[SymbianOS] SymbOS.Doomboot - Seite 2 - Mobilfunk-FAQ

Hangman · 24.07.2007, 22:39

Reserviert für SymbOS.Doomboot.K

Hangman · 24.07.2007, 22:40

Reserviert für SymbOS.Doomboot.L

Hangman · 24.07.2007, 22:41

Risiko: sehr gering
Typ: Trojanisches Pferd
entdeckt am: 10.11.2005
auch bekannt als: SYMBOS_DOOMED.H [Trend Micro]

Information:

SymbOS.Doomboot.M is a Trojan horse that drops corrupt files on to the compromised device. The Trojan runs on the Symbian operating system that is used in Nokia Series 60 cellular telephones.

The Trojan arrives as exoVirusStop v2.13.16.sis (63,393 bytes), disguising itself as an antivirus product.

technische Details:

When SymbOS.Doomboot.M is executed, it performs the following actions:
Displays a message that warns users that the application may be coming from an untrusted source and may cause potential problems when installed on the mobile device

Displays a message prompting the user to Install:

"exoVirusStop v 2.13.16"

May displays the following warning message to the user:

"Application may not be compatbile with phone. Quit Installation?"

After Installation displays the following message to the User:

"For Updates visit [Link nur für registrierte Mitglieder sichtbar.] . If there is a virus re-boot your phone after disinfection"

Drops the following corrupt files onto the C drive of the compromised device:

C:\Etel.dll
C:\etelmm.dll
C:\etelpckt.dll
C:\etelsat.dll

Note: When the device is restarted, these files will be loaded and the device will not function correctly.

Drops the following files:

C:\system\apps\Cabir AA detected\Cabir AA detected EVS is disinfecting re-boot your phone.rsc - 0 bytes
C:\system\apps\Cabir AA detected\Cabir AA detected EVS is disinfecting re-boot your phone.MBM - 0 bytes
C:\system\apps\Cabir AA detected\Cabir AA detected EVS is disinfecting re-boot your phone.app - 0 bytes
C:\system\apps\Cabir AA detected\Cabir AA detected EVS is disinfecting re-boot your phone.app - 0 bytes
C:\system\apps\velasco\marcos.mdl - 0 bytes
C:\system\apps\velasco\velasco.app - 0 bytes
C:\system\apps\velasco\velasco.rsc - 0 bytes
C:\system\install\exoVirusStop v2.13.16.sis
C:\Nokia\installs\exoVirusStop v2.13.16.sis

Drops the following files, which are associated with a legitimate AntiVirus product:

C:\system\apps\EVS\EVS.aif - 3,245 bytes
C:\system\apps\EVS\EVS.app - 30,368 bytes
C:\system\apps\EVS\EVS.rsc - 671 bytes
C:\system\apps\EVS\EVS_caption.rsc - 60 bytes
C:\system\apps\EVS\exovirusstop.mbm - 3,961 bytes

[Link nur für registrierte Mitglieder sichtbar.]

Hangman · 24.07.2007, 22:43

Risiko: sehr gering
Typ: Trojanisches Pferd
entdeckt am: 10.11.2005
auch bekannt als: SYMBOS_DOOMED.I [Trend Micro]

Information:

SymbOS.Doomboot.N is a Trojan horse that drops corrupt files on to the compromised device. The Trojan runs on the Symbian operating system that is used in Nokia Series 60 cellular telephones.

The Trojan arrives as exoVirusStop 1.69.90.sis, in an attempt to disguise itself as an antivirus product.

technische Details:

When SymbOS.Doomboot.M is executed, it performs the following actions:
Displays a message that warns users that the application may be coming from an untrusted source and may cause potential problems when installed on the mobile device.

Displays a message prompting the user to Install:

exoVirusStop v 1.69.90

May display one of the following warning messages to the user:

Application may not be compatbile with phone. Quit Installation?
File Corrupted!

After Installation displays the following message to the User:

For Updates visit [[Link nur für registrierte Mitglieder sichtbar.] [REMOVED]. If there is a virus re-boot your phone after disinfection.

Drops the following corrupt files onto the C drive of the compromised device:

C:\Etel.dll
C:\etelmm.dll
C:\etelpckt.dll
C:\etelsat.dll

Note: When the device is restarted, these files will be loaded and the device will not function correctly.

Drops the following files:

C:\system\apps\Cabir AA detected\Cabir AA detected EVS is disinfecting re-boot your phone.rsc - 0 bytes
C:\system\apps\Cabir AA detected\Cabir AA detected EVS is disinfecting re-boot your phone.MBM - 0 bytes
C:\system\apps\Cabir AA detected\Cabir AA detected EVS is disinfecting re-boot your phone.app - 0 bytes
C:\system\apps\Cabir AA detected\Cabir AA detected EVS is disinfecting re-boot your phone.app - 0 bytes
C:\system\apps\velasco\marcos.mdl - 0 bytes
C:\system\apps\velasco\velasco.app - 0 bytes
C:\system\apps\velasco\velasco.rsc - 0 bytes
C:\system\install\exoVirusStop v1.69.90.sis
C:\Nokia\installs\exoVirusStop v1.69.90.sis

Drops the following files, which are associated with a legitimate AntiVirus product:

C:\system\apps\EVS\EVS.aif - 3,245 bytes
C:\system\apps\EVS\EVS.app - 30,368 bytes
C:\system\apps\EVS\EVS.rsc - 671 bytes
C:\system\apps\EVS\EVS_caption.rsc - 60 bytes
C:\system\apps\EVS\exovirusstop.mbm - 3,961 bytes

Attempts to drop additional malicious files, normally to a removable drive:

autorun.inf
VirusScan 001.exe (detected as W32.HLLW.Cydog@mm)
PopUp0.txt

[Link nur für registrierte Mitglieder sichtbar.]

