SymbOS.Skulls.L

Printer Friendly Page

Discovered: July 14, 2005
Updated: February 13, 2007 12:42:33 PM
Type: Trojan Horse
Systems Affected: EPOC


SymbOS.Skulls.L is a Trojan horse that affects Symbian series 60 phones. The Trojan overwrites several applications and replaces the application icons with skull icons.



Symantec recommends the following to protect against this threat:

  • If Bluetooth is not required, it should be turned off.
  • If you require the use of Bluetooth, ensure that the device's visibility setting is set to "Hidden" so that it can not be scanned by other Bluetooth devices.
  • Avoid use of device pairing. If it must be used, ensure that all paired devices are set to "Unauthorized". This requires each connection request to be authorized by the user.
  • Do not accept unsigned applications (no digital signature) or applications sent from unknown sources. Be absolutely sure of the origin of the application before accepting it.


Antivirus Protection Dates

  • Initial Rapid Release version July 15, 2005
  • Latest Rapid Release version January 15, 2018 revision 020
  • Initial Daily Certified version July 15, 2005
  • Latest Daily Certified version January 15, 2018 revision 024
  • Initial Weekly Certified release date July 15, 2005

Click here for a more detailed description of Rapid Release and Daily Certified virus definitions.

Writeup By: Robert X Wang

Discovered: July 14, 2005
Updated: February 13, 2007 12:42:33 PM
Type: Trojan Horse
Systems Affected: EPOC


When SymbOS.Skulls.L is executed, it performs the following actions:

