high
Summary
Summary
Action- More Information
| How it spreads |
|
|---|---|
| Protection available since | 23 November 2004 14:10:50 (GMT) |
| Detected by | All Sophos products |
Free virus scan
- Free virus, spyware, and adware scan
- Test your existing anti-virus protection
- Find threats your anti-virus missed
Action
- Summary
- Action
- More Information
Please follow the instructions for removing Trojans.
More Information
Troj/Skulls-A is a Trojan developed for mobile phones based on Nokia Series 60 specifications of the Symbian operating system. The Trojan has reportedly been posted on websites containing shareware applications for Symbian phones as the Extended Theme.sis installation file.
When the SIS installation file is installed it creates a number of files on the C: drive of the phone (RAM). The files are installed with the same path as the ROM system executables located in drive Z:. Since the files installed with the same path in the drive C have precedence over files in Z:, all the system application files are effectively replaced by the ones installed by the Trojan SIS file. Troj/Skulls-A is a Trojan developed for mobile phones based on Nokia Series 60 specifications of the Symbian operating system. The Trojan has reportedly been posted on websites containing shareware applications for Symbian phones as the Extended Theme.sis installation file.
When the SIS installation file is installed it creates a number of files on the C: drive of the phone (RAM). The files are installed with the same path as the ROM system executables located in drive Z:. Since the files installed with the same path in the drive C have precedence over files in Z:, all the system application files are effectively replaced by the ones installed by the Trojan SIS file.
Applications for the Symbian consist of minimally an application file with the extension app, but may also include an Application Information file with the extension aif. The AIF file contains icons for the application and the pointer to the application file.
Troj/Skulls-A creates new AIF files containing icons that look like human skulls and the icon does not point to an actual application. This disables all smartphone features of the phone, although the phone can be still used to make calls.
 |
Troj/Skulls-A contains a text file that gets displayed during the installation process:
Extended Theme is an advanced Theme Manager for 7610. It uses to manage, edit, & create themes using your 7610. Tee-222 takes no responsibility for any kind of results caused by this app. Install at your own risk. Developed by Tee-222 2004.
 |
The SIS installation file contains the following files:
.\System\Libs\licencem.dll
.\System\Libs\lmpro.r01
.\System\Libs\lmpro.r02
.\System\Libs\notifica.cmd
.\System\Libs\software.dll
.\System\Libs\ZLIB.DLL
.\System\Apps\WALLETAV\WALLETAV.aif
.\System\Apps\WALLETAV\WALLETAV.APP
.\System\Apps\WALLETA1\WALLETAV.aif
.\System\Apps\WALLETA1\WALLETAV.APP
.\System\Apps\Voicerec\Voicerec.aif
.\System\Apps\Voicerec\Voicerec.app
.\System\Apps\Vm\Vm.aif
.\System\Apps\Vm\Vm.app
.\System\Apps\VCommand\VCommand.aif
.\System\Apps\VCommand\VCommand.app
.\System\Apps\Ussd\Ussd.aif
.\System\Apps\Ussd\Ussd.app
.\System\Apps\ToDo\ToDo.aif
.\System\Apps\ToDo\ToDo.app
.\System\Apps\SysAp\SysAp.aif
.\System\Apps\SysAp\SysAp.app
.\System\Apps\Startup\Startup.aif
.\System\Apps\Startup\Startup.app
.\System\Apps\Speeddia\Speeddia.aif
.\System\Apps\Speeddia\Speeddia.app
.\System\Apps\SmsViewe\SmsViewe.aif
.\System\Apps\SmsViewe\SmsViewe.app
.\System\Apps\SmsEdito\SmsEdito.aif
.\System\Apps\SmsEdito\SmsEdito.app
.\System\Apps\SimDirec\SimDirec.aif
.\System\Apps\SimDirec\SimDirec.app
.\System\Apps\Sdn\Sdn.aif
.\System\Apps\Sdn\Sdn.app
.\System\Apps\ScreenSa\ScreenSa.aif
.\System\Apps\ScreenSa\ScreenSa.app
.\System\Apps\SchemeAp\SchemeAp.aif
