This is default featured post 1 title

Go to Blogger edit html and find these sentences.Now replace these sentences with your own descriptions.This theme is Bloggerized by Lasantha Bandara - Premiumbloggertemplates.com.

This is default featured post 2 title

Go to Blogger edit html and find these sentences.Now replace these sentences with your own descriptions.This theme is Bloggerized by Lasantha Bandara - Premiumbloggertemplates.com.

This is default featured post 3 title

Go to Blogger edit html and find these sentences.Now replace these sentences with your own descriptions.This theme is Bloggerized by Lasantha Bandara - Premiumbloggertemplates.com.

This is default featured post 4 title

Go to Blogger edit html and find these sentences.Now replace these sentences with your own descriptions.This theme is Bloggerized by Lasantha Bandara - Premiumbloggertemplates.com.

This is default featured post 5 title

Go to Blogger edit html and find these sentences.Now replace these sentences with your own descriptions.This theme is Bloggerized by Lasantha Bandara - Premiumbloggertemplates.com.

Rabu, 02 November 2011

Doomboot Virus Symbian

Although the spread of the virus Doomboot not as powerful as a computer virus, but the damage caused Doomboot virus is quite serious.
The full name is SymbOS.Doomboot.A Doomboot virus, the virus also have pseudonyms, among others Doomboot.A, popularized by F-Secure, and SYMBOS_DOOMED.A popularized by Trend Micro.
This virus was first circulated to exist on July 7, 2004. Doomboot including the category of trojan virus. Laying works and make the files corupted or damaged, after the device is infected with the virus. The virus will also include virus Doomboot Commwarrior variant B at the time of virus installed, the system that corupted cause the device to fail to boot.
Doomboot virus spread as if he is the installer file Symbian version of Doom games that have been on crack that has been free from the trial. One is Doom_2_cracked_DFT_s60_v1.0.sis. So be careful when you install the cracked application products, it could be a cracker has installed traps Doomboot trojan virus in it, unless the application results from the crack cracker teams who you believe. If you receive the file and install it, you will not receive any technical message after the installation process, you also will not think that your device has been infected with the virus, because there is no icon or any signs of the virus. Commwarrior B virus variant that was installed by Doomboot will work without you knowing, and this virus will spread itself via bluetooth.
This will cause your device battery will quickly run out, Doomboot cause the device after turned off and on in turn would have failed to boot, if you already do a reboot then the only way you can do is do a hard reset on your device.
Finally saved data will be lost without a trace. If it is not until you do reboot, you can follow the following steps to remove the virus:
Attach file manager application X-pore
Enable the function that allows you to view the files contained on the system folder
Kemudaian you delete the files as follows:
C: \ Etel.DLL
C: \ etelmm.DLL
C: \ etelpckt.DLL
C: \ etelsat.DLL
C: \ system \ install \ app \ COMMWARRIOR.B.SIS
After that came out of the earlier application file manager
Downloads and install antivirus, scanning in all drives, so the file Doomboot really do not exist anymore.

What is SymbOS/Appdisabler

SymbOS/Appdisabler.a!sis is a virus detection that infects other files in order to spread. Viruses are programs that copy themselves to spread from one system to another through Internet, Email, or carried in a removable medium such as a floppy disk, CD, DVD, or USB drive. Viruses also can be disguised as attachments of funny images, greeting cards, or audio and video files. They are reproducible and damageable.
How to remove SymbOS/Appdisabler.a!sis with SymbOS/Appdisabler.a!sis Removal ?
Generally, if your computer infected by a SymbOS/Appdisabler.a!sis, the performance is abnormal and your web browser is locked up. The following procedures are necessary to remove a SymbOS/Appdisabler.a!sis with SymbOS/Appdisabler.a!sis removal.
1     Stop connecting with Internet and close the web browser right now.
2     Scan for other, but be attention, SymbOS/Appdisabler.a!sis can escape or hide from anti-other programs.
Note: The majority of Other found early will be remove fast and simple with the first 2 steps. If you have still remove SymbOS/Appdisabler.a!sis, please read on.
3     Restart into safe mode. Press F8 several times if you need to. Select Safe Mode from the resulting menu.
4     Restore system under safe mode to kill SymbOS/Appdisabler.a!sis in-depth.
5     At this point, SymbOS/Appdisabler.a!sis would be removed from your system and enjoy your secure computer.
These steps are essential in protecting your computer from many kinds of viruses, but they aren’t the only important keys to safety. You still should take care.

