[SymbianOS] SymbOS.Romride - Mobilfunk-FAQ

Hangman · 24.06.2007, 19:07

Risiko: sehr gering
Typ: Trojaner
entdeckt am: 02. Juni 2006
auch bekannt als: Romride.A [F-Secure]

Information:

SymbOS.Romride.A is a Trojan horse that affects Symbian series 60 phones. The Trojan drops corrupt files onto the compromised device.

technische Details:

The Trojan reportedly arrives as the following file:
Nokia Live.sis

When the user opens this file, the phone installer displays a dialog box to warn the users that the application may be coming from an untrusted source and may cause potential problems. If the user clicks yes, the device displays the following message prompting the user to install the threat:

Install
Nokia Live

It displays the following message during installation:

Please Reboot Your Phone!
ID

c) Nokia

When SymbOS.Romride.A is executed, it performs the following action:

Drops the following corrupt files:

[DRIVELETTER]\System\Bootdata\LocaleData.D01
[DRIVELETTER]\System\Bootdata\FirstBoot.dat
[DRIVELETTER]\System\Bootdata\CommonData.D00
[DRIVELETTER]\System\Mail\00100001
[DRIVELETTER]\System\Mail\00100000
[DRIVELETTER]\System\Mail\00001000
[DRIVELETTER]\System\Schedules\Schedules.dat
[DRIVELETTER]\System\Shareddata\101f857a.ini
[DRIVELETTER]\System\Shareddata\10005a40.ini
[DRIVELETTER]\System\Shareddata\10005943.ini
[DRIVELETTER]\System\Shareddata\100058f1.ini
[DRIVELETTER]\System\Shareddata\100056c6.ini
[DRIVELETTER]\System\Shareddata\reserve.bin

Note: The following file is also created by the device installer, not the Trojan itself:

\system\install\Nokia Live.sis

[Link nur für registrierte Mitglieder sichtbar.]

Hangman · 25.07.2007, 20:30

Risiko: sehr gering
Typ: Trojanisches Pferd
entdeckt am: 02.06.2006
auch bekannt als: Romride.B [F-Secure]

Information:

SymbOS.Romride.B is a Trojan horse that affects Symbian series 60 phones. The Trojan drops corrupt files onto the compromised device.

technische Details:

The Trojan reportedly arrives as the following file:
Data Update By MSF.sis

When the user opens this file, the phone installer displays a dialog box to warn the users that the application may be coming from an untrusted source and may cause potential problems. If the user clicks yes, the device displays the following message prompting the user to install the threat:

Install
Data Update By MSF

It displays the following message during installation:

You Must Restart Your Phone
After Installation Complete
For Your Data Update!

When SymbOS.Romride.B is executed, it performs the following action:

Drops the following corrupt files:

C:\system\Bootdata\CommonData.D00
C:\system\Bootdata\FirstBoot.dat
C:\system\Bootdata\LocaleData.D01
C:\system\Mail\00001000
C:\system\Mail\00100000
C:\system\Mail\00100001
C:\system\Schedules\Schedules.dat
C:\system\Shareddata\100056c6.ini
C:\system\Shareddata\100058f1.ini
C:\system\Shareddata\10005943.ini
C:\system\Shareddata\10005a40.ini
C:\system\Shareddata\1005984.ini
C:\system\Shareddata\101f857a.ini

Note: The following file is also created by the device installer, not the Trojan itself:

\system\install\Data Update By MSF.sis

[Link nur für registrierte Mitglieder sichtbar.]

Hangman · 25.07.2007, 20:32

Risiko: sehr gering
Typ: Trojanisches Pferd
entdeckt am: 05.06.2006
auch bekannt als: Romride.C [F-Secure]

Information:

SymbOS.Romride.C is a Trojan horse that installs corrupt files on the compromised device preventing it from restarting correctly. The Trojan runs on the Symbian OS, which is the operating system for Nokia Series 60 cellular telephones.

technische Details:

The Trojan reportedly arrives as the following file:

Nokia_Live.sis

When the user opens this file, the phone installer displays a dialog box to warn the users that the application may be coming from an untrusted source and may cause potential problems. If the user clicks yes, the device displays the following message prompting the user to install the threat:

Install
Nokia Live

When SymbOS.Romride.C is executed, it performs the following actions:

Displays the following message during installation:

Nokia Live® - Free License
Please installing The Program
it's useful for nokia series60
Enjoy!!

Copyright © 2006 Nokia Inc.

Drops the following corrupt files:

[DRIVELETTER]\System\Bootdata\CommonData.D00
[DRIVELETTER]\System\Bootdata\FirstBoot.dat
[DRIVELETTER]\System\Bootdata\LocaleData.D01
[DRIVELETTER]\System\Mail\00001000
[DRIVELETTER]\System\Mail\00100000
[DRIVELETTER]\System\Mail\00100001
[DRIVELETTER]\System\Nokia\Sounds\Simple\laugh.wav
[DRIVELETTER]\System\programs\SplashScreen.exe
[DRIVELETTER]\System\Schedules\Schedules.dat
[DRIVELETTER]\System\Shareddata\100056c6.ini
[DRIVELETTER]\System\Shareddata\100058f1.ini
[DRIVELETTER]\System\Shareddata\10005943.ini
DRIVELETTER]\System\Shareddata\101f857a.ini
[DRIVELETTER]\System\Shareddata\reserve.bin

Note: The following file is also created by the device installer, not the Trojan itself:

\system\install\Nokia_Live.sis
The Trojan then executes SplashScreen.exe to play the laugh.wav file.