Hangman · 24.07.2007, 22:43

Reserviert für SymbOS.Doomboot.O

Hangman · 24.07.2007, 22:45

Risiko: sehr gering
Typ: Trojanisches Pferd
entdeckt am: 28.11.2005
auch bekannt als: keine Angabe

Information:

SymbOS.Doomboot.P is a Trojan horse that affects Symbian series 60 phones and disables several applications on the compromised device. The Trojan may also drop other threats on the device.

technische Details:

When SymbOS.Doomboot.P is executed, it performs the following actions:
Displays the following message:

Do you know this will help to maintain battery power
put AntiVirus on battery against battery drainer virus
Your Regards Ximplify

Drops the following files, which may disable certain applications and certain other Symbian threats:

C:\ETel.dll
C:\etelmm.dll
C:\etelpckt.dll
C:\etelsat.dll
C:\system\apps\AntiVirus\~AntiVirus.app
C:\system\apps\AntiVirus\AntiVirus.aif
C:\system\apps\AntiVirus\AntiVirus.hlp
C:\system\apps\AntiVirus\AntiVirus.ini
C:\system\apps\AntiVirus\AntiVirus.lsc
C:\system\apps\AntiVirus\AntiVirus.mbm
C:\system\apps\AntiVirus\AntiVirus.rsc
C:\system\apps\AntiVirus\AVServer.exe
C:\system\apps\AntiVirus\Definitions.dat
C:\system\apps\AntiVirus\Log.txt
C:\system\apps\AntiVirus\Update.ini
C:\system\apps\AppInst\Appinst.aif
C:\system\apps\AppInst\Appinst.app
C:\system\apps\AppMngr\AppMngr.aif
C:\system\apps\AppMngr\AppMngr.app
C:\system\apps\BatteryDrainer!!\BatteryDrainer!!.a pp
C:\system\apps\BatteryDrainer!!\BatteryDrainer!!.M BM
C:\system\apps\BatteryDrainer!!\BatteryDrainer!!.r sc
C:\system\apps\BatteryDrainer!!\ezrecog.MDL
C:\system\apps\caribe\caribe.app
C:\system\apps\caribe\caribe.rsc
C:\system\apps\CommWarrior\commrec.mdl
C:\system\apps\CommWarrior\commwarrior.exe
C:\system\apps\file\file.app
C:\system\apps\OIDI500\OIDI500.aif
C:\system\apps\OIDI500\OIDI500.rsc
C:\system\apps\SystemExplorer\SystemExplorer.app
C:\system\apps\velasco\marcos.mdl
C:\system\apps\velasco\velasco.app
C:\system\apps\velasco\velasco.rsc
C:\system\CARIBESECURITYMANAGER\caribe.rsc
C:\system\programs\cwoutcast.exe
C:\system\RECOGS\AVBoot.mdl
C:\System\Apps\Menu\Menu.aif
C:\System\Apps\Menu\Menu.app
C:\System\Apps\Phone\Phone.aif
C:\System\Apps\Phone\Phone.app

Drops following threats on to the compromised device:

C:\system\RECOGS\flo.mdl (A copy of SymbOS.Cabir)
C:\system\symbiansecuredata\caribesecuritymanager\ sexxxy.sis (A copy of SymbOS.Cabir)
C:\system\apps\OIDI500\OIDI500.mdl (A copy of SymbOS.Cabir)
C:\system\apps\OIDI500\OIDI500.app (A copy of SymbOS.Cabir)
C:\system\apps\caribe\flo.mdl (A copy of SymbOS.Cabir)
C:\system\apps\caribe\caribe.app (A copy of SymbOS.Cabir.B )
C:\system\CARIBESECURITYMANAGER\caribe.app (A copy of SymbOS.Cabir.B )
C:\system\apps\gavno\gavno.app (A copy of SymbOS.Locknut.A)
C:\system\apps\AppMngr\AppMngr.aif (A copy of SymbOS.Skulls.C)
C:\system\apps\Menu\menu.aif (A copy of SymbOS.Skulls.C)
C:\System\Apps\Phone\Phone.aif (A copy of SymbOS.Skulls.C)

Changes the icons of most applications to the following Jigsaw puzzle icon, and removes the icon name:

Displays the following message:

App. closed
AppArcServerTh
read

[Link nur für registrierte Mitglieder sichtbar.]

Hangman · 24.07.2007, 22:48

Risiko: sehr gering
Typ: Trojanisches Pferd
entdeckt am: 05.12.2005
auch bekannt als: keine Angabe

Information:

SymbOS.Doomboot.Q is a Trojan horse that installs corrupt files on the compromised device preventing it from restarting correctly. The Trojan runs on the Symbian OS, which is the operating system for Nokia Series 60 cellular telephones.

technische Details:

When SymbOS.Doomboot.Q is executed, it performs the following actions:
Drops the following file:

Symbian_DFT v1.0.sis

Displays a dialog box warning users that the application may be coming from an untrusted source and may cause potential problems when the .sis file is opened.

If the user clicks yes, the phone will display a message prompting the user to Install:

"Symbian_DFT v1.0"

Drops the following corrupt system files on to the compromised device:

C:\ETel.dll
C:\etelsat.dll
C:\etelpckt.dll
C:\etelmm.dll
C:\System\apps\AppMngr\Appmngr.app

Note: If the device is restarted, these files will be loaded and the device will not function correctly.

Displays the following message after Installation:

New Protection for Symbian Device created By Tomas DFT for Anti-files corrupt. Please Press OK And Restart Your Phone.

