||||
Symantec.com > Security Response > Threats and Risks > SymbOS.Skulls.O
PRINT THIS PAGE

SymbOS.Skulls.O - Removal

Risk Level 1: Very Low

Printer Friendly Page

Discovered: December 13, 2005
Updated: February 13, 2007 12:49:57 PM
Type: Trojan Horse
Systems Affected: EPOC


  1. Install a file manager program on the device.

  2. Enable the option to view the files in the system folder.

  3. Delete the following malicious files:

    • Space_Cadet_Pinball-Created_by-JoN.sis
    • autoexecdaemon.sis
    • info.sis
    • metals.sis
    • ILoveU.sis
    • \system\install\Space_Cadet_Pinball-Created_by-JoN.sis

  4. Delete the following files before reboot the mobile device:

    • [DRIVE LETTER]:\ETel.dll
    • [DRIVE LETTER]:\etelmm.dll
    • [DRIVE LETTER]:\etelpckt.dll
    • [DRIVE LETTER]:\etelsat.dll

  5. Delete the following files and reinstall the overwritten applications if necessary:

    • [DRIVE LETTER]:\system\apps\About\About.aif
    • [DRIVE LETTER]:\system\apps\About\About.app
    • [DRIVE LETTER]:\system\apps\Anti-Virus\Anti-Virus.aif
    • [DRIVE LETTER]:\system\apps\Anti-Virus\Anti-Virus.app
    • [DRIVE LETTER]:\system\apps\Anti-Virus\Anti-Virus.rsc
    • [DRIVE LETTER]:\system\apps\Anti-Virus\FSAV.dll
    • [DRIVE LETTER]:\system\apps\Anti-Virus\FSAVDT.exe
    • [DRIVE LETTER]:\system\apps\Anti-Virus\FSAVEPOC.DAT
    • [DRIVE LETTER]:\system\apps\Anti-Virus\FSSMSManager.dll
    • [DRIVE LETTER]:\system\apps\Anti-Virus\FSSched.aif
    • [DRIVE LETTER]:\system\apps\Anti-Virus\FSSched.app
    • [DRIVE LETTER]:\system\apps\Anti-Virus\FSSched.rsc
    • [DRIVE LETTER]:\system\apps\Anti-Virus\FSUpdateManager.dll
    • [DRIVE LETTER]:\system\apps\Anti-Virus\FsAVUpdater.aif
    • [DRIVE LETTER]:\system\apps\Anti-Virus\FsAVUpdater.app
    • [DRIVE LETTER]:\system\apps\Anti-Virus\FsAVUpdater.rsc
    • [DRIVE LETTER]:\system\apps\Anti-Virus\Hydra1.DLL
    • [DRIVE LETTER]:\system\apps\Anti-Virus\backup\AVBioIcons.mbm
    • [DRIVE LETTER]:\system\apps\Anti-Virus\backup\FSBioMessage.bif
    • [DRIVE LETTER]:\system\apps\Anti-Virus\backup\FSBioMessageParser.dll
    • [DRIVE LETTER]:\system\apps\Antivirus\Antivirus.app
    • [DRIVE LETTER]:\system\apps\AppMngr\Appmngr.aif
    • [DRIVE LETTER]:\system\apps\AppMngr\Appmngr.app
    • [DRIVE LETTER]:\system\apps\Appctrl\Appctrl.aif
    • [DRIVE LETTER]:\system\apps\Appctrl\Appctrl.app
    • [DRIVE LETTER]:\system\apps\Appinst\Appinst.aif
    • [DRIVE LETTER]:\system\apps\Appinst\Appinst.app
    • [DRIVE LETTER]:\system\apps\Autolock\Autolock.aif
    • [DRIVE LETTER]:\system\apps\Autolock\Autolock.app
    • [DRIVE LETTER]:\system\apps\bootdata\bootdata.app