Rojan SymbOS/Cardtrap

Trojan:SymbOS/Cardtrap.M is  a trojan distributed in a malicious SIS file that disables several Symbian built in applications, tries to damage several anti-virus applications, and installs several Windows viruses worms and trojans to memory card.
The Windows malware installed to memory card is installed with icons, batch files and short cut links, that try to fool user to execute a malicous file when he is trying to investigate the card contents.
The files that Cardtrap.M drops to the memory card contains several references to F-Secure and some files use F-Secure icons. F-Secure has nothing to do with the creation of Cardtrap or any other malware; the actual creator is trying to use the reputation of F-Secure as a way of fooling users into trusting the file on the memory card.
Installation
Cardtrap.M installs several damaged files to phone memory to disable key System applications and anti-virus products.
Cardtrap.M disables following system applications:
• Application manager
• Browser
• File manager
• Media gallery
• MMS and SMS messaging inbox
F-Secure Mobile Anti-Virus is capable of detecting Cardtrap.M with generic detection, so if phone has functional Anti-Virus installed the Cardtrap.M is blocked before it can be installed.
Installation to MMC card
Cardtrap.M installs several Windows viruses, worms and trojans to the phone MMC card. The Windows malwares, are installed with filenames,icons and shortcut links, that try to fool user into clicking them.
Cardtrap.M installs following Windows malwares to MMC card:
• Virus.Win32.Kangen.a
• Email-Worm.Win32.Brontok.c
• VBS/Starer.A
• VBS/Soraci.A
• Trojan.Win32.VB.ve
Picture of MMC card contents when viewed with Windows Explorer:
The files that Cardtrap.M drops to the memory card, contains several references to F-Secure and some files are with F-Secure icons. But F-Secure has nothing to do with creation of Cardtrap or any other malware.
The MMC card also contains modified version of Opera start page HTML files that try to fool the user to install additional Symbian malware SIS files that are installed to the card.
If user has Opera installed in MMC card, he will see the modified version of Opera default content.
Cardtrap.M installs following Symbian malware SIS files
• SymbOS/Doomboot.K
• SymbOS/Cabir.AB
• Symbian dropper for Win32/Istbar.IS
Name : Trojan:SymbOS/Cardtrap.M
Category: Malware
Type: Trojan
Platform: SymbOS

Rojan SymbOS/Locknut

Trojan:SymbOS/Locknut.A is a malicous SIS file trojan that pretends to be patch for Symbian Series 60 mobile phones. It is distributed in files named patch_v1.sis and patch_v2.sis.
Locknut.A will only work on devices running Symbian OS 7.0S or newer; devices using Symbian OS 6.0 or 6.1 are unaffected.
Locknut is targeted against Symbian Series 60 devices, but also series 70 devices, such as Nokia 7710 are vulnerable to Locknut. However when trying to install Skulls trojan on Nokia 7710, user will get a warning that the SIS file is not intended for the device, so risk of accidental infection is low.
Installation
When Locknut.A sis file is installed the files will be installed into following locations:
• c:\system\apps\gavno\gavno.app
• c:\system\apps\gavno\gavno.rsc
• c:\system\apps\gavno\gavno_caption.rsc
The Locknut.SIS will will also contain copy of itself that is copied into C:\ directory
When installed Locknut.A, drops binaries that will crash a critical System component, preventing application from being launched in the phone and effectively locking the phone.
There are also claims that Locknut would disable calling functionality, so that user couldn’t make calls with infected phone. But we could not reproduce this effect with any phones we have.
Payload
Both versions of Locknut.A replace a critical system binary; the patch_v2.sis file will also drop Cabir.B, which will not be able to start on the phone.
Variant
There are also versions of Locknut that include Cabir.B in same SIS file (some AV vendors name this variant Gavno.B), but since the actual trojan functionality is totally identical to Locknut.A we call both samples Locknut.A
The Cabir.B included in the Locknut.A samples is harmless as the Locknut kills all applications on the infected phone, including Cabir.B that is installed from the same SIS file. Even if Locknut.B is disinfected the Cabir.B still won’t start, as it is installed into wrong directory in the infected phone.
If user starts Cabir.B manually, after disinfecting the Locknut program, Cabir.B will spread independently according to its program – i.e., it will not transfer Locknut.A into other devices.
Note
This trojan was originally named Gavno, but since this word is also a rather vulgar term in Russian, the AV community has decided to rename it as Locknut.