Creates the following file:

\system\install\Symbian_DFT v1.0.sis

Note: This file is actually created by the Installer, not the threat.

[Link nur für registrierte Mitglieder sichtbar.]

Hangman · 24.07.2007, 22:49

Risiko: sehr gering
Typ: Trojanisches Pferd
entdeckt am: 15.12.2005
auch bekannt als: Doomboot.K [F-Secure]

Information:

SymbOS.Doomboot.R is a Trojan horse that installs corrupt files on the compromised device preventing it from restarting correctly. The Trojan runs on the Symbian OS, which is the operating system for Nokia Series 60 cellular telephones.

The Trojan reportedly arrives as F-secure Antivirus.sis. When the user clicks on the .sis file, the phone installer will display a dialog to warn users that the application may be coming from an untrusted source and may cause potential problems.

technische Details:

When SymbOS.Doomboot.R is executed, it performs the following actions:
Display the following message:

Install
F-secure Antivirus

Drops the following corrupt system files onto the compromised device:

C:\ETel.dll
C:\etelsat.dll
C:\etelpckt.dll
C:\etelmm.dll

Note: If the device is restarted, these files will be loaded and the device will not function correctly.

The following file is created by the device Installer, not the threat:

\system\install\F-secure Antivirus.sis

[Link nur für registrierte Mitglieder sichtbar.]

Hangman · 24.07.2007, 22:52

Risiko: sehr gering
Typ: Trojanisches Pferd
entdeckt am: 06.03.2006
auch bekannt als: Singlejump.K [F-Secure]

Information:

SymbOS.Doomboot.S is a Trojan horse that installs corrupt files on the compromised device preventing it from restarting correctly. The Trojan runs on the Symbian OS, which is the operating system for Nokia Series 60 cellular telephones.

technische Details:

The Trojan reportedly arrives as Security - Application.sis. When the user clicks on the .sis file, the phone installer displays a dialog box to warn the user that the application may be coming from an untrusted source and may cause potential problems. If the user clicks yes, the phone displays a message prompting the user to instal the following:

Install
Security - Application

The following message is also displayed during installation:

Security - Application For Series 60 Copyright © 2006 0ID500 Inc. All rights reserved *** 0ID500 TEAM ***

When SymbOS.Doomboot.S is executed, it performs the following actions:
Drops the following files:

.\SendSIS.sis (A copy of SymbOS.Cardblock.A)
[DRIVELETTER]\System\apps\AppInst\Appinst.aif
[DRIVELETTER]\System\apps\AppInst\Appinst.app
[DRIVELETTER]\System\apps\BtUi\BtUi.app
[DRIVELETTER]\System\apps\FSpreader\FSpreader.app (A copy of SymbOS.Sendtool.A)
[DRIVELETTER]\System\apps\FSpreader\FSpreader.rsc
[DRIVELETTER]\System\apps\FSpreader\PATH.TXT
[DRIVELETTER]\System\apps\Mosquitos\Mosquitos.aif
[DRIVELETTER]\System\apps\Mosquitos\Mosquitos.app (A copy of Trojan.Mos)
[DRIVELETTER]\System\apps\Mosquitos\Mosquitos.rsc
[DRIVELETTER]\System\apps\Mosquitos\Mosquitos_caption.rsc
[DRIVELETTER]\System\apps\Mosquitos\addon1.pcm
[DRIVELETTER]\System\apps\Mosquitos\addon21.pcm
[DRIVELETTER]\System\apps\Mosquitos\addon22.pcm
[DRIVELETTER]\System\apps\Mosquitos\audio.dat
[DRIVELETTER]\System\apps\Mosquitos\gameover.pcm
[DRIVELETTER]\System\apps\Mosquitos\menuswitch.pcm
[DRIVELETTER]\System\apps\Mosquitos\ragg.pcm
[DRIVELETTER]\System\apps\Mosquitos\raggc.pcm
[DRIVELETTER]\System\apps\Mosquitos\saugen.pcm
[DRIVELETTER]\System\apps\Mosquitos\shoot.pcm
[DRIVELETTER]\System\apps\Mosquitos\shoothit.pcm
[DRIVELETTER]\System\apps\Mosquitos\winken.pcm
[DRIVELETTER]\System\apps\OIDI500\OIDI500.aif
[DRIVELETTER]\System\apps\OIDI500\OIDI500.app (A copy of SymbOS.Cabir)
[DRIVELETTER]\System\apps\OIDI500\OIDI500.mdl (A copy of SymbOS.Cabir)
[DRIVELETTER]\System\apps\OIDI500\OIDI500.rsc
[DRIVELETTER]\System\apps\ProfiExplorer\ProfiExplorer.aif
[DRIVELETTER]\System\apps\ProfiExplorer\ProfiExplorer.app
[DRIVELETTER]\System\apps\ProfiExplorer\ProfiExplorer.rsc
[DRIVELETTER]\System\apps\Profimail\Data\Alert.mid
[DRIVELETTER]\System\apps\Profimail\Data\PM_S60.dta
[DRIVELETTER]\System\apps\Profimail\Data\config.bin
[DRIVELETTER]\System\apps\Profimail\Data\messages.bin
[DRIVELETTER]\System\apps\Profimail\Data\shop.txt
[DRIVELETTER]\System\apps\Profimail\ProfiMail.aif
[DRIVELETTER]\System\apps\Profimail\ProfiMail.app
[DRIVELETTER]\System\apps\Profimail\ProfiMail.rsc
[DRIVELETTER]\System\SYMBIANSECUREDATA\CARIBESECURITYMANAGER\CA RIBE.APP (A copy of SymbOS.Mabir.A)
[DRIVELETTER]\System\SYMBIANSECUREDATA\CARIBESECURITYMANAGER\CA RIBE.RSC
[DRIVELETTER]\System\SYMBIANSECUREDATA\CARIBESECURITYMANAGER\CA RIBE.SIS (A copy of SymbOS.Mabir.A)
[DRIVELETTER]\System\SYMBIANSECUREDATA\CARIBESECURITYMANAGER\IN FO.SIS (A copy of SymbOS.Mabir.A)
C:\ETel.dll
C:\System\Fonts\Kill sadam font.gdr (A copy of SymbOS.Fontal.A)
C:\System\Fonts\Panic.gdr (A copy of SymbOS.Blankfont.A)
C:\System\install\PhoneBook.SIS (A copy of SymbOS.Pbstealer.A)
C:\System\install\autoexecdaemon.SIS (A copy of SymbOS.Cabir.C)
C:\System\install\commwarrior.SIS (A copy of SymbOS.Commwarrior.A)
C:\System\recogs\flo.mdl (A copy of SymbOS.Mabir.A)