[Link nur für registrierte Mitglieder sichtbar.]

Hangman · 25.07.2007, 20:33

Risiko: sehr gering
Typ: Trojanisches Pferd
entdeckt am: 05.06.2006
auch bekannt als: Romride.D [F-Secure]

Information:

SymbOS.Romride.D is a Trojan horse that installs corrupt files on the compromised device preventing it from restarting correctly. The Trojan runs on the Symbian OS, which is the operating system for Nokia Series 60 cellular telephones.

technische Details:

The Trojan reportedly arrives as the following file:

Nokia_Live.sis

When the user opens this file, the phone installer displays a dialog box to warn the users that the application may be coming from an untrusted source and may cause potential problems. If the user clicks yes, the device displays the following message prompting the user to install the threat:

Install
Nokia Live

When SymbOS.Romride.D is executed, it performs the following actions:

Displays the following message during installation:

Nokia Live® - Free License
Please installing The Program
it's useful for nokia series60
Enjoy!!

Copyright © 2006 Nokia Inc.

Drops the following corrupt files:

C:\system\Bootdata\CommonData.D00
C:\system\Bootdata\FirstBoot.dat
C:\system\Bootdata\LocaleData.D01
C:\system\Mail\00001000
C:\system\Mail\00100000
C:\system\Mail\00100001
C:\system\Nokia\Sounds\Simple\laugh.wav
C:\system\programs\SplashScreen.exe
C:\system\Schedules\Schedules.dat
C:\system\Shareddata\100056c6.ini
C:\system\Shareddata\100058f1.ini
C:\system\Shareddata\10005943.ini
C:\system\Shareddata\10005a40.ini
C:\system\Shareddata\reserve.bin

Note: The following file is also created by the device installer, not the Trojan itself:

\system\install\Nokia_Live.sis

Executes SplashScreen.exe to play the laugh.wav file.

[Link nur für registrierte Mitglieder sichtbar.]

Hangman · 25.07.2007, 20:35

Risiko: sehr gering
Typ: Trojanisches Pferd
entdeckt am: 05.06.2006
auch bekannt als: Romride.E [F-Secure]

Information:

SymbOS.Romride.E is a Trojan horse that affects Symbian series 60 phones. The Trojan drops corrupt files onto the compromised device.

technische Details:

The Trojan reportedly arrives as the following file:

Nokia_Theme.sis

When the user opens this file, the phone installer displays a dialog box to warn the users that the application may be coming from an untrusted source and may cause potential problems. If the user clicks yes, the device displays the following message prompting the user to install the threat:

Install
Nokia Theme

When SymbOS.Romride.E is executed, it performs the following actions:

Drops the following corrupt files:

C:\System\Bootdata\CommonData.D00
C:\System\Bootdata\FirstBoot.dat
C:\System\Bootdata\LocaleData.D01
C:\System\Mail\00001000
C:\System\Mail\00100000
C:\System\Mail\00100001
C:\System\Nokia\Sounds\Simple\laugh.wav
C:\System\Schedules\Schedules.dat
C:\System\programs\SplashScreen.exe

Note: The following file is also created by the device installer, not the Trojan itself:

\system\install\Nokia_Theme.sis

The Trojan then executes SplashScreen.exe to play the laugh.wav file.

[Link nur für registrierte Mitglieder sichtbar.]

Hangman · 25.07.2007, 20:37

Risiko: sehr gering
Typ: Trojanisches Pferd
entdeckt am: 21.06.2006
auch bekannt als: Romride.F [F-Secure]

Information:

SymbOS.Romride.F is a Trojan horse that affects Symbian series 60 phones. The Trojan drops corrupt files onto the compromised device.

technische Details:

The Trojan reportedly arrives as the following file:

Nokia_ROM.sis

When the user opens this file, the phone installer displays a dialog box to warn the users that the application may be coming from an untrusted source and may cause potential problems. If the user clicks yes, the device displays the following message prompting the user to install the threat:

Install
NOKIA ROM

When SymbOS.Commdropper.F is executed, it performs the following actions:

Displays the following message during installation:

NOKIA ROM® Software
can only be installed in
iternal memory (C

. Do you
wish to continue installation?

Drops the following corrupt files:

C:\System\Bootdata\LocaleData.D01
C:\System\Bootdata\FirstBoot.dat
C:\System\Bootdata\CommonData.D00
C:\System\Mail\00100001
C:\System\Mail\00100000
C:\System\Mail\00001000
C:\System\programs\SplashScreen.exe
C:\System\Nokia\Sounds\Simple\Laugh.wav
C:\System\Schedules\Schedules.dat

The following file is also created by the device installer, not the Trojan itself:

\system\install\Nokia_ROM.sis

Executes SplashScreen.exe to play the Laugh.wav file.

