Discovered: March 30, 2005
Updated: February 13, 2007 12:36:04 PM
Type: Trojan Horse
Systems Affected: EPOC
Removal instructions for hand held devices:
- Install a file manager program on the device.
- Enable the option to view the files in the system folder.
- Delete the malicious .aif files:
\System\Apps\pjBLUE\pjBLUE.aif
\System\Apps\nokiafile\nokiafile.aif
\System\Apps\FSCaller\FSCaller.aif
- Delete the following files:
\System\RECOGS\YYSBootRec.mdl
\System\RECOGS\$$$.MDL
\System\MALAYSIAJOHOR--jb\yuanV3-diy-by-7022207\free$8.RSC
\System\MALAYSIAJOHOR--jb\yuanV3-diy-by-7022207\free$8.APP
\System\Apps\pjBLUE\pjBLUE_CAPTION.rsC
\System\Apps\pjBLUE\pjBLUE.APP
\System\Apps\nokiafile\nokiafile_caption.rsc
\System\Apps\nokiafile\nokiafile.rsc
\System\Apps\nokiafile\nokiafile.app
\System\Apps\nokiafile\img.mbm
\System\Apps\nokiafile\data.cfg
\System\Apps\nokiaapps\nokiaapps_CAPTION.rsC
\System\Apps\nokiaapps\nokiaapps.app
\System\Apps\FSCaller\pixel.mbm
\System\Apps\FSCaller\FSCaller_Caption.rsc
\System\Apps\FSCaller\FSCaller.rsc
\System\Apps\FSCaller\FSCaller.mbm
\System\Apps\FSCaller\FSCaller.app
\System\Apps\FSCaller\CAMERASERVER.DLL
\System\Apps\FSCaller\camera1.dll
\System\Apps\FSCaller\camera0.dll
\System\Apps\data\data_CAPTION.rsC
\System\Apps\data\data.app
\System\Apps\bootdata\bootdata_CAPTION.rsC
\System\Apps\bootdata\bootdata.app
\nokia\images\nokias\malaysia\johor\pj\pj\pj\jb\jb\jb\imos\yuan\yuan\yuanyuan\blue\a-team\terence\ownpda\Thumbs.db
\nokia\images\nokias\malaysia\johor\pj\pj\pj\jb\jb\jb\imos\yuan\yuan\yuanyuan\blue\a-team\terence\ownpda\fuyuan.gif
\System\Apps\gavno.d\gavno.d_caption.rsc
\System\Apps\gavno.d\gavno.d.rsc
\System\Apps\gavno.d\gavno.d.app
\System\Apps\freakbtui\freakbtui.app
\System\Apps\freakappctrl\freakappctrl.app
- Exit the file manager.
Writeup By: Eric Chien
Technorati
Digg
Delicious
Reddit
StumbleUpon
Yahoo Buzz
Twitter
Facebook
Newsvine