||||
Symantec.com > Security Response > Threats and Risks > SymbOS.Cardtrp.C
PRINT THIS PAGE

SymbOS.Cardtrp.C - Removal

Risk Level 1: Very Low

Printer Friendly Page

Discovered: October 7, 2005
Updated: February 13, 2007 12:45:18 PM
Type: Trojan Horse
Systems Affected: EPOC


If the mobile device is infected with SymbOS.Cardtrap.C, do not reboot the phone before disinfecting it.

  1. Install a file manager program on the device.

  2. Enable the option to view the files in the system folder.

  3. Delete the following malicious files:

    • Nokia Application.sis
    • E:\CARIBE.Sis, which is a SymbOS.Mabir.A worm
    • E:\MMS.exe, which is a SymbOS.Commwarrior.B worm
    • E:\infectSIS.exe, which is the Windows component of SymbOS.Lasco.A
    • E:\System\Apps\FSECUREANTIVIRUS\FSECUREANTIVIRUS.app, which is SymbOS.Cabir.B worm
    • E:\System\Apps\FSECUREANTIVIRUS\FSECUREANTIVIRUS.mdl, which is a component of SymbOS.Cabir worm

  4. Delete the following files:

    • C:\System\Apps\AD7650\AD7650.App
    • C:\System\Apps\About\About.app
    • C:\System\Apps\AnswRec\AnswRec.App
    • C:\System\Apps\Anti-Virus\Anti-Virus.app
    • C:\System\Apps\Anti-Virus\FsAVUpdater.app
    • C:\System\Apps\Antivirus\Antivirus.app
    • C:\System\Apps\Antivirus\Antivirus.rsc
    • C:\System\Apps\AppCtrl\AppCtrl.app
    • C:\System\Apps\AppMngr\AppMngr.app
    • C:\System\Apps\BlackList\BlackList.App
    • C:\System\Apps\BlueJackX\BlueJackX.App
    • C:\System\Apps\Browser\Browser.app
    • C:\System\Apps\CF\CF.app
    • C:\System\Apps\CSHelp\CSHelp.app
    • C:\System\Apps\CalcSoft\CalcSoft.app
    • C:\System\Apps\Calendar\Calendar.app
    • C:\System\Apps\CallManager\CallManager.App
    • C:\System\Apps\Camcoder\Camcoder.App
    • C:\System\Apps\Camcorder\Camcorder.app
    • C:\System\Apps\ClockApp\ClockApp.app
    • C:\System\Apps\Composer\Composer.app
    • C:\System\Apps\ConnectionMonitorUi\ConnectionMonitorUi.app
    • C:\System\Apps\Converter\Converter.app
    • C:\System\Apps\Disinfect\Disinfect.app
    • C:\System\Apps\IrApp\IrApp.aif
    • C:\System\Apps\IrApp\IrApp.app
    • C:\System\Apps\NSmlDSSync\NSmlDSSync.app
    • C:\System\Apps\Notepad\Notepad.app
    • C:\System\Apps\PVPlayer\PVPlayer.App
    • C:\System\Apps\PhoneBook\PhoneBook.app
    • C:\System\Apps\Phone\FREAKPHONE.APP
    • C:\System\Apps\Phone\FREAKPHONE.RSC
    • C:\System\Apps\Phone\FREAKPHONE_CAPTION.RSC
    • C:\System\Apps\Phone\FreakPhone.aif
    • C:\System\Apps\PhotoAlbum\PhotoAlbum.app
    • C:\System\Apps\PhotoEditor\PhotoEditor.app
    • C:\System\Apps\PhotoSMS\PhotoSMS.App
    • C:\System\Apps\PhotoSafe\PhotoSafe.App
    • C:\System\Apps\Photographer\Photographer.app
    • C:\System\Apps\Pinboard\Pinboard.app
    • C:\System\Apps\ProfileApp\ProfileApp.app
    • C:\System\Apps\Psln\PSLN.app
    • C:\System\Apps\RallyProContest\RallyProContest.App
    • C:\System\Apps\RealPlayer\RealPlayer.app
    • C:\System\Apps\RingMaster\RingMaster.App
    • C:\System\Apps\SatUi\Satui.app
    • C:\System\Apps\ScreenCap\ScreenCap.app
    • C:\System\Apps\Shell\Shell.App
    • C:\System\Apps\Shell\Shell.r159
    • C:\System\Apps\Shell\Shell.r31
    • C:\System\Apps\SimDir\SimDir.app
    • C:\System\Apps\SmartAnswer\SmartAnswer.App
