Name: KillAV.C

Nick Name:

Warning level: Low

Tracking: wap

Description:

SymbOS/KillAV.C is a destructive mobile Trojan program aimed at disabling normal mobile applications specifically Mobile Anti-Virus applications by dropping corrupted copies of the application¡¯s files.
It may arrive on a phone disguised as a SIS installer for normal applications or theme packages. It may even display misleading messages.
When the malicious SIS installer is executed, it overwrites normal application files in the device¡¯s application directories, with damaged copies. Some of the popular applications it disables in this way include the following:



!:\system\apps\Anti-Virus\FSAVDT.EXE

!:\system\apps\Anti-Virus\FSAVMANAGER.EXE

!:\system\apps\AntiVirMobile\update\UPDATER.EXE

!:\system\apps\BdMobile\Bdinst.EXE

!:\system\apps\FortiClient\AUTOSCAN.EXE

!:\system\apps\FortiClient\AUTOUPDATE.EXE

!:\system\apps\FortiClient\FORTIREG.EXE

!:\system\apps\FortiClient\UNINSTALL.EXE

!:\system\apps\KSMobile\ksinstaller.exe

!:\system\apps\KSMobile\ksserver.exe

!:\system\apps\mobilesecurity\MOBILESECURITYBOOTER.EXE

!:\system\apps\mobilesecurity\TMSCANSERVER.exe

!:\system\apps\NewFileScan\CUSSERVER.EXE

!:\system\apps\NewFileScan\MANAGESRV.EXE

!:\system\apps\NewFileScan\NETQINMONITOR.EXE

Auto Desinfection:

1. Download and install Viroxware

2. Register and Download the latest and most up-to-date Virusdefinitions

3. Perform a full scan of your phone.

Manual Desinfection:

To disinfect a compromised device, it is necessary to reinstall all overwritten applications. The SymbOS/KillAV.C SIS installer must then be deleted. If this does not restore the phone, formatting the phone may be necessary. All data saved in the C drive will be lost during a format.