This is default featured post 1 title

Go to Blogger edit html and find these sentences.Now replace these sentences with your own descriptions.This theme is Bloggerized by Lasantha Bandara - Premiumbloggertemplates.com.

This is default featured post 2 title

Go to Blogger edit html and find these sentences.Now replace these sentences with your own descriptions.This theme is Bloggerized by Lasantha Bandara - Premiumbloggertemplates.com.

This is default featured post 3 title

Go to Blogger edit html and find these sentences.Now replace these sentences with your own descriptions.This theme is Bloggerized by Lasantha Bandara - Premiumbloggertemplates.com.

This is default featured post 4 title

Go to Blogger edit html and find these sentences.Now replace these sentences with your own descriptions.This theme is Bloggerized by Lasantha Bandara - Premiumbloggertemplates.com.

This is default featured post 5 title

Go to Blogger edit html and find these sentences.Now replace these sentences with your own descriptions.This theme is Bloggerized by Lasantha Bandara - Premiumbloggertemplates.com.

Rabu, 02 November 2011

Doomboot Virus Symbian

05.09  Virus Information  1 comment

Although the spread of the virus Doomboot not as powerful as a computer virus, but the damage caused Doomboot virus is quite serious.
The full name is SymbOS.Doomboot.A Doomboot virus, the virus also have pseudonyms, among others Doomboot.A, popularized by F-Secure, and SYMBOS_DOOMED.A popularized by Trend Micro.
This virus was first circulated to exist on July 7, 2004. Doomboot including the category of trojan virus. Laying works and make the files corupted or damaged, after the device is infected with the virus. The virus will also include virus Doomboot Commwarrior variant B at the time of virus installed, the system that corupted cause the device to fail to boot.
Doomboot virus spread as if he is the installer file Symbian version of Doom games that have been on crack that has been free from the trial. One is Doom_2_cracked_DFT_s60_v1.0.sis. So be careful when you install the cracked application products, it could be a cracker has installed traps Doomboot trojan virus in it, unless the application results from the crack cracker teams who you believe. If you receive the file and install it, you will not receive any technical message after the installation process, you also will not think that your device has been infected with the virus, because there is no icon or any signs of the virus. Commwarrior B virus variant that was installed by Doomboot will work without you knowing, and this virus will spread itself via bluetooth.
This will cause your device battery will quickly run out, Doomboot cause the device after turned off and on in turn would have failed to boot, if you already do a reboot then the only way you can do is do a hard reset on your device.
Finally saved data will be lost without a trace. If it is not until you do reboot, you can follow the following steps to remove the virus:
Attach file manager application X-pore
Enable the function that allows you to view the files contained on the system folder
Kemudaian you delete the files as follows:
C: \ Etel.DLL
C: \ etelmm.DLL
C: \ etelpckt.DLL
C: \ etelsat.DLL
C: \ system \ install \ app \ COMMWARRIOR.B.SIS
After that came out of the earlier application file manager
Downloads and install antivirus, scanning in all drives, so the file Doomboot really do not exist anymore.
Read More

What is SymbOS/Appdisabler

05.06  Virus Information  2 comments

SymbOS/Appdisabler.a!sis is a virus detection that infects other files in order to spread. Viruses are programs that copy themselves to spread from one system to another through Internet, Email, or carried in a removable medium such as a floppy disk, CD, DVD, or USB drive. Viruses also can be disguised as attachments of funny images, greeting cards, or audio and video files. They are reproducible and damageable.
How to remove SymbOS/Appdisabler.a!sis with SymbOS/Appdisabler.a!sis Removal ?
Generally, if your computer infected by a SymbOS/Appdisabler.a!sis, the performance is abnormal and your web browser is locked up. The following procedures are necessary to remove a SymbOS/Appdisabler.a!sis with SymbOS/Appdisabler.a!sis removal.
1     Stop connecting with Internet and close the web browser right now.
2     Scan for other, but be attention, SymbOS/Appdisabler.a!sis can escape or hide from anti-other programs.
Note: The majority of Other found early will be remove fast and simple with the first 2 steps. If you have still remove SymbOS/Appdisabler.a!sis, please read on.
3     Restart into safe mode. Press F8 several times if you need to. Select Safe Mode from the resulting menu.
4     Restore system under safe mode to kill SymbOS/Appdisabler.a!sis in-depth.
5     At this point, SymbOS/Appdisabler.a!sis would be removed from your system and enjoy your secure computer.
These steps are essential in protecting your computer from many kinds of viruses, but they aren’t the only important keys to safety. You still should take care.
Read More