Name : Trojan:SymbOS/Locknut.A
Category: Malware
Type: Trojan
Platform: SymbOS

Senin, 31 Oktober 2011

Trojan SymbOS/Pbstealer

Disinfection
F-Secure Mobile Anti-Virus is capable to detecting and deleting the Pbstealer.E trojan.
Pbstealer.E tries to remove itself after sending data over Bluetooth. This self-removal doesn’t always work,  but fortunately it can be also removed by uninstalling it with Symbian application manager.
Additional Details
Trojan:SymbOS/Pbstealer.E steals information from a phone (Contacts, Notepad, Calendar, etc) and attempts to forward the stolen data to a random Bluetooth-accessible phone within range.
Payload
Pbstealer.E is distributed in a malicious SIS file that contains Pbstealer.E application file and string resource.
When the SIS file is installed, Pbstealer.E starts automatically and shows the following text:
Compacting your contact(s), step2
Please wait again
until done…
While showing the text, the Pbstealer.E reads all contacts information in the phone contact database, and copies the information to file C:\SYSTEM\MAIL\PHONEBOOK.TXT.
In addition to contacts information, Pbstealer.E also copies the contents of Notepad and Calendar ToDo database files. But, this information is not very readable to receiver as the resulting file contains in the databases is in binary form. If the Notepad and Calendar are empty, it simply fails in execution.
After building the text file, Pbstealer.E searches for the first device it finds over Bluetooth and sends the text file to it. When trying to send the file over Bluetooth, the Pbstealer.E uses repeated connection attempts, so that if user answers no, he will immediately get a second connection request. This technique is similar to the propagation tactic used by Cabir, except that Pbstealer will give up attempts after one minute and exit.
If the user of the target phone accepts the Bluetooth transfer, he will receive a text file that contains information copied from the infected phones contacts database.
Note
Although Pbstealer.E uses Bluetooth for sending phone book data, this data is pure text and cannot infect the receiving device.