[Link nur für registrierte Mitglieder sichtbar.]

Hangman · 25.07.2007, 20:38

Risiko: sehr gering
Typ: Trojanisches Pferd
entdeckt am: 21.06.2006
auch bekannt als: Romride.G [F-Secure]

Information:

SymbOS.Romride.G is a Trojan horse that affects Symbian series 60 phones. The Trojan drops corrupt files onto the compromised device.

technische Details:

The Trojan reportedly arrives as the following file:

Voice_ROM.sis

When the user opens this file, the phone installer displays a dialog box to warn the users that the application may be coming from an untrusted source and may cause potential problems. If the user clicks yes, the device displays the following message prompting the user to install the threat:

Install
Voice ROM

When SymbOS.Commdropper.F is executed, it performs the following actions:

Displays the following message during installation:

Voice ROM®
Developer By [REMOVED]!

Drops the following corrupt files:

C:\System\Bootdata\LocaleData.D01
C:\System\Bootdata\FirstBoot.dat
C:\System\Bootdata\CommonData.D00
C:\System\Mail\00100001
C:\System\Mail\00100000
C:\System\Mail\00001000
C:\System\Nokia\Sounds\Simple\Pirate.wav
C:\System\programs\SplashScreen.exe
C:\System\Schedules\Schedules.dat

The following file is also created by the device installer, not the Trojan itself:

\system\install\Voice_ROM.sis

Executes SplashScreen.exe to play the Pirate.wav file.

[Link nur für registrierte Mitglieder sichtbar.]

Hangman · 25.07.2007, 20:40

Risiko: sehr gering
Typ: Trojanisches Pferd
entdeckt am: 21.06.2006
auch bekannt als: Romride.H [F-Secure]

Information:

SymbOS.Romride.H is a Trojan horse that affects Symbian series 60 phones. The Trojan drops corrupt files onto the compromised device.

technische Details:

The Trojan reportedly arrives as the following file:

Nokia_Live.sis

When the user opens this file, the phone installer displays a dialog box to warn the users that the application may be coming from an untrusted source and may cause potential problems. If the user clicks yes, the device displays the following message prompting the user to install the threat:

Install
Nokia Live

When SymbOS.Commdropper.F is executed, it performs the following actions:

Displays the following message during installation:

Nokia Live® - Free License
Please installing The Program
it's useful for nokia series60
Enjoy!!

Copyright © 2006 Nokia Inc.

Drops the following corrupt files:

C:\System\Bootdata\CommonData.D00
C:\System\Bootdata\FirstBoot.dat
C:\System\Bootdata\LocaleData.D01
C:\System\Mail\00001000
C:\System\Mail\00100001
C:\System\Mail\00100000
C:\System\Nokia\Sounds\Simple\laugh.wav
C:\System\programs\SplashScreen.exe
C:\System\Shareddata\100056c6.ini
C:\System\Shareddata\100058f1.ini
C:\System\Shareddata\10005943.ini
C:\System\Shareddata\101f857a.ini
C:\System\Shareddata\reserve.bin
Nokia_Live.sis

The following file is also created by the device installer, not the Trojan itself:

\system\install\Nokia_Live.sis

Executes SplashScreen.exe to play the laugh.wav file.

[Link nur für registrierte Mitglieder sichtbar.]

Hangman · 25.07.2007, 20:42

Risiko: sehr gering
Typ: Trojanisches Pferd
entdeckt am: 09.11.2006
auch bekannt als: Romride.I [F-Secure]

Information:

SymbOS.Romride.I is a Trojan horse that runs on the Symbian OS, which is used as the operating system for Nokia Series 60 cellular telephones. The Trojan drops corrupt files onto the compromised device. It also drops a bootstrap component that always restarts the phone immediately, which causes the phone to keep on restarting.

technische Details:

The Trojan reportedly arrives as the following file:

Installer By MSF1989.sis

When a user opens this file, the phone installer displays a dialog to warn the user that the application may be coming from an untrusted source and may cause potential problems.

If the user clicks yes, the device displays the following message prompting the user to install the threat:

Install
Installer By MSF1989

When SymbOS.Romride.I is executed, it performs the following actions:

Drops the following files:

C:\System\Data\Apparc.db
C:\System\Data\Applications.dat
C:\System\Data\backupdb.dat
C:\System\Data\Calendar
C:\System\Data\Cdbv3.dat
C:\System\Data\CntModel.ini
C:\System\Data\DRMHS.dat
C:\System\Data\Dtstor.ini
C:\System\Data\eposglpr.db
C:\System\Data\HAL.DAT
C:\System\Data\NITZ.dat
C:\System\Data\Plugins\ECom.idx
C:\System\Data\Plugins\ECom.ROM.dat
C:\System\Data\Profiles\Profile0.dat
C:\System\Data\PTIT9UDB0f.DAT
C:\System\Data\ScShortcutEngine.ini
C:\System\Data\WVSaplni0.DAT
C:\System\MSF.exe
C:\System\Recogs\MSF.mdl

Creates the following file:

\system\install\Installer By MSF1989.sis

Note: This file is actually created by the Installer, not the threat.

