Handy Malware und Viren Bedrohung Bibliothek

Name: KillPhone.C

Nick Name:

Warning level: Low

Tracking: wap

Description:

KillPhone.C is a higly destructive mobile Trojan program aimed to render the infected phone unusable upon infection. Normal programs related to the phone¡¯s operating system are replaced with corrupted copies of these files.

It may arrive on a phone disguised as a SIS installer for normal applications.

When the malicious SIS installer is executed, it overwrites normal application files in the device¡¯s Libs and Programs directories with damaged copies. Some of the files that are overwritten are the following:

!:\System\Libs\BTManServer.exe

!:\System\Libs\DeviceManagementServer.exe

!:\System\Libs\EComServer.exe

!:\System\Libs\eFile.exe

!:\System\Libs\eKern.exe

!:\System\Libs\EwSrv.exe

!:\System\Libs\FbServ.exe

!:\System\Libs\MmfAudioPolicy.exe

!:\System\Libs\MmfIsaTone.exe

!:\System\Libs\PengcacServ.exe

!:\System\Libs\PengServer.exe

!:\System\Libs\RandSvr.exe

!:\System\Libs\SdpServer.exe

!:\System\Libs\WalletServer.exe

!:\System\Libs\Watcher.exe

!:\System\Libs\WimServer.exe

!:\System\Programs\Agsvexe.exe

!:\System\Programs\AknIconSrv.exe

!:\System\Programs\AknSkinSrv.exe

!:\System\Programs\AlarmServer.exe

!:\System\Programs\AlwaysOnlineStarter.exe

!:\System\Programs\AppRun.exe

!:\System\Programs\ApsExe.exe

!:\System\Programs\BakSrvs.exe

!:\System\Programs\BTServer.exe

!:\System\Programs\c32Exe.exe

!:\System\Programs\c32Start.exe

!:\System\Programs\CalenSvr.exe

!:\System\Programs\CamServerCore.exe

!:\System\Programs\CBSServer.exe

!:\System\Programs\CdlServer.exe

!:\System\Programs\CLKNITZMDLS.exe

!:\System\Programs\CNTSrv.exe

!:\System\Programs\Connmonexe.exe

!:\System\Programs\DataConnectionLogger.exe

!:\System\Programs\DBRecovery.exe

!:\System\Programs\Dnd.exe

!:\System\Programs\DosServer.exe

!:\System\Programs\DRMHelperServer.exe

!:\System\Programs\EDbSrv.exe

!:\System\Programs\eikSrvs.exe

!:\System\Programs\EInfoServer.exe

!:\System\Programs\FaxModem.exe

!:\System\Programs\LogServ.exe

!:\System\Programs\MSexe.exe

!:\System\Programs\Ncnlist.exe

!:\System\Programs\NPAPrivlistener.exe

!:\System\Programs\ObexmtMuiServer.exe

!:\System\Programs\PhoneServer.exe

!:\System\Programs\Sae.exe

!:\System\Programs\SatServer.exe

!:\System\Programs\Schexe.exe

!:\System\Programs\SecEnvInit.exe

!:\System\Programs\SecurityObserver.exe

!:\System\Programs\SharedDataServer.exe

!:\System\Programs\SicServer.exe

!:\System\Programs\SipServer.exe

!:\System\Programs\SRCS.exe

!:\System\Programs\Starter.exe

!:\System\Programs\Sysagx.exe

!:\System\Programs\Sysamob.exe

!:\System\Programs\Systemams.exe

!:\System\Programs\UniPertar.exe

!:\System\Programs\UsbSvr.exe

!:\System\Programs\UsbWatcher.exe

*where ! represents a drive specified by the user during installation

SymbOS/KillPhone.C affects Symbian 2nd edition devices.

Auto Desinfection:

1. Download and install Viroxware

2. Register and Download the latest and most up-to-date Virusdefinitions

3. Perform a full scan of your phone.

Manual Desinfection:

If the infected phone has been restarted and boot has failed, the only option is to perform a hard reset. This will erase all data stored in the phone¡¯s C drive (including the Phonebook, Calendar, etc.) and restore the phone to its factory settings, (make a copy of relevant information prior to this if required). To perform a hard reset/format on Nokia phones:

1. Turn off the phone.
2. While holding the following buttons down , ¡�Call (green)¡� + ¡�*¡� + ¡�3¡�, turn on the phone
3. Alternatively, key in *#7370# enter �C 12345 enter and this will hard reset the phone

After the reset, scan your mobile device using UMU Scan and delete all files detected as SymbOS/KillPhone.C.