    • [DRIVE LETTER]:\system\apps\bootdata\bootdata_CAPTION.rsC
    • [DRIVE LETTER]:\system\apps\Browser\Browser.aif
    • [DRIVE LETTER]:\system\apps\Browser\Browser.app
    • [DRIVE LETTER]:\system\apps\BtUi\BtUi.aif
    • [DRIVE LETTER]:\system\apps\BtUi\BtUi.app
    • [DRIVE LETTER]:\system\apps\bva\bva.aif
    • [DRIVE LETTER]:\system\apps\bva\bva.app
    • [DRIVE LETTER]:\system\apps\cabirfix\cabirfix.app
    • [DRIVE LETTER]:\system\apps\Calcsoft\Calcsoft.aif
    • [DRIVE LETTER]:\system\apps\Calcsoft\Calcsoft.app
    • [DRIVE LETTER]:\system\apps\Calendar\Calendar.aif
    • [DRIVE LETTER]:\system\apps\Calendar\Calendar.app
    • [DRIVE LETTER]:\system\apps\Camcorder\Camcorder.aif
    • [DRIVE LETTER]:\system\apps\Camcorder\Camcorder.app
    • [DRIVE LETTER]:\system\apps\Camera\Camera.aif
    • [DRIVE LETTER]:\system\apps\Camera\Camera.app
    • [DRIVE LETTER]:\system\apps\CbsUiApp\CbsUiApp.aif
    • [DRIVE LETTER]:\system\apps\CbsUiApp\CbsUiApp.app
    • [DRIVE LETTER]:\system\apps\CERTSAVER\CERTSAVER.APP
    • [DRIVE LETTER]:\system\apps\CERTSAVER\CERTSAVER.aif
    • [DRIVE LETTER]:\system\apps\Chat\Chat.aif
    • [DRIVE LETTER]:\system\apps\Chat\Chat.app
    • [DRIVE LETTER]:\system\apps\ClockApp\ClockApp.aif
    • [DRIVE LETTER]:\system\apps\ClockApp\ClockApp.app
    • [DRIVE LETTER]:\system\apps\CodViewer\CodViewer.aif
    • [DRIVE LETTER]:\system\apps\CodViewer\CodViewer.app
    • [DRIVE LETTER]:\system\apps\ConnectionMonitorUi\ConnectionMonitorUi.aif
    • [DRIVE LETTER]:\system\apps\ConnectionMonitorUi\ConnectionMonitorUi.app
    • [DRIVE LETTER]:\system\apps\Converter\Converter.aif
    • [DRIVE LETTER]:\system\apps\Converter\converter.app
    • [DRIVE LETTER]:\system\apps\cshelp\cshelp.aif
    • [DRIVE LETTER]:\system\apps\cshelp\cshelp.app
    • [DRIVE LETTER]:\system\apps\data\data.app
    • [DRIVE LETTER]:\system\apps\data\data_CAPTION.rsC
    • [DRIVE LETTER]:\system\apps\DdViewer\DdViewer.aif
    • [DRIVE LETTER]:\system\apps\DdViewer\DdViewer.app
    • [DRIVE LETTER]:\system\apps\Decabir\DECABIR.APP
    • [DRIVE LETTER]:\system\apps\Dictionary\Dictionary.aif
    • [DRIVE LETTER]:\system\apps\Dictionary\dictionary.app
    • [DRIVE LETTER]:\system\apps\Disinfect\Disinfect.app
    • [DRIVE LETTER]:\system\apps\Dumb Fuck!!.jpg
    • [DRIVE LETTER]:\system\apps\efileman\efileman.aif
    • [DRIVE LETTER]:\system\apps\efileman\efileman.app
    • [DRIVE LETTER]:\system\apps\FExplorer\FExplorer.aif
    • [DRIVE LETTER]:\system\apps\FExplorer\FExplorer.app
    • [DRIVE LETTER]:\system\apps\FExplorer\FExplorer_caption.rsc
    • [DRIVE LETTER]:\system\apps\FExplorer\flo.mdl
    • [DRIVE LETTER]:\system\apps\freakappctrl\freakappctrl.app
