Worm.SymbOS.Cabir.a Cabir is the first network worm capable of spreading via Bluetooth; it infects mobile phones which run Symbian OS. A wide range of phones from a number of manufacturers use this technology
. It is clear that Nokia 3650, 7650 and N-Gage phones can all be infected by Cabir. However, any handset running Symbian OS is potentially vulnerable to infection.
They are identical, except that one version, when displaying a Window Alert text, will include the text line VZ/29a. The worm itself is an SIS format file, called caribe.sis, of 15092 bytes in size (the second version is 15104 bytes in size)
File berisi : + caribe.app: 11932 bytes/ 11944 bytes in size + flo.mdl: 2544 bytes in size + caribe.rsc: 44 bytes in size
also you can remove with this decabir.
Worm.SymbOS.Cabir.b This malicious program is a womr which runs under Symbian. The worm itself is a SIS file. The file is 10,000 bytes in size. The file spreads via Bluetooth.
Dimana?
C:\system\apps\OIDI500\OIDI500.aif — is an executable EPOC file, and is 11932 bytes in size. This is the main worm file. C:\system\apps\OIDI500\OIDI500.app — is a file containing program resources. C:\system\apps\OIDI500\OIDI500.mdl — ensures that the malicous program will be automatically started if the device is rebooted. C:\system\apps\OIDI500\OIDI500.rsc — is the application icon file.
Ketika sudah terinstal >> Once the device has been infected, a file called C\:SYSTEM\SYMBIANSECUREDATA\CARIBESECURITYMA\CARIB E.SIS.It is this file which will be transmitted in order to infect other devices. The worm then scans for accessible devices which have Bluetooth enabled. The worm will choose the first accessible device in the list and attempt to send caribe.sis to this device. The worm has no malicious payload apart from its propagation routine.However, the worm's presence in memory and its attempts to scan for accessible Bluetooth devices may cause an infected device to become unstable.
This malicious program is a worm which runs under Symbian. The worm itself is a SIS file. The file is 13,200 bytes in size. It spreads via Bluetooth.
Where ?C:\SYSTEM\apps\MYTITI\MYTITI.app is an executable EPOC file, and is 11,932 bytes in size. This is the main worm file; C:\SYSTEM\apps\MYTITI\MYTITI.rsc is the worm's resource file; C:\SYSTEM\apps\MYTITI\flo.mdl ensures that the malicous program will be automatically started if the device is rebooted.
When installed >>
Once the device has been infected, a file called C\:SYSTEM\SYMBIANSECUREDATA\CARIBESECURITYMA\CARIB E.SIS is created. It is this file which will be transmitted in order to infect other devices. The worm then scans for accessible devices which have Bluetooth enabled. The worm will choose the first accessible device in the list and attempt to send caribe.sis to this device. The worm has no malicious payload apart from its propagation routine. However, the worm's presence in memory and its attempts to scan for accessible Bluetooth devices may cause an infected device to become unstable. *poDo wAe*
This worm is programmed for mobile phones running Symbian OS. The worm itself is an SIS file named caribe.sis. The file is 17596 bytes in size. The file contains three other files:
- caribe.app: approximately 14440 bytes in size - flo.mdl: approximately 2540 bytes in size - caribe.rsc: 44 bytes in size Where?
Akan muncul pesan di tampilan depan hape Code:"Caribe Version 2 - ValleZ/29a"
Each time the user switches on the infected telephone, the worm will scan the list of active BlueTooth connections. IT will then select the first connection listed as accessible, and will attempt to send the main file to the device. The recipient will see the following message: Code:Install Caribe?
f the recipient answers yes, then the infected file will be accepted, and the user will be asked if they wish to launch the file. This depends on the model of the telephone - please see the description of Worm.SymbOS.Cabir.a for further details) n addition to this, the worm, unlike previous versions of Cabir, is able to self replicate via MMS. It will automatically answer any incoming SMS or MMS with an MMS which includes an attached copy of the infected file.
WinCE.Duts.a is the first virus for devices running under Windows CE .NET. It can infect devices running the following operating systems: PocketPC 2000, PocketPC 2002, PocketPC 2003. The virus itself is an ARM processor program and is 1520 bytes in size. When run, the program displays the following message:
When Installed >>
If confirmation is given, the virus will infect executable files which correspond to the following criteria: ARM processor, more than 4KB in size, located in the device's root directory (My device). The virus writes itself to the last section of these files and establishes an entry point at the beginning of the file. Infected files will contain the signature 'atar' in an unused PE header.