[Link nur für registrierte Mitglieder sichtbar.]

Hangman · 25.07.2007, 20:44

Risiko: sehr gering
Typ: Trojanisches Pferd
entdeckt am: 09.11.2006
auch bekannt als: Romride.J [F-Secure]

Information:

SymbOS.Romride.J is a Trojan horse that runs on the Symbian OS, which is used as the operating system for Nokia Series 60 cellular telephones. The Trojan drops corrupt files onto the compromised device. It also installs a bootstrap component that always restarts the phone immediately, which causes the phone to keep on restarting.

technische Details:

The Trojan reportedly arrives as the following file:

Bluetooth.sis

When the user opens this file, the phone installer displays a dialog box to warn the users that the application may be coming from an untrusted source and may cause potential problems. If the user clicks yes, the device displays the following message prompting the user to install the threat:

Install
Bluetooth

When SymbOS.Romride.J is executed, it performs the following actions:

Drops the following corrupt files:

C:\Helzim.exe, which is the executable component of the threat
C:\System\Bootdata\CommonData.D00
C:\System\Bootdata\FirstBoot.dat
C:\System\Bootdata\LocaleData.D01
C:\System\Install\install.log
C:\System\Mail\00001000
C:\System\Mail\00100000
C:\System\Mail\00100001
C:\System\Schedules\Schedules.dat

Note: The files dropped to C:\System folder are all text files.

Creates the following file:

\system\install\Bluetooth.sis

Note: This file is actually created by the Installer, not the threat.

[Link nur für registrierte Mitglieder sichtbar.]

24.06.2007, 19:07	#1 (Permalink)
Hangman Administrator Name: Christian Handy: Nokia N95, FuSi Pocket Loox 720 Netzbetreiber: Vodafone Avatare sind nur für MFF-Mitglieder sichtbar! Bike Mania Champion! Registriert seit: 17.04.2006 Ort: Erfurt Beiträge: 3.375 Motto: S*x ist wie Sport: Man spielt 'ne halbe Stunde, schwitzt viel und hofft, daß man nichts ins Auge bekommt. Downloads: 336 Uploads: 318 Abgegebene Danke: 45 Erhielt 458 Danke für 247 Beiträge	[SymbianOS] SymbOS.Romride.A Risiko: sehr gering Typ: Trojaner entdeckt am: 02. Juni 2006 auch bekannt als: Romride.A [F-Secure] Information: SymbOS.Romride.A is a Trojan horse that affects Symbian series 60 phones. The Trojan drops corrupt files onto the compromised device. technische Details: The Trojan reportedly arrives as the following file: Nokia Live.sis When the user opens this file, the phone installer displays a dialog box to warn the users that the application may be coming from an untrusted source and may cause potential problems. If the user clicks yes, the device displays the following message prompting the user to install the threat: Install Nokia Live It displays the following message during installation: Please Reboot Your Phone! IDc) Nokia When SymbOS.Romride.A is executed, it performs the following action: Drops the following corrupt files: [DRIVELETTER]\System\Bootdata\LocaleData.D01 [DRIVELETTER]\System\Bootdata\FirstBoot.dat [DRIVELETTER]\System\Bootdata\CommonData.D00 [DRIVELETTER]\System\Mail\00100001 [DRIVELETTER]\System\Mail\00100000 [DRIVELETTER]\System\Mail\00001000 [DRIVELETTER]\System\Schedules\Schedules.dat [DRIVELETTER]\System\Shareddata\101f857a.ini [DRIVELETTER]\System\Shareddata\10005a40.ini [DRIVELETTER]\System\Shareddata\10005943.ini [DRIVELETTER]\System\Shareddata\100058f1.ini [DRIVELETTER]\System\Shareddata\100056c6.ini [DRIVELETTER]\System\Shareddata\reserve.bin Note: The following file is also created by the device installer, not the Trojan itself: \system\install\Nokia Live.sis [Link nur für registrierte Mitglieder sichtbar.] __________________ lesen - denken - posten