    • C:\System\Apps\SmsMachine\SmsMachine.App
    • C:\System\Apps\SnakeEx\SnakeEx.app
    • C:\System\Apps\Sounder\Sounder.App
    • C:\System\Apps\SpeedDial\Speeddial.app
    • C:\System\Apps\Startup\Startup.app
    • C:\System\Apps\SystemExplorer\SystemExplorer.App
    • C:\System\Apps\Todo\Todo.app
    • C:\System\Apps\UVSMStyle\UVSMStyle.App
    • C:\System\Apps\UltraMP3\UltraMP3.App
    • C:\System\Apps\VCommand\VCommand.app
    • C:\System\Apps\VM\Vm.app
    • C:\System\Apps\Videorecorder\VideoRecorder.app
    • C:\System\Apps\Voicerecorder\Voicerecorder.app
    • C:\System\Apps\WALLETAVMGMT\WALLETAVMGMT.App
    • C:\System\Apps\cabirfix\cabirfix.App
    • C:\System\Apps\callcheater\callcheater.app
    • C:\System\Apps\camerafx\CameraFX.App
    • C:\System\Apps\mmcapp\MMCApp.app
    • C:\System\Apps\photoacute\photoacute.App
    • C:\System\Apps\restart\restart.App
    • C:\System\Apps\sSaver\sSaver.App
    • E:\Bugsis.ICO
    • E:\ETel.dll
    • E:\System\Apps.com, which is detected as EICAR Test String
    • E:\System\Apps\AgileMessenger\AgileMessenger.App
    • E:\System\Apps\Camera\Camera.a159
    • E:\System\Apps\Camera\Camera.a31
    • E:\System\Apps\Camera\Camera.app
    • E:\System\Apps\Camera\Camera.r159
    • E:\System\Apps\Camera\Camera.r31
    • E:\System\Apps\Camera\take_picture.wav
    • E:\System\Apps\ControlPanel\ControlPanel.App
    • E:\System\Apps\ControlPanel\ControlPanel.a159
    • E:\System\Apps\ControlPanel\ControlPanel.a31
    • E:\System\Apps\ControlPanel\ControlPanel.r159
    • E:\System\Apps\ControlPanel\ControlPanel.r31
    • E:\System\Apps\DVDPlayer\DVDPlayer.App
    • E:\System\Apps\ETICamcorder\ETICamcorder.App
    • E:\System\Apps\ETIMovieAlbum\ETIMovieAlbum.App
    • E:\System\Apps\ETIPlayer\ETIPlayer.App
    • E:\System\Apps\FExplorer\FExplorer.App
    • E:\System\Apps\FMRadio\FMRadio.app
    • E:\System\Apps\FSCaller\FSCaller.App
    • E:\System\Apps\FSECUREANTIVIRUS\FSECUREANTIVIRUS.rsc
    • E:\System\Apps\FSServer\FSServer.App
    • E:\System\Apps\FaceWarp\FaceWarp.App
    • E:\System\Apps\FaxModemUi\FaxModemUi.app
    • E:\System\Apps\Fdn\FDN.app
    • E:\System\Apps\FiMan\FiMan.App
    • E:\System\Apps\FiMan\FiMan.a159
    • E:\System\Apps\FiMan\FiMan.a31
    • E:\System\Apps\FiMan\FiMan.r159
    • E:\System\Apps\FiMan\FiMan.r31
    • E:\System\Apps\FileGuard\FileGuard.App
    • E:\System\Apps\FileManager\FileManager.app
    • E:\System\Apps\File\File.App
    • E:\System\Apps\GS\GS.app
    • E:\System\Apps\Hair\Hair.App
    • E:\System\Apps\HantroCP\HantroCP.App
    • E:\System\Apps\InstWiz\InstWiz.App
    • E:\System\Apps\InstWiz\InstWiz.mbm
    • E:\System\Apps\InstWiz\InstWiz.r159
    • E:\System\Apps\InstWiz\InstWiz.r31
    • E:\System\Apps\InstWiz\Instwiz.a159
    • E:\System\Apps\InstWiz\Instwiz.a31
    • E:\System\Apps\Jelly\Jelly.App
    • E:\System\Apps\KPCaMain\KPCaMain.App
    • E:\System\Apps\Launcher\Launcher.app
    • E:\System\Apps\Logs\Logs.app
    • E:\System\Apps\MCE\MCE.app
    • E:\System\Apps\MIDIED\MIDIED.App
    • E:\System\Apps\MMPlayer\MMPlayer.App
    • E:\System\Apps\MediaGallery\MediaGallery.app
    • E:\System\Apps\Mediaplayer\MediaPlayer.app
    • E:\System\Apps\Menu\FREAKMENU.APP
    • E:\System\Apps\Menu\FREAKMENU.RSC