Worm.SymbOS.Lasco.a
Worm.SymbOS.Lasco.a is a worm capable of infecting PDAs and mobile phones running under Symbian OS. Lasco spreads to executable files [SIS archives] on the infected device, making it the first virus for this platform. Lasco.a was written by the author of the most recent versions of Worm.SymbOS.Cabir and based on Cabir's source code. Lasco.a replicates via BlueTooth in the same way as Cabir does. In addition to replicating via BlueTooth, Lasco.a also infects files. When executing, it scans the disk for SIS archives, and attempts to infect these files found by inserting its code. Lasco.a has been developed in two ways: one is an application for the Win32 platform, which infects SIS files, and the other is for the Symbian platform.
* velasco.sis is 15750 bytes in size, and contains the code of the virus itself * sisinfect.exe is 69632 bytes in size, and is an infector developed for Windows. This file will scan local disks for SIS files and infect them by inserting the contents of velasco.sis. * marcos.sis is 1579 bytes in size and contains a module, marco.mdl, which installs velasco.sis into the Symbian autostart system.
This Trojan program infects mobile phones running Symbian. Any mobile running Symbian is potentially vulnerable. The Trojan itself is an SIS file, usually called 'extendedtheme.sis', although it may have a different name. The file is 1,192,117 bytes in size. The Trojan was distributed via a range of mobile phone forums. It was presented as a program with new icons, new wallpaper etc.
Setelah terInstall, Trojan membuat file dan aplikasi2 baru :
All these files contain text in Russian, and do not contain service information appropriate to the format. If an attempt is made to launch the .app file, which is not in fact executable, an operating system error will occur. This means that the infected mobile device may lose part of its functionality.
This is the first worm for mobiles phones which is able to propagate via MMS. It infects telephones running under OS Symbian Series 60. The executable worm file is packed into a Symbian archive (*.SIS). The archive is approximately 27 - 30KB in size. The name of the file varies: when propagating via Bluetooth, the worm creates a random file name, which will be 8 characters long. ex : bg82o_s1.sis
The worm propagates via Bluetooth and MMS. Once launched, the worm will search for accessible Bluetooth devices and send the infected .SIS archive under a random name to these devices. In order to open the attachment (which will consequently infect the telephone) the user will have to confirm several times that he wishes to receive the file.
kLo MMS uda terkirim, akan muncul pesan berikut kpd si penerima : Code: * Norton AntiVirus Released now for mobile, install it! * 3DGame 3DGame from me. It is FREE ! * 3DNow! 3DNow!(tm) mobile emulator for *GAMES*. * Audio driver Live3D driver with polyphonic virtual speakers! * CheckDisk *FREE* CheckDisk for SymbianOS released!MobiComm * Desktop manager Official Symbian desctop manager. * Display driver Real True Color mobile display driver! * Dr.Web New Dr.Web antivirus for Symbian OS. Try it! * Free SEX! Free *SEX* software for you! * Happy Birthday! Happy Birthday! It is present for you! * Internet Accelerator Internet accelerator, SSL security update #7. * Internet Cracker It is *EASY* to *CRACK* provider accounts! * MS-DOS MS-DOS emulator for SymbvianOS. Nokia series 60 only. Try it! * MatrixRemover Matrix has you. Remove matrix! * Nokia ringtoner Nokia RingtoneManager for all models. * PocketPCemu PocketPC *REAL* emulator for Symbvian OS! Nokia only. * Porno images Porno images collection with nice viewer! * PowerSave Inspector Save you battery and *MONEY*! * Security update #12 Significant security update. See www.symbian.com * Symbian security update See security news at www.symbian.com * SymbianOS update OS service pack #1 from Symbian inc. * Virtual SEX Virtual SEX mobile engine from Russian hackers! * WWW Cracker Helps to *CRACK* WWW sites like hotmail.com
This Trojan infects mobile phones running Symbian. The Trojan substitutes non-functional files for some system applications. The Trojan itself is an SIS installer file for Symbian 60 Series. The file is 31210 bytes in size, and may be called freetalktime.sis.
THE NAME OF THIS VIRUS IS RAGHU.... U KNOW WHY....????????
BECAUSE I LIKE VASTAV MOVIE AND SANJU BABA.
U LIKE THIS VIRUS?