25.07.2007, 20:30	#2 (Permalink)
Hangman Administrator Name: Christian Handy: Nokia N95, FuSi Pocket Loox 720 Netzbetreiber: Vodafone Avatare sind nur für MFF-Mitglieder sichtbar! Bike Mania Champion! Registriert seit: 17.04.2006 Ort: Erfurt Beiträge: 3.375 Motto: S*x ist wie Sport: Man spielt 'ne halbe Stunde, schwitzt viel und hofft, daß man nichts ins Auge bekommt. Downloads: 336 Uploads: 318 Abgegebene Danke: 45 Erhielt 458 Danke für 247 Beiträge	[SymbianOS] SymbOS.Romride.B Risiko: sehr gering Typ: Trojanisches Pferd entdeckt am: 02.06.2006 auch bekannt als: Romride.B [F-Secure] Information: SymbOS.Romride.B is a Trojan horse that affects Symbian series 60 phones. The Trojan drops corrupt files onto the compromised device. technische Details: The Trojan reportedly arrives as the following file: Data Update By MSF.sis When the user opens this file, the phone installer displays a dialog box to warn the users that the application may be coming from an untrusted source and may cause potential problems. If the user clicks yes, the device displays the following message prompting the user to install the threat: Install Data Update By MSF It displays the following message during installation: You Must Restart Your Phone After Installation Complete For Your Data Update! When SymbOS.Romride.B is executed, it performs the following action: Drops the following corrupt files: C:\system\Bootdata\CommonData.D00 C:\system\Bootdata\FirstBoot.dat C:\system\Bootdata\LocaleData.D01 C:\system\Mail\00001000 C:\system\Mail\00100000 C:\system\Mail\00100001 C:\system\Schedules\Schedules.dat C:\system\Shareddata\100056c6.ini C:\system\Shareddata\100058f1.ini C:\system\Shareddata\10005943.ini C:\system\Shareddata\10005a40.ini C:\system\Shareddata\1005984.ini C:\system\Shareddata\101f857a.ini Note: The following file is also created by the device installer, not the Trojan itself: \system\install\Data Update By MSF.sis [Link nur für registrierte Mitglieder sichtbar.] __________________ lesen - denken - posten

25.07.2007, 20:32	#3 (Permalink)
Hangman Administrator Name: Christian Handy: Nokia N95, FuSi Pocket Loox 720 Netzbetreiber: Vodafone Avatare sind nur für MFF-Mitglieder sichtbar! Bike Mania Champion! Registriert seit: 17.04.2006 Ort: Erfurt Beiträge: 3.375 Motto: S*x ist wie Sport: Man spielt 'ne halbe Stunde, schwitzt viel und hofft, daß man nichts ins Auge bekommt. Downloads: 336 Uploads: 318 Abgegebene Danke: 45 Erhielt 458 Danke für 247 Beiträge	[SymbianOS] SymbOS.Romride.C Risiko: sehr gering Typ: Trojanisches Pferd entdeckt am: 05.06.2006 auch bekannt als: Romride.C [F-Secure] Information: SymbOS.Romride.C is a Trojan horse that installs corrupt files on the compromised device preventing it from restarting correctly. The Trojan runs on the Symbian OS, which is the operating system for Nokia Series 60 cellular telephones. technische Details: The Trojan reportedly arrives as the following file: Nokia_Live.sis When the user opens this file, the phone installer displays a dialog box to warn the users that the application may be coming from an untrusted source and may cause potential problems. If the user clicks yes, the device displays the following message prompting the user to install the threat: Install Nokia Live When SymbOS.Romride.C is executed, it performs the following actions: Displays the following message during installation: Nokia Live® - Free License Please installing The Program it's useful for nokia series60 Enjoy!! Copyright © 2006 Nokia Inc. Drops the following corrupt files: [DRIVELETTER]\System\Bootdata\CommonData.D00 [DRIVELETTER]\System\Bootdata\FirstBoot.dat [DRIVELETTER]\System\Bootdata\LocaleData.D01 [DRIVELETTER]\System\Mail\00001000 [DRIVELETTER]\System\Mail\00100000 [DRIVELETTER]\System\Mail\00100001 [DRIVELETTER]\System\Nokia\Sounds\Simple\laugh.wav [DRIVELETTER]\System\programs\SplashScreen.exe [DRIVELETTER]\System\Schedules\Schedules.dat [DRIVELETTER]\System\Shareddata\100056c6.ini [DRIVELETTER]\System\Shareddata\100058f1.ini [DRIVELETTER]\System\Shareddata\10005943.ini DRIVELETTER]\System\Shareddata\101f857a.ini [DRIVELETTER]\System\Shareddata\reserve.bin Note: The following file is also created by the device installer, not the Trojan itself: \system\install\Nokia_Live.sis The Trojan then executes SplashScreen.exe to play the laugh.wav file. [Link nur für registrierte Mitglieder sichtbar.] __________________ lesen - denken - posten