.\System\Apps\SchemeAp\SchemeAp.app
.\System\Apps\Satui\Satui.aif
.\System\Apps\Satui\Satui.app
.\System\Apps\PushView\PushView.aif
.\System\Apps\PushView\PushView.app
.\System\Apps\PSLN\PSLN.aif
.\System\Apps\PSLN\PSLN.app
.\System\Apps\Provisio\Provisio.aif
.\System\Apps\Provisio\Provisio.app
.\System\Apps\ProfileA\ProfileA.aif
.\System\Apps\ProfileA\profilea.app
.\System\Apps\PRESENCE\PRESENCE.aif
.\System\Apps\PRESENCE\PRESENCE.APP
.\System\Apps\Pinboard\Pinboard.aif
.\System\Apps\Pinboard\Pinboard.app
.\System\Apps\Phoneboo\Phoneboo.aif
.\System\Apps\Phoneboo\Phoneboo.app
.\System\Apps\Phone\Phone.aif
.\System\Apps\Phone\Phone.app
.\System\Apps\NSmlDSSy\NSmlDSSy.aif
.\System\Apps\NSmlDSSy\NSmlDSSy.app
.\System\Apps\NSmlDMSy\NSmlDMSy.aif
.\System\Apps\NSmlDMSy\NSmlDMSy.app
.\System\Apps\NpdViewe\NpdViewe.aif
.\System\Apps\NpdViewe\NpdViewe.app
.\System\Apps\Notepad\Notepad.aif
.\System\Apps\Notepad\Notepad.app
.\System\Apps\MusicPla\MusicPla.aif
.\System\Apps\MusicPla\MusicPla.app
.\System\Apps\MsgMailV\MsgMailV.aif
.\System\Apps\MsgMailV\MsgMailV.app
.\System\Apps\MsgMailE\MsgMailE.aif
.\System\Apps\MsgMailE\MsgMailE.app
.\System\Apps\MmsViewe\MmsViewe.aif
.\System\Apps\MmsViewe\MmsViewe.app
.\System\Apps\MmsEdito\MmsEdito.aif
.\System\Apps\MmsEdito\MmsEdito.app
.\System\Apps\MMM\MMM.app
.\System\Apps\mmcapp\mmcapp.aif
.\System\Apps\mmcapp\mmcapp.app
.\System\Apps\Menu\Menu.aif
.\System\Apps\Menu\Menu.app
.\System\Apps\MediaSet\MediaSet.aif
.\System\Apps\MediaSet\MediaSet.app
.\System\Apps\MediaPla\MediaPla.aif
.\System\Apps\MediaPla\MediaPla.app
.\System\Apps\MediaGal\MediaGal.aif
.\System\Apps\MediaGal\MediaGal.app
.\System\Apps\mce\mce.aif
.\System\Apps\mce\mce.app
.\System\Apps\Logs\Logs.aif
.\System\Apps\Logs\Logs.app
.\System\Apps\location\location.aif
.\System\Apps\location\location.app
.\System\Apps\ImageVie\ImageVie.aif
.\System\Apps\ImageVie\ImageVie.app
.\System\Apps\GS\GS.aif
.\System\Apps\GS\gs.app
.\System\Apps\FileMana\FileMana.aif
.\System\Apps\FileMana\FileMana.app
.\System\Apps\Dictiona\Dictiona.aif
.\System\Apps\Dictiona\dictiona.app
.\System\Apps\DdViewer\DdViewer.aif
.\System\Apps\DdViewer\DdViewer.app
.\System\Apps\cshelp\cshelp.aif
.\System\Apps\cshelp\cshelp.app
.\System\Apps\Converte\Converte.aif
.\System\Apps\Converte\converte.app
.\System\Apps\Connecti\Connecti.aif
.\System\Apps\Connecti\Connecti.app
.\System\Apps\CodViewe\CodViewe.aif
.\System\Apps\CodViewe\CodViewe.app
.\System\Apps\ClockApp\ClockApp.aif
.\System\Apps\ClockApp\ClockApp.app
.\System\Apps\Chat\Chat.aif
.\System\Apps\Chat\Chat.app
.\System\Apps\CERTSAVE\CERTSAVE.aif
.\System\Apps\CERTSAVE\CERTSAVE.APP
.\System\Apps\CbsUiApp\CbsUiApp.aif
.\System\Apps\CbsUiApp\CbsUiApp.app
.\System\Apps\Camcorde\Camcorde.aif
.\System\Apps\Camcorde\Camcorde.app
.\System\Apps\Calendar\Calendar.aif
.\System\Apps\Calendar\Calendar.app
.\System\Apps\Calcsoft\Calcsoft.aif
.\System\Apps\Calcsoft\Calcsoft.app
.\System\Apps\bva\bva.aif
.\System\Apps\bva\bva.app
.\System\Apps\BtUi\BtUi.aif
.\System\Apps\BtUi\BtUi.app
.\System\Apps\Browser\Browser.aif
.\System\Apps\Browser\Browser.app
.\System\Apps\Autolock\Autolock.aif
.\System\Apps\Autolock\Autolock.app
.\System\Apps\AppMngr\AppMngr.aif
.\System\Apps\AppMngr\Appmngr.app
.\System\Apps\AppInst\AppInst.aif
.\System\Apps\AppInst\Appinst.app
.\System\Apps\About\About.aif
.\System\Apps\About\About.app
The files in the Libs folder are RAR archives containing messages left by the Trojan writer, for example:
"What is T-VIRUS?
T-VIRUS is not a type of virus, instead it is a system file, specially designed & created for you.
T-VIRUS crashes the main system of your phone, i guess it is the right time for you to go to your service center, or buy a new phone.
Newer & higher version of T-VIRUS, coming soon.
If you have Cabir, feel free to send it to me, I'll appreciate it very much."
|