Note: If the device is restarted, these files will be loaded and the device will not function correctly.

The following file is created by the Installer:

\system\install\Security - Application.sis

[Link nur für registrierte Mitglieder sichtbar.]

Hangman · 24.07.2007, 22:53

Risiko: sehr gering
Typ: Trojanisches Pferd
entdeckt am: 25.05.2006
auch bekannt als: Doomboot.M [F-Secure]

Information:

SymbOS.Doomboot.T is a Trojan horse that drops corrupt files and a copy of SymbOS.Commwarrior.I on to the compromised device. The Trojan runs on the Symbian OS, which is used as the operating system for Nokia Series 60 cellular telephones.

The Trojan reportedly arrives as Leslie Loves.sis.

technische Details:

When SymbOS.Doomboot.T is executed, it performs the following actions:

Displays a dialog box to warn the user that the application may be coming from an untrusted source and may cause potential problems when the user opens the Leslie Loves.sis file.

If the user clicks yes, the device displays the following message prompting the user to install the threat:

Install
Leslie Loves

The following message is also displayed during installation:

File Uploading & Modified by [REMOVED].

Drops the following files:

c:\etel.dll
c:\system\data\IloveLeslie\LeslieLoves.jpg (A copy of SymbOS.Commwarrior.I)
c:\system\data\IloveLeslie\RecQWRD.mdl

When the device is restarted the file c:\etel.dll will be loaded and the device will not function correctly.

The following file is also created by the device Installer, not the Trojan itself:

\system\install\Leslie Loves.sis

[Link nur für registrierte Mitglieder sichtbar.]

24.07.2007, 22:39	#11 (Permalink)
Hangman Administrator Name: Christian Handy: Nokia N95, FuSi Pocket Loox 720 Netzbetreiber: Vodafone Avatare sind nur für MFF-Mitglieder sichtbar! Bike Mania Champion! Registriert seit: 17.04.2006 Ort: Erfurt Beiträge: 3.253 Motto: S*x ist wie Sport: Man spielt 'ne halbe Stunde, schwitzt viel und hofft, daß man nichts ins Auge bekommt. Downloads: 318 Uploads: 306 Abgegebene Danke: 41 Erhielt 408 Danke für 228 Beiträge	Reserviert für SymbOS.Doomboot.K __________________ lesen - denken - posten

24.07.2007, 22:40	#12 (Permalink)
Hangman Administrator Name: Christian Handy: Nokia N95, FuSi Pocket Loox 720 Netzbetreiber: Vodafone Avatare sind nur für MFF-Mitglieder sichtbar! Bike Mania Champion! Registriert seit: 17.04.2006 Ort: Erfurt Beiträge: 3.253 Motto: S*x ist wie Sport: Man spielt 'ne halbe Stunde, schwitzt viel und hofft, daß man nichts ins Auge bekommt. Downloads: 318 Uploads: 306 Abgegebene Danke: 41 Erhielt 408 Danke für 228 Beiträge	Reserviert für SymbOS.Doomboot.L __________________ lesen - denken - posten

24.07.2007, 22:41	#13 (Permalink)
Hangman Administrator Name: Christian Handy: Nokia N95, FuSi Pocket Loox 720 Netzbetreiber: Vodafone Avatare sind nur für MFF-Mitglieder sichtbar! Bike Mania Champion! Registriert seit: 17.04.2006 Ort: Erfurt Beiträge: 3.253 Motto: S*x ist wie Sport: Man spielt 'ne halbe Stunde, schwitzt viel und hofft, daß man nichts ins Auge bekommt. Downloads: 318 Uploads: 306 Abgegebene Danke: 41 Erhielt 408 Danke für 228 Beiträge	[SymbianOS] SymbOS.Doomboot.M Risiko: sehr gering Typ: Trojanisches Pferd entdeckt am: 10.11.2005 auch bekannt als: SYMBOS_DOOMED.H [Trend Micro] Information: SymbOS.Doomboot.M is a Trojan horse that drops corrupt files on to the compromised device. The Trojan runs on the Symbian operating system that is used in Nokia Series 60 cellular telephones. The Trojan arrives as exoVirusStop v2.13.16.sis (63,393 bytes), disguising itself as an antivirus product. technische Details: When SymbOS.Doomboot.M is executed, it performs the following actions: Displays a message that warns users that the application may be coming from an untrusted source and may cause potential problems when installed on the mobile device Displays a message prompting the user to Install: "exoVirusStop v 2.13.16" May displays the following warning message to the user: "Application may not be compatbile with phone. Quit Installation?" After Installation displays the following message to the User: "For Updates visit [Link nur für registrierte Mitglieder sichtbar.] . If there is a virus re-boot your phone after disinfection" Drops the following corrupt files onto the C drive of the compromised device: C:\Etel.dll C:\etelmm.dll C:\etelpckt.dll C:\etelsat.dll Note: When the device is restarted, these files will be loaded and the device will not function correctly. Drops the following files: C:\system\apps\Cabir AA detected\Cabir AA detected EVS is disinfecting re-boot your phone.rsc - 0 bytes C:\system\apps\Cabir AA detected\Cabir AA detected EVS is disinfecting re-boot your phone.MBM - 0 bytes C:\system\apps\Cabir AA detected\Cabir AA detected EVS is disinfecting re-boot your phone.app - 0 bytes C:\system\apps\Cabir AA detected\Cabir AA detected EVS is disinfecting re-boot your phone.app - 0 bytes C:\system\apps\velasco\marcos.mdl - 0 bytes C:\system\apps\velasco\velasco.app - 0 bytes C:\system\apps\velasco\velasco.rsc - 0 bytes C:\system\install\exoVirusStop v2.13.16.sis C:\Nokia\installs\exoVirusStop v2.13.16.sis Drops the following files, which are associated with a legitimate AntiVirus product: C:\system\apps\EVS\EVS.aif - 3,245 bytes C:\system\apps\EVS\EVS.app - 30,368 bytes C:\system\apps\EVS\EVS.rsc - 671 bytes C:\system\apps\EVS\EVS_caption.rsc - 60 bytes C:\system\apps\EVS\exovirusstop.mbm - 3,961 bytes [Link nur für registrierte Mitglieder sichtbar.] __________________ lesen - denken - posten