25.07.2007, 20:33	#4 (Permalink)
Hangman Administrator Name: Christian Handy: Nokia N95, FuSi Pocket Loox 720 Netzbetreiber: Vodafone Avatare sind nur für MFF-Mitglieder sichtbar! Bike Mania Champion! Registriert seit: 17.04.2006 Ort: Erfurt Beiträge: 3.375 Motto: S*x ist wie Sport: Man spielt 'ne halbe Stunde, schwitzt viel und hofft, daß man nichts ins Auge bekommt. Downloads: 336 Uploads: 318 Abgegebene Danke: 45 Erhielt 458 Danke für 247 Beiträge	[SymbianOS] SymbOS.Romride.D Risiko: sehr gering Typ: Trojanisches Pferd entdeckt am: 05.06.2006 auch bekannt als: Romride.D [F-Secure] Information: SymbOS.Romride.D is a Trojan horse that installs corrupt files on the compromised device preventing it from restarting correctly. The Trojan runs on the Symbian OS, which is the operating system for Nokia Series 60 cellular telephones. technische Details: The Trojan reportedly arrives as the following file: Nokia_Live.sis When the user opens this file, the phone installer displays a dialog box to warn the users that the application may be coming from an untrusted source and may cause potential problems. If the user clicks yes, the device displays the following message prompting the user to install the threat: Install Nokia Live When SymbOS.Romride.D is executed, it performs the following actions: Displays the following message during installation: Nokia Live® - Free License Please installing The Program it's useful for nokia series60 Enjoy!! Copyright © 2006 Nokia Inc. Drops the following corrupt files: C:\system\Bootdata\CommonData.D00 C:\system\Bootdata\FirstBoot.dat C:\system\Bootdata\LocaleData.D01 C:\system\Mail\00001000 C:\system\Mail\00100000 C:\system\Mail\00100001 C:\system\Nokia\Sounds\Simple\laugh.wav C:\system\programs\SplashScreen.exe C:\system\Schedules\Schedules.dat C:\system\Shareddata\100056c6.ini C:\system\Shareddata\100058f1.ini C:\system\Shareddata\10005943.ini C:\system\Shareddata\10005a40.ini C:\system\Shareddata\reserve.bin Note: The following file is also created by the device installer, not the Trojan itself: \system\install\Nokia_Live.sis Executes SplashScreen.exe to play the laugh.wav file. [Link nur für registrierte Mitglieder sichtbar.] __________________ lesen - denken - posten

25.07.2007, 20:35	#5 (Permalink)
Hangman Administrator Name: Christian Handy: Nokia N95, FuSi Pocket Loox 720 Netzbetreiber: Vodafone Avatare sind nur für MFF-Mitglieder sichtbar! Bike Mania Champion! Registriert seit: 17.04.2006 Ort: Erfurt Beiträge: 3.375 Motto: S*x ist wie Sport: Man spielt 'ne halbe Stunde, schwitzt viel und hofft, daß man nichts ins Auge bekommt. Downloads: 336 Uploads: 318 Abgegebene Danke: 45 Erhielt 458 Danke für 247 Beiträge	[SymbianOS] SymbOS.Romride.E Risiko: sehr gering Typ: Trojanisches Pferd entdeckt am: 05.06.2006 auch bekannt als: Romride.E [F-Secure] Information: SymbOS.Romride.E is a Trojan horse that affects Symbian series 60 phones. The Trojan drops corrupt files onto the compromised device. technische Details: The Trojan reportedly arrives as the following file: Nokia_Theme.sis When the user opens this file, the phone installer displays a dialog box to warn the users that the application may be coming from an untrusted source and may cause potential problems. If the user clicks yes, the device displays the following message prompting the user to install the threat: Install Nokia Theme When SymbOS.Romride.E is executed, it performs the following actions: Drops the following corrupt files: C:\System\Bootdata\CommonData.D00 C:\System\Bootdata\FirstBoot.dat C:\System\Bootdata\LocaleData.D01 C:\System\Mail\00001000 C:\System\Mail\00100000 C:\System\Mail\00100001 C:\System\Nokia\Sounds\Simple\laugh.wav C:\System\Schedules\Schedules.dat C:\System\programs\SplashScreen.exe Note: The following file is also created by the device installer, not the Trojan itself: \system\install\Nokia_Theme.sis The Trojan then executes SplashScreen.exe to play the laugh.wav file. [Link nur für registrierte Mitglieder sichtbar.] __________________ lesen - denken - posten

25.07.2007, 20:37	#6 (Permalink)
Hangman Administrator Name: Christian Handy: Nokia N95, FuSi Pocket Loox 720 Netzbetreiber: Vodafone Avatare sind nur für MFF-Mitglieder sichtbar! Bike Mania Champion! Registriert seit: 17.04.2006 Ort: Erfurt Beiträge: 3.375 Motto: S*x ist wie Sport: Man spielt 'ne halbe Stunde, schwitzt viel und hofft, daß man nichts ins Auge bekommt. Downloads: 336 Uploads: 318 Abgegebene Danke: 45 Erhielt 458 Danke für 247 Beiträge	[SymbianOS] SymbOS.Romride.F Risiko: sehr gering Typ: Trojanisches Pferd entdeckt am: 21.06.2006 auch bekannt als: Romride.F [F-Secure] Information: SymbOS.Romride.F is a Trojan horse that affects Symbian series 60 phones. The Trojan drops corrupt files onto the compromised device. technische Details: The Trojan reportedly arrives as the following file: Nokia_ROM.sis When the user opens this file, the phone installer displays a dialog box to warn the users that the application may be coming from an untrusted source and may cause potential problems. If the user clicks yes, the device displays the following message prompting the user to install the threat: Install NOKIA ROM When SymbOS.Commdropper.F is executed, it performs the following actions: Displays the following message during installation: NOKIA ROM® Software can only be installed in iternal memory (C. Do you wish to continue installation? Drops the following corrupt files: C:\System\Bootdata\LocaleData.D01 C:\System\Bootdata\FirstBoot.dat C:\System\Bootdata\CommonData.D00 C:\System\Mail\00100001 C:\System\Mail\00100000 C:\System\Mail\00001000 C:\System\programs\SplashScreen.exe C:\System\Nokia\Sounds\Simple\Laugh.wav C:\System\Schedules\Schedules.dat The following file is also created by the device installer, not the Trojan itself: \system\install\Nokia_ROM.sis Executes SplashScreen.exe to play the Laugh.wav file. [Link nur für registrierte Mitglieder sichtbar.] __________________ lesen - denken - posten