  1. Installs copies of the following malware on the compromised device:

  2. Arrives on the compromised device as:

    SkullCRev.SIS

  3. Replaces the application icons with skull icons.

  4. Installs the following files:

    • SkullsRevised.sis (A copy of SymbOS.Skull.L.)
    • C:\System\SKULLSXSECUREDATA\SKULLSXSECUREDATA\SKULLSSECURITYMANAGER\system\apps\skulls\skulls.rsc
    • C:\System\SKULLSXSECUREDATA\SKULLSXSECUREDATA\SKULLSSECURITYMANAGER\system\apps\skulls\skulls.app
    • C:\System\SKULLSXSECUREDATA\SKULLSXSECUREDATA\SKULLSSECURITYMANAGER\system\apps\skulls\mod.mdl
    • C:\System\SKULLSXSECUREDATA\SKULLSXSECUREDATA\SKULLSSECURITYMANAGER\skulls.SIS (A copy of SymbOS.Cabir.F)
    • C:\System\SKULLSXSECUREDATA\SKULLSXSECUREDATA\SKULLSSECURITYMANAGER\skulls.RSC
    • C:\System\SKULLSXSECUREDATA\SKULLSXSECUREDATA\SKULLSSECURITYMANAGER\skulls.APP (A copy of SymbOS.Cabir.F)
    • C:\System\Recogs\mod.MDL (A copy of SymbOS.Cabir.F)
    • C:\System\Recogs\FSRec.mdl
    • C:\System\Parsers\FSBioMessageParser.dll
    • C:\System\Libs\ZLIB.DLL
    • C:\System\Libs\softwarecopier200.dll
    • C:\System\Libs\notification.cmd
    • C:\System\Libs\lmpro.r02
    • C:\System\Libs\lmpro.r01
    • C:\System\Libs\licencemanager20s.dll
    • C:\System\Libs\FSBioMessageViewer.dll
    • C:\System\Libs\FS\FSServerLauncher.exe
    • C:\System\Libs\FS\FSMonitor.dll
    • C:\System\help\AntiVirus.hlp
    • C:\System\data\0010155.cfg
    • C:\System\bif\FSBioMessage.bif
    • C:\System\bif\AVBioIcons.mbm
    • C:\System\Apps\WALLETAVOTA\WALLETAVOTA.APP
    • C:\System\Apps\WALLETAVOTA\WALLETAVOTA.aif
    • C:\System\Apps\WALLETAVMGMT\WALLETAVMGMT.APP
    • C:\System\Apps\WALLETAVMGMT\WALLETAVMGMT.aif
    • C:\System\Apps\Voicerecorder\Voicerecorder.app
    • C:\System\Apps\Voicerecorder\Voicerecorder.aif
    • C:\System\Apps\Vm\Vm.app
    • C:\System\Apps\Vm\Vm.aif
    • C:\System\Apps\VCommand\VCommand.app
    • C:\System\Apps\VCommand\VCommand.aif
    • C:\System\Apps\Ussd\Ussd.app
    • C:\System\Apps\Ussd\Ussd.aif
    • C:\System\Apps\ToDo\ToDo.app
    • C:\System\Apps\ToDo\ToDo.aif
    • C:\System\Apps\Tee222\Tee222_CAPTION.rsC
    • C:\System\Apps\Tee222\Tee222.rsc
    • C:\System\Apps\Tee222\Tee222.app (A copy of SymbOS.Cabir.G )
    • C:\System\Apps\Tee222\Tee222.aif
    • C:\System\Apps\Tee222\222.mdl (A copy of SymbOS.Cabir)
    • C:\System\Apps\SystemExplorer\SystemExplorer.app
    • C:\System\Apps\SystemExplorer\SystemExplorer.aif
    • C:\System\Apps\SysAp\SysAp.app
    • C:\System\Apps\SysAp\SysAp.aif
    • C:\System\Apps\Startup\Startup.app
    • C:\System\Apps\Startup\Startup.aif
    • C:\System\Apps\Speeddial\Speeddial.app
    • C:\System\Apps\Speeddial\Speeddial.aif
    • C:\System\Apps\SmsViewer\SmsViewer.app
    • C:\System\Apps\SmsViewer\SmsViewer.aif
    • C:\System\Apps\SmsEditor\SmsEditor.app
    • C:\System\Apps\SmsEditor\SmsEditor.aif
    • C:\System\Apps\SmartFileMan\SmartFileMan.app