SO MANY SOFTWARE CRACKS AND VIRUS AVAILABLE SOON....
RAGHU NAM HE RAGHU...
Removal Instruction at
above
Trojan-SMS.J2ME.RedBrowser.a
This Trojan infects mobile phones running Java (J2ME). The Trojan spreads in the guise of a program called "RedBrowser", which allegedly enables the user to visit WAP sites without using a WAP connection. According to the Trojan's author, this is made possible by sending and receiving free SMSs. In actual fact, the Trojan only sends SMSs to premium rate numbers, at a rate of $5 - $6 per SMS. The Trojan is a Java application, a JAR format archive. The file may be called "redbrowser.jar", and is 54482 bytes in size. The Trojan can be downloaded to the victim handset either via the Internet (from a WAP site) or via Bluetooth or a personal computer.Dimana?
* FS.class - auxiliary file (2719 bytes in size) * FW.class - auxiliary file (2664 bytes in size) * icon.png - graphics file (3165 bytes in size) * logo101.png - graphics file (16829 bytes in size) * logo128.pnh - graphics file (27375 bytes in size) * M.class - interface file (5339 bytes in size) * SM.class - Trojan application which sends SMS messages (1945 bytes in size)
Removal Instruction at
Actually, if you already run this App, just press Off Call or Off phone then go to App Manager > Uninstall it immediately.
Trojan:SymbOS/Blankfont.A BlankFont.a is a SIS file trojan that installs a corrupted Font file.
Just like this if i installed it.
then it will put the File *.gdr on
Code:
C:\System\Fonts\Panic.gdr
removal instruction
Open any File Explorer like X-Plore, then go to that Folder and rename it to anything what you want. Reboot, go to that Folder again and Delete the Folder.
Botton.a
This Trojan is unknown bcouse i haven't installed it.
This is a Symbian Series 60 trojan that installs Cabir, Skulls, Doomboot, and Bootton trojan into the Series 60 handsets.
Trojan tested using NOKIA 6680 ( Symbian OS 8.0)
Positive analysis results:
This trojan is prove to be succeed performs its malicious activities in NOKIA 6680. As usual, this trojan applied skulls technique to disable some of the application in the phone by replacing non-functional or corrupted files with the original one. However, some of the application still working because those files was replaced by Booton.A trojan which changed the actual icon of the application into a love icon while the application is still working. This malware also drops doomboot.A trojan in the process while attacking the phone. After my phone has been restarted, when accessing the menu system, my phone auto restart. McAfee AVERT (Anti-Virus Emergency Responding Team) mentioned that this trojan will disable the phone from startup but I notice that it does not successfully perform its action in NOKIA 6680.
?:\nokia\imags\nokias\DFT God Damn'it!!!\DFT the creator!!!!!.gif
Delete all those
Dampig.a
Dampig.A is a malicious SIS file dropper, that pretends to be a crack for version 3.2 of FSCaller application. The Dampig.A disables some system applications and third party file managers and installs several variants of Cabir worm on the phone. The Dampig.A trojan disables Bluetooth UI, system file manager, Messaging application and phone book on the infected handheld. Also the Dampig.A will corrupt the uninstallation information in the system installer, so that it cannot be uninstalled without being disinfected first. The menu application is not disabled, so the user is able to use his phone, and download Anti-Virus to disinfect the phone without any special tool. None of the Cabir variants installed on the phone will start automatically, but some of the applications that are replaced with Cabir executables, such as Messaging application, will be most likely called and thus executed by the user. All of the Cabir variants worm dropped by Dampig.A are already detected. So the Dampig.A is already detected and stopped without need for updated Anti-Virus database. Please note, that even as the FSCaller application that Dampig.A prenteds to crack, has similar name to our product naming. It has nothing to do with F-Secure. FSCaller is software made by SymbianWare OHG in Germany. Installation to system
When installed Dampig.A will replace most common third party file managers, and key system applications with non-functional versions. Spreading in Fscaller3.2Crack7610.sis or vir.sis Payload Disables following applications Bluetooth UI Camera FExplorer Messaging Phonebook SmartFileManager Smartmovie SystemExplorer UltraMP3
Kill the Cabir variants that are currently running in the system: 1. Press menu button until you get a list of running applications 2. Kill all applications that look suspicious by pressing 'C' button
Mabir.A
Viruses for mobile phones were developed at first to prove that it is possible, but the new versions have become more and more aggressive.