    • [DRIVE LETTER]:\system\apps\FREAKBtUi\FREAKBtUi.R01
    • [DRIVE LETTER]:\system\apps\FREAKBtUi\FREAKBtUi.R13
    • [DRIVE LETTER]:\system\apps\FREAKBtUi\FREAKBtUi.aif
    • [DRIVE LETTER]:\system\apps\FREAKBtUi\FREAKBtUi.app
    • [DRIVE LETTER]:\system\apps\FREAKBtUi\FREAKBtUi_CAPTION.R13
    • [DRIVE LETTER]:\system\apps\FREAKBtUi\FREAKBtUi_CAPTION.r01
    • [DRIVE LETTER]:\system\apps\FREAKPhoneBook\FREAKPhoneBook.APP
    • [DRIVE LETTER]:\system\apps\FREAKPhoneBook\FREAKPhoneBook.R01
    • [DRIVE LETTER]:\system\apps\FREAKPhoneBook\FREAKPhoneBook.R13
    • [DRIVE LETTER]:\system\apps\FREAKPhoneBook\FREAKPhoneBook.aif
    • [DRIVE LETTER]:\system\apps\FREAKPhoneBook\FREAKPhoneBook_CAPTION.R13
    • [DRIVE LETTER]:\system\apps\FREAKPhoneBook\FREAKPhoneBook_CAPTION.r01
    • [DRIVE LETTER]:\system\apps\FileManager\FileManager.aif
    • [DRIVE LETTER]:\system\apps\FileManager\FileManager.app
    • [DRIVE LETTER]:\system\apps\FileView\FileView.aif
    • [DRIVE LETTER]:\system\apps\FileView\FileView.app
    • [DRIVE LETTER]:\system\apps\File\File.aif
    • [DRIVE LETTER]:\system\apps\File\File.app
    • [DRIVE LETTER]:\system\apps\gavno\gavno.App
    • [DRIVE LETTER]:\system\apps\gavno\gavno.Rsc
    • [DRIVE LETTER]:\system\apps\gavno\gavno_caption.Rsc
    • [DRIVE LETTER]:\system\apps\GS\GS.aif
    • [DRIVE LETTER]:\system\apps\GS\gs.app
    • [DRIVE LETTER]:\system\apps\ILoveU\ILU.mdl
    • [DRIVE LETTER]:\system\apps\ILoveU\ILoveU.APP
    • [DRIVE LETTER]:\system\apps\ILoveU\ILoveU.RSC
    • [DRIVE LETTER]:\system\apps\ILoveU\ILoveU.aif
    • [DRIVE LETTER]:\system\apps\ImageViewer\ImageViewer.aif
    • [DRIVE LETTER]:\system\apps\ImageViewer\ImageViewer.app
    • [DRIVE LETTER]:\system\apps\install\autoexecdaemon.SIS
    • [DRIVE LETTER]:\system\apps\IrApp\IrApp.aif
    • [DRIVE LETTER]:\system\apps\IrApp\IrApp.app
    • [DRIVE LETTER]:\system\apps\Kill Sadam\Kill sadam.app
    • [DRIVE LETTER]:\system\apps\Kill Sadam\Kill sadam.rsc
    • [DRIVE LETTER]:\system\apps\Kill Sadam\kill sadam1.rsc
    • [DRIVE LETTER]:\system\apps\Kill Sadam\zKill sadam.aif
    • [DRIVE LETTER]:\system\apps\location\location.aif
    • [DRIVE LETTER]:\system\apps\location\location.app
    • [DRIVE LETTER]:\system\apps\Logs\Logs.aif
    • [DRIVE LETTER]:\system\apps\Logs\Logs.app
    • [DRIVE LETTER]:\system\apps\mce\mce.aif
    • [DRIVE LETTER]:\system\apps\mce\mce.app
    • [DRIVE LETTER]:\system\apps\MediaGallery\MediaGallery.aif
    • [DRIVE LETTER]:\system\apps\MediaGallery\MediaGallery.app
    • [DRIVE LETTER]:\system\apps\MediaPlayer\MediaPlayer.aif
    • [DRIVE LETTER]:\system\apps\MediaPlayer\MediaPlayer.app