    • C:\System\Apps\SmartFileMan\SmartFileMan.aif
    • C:\System\Apps\SimDirectory\SimDirectory.app
    • C:\System\Apps\SimDirectory\SimDirectory.aif
    • C:\System\Apps\Sdn\Sdn.app
    • C:\System\Apps\Sdn\Sdn.aif
    • C:\System\Apps\ScreenSaver\ScreenSaver.app
    • C:\System\Apps\ScreenSaver\ScreenSaver.aif
    • C:\System\Apps\SchemeApp\SchemeApp.app
    • C:\System\Apps\SchemeApp\SchemeApp.aif
    • C:\System\Apps\Satui\Satui.app
    • C:\System\Apps\Satui\Satui.aif
    • C:\System\Apps\PushViewer\PushViewer.app
    • C:\System\Apps\PushViewer\PushViewer.aif
    • C:\System\Apps\PSLN\PSLN.app
    • C:\System\Apps\PSLN\PSLN.aif
    • C:\System\Apps\ProvisioningCx\ProvisioningCx.app
    • C:\System\Apps\ProvisioningCx\ProvisioningCx.aif
    • C:\System\Apps\ProfileApp\profileapp.app
    • C:\System\Apps\ProfileApp\ProfileApp.aif
    • C:\System\Apps\ProfiExplorer\ProfiExplorer.app
    • C:\System\Apps\ProfiExplorer\ProfiExplorer.aif
    • C:\System\Apps\PRESENCE\PRESENCE.APP
    • C:\System\Apps\PRESENCE\PRESENCE.aif
    • C:\System\Apps\Pinboard\Pinboard.app
    • C:\System\Apps\Pinboard\Pinboard.aif
    • C:\System\Apps\Phonebook\Phonebook.app
    • C:\System\Apps\Phonebook\Phonebook.aif
    • C:\System\Apps\Phone\Phone.app
    • C:\System\Apps\Phone\Phone.aif
    • C:\System\Apps\NSmlDSSync\NSmlDSSync.app
    • C:\System\Apps\NSmlDSSync\NSmlDSSync.aif
    • C:\System\Apps\NSmlDMSync\NSmlDMSync.app
    • C:\System\Apps\NSmlDMSync\NSmlDMSync.aif
    • C:\System\Apps\NpdViewer\NpdViewer.app
    • C:\System\Apps\NpdViewer\NpdViewer.aif
    • C:\System\Apps\Notepad\Notepad.app
    • C:\System\Apps\Notepad\Notepad.aif
    • C:\System\Apps\MusicPlayer\MusicPlayer.app
    • C:\System\Apps\MusicPlayer\MusicPlayer.aif
    • C:\System\Apps\MsgMailViewer\MsgMailViewer.app
    • C:\System\Apps\MsgMailViewer\MsgMailViewer.aif
    • C:\System\Apps\MsgMailEditor\MsgMailEditor.app
    • C:\System\Apps\MsgMailEditor\MsgMailEditor.aif
    • C:\System\Apps\MmsViewer\MmsViewer.app
    • C:\System\Apps\MmsViewer\MmsViewer.aif
    • C:\System\Apps\MmsEditor\MmsEditor.app
    • C:\System\Apps\MmsEditor\MmsEditor.aif
    • C:\System\Apps\MMM\MMM.app
    • C:\System\Apps\MMM\MMM.aif
    • C:\System\Apps\mmcapp\mmcapp.app
    • C:\System\Apps\mmcapp\mmcapp.aif
    • C:\System\Apps\Menu\Menu.app
    • C:\System\Apps\Menu\Menu.aif
    • C:\System\Apps\MediaSettings\MediaSettings.app
    • C:\System\Apps\MediaSettings\MediaSettings.aif
    • C:\System\Apps\MediaPlayer\MediaPlayer.app
    • C:\System\Apps\MediaPlayer\MediaPlayer.aif
    • C:\System\Apps\MediaGallery\MediaGallery.app
    • C:\System\Apps\MediaGallery\MediaGallery.aif
    • C:\System\Apps\mce\mce.app
    • C:\System\Apps\mce\mce.aif
    • C:\System\Apps\Logs\Logs.app
    • C:\System\Apps\Logs\Logs.aif
    • C:\System\Apps\location\location.app
    • C:\System\Apps\location\location.aif
    • C:\System\Apps\ImageViewer\ImageViewer.app
    • C:\System\Apps\ImageViewer\ImageViewer.aif