After Cabir and Commwarrior have showed that viruses for the Symbian Series 60 operating system can spread through MMS, a new virus attacks smartphones: Mabir.A.
Discovered by F-Secure, MabirA has a very interesting spreading procedure. Instead of reading addresses and phone numbers, Mabir.A intercepts all SMS and MMS messages. Immediately, the virus will be sent as a MMS message to the number that sent the initial message; the receivers will assume that the message is a reply.
After analyzing the virus, the F-Secure experts have reached the conclusion that the ones responsible for the Cabir virus are also responsible for the new virus. MabirA is derived from the same source code as Cabir.
The fact that viruses aimed at cell phones are targeting MMSs is very troubling considering the costs involved in sending such a message from one network to another or from one country to another.
Moreover, the fact that the new version appears only a few weeks after Cabir is a sign that those involved might prepare other surprises.
Like the first versions of Cabir, Mabir.A is also able to spread through Bluetooth; the virus searches for the closest phone and sends a copy of the virus.
Where ?
Code:
?:\system\apps\caribe\caribe.rsc
?:\system\apps\caribe\flo.mdl
?:\system\apps\carfibe\caribe.app
Locknut.B
Locknut.B is a malicious SIS file trojan that pretends to be patch for Symbian Series 60 mobile phones.
When installed Locknut.B drops a binary that will crash a critical System component, that will prevent any application from being launched in the phone. Thus effectively locking the phone.The Locknut.B will also drop a copy of Cabir.V into the device, but it will not start automatically. And is harmless anyway as the Locknut.B kills all applications on the infected phone, including Cabir.V that is installed from the same SIS file.
Even if Locknut.B is disinfected the Cabir.V still wont start, as it is installed into wrong directory in the infected phone.
If user starts Cabir.V manually, after disinfecting locknut, the Cabir.V will spread as pure Cabir.V and will not transfer Locknut.B into other devices.
Locknut.B drops corrupted binary file that will cause crash in a critical operating system component. The locknut.B also drops Cabir.V, which does not start on the phone, unless executed on purpose after disinfection.
Locknut.A
Locknut.A is a malicous SIS file trojan that prentends to be patch for Symbian Series 60 mobile phones.
When installed Locknut.A drops binaries that will crash a critical System component, that will prevent any application from being launched in the phone. Thus effectively locking the phone.
There are also claims that Locknut would disable calling functionality, so that user couldn't make calls with infected phone. But we could not reproduce this effect with any phones we have.
Also Locknut.A will only work with devices that have Symbian OS 7.0S or newer, devices that use Symbian OS 6.0 or 6.1 are unaffected.
Locknut is targeted against Symbian Series 60 devices, but also series 70 devices, such as Nokia 7710 are vulnerable to Locknut. However when trying to install Skulls trojan on Nokia 7710, user will get a warning that the SIS file is not intended for the device, so risk of accidental infection is low.
Some AV companies call this trojan Gavno, but since this word means rather vulgar term in Russian. AV community has decided to rename it as Locknut.
There are also versions of Locknut that include Cabir.B in same SIS file, that some companies call Gavno.B. But since the actual trojan functionality is totally identical to Locknut.A we call both samples Locknut.A
The Cabir.B included in the Locknut.A samples is harmless as the Locknut kills all applications on the infected phone, including Cabir.B that is installed from the same SIS file.
Even if Locknut.B is disinfected the Cabir.B still wont start, as it is installed into wrong directory in the infected phone.
If user starts Cabir.B manually, after disinfecting locknut, the Cabir.B will spread as pure Cabir.B and will not transfer Locknut.A into other devices.
Where ?
Code:
?:\system\Apps\caribe\caribe.aif
?:\system\Apps\caribe\caribe.app
?:\system\Apps\caribe\flo.mdl
?:\system\Apps\gavno\gavno.App
?:\system\Apps\gavno\gavno.Rsc
?:\system\Apps\gavno\gavno_caption.rsc
?:\system\CARIBESECURITYMANAGER\caribe.app
?:\system\CARIBESECURITYMANAGER\caribe.rsc
?:\system\CARIBESECURITYMANAGER\caribe.sis
?:\system\RECOGS\flo.mdl
1. Install f-Locknut.sis into infected phones memory card with a clean phone 2. Put the memory card with F-Locknut into infected phone 3. Start up the infected phone, the application menu should work now 4. Go to application manager and uninstall the SIS file in which you installed the locknut variant
Hobbes.A is a malicious SIS file trojan that drops corrupted binary that causes the application loader to crash on older phones that use Symbian OS.