    • E:\System\Apps\Menu\FreakMenu.aif
    • E:\System\Apps\Menu\FreakMenu_caption.rsc
    • E:\System\Apps\MidpUi\MidpUi.app
    • E:\System\Apps\MixPix\MixPix.app
    • E:\System\Apps\Mp3Go\Mp3Go.App
    • E:\System\Apps\Mp3Player\Mp3Player.App
    • E:\System\Apps\MusicPlayer\MusicPlayer.a159
    • E:\System\Apps\MusicPlayer\MusicPlayer.a31
    • E:\System\Apps\MusicPlayer\MusicPlayer.app
    • E:\System\Apps\MusicPlayer\MusicPlayer.r159
    • E:\System\Apps\MusicPlayer\MusicPlayer.r31
    • E:\System\Apps\Opera\Opera.App
    • E:\System\Apps\Opera\Opera.a159
    • E:\System\Apps\Opera\Opera.a31
    • E:\System\Apps\Opera\Opera.r159
    • E:\System\Apps\Opera\Opera.r31
    • E:\System\Apps\Opera\bookmarks
    • E:\System\Apps\Opera\csr.css
    • E:\System\Apps\Opera\opera.def
    • E:\System\Apps\Opera\opf.css
    • E:\System\Apps\Opera\wml.css
    • E:\System\Apps\PMODE\PMODE.App
    • E:\System\Apps\PMODE\PMODE.a159
    • E:\System\Apps\PMODE\PMODE.a31
    • E:\System\Apps\PMODE\PMODE.r159
    • E:\System\Apps\PMODE\PMODE.r31
    • E:\System\Apps\Phoneapp\PhoneApp.r159
    • E:\System\Apps\Phoneapp\PhoneApp.r31
    • E:\System\Apps\Phoneapp\Phoneapp.a159
    • E:\System\Apps\Phoneapp\Phoneapp.a31
    • E:\System\Apps\Phoneapp\SDPicMask.mbm
    • E:\System\Apps\Phoneapp\phoneApp.App
    • E:\System\Apps\Phoneapp\phoneapp_caption.r159
    • E:\System\Apps\Phoneapp\phoneapp_caption.r31
    • E:\System\Apps\PhotoBase\PhotoBase.App
    • E:\System\Apps\Picodrive\Picodrive.App
    • E:\System\Apps\PowerFile\PowerFile.App
    • E:\System\Apps\Shell\Shell.a159
    • E:\System\Apps\Shell\Shell.a31
    • E:\System\Apps\SkyForce\SkyForce.App
    • E:\System\Apps\SmartMovie\SmartMovie.App
    • E:\System\Apps\Switcher\Switcher.App
    • E:\System\Apps\Tasks\Tasks.App
    • E:\System\Apps\Tasks\Tasks.a159
    • E:\System\Apps\Tasks\Tasks.a31
    • E:\System\Apps\Typepad\Typepad.App
    • E:\System\Apps\VisualRadio\VisualRadio.App
    • E:\System\Apps\VisualRadio\visualradio.a159
    • E:\System\Apps\VisualRadio\visualradio.a31
    • E:\System\Apps\VisualRadio\visualradio.r159
    • E:\System\Apps\VisualRadio\visualradio.r31
    • E:\System\Apps\VoiceRec\VoiceRec.a159
    • E:\System\Apps\VoiceRec\VoiceRec.a31
    • E:\System\Apps\VoiceRec\VoiceRec.app
    • E:\System\Apps\VoiceRec\VoiceRec.r159
    • E:\System\Apps\VoiceRec\VoiceRec.r31
    • E:\System\Apps\WILDSKIN\WILDSKIN.App
    • E:\System\Apps\extendedrecorder\extendedrecorder.App
    • E:\System\Apps\flashlight\flashlight.App
    • E:\System\Apps\implus\implus.App
    • E:\System\Apps\irremote\irRemote.App
    • E:\System\Apps\logoMan\logoMan.app
    • E:\System\Apps\mmp\mmp.App
    • E:\System\Apps\msn\msn.App
    • E:\System\Apps\muma\MuMa.App
    • E:\System\Apps\putty\putty.App
    • E:\System\Apps\vpnpolins\vpnpolins.aif
    • E:\System\Apps\vpnpolins\vpnpolins.app
    • E:\System\Apps\vpnpolins\vpnpolins.rsc
    • E:\autorun.inf
    • E:\etelmm.dll
    • E:\etelpckt.dll
    • E:\etelsat.dll


  5. Exit the file manager.


Writeup By: Yana Liu
Search by name
Example: W32.Beagle.AG@mm
Windows 7
Windows Vista Security
©1995 - 2009 Symantec Corporation
Site Map|
Legal Notices|
Privacy Policy|
|
Contact Us|
Global Sites|
License Agreements|
RSS