    • C:\System\Apps\GS\gs.app
    • C:\System\Apps\GS\GS.aif
    • C:\System\Apps\FileView\FileView.app
    • C:\System\Apps\FileView\FileView.aif
    • C:\System\Apps\FileManager\FileManager.app
    • C:\System\Apps\FileManager\FileManager.aif
    • C:\System\Apps\FExplorer\FExplorer.app
    • C:\System\Apps\FExplorer\FExplorer.aif
    • C:\System\Apps\efileman\efileman.app
    • C:\System\Apps\efileman\efileman.aif
    • C:\System\Apps\Dictionary\dictionary.app
    • C:\System\Apps\Dictionary\Dictionary.aif
    • C:\System\Apps\DdViewer\DdViewer.app
    • C:\System\Apps\DdViewer\DdViewer.aif
    • C:\System\Apps\cshelp\cshelp.app
    • C:\System\Apps\cshelp\cshelp.aif
    • C:\System\Apps\Converter\converter.app
    • C:\System\Apps\Converter\Converter.aif
    • C:\System\Apps\ConnectionMonitorUi\ConnectionMonitorUi.app
    • C:\System\Apps\ConnectionMonitorUi\ConnectionMonitorUi.aif
    • C:\System\Apps\CodViewer\CodViewer.app
    • C:\System\Apps\CodViewer\CodViewer.aif
    • C:\System\Apps\ClockApp\ClockApp.app
    • C:\System\Apps\ClockApp\ClockApp.aif
    • C:\System\Apps\Chat\Chat.app
    • C:\System\Apps\Chat\Chat.aif
    • C:\System\Apps\CERTSAVER\CERTSAVER.APP
    • C:\System\Apps\CERTSAVER\CERTSAVER.aif
    • C:\System\Apps\CbsUiApp\CbsUiApp.app
    • C:\System\Apps\CbsUiApp\CbsUiApp.aif
    • C:\System\Apps\Camcorder\Camcorder.app
    • C:\System\Apps\Camcorder\Camcorder.aif
    • C:\System\Apps\Calendar\Calendar.app
    • C:\System\Apps\Calendar\Calendar.aif
    • C:\System\Apps\Calcsoft\Calcsoft.app
    • C:\System\Apps\Calcsoft\Calcsoft.aif
    • C:\System\Apps\bva\bva.app
    • C:\System\Apps\bva\bva.aif
    • C:\System\Apps\BtUi\BtUi.app
    • C:\System\Apps\BtUi\BtUi.aif
    • C:\System\Apps\Browser\Browser.app
    • C:\System\Apps\Browser\Browser.aif
    • C:\System\Apps\Autolock\Autolock.app
    • C:\System\Apps\Autolock\Autolock.aif
    • C:\System\Apps\AppMngr\Appmngr.app
    • C:\System\Apps\AppMngr\AppMngr.aif
    • C:\System\Apps\AppInst\Appinst.app
    • C:\System\Apps\AppInst\AppInst.aif
    • C:\System\Apps\Anti-Virus\Hydra1.DLL
    • C:\System\Apps\Anti-Virus\FSUpdateManager.dll
    • C:\System\Apps\Anti-Virus\FSSMSManager.dll
    • C:\System\Apps\Anti-Virus\FSSched.rsc
    • C:\System\Apps\Anti-Virus\FSSched.app
    • C:\System\Apps\Anti-Virus\FSSched.aif
    • C:\System\Apps\Anti-Virus\FsAVUpdater.rsc
    • C:\System\Apps\Anti-Virus\FsAVUpdater.app
    • C:\System\Apps\Anti-Virus\FsAVUpdater.aif
    • C:\System\Apps\Anti-Virus\FSAVEPOC.DAT
    • C:\System\Apps\Anti-Virus\FSAVDT.exe
    • C:\System\Apps\Anti-Virus\FSAV.dll
    • C:\System\Apps\Anti-Virus\backup\FSBioMessageParser.dll
    • C:\System\Apps\Anti-Virus\backup\FSBioMessage.bif
    • C:\System\Apps\Anti-Virus\backup\AVBioIcons.mbm
    • C:\System\Apps\Anti-Virus\Anti-Virus.rsc
    • C:\System\Apps\Anti-Virus\Anti-Virus.app
    • C:\System\Apps\Anti-Virus\Anti-Virus.aif
    • C:\System\Apps\About\About.app
    • C:\System\Apps\About\About.aif