The Hobbes.A affects only phones that use Symbian OS version 6.1, which means that only old models such as Nokia NGage and Nokia 3650 are affected by the trojan. Hobbes.A pretends to be a pirated copy of Symantec Anti-Virus for Symbian phones. The installation package contains texts that instruct user to reboot after installation.
The corrupted binary in Hobbes.A causes OS to fail at boot so that none of the system applications are started. This means that all smartphone functionalities are disabled, calling and receiving calls on the phone works as normal.Users who have a phone that is infected with Hobbes.A must not reboot their phone, as the damage caused by Hobbes.A is activated only on reboot.
When installed to the system the Hobbes.A installs corrupted version of FExplorer trying to disable FExplorer file manager, but fails as it installs it into incorrect directory.
Hobbes.A also installs several recognizer components to C: and E: drives, one of the components is a corrupted version of legitimate application which is missing it's other components and thus crashing on boot on older Symbian versions.
Where ?
Code:
?:\apps\FExplorer\FExplorer.aif
?:\apps\FExplorer\FExplorer.app
?:\apps\FExplorer\FExplorer.rsc
?:\apps\FExplorer\FExplorer_CAPTION.rsC
?:\apps\FExplorer\flo.mdl >> always use this? :d
?:\system\recogs\jjlas.mdl
?:\system\recogs\RecAppForge.mdl >> Fake of AppBooster
E:\system\apps\FExplorer\FExplorer.mbm
E:\system\recogs\recAutoExec.mdl
E:\system\recogs\UltraMP3Rec.mdl >> we will think this is really from UltraMP3. :D
1.Uninstall the Symantec.sis using application manager
Disinfection is user has rebooted the phone
2. Remove memory card from the phone and boot it again 3. Install some file manager on the phone 4. Go to the memory card and delete file \system\recogs\recAutoExec.mdl
3 SIMPLE STEPS TO REMOVE THIS VIRUS.. If your phone is infected by beselo,it will build some file with randomly name on C/ and E/system/apps/xxxx.Exe and xxxx.Sis(ussually on bottom of apps folder) all you need is an explorer apps (x-plore or another apps like Fexplorer)first,you must set your x-plore or Fexplorer to be enable to see hidden and system file.
Here we go,it will take a bit of time,just 3 simple steps... Step1: just try to delete this item: =>C/system/recogs =>E/system/recogs note: if you worry about it,before delete this FOLDER,u can move/back them up into another folder. This is the key "YOU MUST CERTAINLY DELETE/MOVE THIS FOLDER FROM SYSTEM FOLDER,MAKE THIS FOLDER DISSAPEAR FROM YOUR SYSTEM FOLDER"
step 2: RESTART your phone
step 3: using your x-plore again,delete this following item(you have to quick before it works again): =>C/ and E/system/apps/[xxxxx.Sis] and [xxxxx.Exe] =>C/system/data/xxxxx.Exe =>C/system/mail/Mailserver.Exe(under INDEX file)
note:why you must restart your phone? Because this file [xxxxx.Sis] and [xxxxx.Exe],it can't be deleted, before you RESTART your phone,it will appears and appears again.... Already tested on s60v1 and v2
is a malicious SIS trojan that installs a malfunctioning system component that cause different behaviour depending on the ROM software version in the device. Different effects witnessed range from freezing of the device requiring a restart, to disabling the power button on the device, or in some cases no apparent effect on device at all.
When a user opens this file, the phone installer will display a dialog to warn users that the application may be coming from an untrusted source and may cause potential problems.
In the case of freezing the device, shortly after the device infected with SymbOS/RommWar.A restarts, it shows a notification similar to the picture above. When this notification is displayed the only working function on the device is the option to power-off.
Depending on the effect caused by SymbOS/RommWar.A, removal of the malfunctioning components might be possible by going to application manager and uninstalling the SIS file in which SymbOS/RommWar.A arrived.
Z:\System\Apps\Startup\Startup.r02 infected with Trojan.SymbOS.RommWar.a Z:\System\Apps\Startup\Startup.app infected with Trojan.SymbOS.RommWar.a
I also trying this one on my other phone and i haven't knew that malware. A malware infect a ROM area? I think that alarm Antivirus is just a false alarm. You must have installed KAV_Mobile_s602nd_v_6_0_80_en.sis on your phone.