Name : Trojan:SymbOS/Pbstealer.E
Category: Malware
Type: Trojan
Platform: SymbOS

SymbOS RommWar

SymbOS.RommWar including trojan virus category. Viruses of this type will put the kind of ‘small program’ to the target phone. The program can then make phone targets malfunction.
The symptoms of dysfunction depending on the version of the ROM software on the phone. Effects caused by rommwar diverse. Start from the hang, the phone restarts itself, to make the power button did not work. However, in some cases, these symptoms did not appear and the phone can run as usual.
Since Cabir, the virus first emerged as a scourge, the next generation of the virus posed a threat that is not less scary. No less than 148 viruses are ready to attack mobile phones with Symbian operating system. Not to mention the threat of viruses for Windows Mobile.
The technology of mobile phone virus is now growing up to be able to jump from PC to mobile platforms. The latest news, mobile Java 2 virus began roaming in cyberspace. More than 80% of mobile phones in circulation is now capable of running java applications. It means that the virus could strike most of the phones, which do not even operating system!
Until now SymbOS.Rommwar has evolved and has four variants, namely:
- RommWar.A
RommWar A will give the effect varies, depending on the version of the ROM software on the phone. The first variant is experiencing hangs and causes the phone to be restarted again. Shortly after the restart, the phone will have to hang back. To do this, utilize the functionality of this Rommwar MIME recognizer
- RommWar.B
This second variant Rommwar will restart the phone by itself and will prevent the phone to boot.
- RommWar.C
Same as version B. This virus will block the phone to light up!
- RommWar.D
This latest variant RommWar effect ranged from mobile phones can not turn on until the power button is not functioning. Interestingly, the installation SymbOS / RommWar sometimes also ‘boarded’ by the installation of Kaspersky Anti-Virus Mobile is not perfect.
RommWar virus is like an extension symbian sis application. His name can change all sorts. During installation, usually Rommwar will display a message such as pictures or later if the installation is complete and when the user opens the file system of phones, you’ll see the files as shown below.
[DRIVE LETTER] \ system \ apps \ klantivirus \ b.dat
[DRIVE LETTER] \ system \ apps \ klantivirus \ engine.exe
[DRIVE LETTER] \ system \ apps \ klantivirus \ Installer.exe
[DRIVE LETTER] \ system \ apps \ klantivirus \ klantivirus.aif
[DRIVE LETTER] \ system \ apps \ klantivirus \ klantivirus.app
[DRIVE LETTER] \ system \ apps \ klantivirus \ klantivirus.rsc
[DRIVE LETTER] \ system \ apps \ klantivirus \ klantivirus_caption.rsc
[DRIVE LETTER] \ system \ apps \ klantivirus \ klimages.mbm
[DRIVE LETTER] \ system \ apps \ klantivirus \ s.mid
[DRIVE LETTER] \ system \ help \ klantivirushelp.hlp
[DRIVE LETTER] \ system \ libs \ klsdll.dll
[DRIVE LETTER] \ system \ libs \ klsdll.idb
c: \ system \ recogs \ kl_antivirus.mdl
[DRIVE LETTER] \ system \ apps \ klantivirus \ startup.app
[DRIVE LETTER] \ system \ apps \ klantivirus \ startup.r02
The two files below are source of the problem. Both of these files are corrupted files that would cause the initiation of cell phones fail when restarting.
[DRIVE LETTER] \ system \ apps \ klantivirus \ startup.app
[DRIVE LETTER] \ system \ apps \ klantivirus \ startup.r02
[DRIVE LETTER] shows the place where the phone is a file system. Usually found in drive C.
Sometimes Rommwar also displays the following message:
“End User Software License Agreement” Kaspersky Antivirus Mobile “2006 License AVDS-Seop-1RIW-7EWD is a registered version by …”
Most anti-virus mobile phone is now able to recognize the latest mobile phone viruses and remove it immediately. Condition, should perform regular virus updates definitionnya. Virus definition for an anti-virus is essential to detect and eliminate the negative effects on the cell phone.
Another preventive measure, regular backuplah important data such as phonebook, reminder, SMS, and others. almost all symbian phones have been providing PC suite CD which can be exploited to create a backup file on your PC.
Handling
If it is still possible, and normal phone, delete the files contained in the above list by using a file manager like FExplorer application.
Then uninstall Rommwarrior through the application manager. If there is an indication hangs when running the application you just installed.
If the damage is already too severe hangs up the phone at all and can not restart, perform the following steps.
- In case of hang, disconnect the phone’s battery until the phone is off. Then plug it back
- Do the hard reset;
a. Press and hold simultaneously three key pieces of the call button (green) + “*” key and the number “3″
b. Press the power button while still holding the three keys
c. Depending on the type of phone, will get the message “formatting” or startup dialog stating that the phone will return to the initial setting
- The phone is now formatted and can be reused
Remember, this step will erase all existing data on the phone, including the phonebook and sms.

Sabtu, 29 Oktober 2011

Virus Family Alphaflexiviridae

Alphaflexiviridae are single-stranded positive sense RNA plant viruses, belonging to the order Tymovirales and thus to group IV of the Baltimore classification of viruses.


The Alphaflexiviridae family include the following genera:

    Genus Allexivirus; type species: Shallot virus X
    Genus Botrexvirus;
    Genus Lolavirus;
    Genus Mandarivirus; type species: Indian citrus ringspot virus
    Genus Potexvirus; type species: Potato virus X
    Genus Sclerodarnavirus;


References

    ICTV Virus Taxonomy 2009
    UniProt Taxonomy