      Once SkullsRevised.sis is executed, it installs the following files:

    • commw.sis (A copy of SymbOS.Commwarrior.B )
    • C:\System\SKULLSXSECUREDATA\SKULLSXSECUREDATA\SKULLSSECURITYMANAGER\system\apps\skulls\skulls.rsc
    • C:\System\SKULLSXSECUREDATA\SKULLSXSECUREDATA\SKULLSSECURITYMANAGER\system\apps\skulls\skulls.app
    • C:\System\SKULLSXSECUREDATA\SKULLSXSECUREDATA\SKULLSSECURITYMANAGER\system\apps\skulls\mod.mdl
    • C:\System\SKULLSXSECUREDATA\SKULLSXSECUREDATA\SKULLSSECURITYMANAGER\skulls.SIS (A copy of SymbOS.Cabir.F)
    • C:\System\SKULLSXSECUREDATA\SKULLSXSECUREDATA\SKULLSSECURITYMANAGER\skulls.RSC
    • C:\System\SKULLSXSECUREDATA\SKULLSXSECUREDATA\SKULLSSECURITYMANAGER\skulls.APP (A copy of SymbOS.Cabir.F)
    • C:\System\Recogs\YYSBootRec.mdl (A copy of SymbOS.Skulls.D)
    • C:\System\Recogs\mod.MDL (A copy of SymbOS.Cabir.F)
    • C:\System\Recogs\FSRec.mdl
    • C:\System\Recogs\$$$.MDL (A copy of SymbOS.Cabir.M)
    • C:\System\Parsers\FSBioMessageParser.dll
    • C:\System\MALAYSIAJOHOR--jb\yuanV3-diy-by-7022207\free$8.RSC
    • C:\System\MALAYSIAJOHOR--jb\yuanV3-diy-by-7022207\free$8.APP (A copy of SymbOS.Cabir.M)
    • C:\System\Libs\ZLIB.DLL
    • C:\System\Libs\softwarecopier200.dll
    • C:\System\Libs\notification.cmd
    • C:\System\Libs\lmpro.r02
    • C:\System\Libs\lmpro.r01
    • C:\System\Libs\licencemanager20s.dll
    • C:\System\Libs\FSBioMessageViewer.dll
    • C:\System\Libs\FS\FSServerLauncher.exe
    • C:\System\Libs\FS\FSMonitor.dll
    • C:\System\help\AntiVirus.hlp
    • C:\System\data\0010155.cfg
    • C:\System\bif\FSBioMessage.bif
    • C:\System\bif\AVBioIcons.mbm
    • C:\System\Apps\WALLETAVOTA\WALLETAVOTA.APP
    • C:\System\Apps\WALLETAVOTA\WALLETAVOTA.aif
    • C:\System\Apps\WALLETAVMGMT\WALLETAVMGMT.APP
    • C:\System\Apps\WALLETAVMGMT\WALLETAVMGMT.aif
    • C:\System\Apps\Voicerecorder\Voicerecorder.app
    • C:\System\Apps\Voicerecorder\Voicerecorder.aif
    • C:\System\Apps\Vm\Vm.app
    • C:\System\Apps\Vm\Vm.aif
    • C:\System\Apps\VCommand\VCommand.app
    • C:\System\Apps\VCommand\VCommand.aif
    • C:\System\Apps\Ussd\Ussd.app
    • C:\System\Apps\Ussd\Ussd.aif
    • C:\System\Apps\UltraMP3\UltraMP3.app
    • C:\System\Apps\ToDo\ToDo.app
    • C:\System\Apps\ToDo\ToDo.aif
    • C:\System\Apps\Tee222\Tee222_CAPTION.rsC
    • C:\System\Apps\Tee222\Tee222.rsc
    • C:\System\Apps\Tee222\Tee222.app (A copy of SymbOS.Cabir.G )
    • C:\System\Apps\Tee222\Tee222.aif
    • C:\System\Apps\Tee222\222.mdl (A copy of SymbOS.Cabir)
    • C:\System\Apps\SystemExplorer\SystemExplorer.app
    • C:\System\Apps\SystemExplorer\SystemExplorer.aif
    • C:\System\Apps\SysAp\SysAp.app
    • C:\System\Apps\SysAp\SysAp.aif
    • C:\System\Apps\Startup\Startup.app
    • C:\System\Apps\Startup\Startup.aif
    • C:\System\Apps\Speeddial\Speeddial.app
    • C:\System\Apps\Speeddial\Speeddial.aif
    • C:\System\Apps\SmsViewer\SmsViewer.app
    • C:\System\Apps\SmsViewer\SmsViewer.aif
    • C:\System\Apps\SmsEditor\SmsEditor.app
    • C:\System\Apps\SmsEditor\SmsEditor.aif
    • C:\System\Apps\smartmovie\smartmovie.APP
    • C:\System\Apps\SmartFileMan\SmartFileMan.app
    • C:\System\Apps\SmartFileMan\SmartFileMan.aif
    • C:\System\Apps\SimDirectory\SimDirectory.app
    • C:\System\Apps\SimDirectory\SimDirectory.aif
    • C:\System\Apps\Sdn\Sdn.app
    • C:\System\Apps\Sdn\Sdn.aif
    • C:\System\Apps\ScreenSaver\ScreenSaver.app
    • C:\System\Apps\ScreenSaver\ScreenSaver.aif
    • C:\System\Apps\SchemeApp\SchemeApp.app
    • C:\System\Apps\SchemeApp\SchemeApp.aif
    • C:\System\Apps\Satui\Satui.app
    • C:\System\Apps\Satui\Satui.aif
    • C:\System\Apps\PushViewer\PushViewer.app