25.07.2007, 20:38	#7 (Permalink)
Hangman Administrator Name: Christian Handy: Nokia N95, FuSi Pocket Loox 720 Netzbetreiber: Vodafone Avatare sind nur für MFF-Mitglieder sichtbar! Bike Mania Champion! Registriert seit: 17.04.2006 Ort: Erfurt Beiträge: 3.375 Motto: S*x ist wie Sport: Man spielt 'ne halbe Stunde, schwitzt viel und hofft, daß man nichts ins Auge bekommt. Downloads: 336 Uploads: 318 Abgegebene Danke: 45 Erhielt 458 Danke für 247 Beiträge	[SymbianOS] SymbOS.Romride.G Risiko: sehr gering Typ: Trojanisches Pferd entdeckt am: 21.06.2006 auch bekannt als: Romride.G [F-Secure] Information: SymbOS.Romride.G is a Trojan horse that affects Symbian series 60 phones. The Trojan drops corrupt files onto the compromised device. technische Details: The Trojan reportedly arrives as the following file: Voice_ROM.sis When the user opens this file, the phone installer displays a dialog box to warn the users that the application may be coming from an untrusted source and may cause potential problems. If the user clicks yes, the device displays the following message prompting the user to install the threat: Install Voice ROM When SymbOS.Commdropper.F is executed, it performs the following actions: Displays the following message during installation: Voice ROM® Developer By [REMOVED]! Drops the following corrupt files: C:\System\Bootdata\LocaleData.D01 C:\System\Bootdata\FirstBoot.dat C:\System\Bootdata\CommonData.D00 C:\System\Mail\00100001 C:\System\Mail\00100000 C:\System\Mail\00001000 C:\System\Nokia\Sounds\Simple\Pirate.wav C:\System\programs\SplashScreen.exe C:\System\Schedules\Schedules.dat The following file is also created by the device installer, not the Trojan itself: \system\install\Voice_ROM.sis Executes SplashScreen.exe to play the Pirate.wav file. [Link nur für registrierte Mitglieder sichtbar.] __________________ lesen - denken - posten

25.07.2007, 20:40	#8 (Permalink)
Hangman Administrator Name: Christian Handy: Nokia N95, FuSi Pocket Loox 720 Netzbetreiber: Vodafone Avatare sind nur für MFF-Mitglieder sichtbar! Bike Mania Champion! Registriert seit: 17.04.2006 Ort: Erfurt Beiträge: 3.375 Motto: S*x ist wie Sport: Man spielt 'ne halbe Stunde, schwitzt viel und hofft, daß man nichts ins Auge bekommt. Downloads: 336 Uploads: 318 Abgegebene Danke: 45 Erhielt 458 Danke für 247 Beiträge	[SymbianOS] SymbOS.Romride.H Risiko: sehr gering Typ: Trojanisches Pferd entdeckt am: 21.06.2006 auch bekannt als: Romride.H [F-Secure] Information: SymbOS.Romride.H is a Trojan horse that affects Symbian series 60 phones. The Trojan drops corrupt files onto the compromised device. technische Details: The Trojan reportedly arrives as the following file: Nokia_Live.sis When the user opens this file, the phone installer displays a dialog box to warn the users that the application may be coming from an untrusted source and may cause potential problems. If the user clicks yes, the device displays the following message prompting the user to install the threat: Install Nokia Live When SymbOS.Commdropper.F is executed, it performs the following actions: Displays the following message during installation: Nokia Live® - Free License Please installing The Program it's useful for nokia series60 Enjoy!! Copyright © 2006 Nokia Inc. Drops the following corrupt files: C:\System\Bootdata\CommonData.D00 C:\System\Bootdata\FirstBoot.dat C:\System\Bootdata\LocaleData.D01 C:\System\Mail\00001000 C:\System\Mail\00100001 C:\System\Mail\00100000 C:\System\Nokia\Sounds\Simple\laugh.wav C:\System\programs\SplashScreen.exe C:\System\Shareddata\100056c6.ini C:\System\Shareddata\100058f1.ini C:\System\Shareddata\10005943.ini C:\System\Shareddata\101f857a.ini C:\System\Shareddata\reserve.bin Nokia_Live.sis The following file is also created by the device installer, not the Trojan itself: \system\install\Nokia_Live.sis Executes SplashScreen.exe to play the laugh.wav file. [Link nur für registrierte Mitglieder sichtbar.] __________________ lesen - denken - posten