24.07.2007, 22:43	#14 (Permalink)
Hangman Administrator Name: Christian Handy: Nokia N95, FuSi Pocket Loox 720 Netzbetreiber: Vodafone Avatare sind nur für MFF-Mitglieder sichtbar! Bike Mania Champion! Registriert seit: 17.04.2006 Ort: Erfurt Beiträge: 3.253 Motto: S*x ist wie Sport: Man spielt 'ne halbe Stunde, schwitzt viel und hofft, daß man nichts ins Auge bekommt. Downloads: 318 Uploads: 306 Abgegebene Danke: 41 Erhielt 408 Danke für 228 Beiträge	[SymbianOS] SymbOS.Doomboot.N Risiko: sehr gering Typ: Trojanisches Pferd entdeckt am: 10.11.2005 auch bekannt als: SYMBOS_DOOMED.I [Trend Micro] Information: SymbOS.Doomboot.N is a Trojan horse that drops corrupt files on to the compromised device. The Trojan runs on the Symbian operating system that is used in Nokia Series 60 cellular telephones. The Trojan arrives as exoVirusStop 1.69.90.sis, in an attempt to disguise itself as an antivirus product. technische Details: When SymbOS.Doomboot.M is executed, it performs the following actions: Displays a message that warns users that the application may be coming from an untrusted source and may cause potential problems when installed on the mobile device. Displays a message prompting the user to Install: exoVirusStop v 1.69.90 May display one of the following warning messages to the user: Application may not be compatbile with phone. Quit Installation? File Corrupted! After Installation displays the following message to the User: For Updates visit [[Link nur für registrierte Mitglieder sichtbar.] [REMOVED]. If there is a virus re-boot your phone after disinfection. Drops the following corrupt files onto the C drive of the compromised device: C:\Etel.dll C:\etelmm.dll C:\etelpckt.dll C:\etelsat.dll Note: When the device is restarted, these files will be loaded and the device will not function correctly. Drops the following files: C:\system\apps\Cabir AA detected\Cabir AA detected EVS is disinfecting re-boot your phone.rsc - 0 bytes C:\system\apps\Cabir AA detected\Cabir AA detected EVS is disinfecting re-boot your phone.MBM - 0 bytes C:\system\apps\Cabir AA detected\Cabir AA detected EVS is disinfecting re-boot your phone.app - 0 bytes C:\system\apps\Cabir AA detected\Cabir AA detected EVS is disinfecting re-boot your phone.app - 0 bytes C:\system\apps\velasco\marcos.mdl - 0 bytes C:\system\apps\velasco\velasco.app - 0 bytes C:\system\apps\velasco\velasco.rsc - 0 bytes C:\system\install\exoVirusStop v1.69.90.sis C:\Nokia\installs\exoVirusStop v1.69.90.sis Drops the following files, which are associated with a legitimate AntiVirus product: C:\system\apps\EVS\EVS.aif - 3,245 bytes C:\system\apps\EVS\EVS.app - 30,368 bytes C:\system\apps\EVS\EVS.rsc - 671 bytes C:\system\apps\EVS\EVS_caption.rsc - 60 bytes C:\system\apps\EVS\exovirusstop.mbm - 3,961 bytes Attempts to drop additional malicious files, normally to a removable drive: autorun.inf VirusScan 001.exe (detected as W32.HLLW.Cydog@mm) PopUp0.txt [Link nur für registrierte Mitglieder sichtbar.] __________________ lesen - denken - posten

24.07.2007, 22:43	#15 (Permalink)
Hangman Administrator Name: Christian Handy: Nokia N95, FuSi Pocket Loox 720 Netzbetreiber: Vodafone Avatare sind nur für MFF-Mitglieder sichtbar! Bike Mania Champion! Registriert seit: 17.04.2006 Ort: Erfurt Beiträge: 3.253 Motto: S*x ist wie Sport: Man spielt 'ne halbe Stunde, schwitzt viel und hofft, daß man nichts ins Auge bekommt. Downloads: 318 Uploads: 306 Abgegebene Danke: 41 Erhielt 408 Danke für 228 Beiträge	Reserviert für SymbOS.Doomboot.O __________________ lesen - denken - posten