MGDropper.A
MGDropper is a malicious SIS file dropper, that disables most well known third party file managers and Anti-Virus software and installs Cabir.G worm on the phone. The Cabir.G is started automatically when the MGDropper is installed and will start spreading. When Cabir.G spreads from MGDropper infected phone, the SIS files it sends will contain only the Cabir.G not MGDropper. However the MGDropper also installs the Cabir.G into different directory as SEXXXY.SIS, which also disables phone menu application. MGDropper tries to disable F-Secure Mobile Anti-Virus by replacing it's files with non-functional versions. However as F-Secure Mobile Anti-Virus is capable of detecting Cabir.G contained by MGDropper using generic detection. The Anti-Virus will detect the infected SIS file and prevent it from being installed. Provided that the Anti-Virus is in realtime scan mode as it is by default. The Cabir.G worm dropped by MGDropper is already detected with generic detection as Cabir.Gen. So the MGDropper is already detected and stopped without need for updated Anti-Virus database. Where is ?
When installed MGDropper will replace most common third party file managers, Anti-Virus programs and application installer with non-functional versions. Payload Disables following applications Simworks Anti-Virus F-Secure Mobile Anti-Virus Application installer Cabirfix Decabir F-Cabir FExplorer File manager Smart file manager System Explorer
Code:
For full disinfection of MGDropper you need help of another Series 60 phone that is not infected with the trojan, and clean memory card on that phone.
Onehop.A Onehop.A is a Symbian SIS file trojan that causes device to reboot when trying to use system applications and sends copies to SymbOS/Bootton.A trojan to first device it finds with bluetooth. In its structure Onehop.A is quite similar to Skulls family trojans. With the exception that instead of replacing system files with corrupted binaries,the Onehop.A uses application that causes device to reboot. Thus if a device is infected with Onehop.A, pressing menu button or any system application button the device immediately reboots. Onehop.A disables most of critical system functions and third party file managers, so that even if the device wouldn't immediately reboot it is still unusable before it is disinfected. In addition of disabling applications on the phone, uses a modified version of cabir as distribution component for SymbOS/Bootton.A. So that first phone that is found over bluetooth receives Bootton.A over bluetooth if the user accepts connection. The modified Cabir that Onehop.A infects the device with is incapable of spreading, so it is detected as component of Onehop.A not as separate malware. Like Skulls.A the Onehop.A replaces the application icons with it's own icon, this time the icon is a heart icon with the text "I-Love-U" Where is ?
Then, if i open that Dont4get2readme.txt and ThNdRbRd.gif is :
Code:
Saying HELLO From Here (SYRIA)
TO All The WORLD !!!
I Wish U N-Joy UR
Damaged Device ..
U Know, Not all may Read These Words But,
No Problem Bcuz Some will,
But even This, Thats The Way I Love U All ...
;-)
Regards,
ThNdRbRd
the picture is :
In Additional, i have extracted that C:\system\ThNdRbRdMainFiles\ThNdRbRdSecuritySystm\ ILoveU.sis and there is a same extracted files with that malware Onehop.A except on folder C:\system\ThNdRbRdMainFiles\ThNdRbRdSecuritySystm\ Just one file following it. I think the creator just remixed these files from another malware, just recollect it. Then he repack it to one SIS files and included his own Signature
Skuller.A
This Trojan program infects mobile phones running Symbian. Any mobile running Symbian is potentially vulnerable. The Trojan itself is an SIS file, usually called 'extendedtheme.sis', although it may have a different name. The file is 1,192,117 bytes in size. The Trojan was distributed via a range of mobile phone forums. It was presented as a program with new icons, new wallpaper etc. During installation, the Trojan creates the following information and application files:
The application files created by the Trojan program are standard application files for the Symbian platform and do not contain any malicious code. The .aif files, however, are malicious; these create skull icons and block access to the application for which the skulls act as an icon.
All the applications on the telephone will cease to function. Once a telephone has been infected it can only be used to make calls; SMS, MMS, camera, organiser functions etc. will no longer work.
This skuller is same as Skuller.A but some differents on System\Libs and System\CARIBESECURITYMANAGER, then this virus also include flo.mdl on System\Recogs.
Effect is same as both, but this one also show us the Background display on main screen with this file C:\System\data\Backgroundimage.mbm. if we shot on Menu, just like this :