25.07.2007, 20:42	#9 (Permalink)
Hangman Administrator Name: Christian Handy: Nokia N95, FuSi Pocket Loox 720 Netzbetreiber: Vodafone Avatare sind nur für MFF-Mitglieder sichtbar! Bike Mania Champion! Registriert seit: 17.04.2006 Ort: Erfurt Beiträge: 3.375 Motto: S*x ist wie Sport: Man spielt 'ne halbe Stunde, schwitzt viel und hofft, daß man nichts ins Auge bekommt. Downloads: 336 Uploads: 318 Abgegebene Danke: 45 Erhielt 458 Danke für 247 Beiträge	[SymbianOS] SymbOS.Romride.I Risiko: sehr gering Typ: Trojanisches Pferd entdeckt am: 09.11.2006 auch bekannt als: Romride.I [F-Secure] Information: SymbOS.Romride.I is a Trojan horse that runs on the Symbian OS, which is used as the operating system for Nokia Series 60 cellular telephones. The Trojan drops corrupt files onto the compromised device. It also drops a bootstrap component that always restarts the phone immediately, which causes the phone to keep on restarting. technische Details: The Trojan reportedly arrives as the following file: Installer By MSF1989.sis When a user opens this file, the phone installer displays a dialog to warn the user that the application may be coming from an untrusted source and may cause potential problems. If the user clicks yes, the device displays the following message prompting the user to install the threat: Install Installer By MSF1989 When SymbOS.Romride.I is executed, it performs the following actions: Drops the following files: C:\System\Data\Apparc.db C:\System\Data\Applications.dat C:\System\Data\backupdb.dat C:\System\Data\Calendar C:\System\Data\Cdbv3.dat C:\System\Data\CntModel.ini C:\System\Data\DRMHS.dat C:\System\Data\Dtstor.ini C:\System\Data\eposglpr.db C:\System\Data\HAL.DAT C:\System\Data\NITZ.dat C:\System\Data\Plugins\ECom.idx C:\System\Data\Plugins\ECom.ROM.dat C:\System\Data\Profiles\Profile0.dat C:\System\Data\PTIT9UDB0f.DAT C:\System\Data\ScShortcutEngine.ini C:\System\Data\WVSaplni0.DAT C:\System\MSF.exe C:\System\Recogs\MSF.mdl Creates the following file: \system\install\Installer By MSF1989.sis Note: This file is actually created by the Installer, not the threat. [Link nur für registrierte Mitglieder sichtbar.] __________________ lesen - denken - posten

25.07.2007, 20:44	#10 (Permalink)
Hangman Administrator Name: Christian Handy: Nokia N95, FuSi Pocket Loox 720 Netzbetreiber: Vodafone Avatare sind nur für MFF-Mitglieder sichtbar! Bike Mania Champion! Registriert seit: 17.04.2006 Ort: Erfurt Beiträge: 3.375 Motto: S*x ist wie Sport: Man spielt 'ne halbe Stunde, schwitzt viel und hofft, daß man nichts ins Auge bekommt. Downloads: 336 Uploads: 318 Abgegebene Danke: 45 Erhielt 458 Danke für 247 Beiträge	[SymbianOS] SymbOS.Romride.J Risiko: sehr gering Typ: Trojanisches Pferd entdeckt am: 09.11.2006 auch bekannt als: Romride.J [F-Secure] Information: SymbOS.Romride.J is a Trojan horse that runs on the Symbian OS, which is used as the operating system for Nokia Series 60 cellular telephones. The Trojan drops corrupt files onto the compromised device. It also installs a bootstrap component that always restarts the phone immediately, which causes the phone to keep on restarting. technische Details: The Trojan reportedly arrives as the following file: Bluetooth.sis When the user opens this file, the phone installer displays a dialog box to warn the users that the application may be coming from an untrusted source and may cause potential problems. If the user clicks yes, the device displays the following message prompting the user to install the threat: Install Bluetooth When SymbOS.Romride.J is executed, it performs the following actions: Drops the following corrupt files: C:\Helzim.exe, which is the executable component of the threat C:\System\Bootdata\CommonData.D00 C:\System\Bootdata\FirstBoot.dat C:\System\Bootdata\LocaleData.D01 C:\System\Install\install.log C:\System\Mail\00001000 C:\System\Mail\00100000 C:\System\Mail\00100001 C:\System\Schedules\Schedules.dat Note: The files dropped to C:\System folder are all text files. Creates the following file: \system\install\Bluetooth.sis Note: This file is actually created by the Installer, not the threat. [Link nur für registrierte Mitglieder sichtbar.] __________________ lesen - denken - posten

Aktive Benutzer in diesem Thema: 1 (Registrierte Benutzer: 0, Gäste: 1)

Themen-Optionen
Druckbare Version zeigen Jemanden per E-Mail auf dieses Thema hinweisen
Ansicht
Linear-Darstellung Zur Hybrid-Darstellung wechseln Zur Baum-Darstellung wechseln