24.07.2007, 22:45	#16 (Permalink)
Hangman Administrator Name: Christian Handy: Nokia N95, FuSi Pocket Loox 720 Netzbetreiber: Vodafone Avatare sind nur für MFF-Mitglieder sichtbar! Bike Mania Champion! Registriert seit: 17.04.2006 Ort: Erfurt Beiträge: 3.253 Motto: S*x ist wie Sport: Man spielt 'ne halbe Stunde, schwitzt viel und hofft, daß man nichts ins Auge bekommt. Downloads: 318 Uploads: 306 Abgegebene Danke: 41 Erhielt 408 Danke für 228 Beiträge	[SymbianOS] SymbOS.Doomboot.P Risiko: sehr gering Typ: Trojanisches Pferd entdeckt am: 28.11.2005 auch bekannt als: keine Angabe Information: SymbOS.Doomboot.P is a Trojan horse that affects Symbian series 60 phones and disables several applications on the compromised device. The Trojan may also drop other threats on the device. technische Details: When SymbOS.Doomboot.P is executed, it performs the following actions: Displays the following message: Do you know this will help to maintain battery power put AntiVirus on battery against battery drainer virus Your Regards Ximplify Drops the following files, which may disable certain applications and certain other Symbian threats: C:\ETel.dll C:\etelmm.dll C:\etelpckt.dll C:\etelsat.dll C:\system\apps\AntiVirus\~AntiVirus.app C:\system\apps\AntiVirus\AntiVirus.aif C:\system\apps\AntiVirus\AntiVirus.hlp C:\system\apps\AntiVirus\AntiVirus.ini C:\system\apps\AntiVirus\AntiVirus.lsc C:\system\apps\AntiVirus\AntiVirus.mbm C:\system\apps\AntiVirus\AntiVirus.rsc C:\system\apps\AntiVirus\AVServer.exe C:\system\apps\AntiVirus\Definitions.dat C:\system\apps\AntiVirus\Log.txt C:\system\apps\AntiVirus\Update.ini C:\system\apps\AppInst\Appinst.aif C:\system\apps\AppInst\Appinst.app C:\system\apps\AppMngr\AppMngr.aif C:\system\apps\AppMngr\AppMngr.app C:\system\apps\BatteryDrainer!!\BatteryDrainer!!.a pp C:\system\apps\BatteryDrainer!!\BatteryDrainer!!.M BM C:\system\apps\BatteryDrainer!!\BatteryDrainer!!.r sc C:\system\apps\BatteryDrainer!!\ezrecog.MDL C:\system\apps\caribe\caribe.app C:\system\apps\caribe\caribe.rsc C:\system\apps\CommWarrior\commrec.mdl C:\system\apps\CommWarrior\commwarrior.exe C:\system\apps\file\file.app C:\system\apps\OIDI500\OIDI500.aif C:\system\apps\OIDI500\OIDI500.rsc C:\system\apps\SystemExplorer\SystemExplorer.app C:\system\apps\velasco\marcos.mdl C:\system\apps\velasco\velasco.app C:\system\apps\velasco\velasco.rsc C:\system\CARIBESECURITYMANAGER\caribe.rsc C:\system\programs\cwoutcast.exe C:\system\RECOGS\AVBoot.mdl C:\System\Apps\Menu\Menu.aif C:\System\Apps\Menu\Menu.app C:\System\Apps\Phone\Phone.aif C:\System\Apps\Phone\Phone.app Drops following threats on to the compromised device: C:\system\RECOGS\flo.mdl (A copy of SymbOS.Cabir) C:\system\symbiansecuredata\caribesecuritymanager\ sexxxy.sis (A copy of SymbOS.Cabir) C:\system\apps\OIDI500\OIDI500.mdl (A copy of SymbOS.Cabir) C:\system\apps\OIDI500\OIDI500.app (A copy of SymbOS.Cabir) C:\system\apps\caribe\flo.mdl (A copy of SymbOS.Cabir) C:\system\apps\caribe\caribe.app (A copy of SymbOS.Cabir.B ) C:\system\CARIBESECURITYMANAGER\caribe.app (A copy of SymbOS.Cabir.B ) C:\system\apps\gavno\gavno.app (A copy of SymbOS.Locknut.A) C:\system\apps\AppMngr\AppMngr.aif (A copy of SymbOS.Skulls.C) C:\system\apps\Menu\menu.aif (A copy of SymbOS.Skulls.C) C:\System\Apps\Phone\Phone.aif (A copy of SymbOS.Skulls.C) Changes the icons of most applications to the following Jigsaw puzzle icon, and removes the icon name: Displays the following message: App. closed AppArcServerTh read [Link nur für registrierte Mitglieder sichtbar.] __________________ lesen - denken - posten