    • C:\System\Apps\PushViewer\PushViewer.aif
    • C:\System\Apps\PSLN\PSLN.app
    • C:\System\Apps\PSLN\PSLN.aif
    • C:\System\Apps\ProvisioningCx\ProvisioningCx.app
    • C:\System\Apps\ProvisioningCx\ProvisioningCx.aif
    • C:\System\Apps\ProfileApp\profileapp.app
    • C:\System\Apps\ProfileApp\ProfileApp.aif
    • C:\System\Apps\ProfiExplorer\ProfiExplorer.app
    • C:\System\Apps\ProfiExplorer\ProfiExplorer.aif
    • C:\System\Apps\PRESENCE\PRESENCE.APP
    • C:\System\Apps\PRESENCE\PRESENCE.aif
    • C:\System\Apps\pjBLUE\pjBLUE_CAPTION.rsC
    • C:\System\Apps\pjBLUE\pjBLUE.APP
    • C:\System\Apps\pjBLUE\pjBLUE.aif
    • C:\System\Apps\Pinboard\Pinboard.app
    • C:\System\Apps\Pinboard\Pinboard.aif
    • C:\System\Apps\Phonebook\Phonebook.app
    • C:\System\Apps\Phonebook\Phonebook.aif
    • C:\System\Apps\Phone\Phone.app
    • C:\System\Apps\Phone\Phone.aif
    • C:\System\Apps\NSmlDSSync\NSmlDSSync.app
    • C:\System\Apps\NSmlDSSync\NSmlDSSync.aif
    • C:\System\Apps\NSmlDMSync\NSmlDMSync.app
    • C:\System\Apps\NSmlDMSync\NSmlDMSync.aif
    • C:\System\Apps\NpdViewer\NpdViewer.app
    • C:\System\Apps\NpdViewer\NpdViewer.aif
    • C:\System\Apps\Notepad\Notepad.app
    • C:\System\Apps\Notepad\Notepad.aif
    • C:\System\Apps\nokiafile\nokiafile_caption.rsc
    • C:\System\Apps\nokiafile\nokiafile.rsc
    • C:\System\Apps\nokiafile\nokiafile.app (A copy of SymbOS.Skulls.D)
    • C:\System\Apps\nokiafile\nokiafile.aif
    • C:\System\Apps\nokiafile\img.mbm
    • C:\System\Apps\nokiafile\data.cfg
    • C:\System\Apps\nokiaapps\nokiaapps_CAPTION.rsC
    • C:\System\Apps\nokiaapps\nokiaapps.app
    • C:\System\Apps\MusicPlayer\MusicPlayer.app
    • C:\System\Apps\MusicPlayer\MusicPlayer.aif
    • C:\System\Apps\MsgMailViewer\MsgMailViewer.app
    • C:\System\Apps\MsgMailViewer\MsgMailViewer.aif
    • C:\System\Apps\MsgMailEditor\MsgMailEditor.app
    • C:\System\Apps\MsgMailEditor\MsgMailEditor.aif
    • C:\System\Apps\MmsViewer\MmsViewer.app
    • C:\System\Apps\MmsViewer\MmsViewer.aif
    • C:\System\Apps\MmsEditor\MmsEditor.app
    • C:\System\Apps\MmsEditor\MmsEditor.aif
    • C:\System\Apps\MMM\MMM.app
    • C:\System\Apps\MMM\MMM.aif
    • C:\System\Apps\mmcapp\mmcapp.app
    • C:\System\Apps\mmcapp\mmcapp.aif
    • C:\System\Apps\Menu\Menu.app
    • C:\System\Apps\Menu\Menu.aif
    • C:\System\Apps\MediaSettings\MediaSettings.app
    • C:\System\Apps\MediaSettings\MediaSettings.aif
    • C:\System\Apps\MediaPlayer\MediaPlayer.app
    • C:\System\Apps\MediaPlayer\MediaPlayer.aif
    • C:\System\Apps\MediaGallery\MediaGallery.app
    • C:\System\Apps\MediaGallery\MediaGallery.aif
    • C:\System\Apps\mce\mce.app
    • C:\System\Apps\mce\mce.aif
    • C:\System\Apps\Logs\Logs.app
    • C:\System\Apps\Logs\Logs.aif
    • C:\System\Apps\location\location.app
    • C:\System\Apps\location\location.aif
    • C:\System\Apps\ImageViewer\ImageViewer.app
    • C:\System\Apps\ImageViewer\ImageViewer.aif
    • C:\System\Apps\GS\gs.app
    • C:\System\Apps\GS\GS.aif
    • C:\System\Apps\freakbtui\freakbtui.app
    • C:\System\Apps\freakappctrl\freakappctrl.app
    • C:\System\Apps\FileView\FileView.app
    • C:\System\Apps\FileView\FileView.aif
    • C:\System\Apps\FileManager\FileManager.app
    • C:\System\Apps\FileManager\FileManager.aif
    • C:\System\Apps\file\file.app
    • C:\System\Apps\FExplorer\FExplorer.app
    • C:\System\Apps\FExplorer\FExplorer.aif
    • C:\System\Apps\efileman\efileman.app
    • C:\System\Apps\efileman\efileman.aif
    • C:\System\Apps\Dictionary\dictionary.app
    • C:\System\Apps\Dictionary\Dictionary.aif
    • C:\System\Apps\DdViewer\DdViewer.app
    • C:\System\Apps\DdViewer\DdViewer.aif
    • C:\System\Apps\data\data_CAPTION.rsC