    • [DRIVE LETTER]:\system\apps\MediaSettings\MediaSettings.aif
    • [DRIVE LETTER]:\system\apps\MediaSettings\MediaSettings.app
    • [DRIVE LETTER]:\system\apps\Menu\Menu.aif
    • [DRIVE LETTER]:\system\apps\Menu\Menu.app
    • [DRIVE LETTER]:\system\apps\mmcapp\mmcapp.aif
    • [DRIVE LETTER]:\system\apps\mmcapp\mmcapp.app
    • [DRIVE LETTER]:\system\apps\MMM\MMM.aif
    • [DRIVE LETTER]:\system\apps\MMM\MMM.app
    • [DRIVE LETTER]:\system\apps\MmsEditor\MmsEditor.aif
    • [DRIVE LETTER]:\system\apps\MmsEditor\MmsEditor.app
    • [DRIVE LETTER]:\system\apps\MmsViewer\MmsViewer.aif
    • [DRIVE LETTER]:\system\apps\MmsViewer\MmsViewer.app
    • [DRIVE LETTER]:\system\apps\MsgMailEditor\MsgMailEditor.aif
    • [DRIVE LETTER]:\system\apps\MsgMailEditor\MsgMailEditor.app
    • [DRIVE LETTER]:\system\apps\MsgMailViewer\MsgMailViewer.aif
    • [DRIVE LETTER]:\system\apps\MsgMailViewer\MsgMailViewer.app
    • [DRIVE LETTER]:\system\apps\MusicPlayer\MusicPlayer.aif
    • [DRIVE LETTER]:\system\apps\MusicPlayer\MusicPlayer.app
    • [DRIVE LETTER]:\system\apps\nokiaapps\nokiaapps.app
    • [DRIVE LETTER]:\system\apps\nokiaapps\nokiaapps_CAPTION.rsC
    • [DRIVE LETTER]:\system\apps\nokiafile\data.cfg
    • [DRIVE LETTER]:\system\apps\nokiafile\img.mbm
    • [DRIVE LETTER]:\system\apps\nokiafile\nokiafile.aif
    • [DRIVE LETTER]:\system\apps\nokiafile\nokiafile.app
    • [DRIVE LETTER]:\system\apps\nokiafile\nokiafile.rsc
    • [DRIVE LETTER]:\system\apps\nokiafile\nokiafile_caption.rsc
    • [DRIVE LETTER]:\system\apps\Notepad\Notepad.aif
    • [DRIVE LETTER]:\system\apps\Notepad\Notepad.app
    • [DRIVE LETTER]:\system\apps\NpdViewer\NpdViewer.aif
    • [DRIVE LETTER]:\system\apps\NpdViewer\NpdViewer.app
    • [DRIVE LETTER]:\system\apps\NSmlDMSync\NSmlDMSync.aif
    • [DRIVE LETTER]:\system\apps\NSmlDMSync\NSmlDMSync.app
    • [DRIVE LETTER]:\system\apps\NSmlDSSync\NSmlDSSync.aif
    • [DRIVE LETTER]:\system\apps\NSmlDSSync\NSmlDSSync.app
    • [DRIVE LETTER]:\system\apps\OIDI500\OIDI500.aif
    • [DRIVE LETTER]:\system\apps\OIDI500\OIDI500.app
    • [DRIVE LETTER]:\system\apps\OIDI500\OIDI500.mdl
    • [DRIVE LETTER]:\system\apps\OIDI500\OIDI500.rsc
    • [DRIVE LETTER]:\system\apps\PRESENCE\PRESENCE.APP
    • [DRIVE LETTER]:\system\apps\PRESENCE\PRESENCE.aif
    • [DRIVE LETTER]:\system\apps\PSLN\PSLN.aif
    • [DRIVE LETTER]:\system\apps\PSLN\PSLN.app
    • [DRIVE LETTER]:\system\apps\Phone\Phone.aif
    • [DRIVE LETTER]:\system\apps\Phone\Phone.app
    • [DRIVE LETTER]:\system\apps\Phonebook\Phonebook.aif
    • [DRIVE LETTER]:\system\apps\Phonebook\Phonebook.app
    • [DRIVE LETTER]:\system\apps\Pinboard\Pinboard.aif