24.07.2007, 22:48	#17 (Permalink)
Hangman Administrator Name: Christian Handy: Nokia N95, FuSi Pocket Loox 720 Netzbetreiber: Vodafone Avatare sind nur für MFF-Mitglieder sichtbar! Bike Mania Champion! Registriert seit: 17.04.2006 Ort: Erfurt Beiträge: 3.253 Motto: S*x ist wie Sport: Man spielt 'ne halbe Stunde, schwitzt viel und hofft, daß man nichts ins Auge bekommt. Downloads: 318 Uploads: 306 Abgegebene Danke: 41 Erhielt 408 Danke für 228 Beiträge	[SymbianOS] SymbOS.Doomboot.Q Risiko: sehr gering Typ: Trojanisches Pferd entdeckt am: 05.12.2005 auch bekannt als: keine Angabe Information: SymbOS.Doomboot.Q is a Trojan horse that installs corrupt files on the compromised device preventing it from restarting correctly. The Trojan runs on the Symbian OS, which is the operating system for Nokia Series 60 cellular telephones. technische Details: When SymbOS.Doomboot.Q is executed, it performs the following actions: Drops the following file: Symbian_DFT v1.0.sis Displays a dialog box warning users that the application may be coming from an untrusted source and may cause potential problems when the .sis file is opened. If the user clicks yes, the phone will display a message prompting the user to Install: "Symbian_DFT v1.0" Drops the following corrupt system files on to the compromised device: C:\ETel.dll C:\etelsat.dll C:\etelpckt.dll C:\etelmm.dll C:\System\apps\AppMngr\Appmngr.app Note: If the device is restarted, these files will be loaded and the device will not function correctly. Displays the following message after Installation: New Protection for Symbian Device created By Tomas DFT for Anti-files corrupt. Please Press OK And Restart Your Phone. Creates the following file: \system\install\Symbian_DFT v1.0.sis Note: This file is actually created by the Installer, not the threat. [Link nur für registrierte Mitglieder sichtbar.] __________________ lesen - denken - posten

24.07.2007, 22:49	#18 (Permalink)
Hangman Administrator Name: Christian Handy: Nokia N95, FuSi Pocket Loox 720 Netzbetreiber: Vodafone Avatare sind nur für MFF-Mitglieder sichtbar! Bike Mania Champion! Registriert seit: 17.04.2006 Ort: Erfurt Beiträge: 3.253 Motto: S*x ist wie Sport: Man spielt 'ne halbe Stunde, schwitzt viel und hofft, daß man nichts ins Auge bekommt. Downloads: 318 Uploads: 306 Abgegebene Danke: 41 Erhielt 408 Danke für 228 Beiträge	[SymbianOS] SymbOS.Doomboot.R Risiko: sehr gering Typ: Trojanisches Pferd entdeckt am: 15.12.2005 auch bekannt als: Doomboot.K [F-Secure] Information: SymbOS.Doomboot.R is a Trojan horse that installs corrupt files on the compromised device preventing it from restarting correctly. The Trojan runs on the Symbian OS, which is the operating system for Nokia Series 60 cellular telephones. The Trojan reportedly arrives as F-secure Antivirus.sis. When the user clicks on the .sis file, the phone installer will display a dialog to warn users that the application may be coming from an untrusted source and may cause potential problems. technische Details: When SymbOS.Doomboot.R is executed, it performs the following actions: Display the following message: Install F-secure Antivirus Drops the following corrupt system files onto the compromised device: C:\ETel.dll C:\etelsat.dll C:\etelpckt.dll C:\etelmm.dll Note: If the device is restarted, these files will be loaded and the device will not function correctly. The following file is created by the device Installer, not the threat: \system\install\F-secure Antivirus.sis [Link nur für registrierte Mitglieder sichtbar.] __________________ lesen - denken - posten