Rojan SymbOS/Cardtrap

05.00  Virus Information  No comments

Trojan:SymbOS/Cardtrap.M is  a trojan distributed in a malicious SIS file that disables several Symbian built in applications, tries to damage several anti-virus applications, and installs several Windows viruses worms and trojans to memory card.
The Windows malware installed to memory card is installed with icons, batch files and short cut links, that try to fool user to execute a malicous file when he is trying to investigate the card contents.
The files that Cardtrap.M drops to the memory card contains several references to F-Secure and some files use F-Secure icons. F-Secure has nothing to do with the creation of Cardtrap or any other malware; the actual creator is trying to use the reputation of F-Secure as a way of fooling users into trusting the file on the memory card.
Installation
Cardtrap.M installs several damaged files to phone memory to disable key System applications and anti-virus products.
Cardtrap.M disables following system applications:
• Application manager
• Browser
• File manager
• Media gallery
• MMS and SMS messaging inbox
F-Secure Mobile Anti-Virus is capable of detecting Cardtrap.M with generic detection, so if phone has functional Anti-Virus installed the Cardtrap.M is blocked before it can be installed.
Installation to MMC card
Cardtrap.M installs several Windows viruses, worms and trojans to the phone MMC card. The Windows malwares, are installed with filenames,icons and shortcut links, that try to fool user into clicking them.
Cardtrap.M installs following Windows malwares to MMC card:
• Virus.Win32.Kangen.a
• Email-Worm.Win32.Brontok.c
• VBS/Starer.A
• VBS/Soraci.A
• Trojan.Win32.VB.ve
Picture of MMC card contents when viewed with Windows Explorer:
The files that Cardtrap.M drops to the memory card, contains several references to F-Secure and some files are with F-Secure icons. But F-Secure has nothing to do with creation of Cardtrap or any other malware.
The MMC card also contains modified version of Opera start page HTML files that try to fool the user to install additional Symbian malware SIS files that are installed to the card.
If user has Opera installed in MMC card, he will see the modified version of Opera default content.
Cardtrap.M installs following Symbian malware SIS files
• SymbOS/Doomboot.K
• SymbOS/Cabir.AB
• Symbian dropper for Win32/Istbar.IS
Name : Trojan:SymbOS/Cardtrap.M
Category: Malware
Type: Trojan
Platform: SymbOS
Read More

Rojan SymbOS/Locknut

04.57  Virus Information  1 comment

Trojan:SymbOS/Locknut.A is a malicous SIS file trojan that pretends to be patch for Symbian Series 60 mobile phones. It is distributed in files named patch_v1.sis and patch_v2.sis.
Locknut.A will only work on devices running Symbian OS 7.0S or newer; devices using Symbian OS 6.0 or 6.1 are unaffected.
Locknut is targeted against Symbian Series 60 devices, but also series 70 devices, such as Nokia 7710 are vulnerable to Locknut. However when trying to install Skulls trojan on Nokia 7710, user will get a warning that the SIS file is not intended for the device, so risk of accidental infection is low.
Installation
When Locknut.A sis file is installed the files will be installed into following locations:
• c:\system\apps\gavno\gavno.app
• c:\system\apps\gavno\gavno.rsc
• c:\system\apps\gavno\gavno_caption.rsc
The Locknut.SIS will will also contain copy of itself that is copied into C:\ directory
When installed Locknut.A, drops binaries that will crash a critical System component, preventing application from being launched in the phone and effectively locking the phone.
There are also claims that Locknut would disable calling functionality, so that user couldn’t make calls with infected phone. But we could not reproduce this effect with any phones we have.
Payload
Both versions of Locknut.A replace a critical system binary; the patch_v2.sis file will also drop Cabir.B, which will not be able to start on the phone.
Variant
There are also versions of Locknut that include Cabir.B in same SIS file (some AV vendors name this variant Gavno.B), but since the actual trojan functionality is totally identical to Locknut.A we call both samples Locknut.A
The Cabir.B included in the Locknut.A samples is harmless as the Locknut kills all applications on the infected phone, including Cabir.B that is installed from the same SIS file. Even if Locknut.B is disinfected the Cabir.B still won’t start, as it is installed into wrong directory in the infected phone.
If user starts Cabir.B manually, after disinfecting the Locknut program, Cabir.B will spread independently according to its program – i.e., it will not transfer Locknut.A into other devices.
Note
This trojan was originally named Gavno, but since this word is also a rather vulgar term in Russian, the AV community has decided to rename it as Locknut.
Name : Trojan:SymbOS/Locknut.A
Category: Malware
Type: Trojan
Platform: SymbOS
Read More