    • [DRIVE LETTER]:\system\apps\Pinboard\Pinboard.app
    • [DRIVE LETTER]:\system\apps\pjBLUE\pjBLUE.APP
    • [DRIVE LETTER]:\system\apps\pjBLUE\pjBLUE.aif
    • [DRIVE LETTER]:\system\apps\pjBLUE\pjBLUE_CAPTION.rsC
    • [DRIVE LETTER]:\system\apps\ProfiExplorer\ProfiExplorer.aif
    • [DRIVE LETTER]:\system\apps\ProfiExplorer\ProfiExplorer.app
    • [DRIVE LETTER]:\system\apps\ProfiExplorer\ProfiExplorer.rsc
    • [DRIVE LETTER]:\system\apps\ProfileApp\ProfileApp.aif
    • [DRIVE LETTER]:\system\apps\ProfileApp\profileapp.app
    • [DRIVE LETTER]:\system\apps\Profimail\Data\Alert.mid
    • [DRIVE LETTER]:\system\apps\Profimail\Data\PM_S60.dta
    • [DRIVE LETTER]:\system\apps\Profimail\Data\config.bin
    • [DRIVE LETTER]:\system\apps\Profimail\Data\messages.bin
    • [DRIVE LETTER]:\system\apps\Profimail\Data\shop.txt
    • [DRIVE LETTER]:\system\apps\Profimail\ProfiMail.aif
    • [DRIVE LETTER]:\system\apps\Profimail\ProfiMail.app
    • [DRIVE LETTER]:\system\apps\Profimail\ProfiMail.rsc
    • [DRIVE LETTER]:\system\apps\ProvisioningCx\ProvisioningCx.aif
    • [DRIVE LETTER]:\system\apps\ProvisioningCx\ProvisioningCx.app
    • [DRIVE LETTER]:\system\apps\PushViewer\PushViewer.aif
    • [DRIVE LETTER]:\system\apps\PushViewer\PushViewer.app
    • [DRIVE LETTER]:\system\apps\Satui\Satui.aif
    • [DRIVE LETTER]:\system\apps\Satui\Satui.app
    • [DRIVE LETTER]:\system\apps\SchemeApp\SchemeApp.aif
    • [DRIVE LETTER]:\system\apps\SchemeApp\SchemeApp.app
    • [DRIVE LETTER]:\system\apps\ScreenSaver\ScreenSaver.aif
    • [DRIVE LETTER]:\system\apps\ScreenSaver\ScreenSaver.app
    • [DRIVE LETTER]:\system\apps\Sdn\Sdn.aif
    • [DRIVE LETTER]:\system\apps\Sdn\Sdn.app
    • [DRIVE LETTER]:\system\apps\SimDirectory\SimDirectory.aif
    • [DRIVE LETTER]:\system\apps\SimDirectory\SimDirectory.app
    • [DRIVE LETTER]:\system\apps\SmartFileMan\SmartFileMan.aif
    • [DRIVE LETTER]:\system\apps\SmartFileMan\SmartFileMan.app
    • [DRIVE LETTER]:\system\apps\smartmovie\smartmovie.APP
    • [DRIVE LETTER]:\system\apps\SmsEditor\SmsEditor.aif
    • [DRIVE LETTER]:\system\apps\SmsEditor\SmsEditor.app
    • [DRIVE LETTER]:\system\apps\SmsViewer\SmsViewer.aif
    • [DRIVE LETTER]:\system\apps\SmsViewer\SmsViewer.app
    • [DRIVE LETTER]:\system\apps\Speeddial\Speeddial.aif
    • [DRIVE LETTER]:\system\apps\Speeddial\Speeddial.app
    • [DRIVE LETTER]:\system\apps\Startup\Startup.aif
    • [DRIVE LETTER]:\system\apps\Startup\Startup.app
    • [DRIVE LETTER]:\system\apps\SymCommander\SymCommander.aif
    • [DRIVE LETTER]:\system\apps\SymCommander\SymCommander.app
    • [DRIVE LETTER]:\system\apps\SysAp\SysAp.aif
