappsfile c:systemappsfreakbtui c:systemappssmartfileman c:systemappssmartmovie c:systemappssystemexplorer c:systemapps[yuan]Skulls.A Info Skulls is a malicious SIS file trojan that will replace the system applications with non-functional versions,so that all but the phone functionality will be disabled.The Skulls SIS file is named "Extended theme.SIS",it claims to be theme manager for Nokia 7610 smart phone,written by"Tee-222"
If Skulls is installed it will cause all application icons to be replaced with picture of skull and cross bones, and the icons don't refer to the actual applications any more so none of the Phone System applications will be able to start.This basically means that if Skulls is installed only the calling from the phone and answering calls works. All functions which need some system application,such as SMS and MMS messaging, web browsing and camera no longer function.
If you have installed Skulls, the most important thing is not to reboot the phone and follow the disinfection instruction in this description.Disinfection Install third-party file manager and delete these files:c:SystemAppsAboutAbout.aif c:SystemAppsAppInstAppInst.aif c:SystemAppsAppMngrAppMngr.aif c:S c:SystemAppsGSGS.aif c:SystemAppsImageViewerImageViewer.aif c:SystemAppslocationlocation.aif c:SystemAppsLogsLogs.aif c:SystemAppsmcemce.aif c:SystemAppsMediaGalleryMediaGallery.aif c:SystemAppsMediaPlayerMediaPlayer.aif c:SystemAppsMediaSettingsMediaSettings.aif c:SystemAppsMenuMenu.aif c:SystemAppsmmcappmmcapp.aif c:SystemAppsMmsEditorMmsEditor.aif c:SystemAppsMmsViewerMmsViewer.aif c:SystemAppsMsgMailEditorMsgMailEditor.aif c:SystemAppsMsgMailViewerMsgMailViewer.aif c:SystemAppsMusicPlayerMusicPlayer.aif c:SystemAppsNotepadNotepad.aif
c:SystemAppsNpdViewerNpdViewer.aif c:SystemAppsNSmlDMSyncNSmlDMSync.aif c:SystemAppsNSmlDSSyncNSmlDSSync.aif c:SystemAppsPhonePhone.aif c:SystemAppsPhonebookPhonebook.aif c:SystemAppsPinboardPinboard.aif c:SystemAppsPRESENCEPRESENCE.aif c:SystemAppsPRESENCEPRESENCE.APP c:SystemAppsProfileAppProfileApp.aif c:SystemAppsProvisioningCxProvisioningCx.aif c:SystemAppsPSLNPSLN.aif c:SystemAppsPushViewerPushViewer.aif c:SystemAppsSatuiSatui.aif c:S c:SystemAppsStartupStartup.aif c:SystemAppsSysApSysAp.aif c:SystemAppsToDoToDo.aif c:SystemAppsUssdUssd.aif c:SystemAppsVCommandVCommand.aif c:SystemAppsVmVm.aif c:SystemAppsVoicerecorderVoicerecorder.aif c:SystemAppsWALLETAVMGMTWALLETAVMGMT.aif c:SystemAppsWALLETAVMGMTWALLETAVMGMT.APP c:SystemAppsWALLETAVOTAWALLETAVOTA.aif c:SystemAppsWALLETAVOTAWALLETAVOTA.APP c:SystemLibslicencemanager20s.dll
c:SystemLibslmpro.r01 c:SystemLibslmpro.r02 c:SystemLibsnotification.cmd c:SystemLibssoftwarecopier200.dll c:SystemLibsZLIB.DLL Skulls.B Info Skulls.B is a variant of SymbOS/Skulls.A trojan,which has similar functionality to the Skulls.A but uses different files.Skulls.B is a malicious SIS file trojan that will replace the system applications with non-functional versions and drops SymbOS/Cabir.B worm in to the phone.
The Cabir dropped by Skulls.B does not activate automatically,but if user goes to the cabir icon in the phone menu and runs Cabir from there. The Cabir.B will activate and try to infect other phones.The Original Skulls.B SIS file is named "Icons.SIS". Unlike Skulls.A, the Skulls.B variant does not show any pop-up messages during install (except the "Installation security warning - unable to verify supplier" message shown by the operating system).The Skulls.B replaces standard application icons with generic application icon instead of skull and cross bones like Skulls.A did.
If Skulls.B is installed only the calling from the phone and answering calls works. All functions which need some system application, such as SMS and MMS messaging, web browsing and camera no longer function. And in addition of applications being disabled the phone is also infected with Cabir.B,which fo ---------------------------------Malware file sizes:Cabir.A-14.7kbCabir.B-14.7kbCabir.Bv2-9.63kbCabir.C-Cabir.D-Cabir.E-Cabir.Dropper-Qdial.A-137kbSkulls.A-1.13mbSkulls.B-775kb

Back" HOME


Pair of Vintage Old School Fru