24.07.2007, 22:52	#19 (Permalink)
Hangman Administrator Name: Christian Handy: Nokia N95, FuSi Pocket Loox 720 Netzbetreiber: Vodafone Avatare sind nur für MFF-Mitglieder sichtbar! Bike Mania Champion! Registriert seit: 17.04.2006 Ort: Erfurt Beiträge: 3.253 Motto: S*x ist wie Sport: Man spielt 'ne halbe Stunde, schwitzt viel und hofft, daß man nichts ins Auge bekommt. Downloads: 318 Uploads: 306 Abgegebene Danke: 41 Erhielt 408 Danke für 228 Beiträge	[SymbianOS] SymbOS.Doomboot.S Risiko: sehr gering Typ: Trojanisches Pferd entdeckt am: 06.03.2006 auch bekannt als: Singlejump.K [F-Secure] Information: SymbOS.Doomboot.S is a Trojan horse that installs corrupt files on the compromised device preventing it from restarting correctly. The Trojan runs on the Symbian OS, which is the operating system for Nokia Series 60 cellular telephones. technische Details: The Trojan reportedly arrives as Security - Application.sis. When the user clicks on the .sis file, the phone installer displays a dialog box to warn the user that the application may be coming from an untrusted source and may cause potential problems. If the user clicks yes, the phone displays a message prompting the user to instal the following: Install Security - Application The following message is also displayed during installation: Security - Application For Series 60 Copyright © 2006 0ID500 Inc. All rights reserved * 0ID500 TEAM * When SymbOS.Doomboot.S is executed, it performs the following actions: Drops the following files: .\SendSIS.sis (A copy of SymbOS.Cardblock.A) [DRIVELETTER]\System\apps\AppInst\Appinst.aif [DRIVELETTER]\System\apps\AppInst\Appinst.app [DRIVELETTER]\System\apps\BtUi\BtUi.app [DRIVELETTER]\System\apps\FSpreader\FSpreader.app (A copy of SymbOS.Sendtool.A) [DRIVELETTER]\System\apps\FSpreader\FSpreader.rsc [DRIVELETTER]\System\apps\FSpreader\PATH.TXT [DRIVELETTER]\System\apps\Mosquitos\Mosquitos.aif [DRIVELETTER]\System\apps\Mosquitos\Mosquitos.app (A copy of Trojan.Mos) [DRIVELETTER]\System\apps\Mosquitos\Mosquitos.rsc [DRIVELETTER]\System\apps\Mosquitos\Mosquitos_caption.rsc [DRIVELETTER]\System\apps\Mosquitos\addon1.pcm [DRIVELETTER]\System\apps\Mosquitos\addon21.pcm [DRIVELETTER]\System\apps\Mosquitos\addon22.pcm [DRIVELETTER]\System\apps\Mosquitos\audio.dat [DRIVELETTER]\System\apps\Mosquitos\gameover.pcm [DRIVELETTER]\System\apps\Mosquitos\menuswitch.pcm [DRIVELETTER]\System\apps\Mosquitos\ragg.pcm [DRIVELETTER]\System\apps\Mosquitos\raggc.pcm [DRIVELETTER]\System\apps\Mosquitos\saugen.pcm [DRIVELETTER]\System\apps\Mosquitos\shoot.pcm [DRIVELETTER]\System\apps\Mosquitos\shoothit.pcm [DRIVELETTER]\System\apps\Mosquitos\winken.pcm [DRIVELETTER]\System\apps\OIDI500\OIDI500.aif [DRIVELETTER]\System\apps\OIDI500\OIDI500.app (A copy of SymbOS.Cabir) [DRIVELETTER]\System\apps\OIDI500\OIDI500.mdl (A copy of SymbOS.Cabir) [DRIVELETTER]\System\apps\OIDI500\OIDI500.rsc [DRIVELETTER]\System\apps\ProfiExplorer\ProfiExplorer.aif [DRIVELETTER]\System\apps\ProfiExplorer\ProfiExplorer.app [DRIVELETTER]\System\apps\ProfiExplorer\ProfiExplorer.rsc [DRIVELETTER]\System\apps\Profimail\Data\Alert.mid [DRIVELETTER]\System\apps\Profimail\Data\PM_S60.dta [DRIVELETTER]\System\apps\Profimail\Data\config.bin [DRIVELETTER]\System\apps\Profimail\Data\messages.bin [DRIVELETTER]\System\apps\Profimail\Data\shop.txt [DRIVELETTER]\System\apps\Profimail\ProfiMail.aif [DRIVELETTER]\System\apps\Profimail\ProfiMail.app [DRIVELETTER]\System\apps\Profimail\ProfiMail.rsc [DRIVELETTER]\System\SYMBIANSECUREDATA\CARIBESECURITYMANAGER\CA RIBE.APP (A copy of SymbOS.Mabir.A) [DRIVELETTER]\System\SYMBIANSECUREDATA\CARIBESECURITYMANAGER\CA RIBE.RSC [DRIVELETTER]\System\SYMBIANSECUREDATA\CARIBESECURITYMANAGER\CA RIBE.SIS (A copy of SymbOS.Mabir.A) [DRIVELETTER]\System\SYMBIANSECUREDATA\CARIBESECURITYMANAGER\IN FO.SIS (A copy of SymbOS.Mabir.A) C:\ETel.dll C:\System\Fonts\Kill sadam font.gdr (A copy of SymbOS.Fontal.A) C:\System\Fonts\Panic.gdr (A copy of SymbOS.Blankfont.A) C:\System\install\PhoneBook.SIS (A copy of SymbOS.Pbstealer.A) C:\System\install\autoexecdaemon.SIS (A copy of SymbOS.Cabir.C) C:\System\install\commwarrior.SIS (A copy of SymbOS.Commwarrior.A) C:\System\recogs\flo.mdl (A copy of SymbOS.Mabir.A) Note: If the device is restarted, these files will be loaded and the device will not function correctly. The following file is created by the Installer: \system\install\Security - Application.sis [Link nur für registrierte Mitglieder sichtbar.] __________________ lesen - denken - posten

24.07.2007, 22:53	#20 (Permalink)
Hangman Administrator Name: Christian Handy: Nokia N95, FuSi Pocket Loox 720 Netzbetreiber: Vodafone Avatare sind nur für MFF-Mitglieder sichtbar! Bike Mania Champion! Registriert seit: 17.04.2006 Ort: Erfurt Beiträge: 3.253 Motto: S*x ist wie Sport: Man spielt 'ne halbe Stunde, schwitzt viel und hofft, daß man nichts ins Auge bekommt. Downloads: 318 Uploads: 306 Abgegebene Danke: 41 Erhielt 408 Danke für 228 Beiträge	[SymbianOS] SymbOS.Doomboot.T Risiko: sehr gering Typ: Trojanisches Pferd entdeckt am: 25.05.2006 auch bekannt als: Doomboot.M [F-Secure] Information: SymbOS.Doomboot.T is a Trojan horse that drops corrupt files and a copy of SymbOS.Commwarrior.I on to the compromised device. The Trojan runs on the Symbian OS, which is used as the operating system for Nokia Series 60 cellular telephones. The Trojan reportedly arrives as Leslie Loves.sis. technische Details: When SymbOS.Doomboot.T is executed, it performs the following actions: Displays a dialog box to warn the user that the application may be coming from an untrusted source and may cause potential problems when the user opens the Leslie Loves.sis file. If the user clicks yes, the device displays the following message prompting the user to install the threat: Install Leslie Loves The following message is also displayed during installation: File Uploading & Modified by [REMOVED]. Drops the following files: c:\etel.dll c:\system\data\IloveLeslie\LeslieLoves.jpg (A copy of SymbOS.Commwarrior.I) c:\system\data\IloveLeslie\RecQWRD.mdl When the device is restarted the file c:\etel.dll will be loaded and the device will not function correctly. The following file is also created by the device Installer, not the Trojan itself: \system\install\Leslie Loves.sis [Link nur für registrierte Mitglieder sichtbar.] __________________ lesen - denken - posten

Aktive Benutzer in diesem Thema: 1 (Registrierte Benutzer: 0, Gäste: 1)

Themen-Optionen
Druckbare Version zeigen Jemanden per E-Mail auf dieses Thema hinweisen
Ansicht
Linear-Darstellung Zur Hybrid-Darstellung wechseln Zur Baum-Darstellung wechseln