    • [DRIVE LETTER]:\system\apps\SysAp\SysAp.app
    • [DRIVE LETTER]:\system\apps\SystemExplorer\SystemExplorer.aif
    • [DRIVE LETTER]:\system\apps\SystemExplorer\SystemExplorer.app
    • [DRIVE LETTER]:\system\apps\Tee222\222.mdl
    • [DRIVE LETTER]:\system\apps\Tee222\Tee222.aif
    • [DRIVE LETTER]:\system\apps\Tee222\Tee222.app
    • [DRIVE LETTER]:\system\apps\Tee222\Tee222.rsc
    • [DRIVE LETTER]:\system\apps\Tee222\Tee222_CAPTION.rsC
    • [DRIVE LETTER]:\system\apps\ToDo\ToDo.aif
    • [DRIVE LETTER]:\system\apps\ToDo\ToDo.app
    • [DRIVE LETTER]:\system\apps\UltraMP3\UltraMP3.app
    • [DRIVE LETTER]:\system\apps\Ussd\Ussd.aif
    • [DRIVE LETTER]:\system\apps\Ussd\Ussd.app
    • [DRIVE LETTER]:\system\apps\VCommand\VCommand.aif
    • [DRIVE LETTER]:\system\apps\VCommand\VCommand.app
    • [DRIVE LETTER]:\system\apps\velasco\marcos.mdl
    • [DRIVE LETTER]:\system\apps\velasco\velasco.app
    • [DRIVE LETTER]:\system\apps\velasco\velasco.rsc
    • [DRIVE LETTER]:\system\apps\Vm\Vm.aif
    • [DRIVE LETTER]:\system\apps\Vm\Vm.app
    • [DRIVE LETTER]:\system\apps\Voicerecorder\Voicerecorder.aif
    • [DRIVE LETTER]:\system\apps\Voicerecorder\Voicerecorder.app
    • [DRIVE LETTER]:\system\apps\WALLETAVMGMT\WALLETAVMGMT.APP
    • [DRIVE LETTER]:\system\apps\WALLETAVMGMT\WALLETAVMGMT.aif
    • [DRIVE LETTER]:\system\apps\WALLETAVOTA\WALLETAVOTA.APP
    • [DRIVE LETTER]:\system\apps\WALLETAVOTA\WALLETAVOTA.aif
    • [DRIVE LETTER]:\system\Fonts\11x12 euro_fonts.gdr
    • [DRIVE LETTER]:\system\Fonts\Kill sadam font.gdr
    • [DRIVE LETTER]:\system\install\autoexecdaemon.SIS
    • [DRIVE LETTER]:\system\RECOGS\ILU.mdl
    • [DRIVE LETTER]:\system\RECOGS\RecAppForge.mdl
    • [DRIVE LETTER]:\system\RECOGS\UltraMP3Rec.mdl
    • [DRIVE LETTER]:\system\RECOGS\flo.mdl
    • [DRIVE LETTER]:\system\RECOGS\jjlas.mdl
    • [DRIVE LETTER]:\system\RECOGS\recAutoExec.mdl
    • [DRIVE LETTER]:\system\SYMBIANSECUREDATA
      \CARIBESECURITYMANAGER\INFO.SIS
    • [DRIVE LETTER]:\system\SYMBIANSECUREDATA
      \CARIBESECURITYMANAGER\METALG.SIS
    • [DRIVE LETTER]:\system\ThNdRbRdMainFiles
      \ThNdRbRdSecuritySystm\Dont4get2readme.txt
    • [DRIVE LETTER]!:\system\ThNdRbRdMainFiles\ThNdRbRdSecuritySystm\ILoveU.APP
    • [DRIVE LETTER]:\system\ThNdRbRdMainFiles\ThNdRbRdSecuritySystm\ILoveU.RSC
    • [DRIVE LETTER]:\system\ThNdRbRdMainFiles\ThNdRbRdSecuritySystm\ILoveU.sis

  6. Exit the file manager.


Writeup By: Yana Liu
Search by name
Example: W32.Beagle.AG@mm
Limited Time Offers! Save up to 50%
Windows Vista Security
©1995 - 2009 Symantec Corporation
Site Map|
Legal Notices|
Privacy Policy|
|
Contact Us|
Global Sites|
License Agreements|
RSS