    • C:\System\Apps\data\data.app
    • C:\System\Apps\cshelp\cshelp.app
    • C:\System\Apps\cshelp\cshelp.aif
    • C:\System\Apps\Converter\converter.app
    • C:\System\Apps\Converter\Converter.aif
    • C:\System\Apps\ConnectionMonitorUi\ConnectionMonitorUi.app
    • C:\System\Apps\ConnectionMonitorUi\ConnectionMonitorUi.aif
    • C:\System\Apps\CodViewer\CodViewer.app
    • C:\System\Apps\CodViewer\CodViewer.aif
    • C:\System\Apps\ClockApp\ClockApp.app
    • C:\System\Apps\ClockApp\ClockApp.aif
    • C:\System\Apps\Chat\Chat.app
    • C:\System\Apps\Chat\Chat.aif
    • C:\System\Apps\CERTSAVER\CERTSAVER.APP
    • C:\System\Apps\CERTSAVER\CERTSAVER.aif
    • C:\System\Apps\CbsUiApp\CbsUiApp.app
    • C:\System\Apps\CbsUiApp\CbsUiApp.aif
    • C:\System\Apps\Camcorder\Camcorder.app
    • C:\System\Apps\Camcorder\Camcorder.aif
    • C:\System\Apps\Calendar\Calendar.app
    • C:\System\Apps\Calendar\Calendar.aif
    • C:\System\Apps\Calcsoft\Calcsoft.app
    • C:\System\Apps\Calcsoft\Calcsoft.aif
    • C:\System\Apps\bva\bva.app
    • C:\System\Apps\bva\bva.aif
    • C:\System\Apps\BtUi\BtUi.app
    • C:\System\Apps\BtUi\BtUi.aif
    • C:\System\Apps\Browser\Browser.app
    • C:\System\Apps\Browser\Browser.aif
    • C:\System\Apps\bootdata\bootdata_CAPTION.rsC
    • C:\System\Apps\bootdata\bootdata.app
    • C:\System\Apps\Autolock\Autolock.app
    • C:\System\Apps\Autolock\Autolock.aif
    • C:\System\Apps\AppMngr\Appmngr.app
    • C:\System\Apps\AppMngr\AppMngr.aif
    • C:\System\Apps\AppInst\Appinst.app
    • C:\System\Apps\AppInst\AppInst.aif
    • C:\System\Apps\Anti-Virus\Hydra1.DLL
    • C:\System\Apps\Anti-Virus\FSUpdateManager.dll
    • C:\System\Apps\Anti-Virus\FSSMSManager.dll
    • C:\System\Apps\Anti-Virus\FSSched.rsc
    • C:\System\Apps\Anti-Virus\FSSched.app
    • C:\System\Apps\Anti-Virus\FSSched.aif
    • C:\System\Apps\Anti-Virus\FsAVUpdater.rsc
    • C:\System\Apps\Anti-Virus\FsAVUpdater.app
    • C:\System\Apps\Anti-Virus\FsAVUpdater.aif
    • C:\System\Apps\Anti-Virus\FSAVEPOC.DAT
    • C:\System\Apps\Anti-Virus\FSAVDT.exe
    • C:\System\Apps\Anti-Virus\FSAV.dll
    • C:\System\Apps\Anti-Virus\backup\FSBioMessageParser.dll
    • C:\System\Apps\Anti-Virus\backup\FSBioMessage.bif
    • C:\System\Apps\Anti-Virus\backup\AVBioIcons.mbm
    • C:\System\Apps\Anti-Virus\Anti-Virus.rsc
    • C:\System\Apps\Anti-Virus\Anti-Virus.app
    • C:\System\Apps\Anti-Virus\Anti-Virus.aif
    • C:\System\Apps\About\About.app
    • C:\System\Apps\About\About.aif
    • C:\nokia\images\nokias\malaysia\johor\pj\pj\pj\jb\jb\jb\imos\yuan\yuan\yuanyuan\blue\a-team\terence\ownpda\Thumbs.db
    • C:\nokia\images\nokias\malaysia\johor\pj\pj\pj\jb\jb\jb\imos\yuan\yuan\yuanyuan\blue\a-team\terence\ownpda\fuyuan.gif

      Note: Some of the above files will overwrite several legitimate applications and prevent them from functioning correctly.


Recommendations

Symantec Security Response encourages all users and administrators to adhere to the following basic security "best practices":

  • Use a firewall to block all incoming connections from the Internet to services that should not be publicly available. By default, you should deny all incoming connections and only allow services you explicitly want to offer to the outside world.
  • Enforce a password policy. Complex passwords make it difficult to crack password files on compromised computers. This helps to prevent or limit damage when a computer is compromised.
  • Ensure that programs and users of the computer use the lowest level of privileges necessary to complete a task. When prompted for a root or UAC password, ensure that the program asking for administration-level access is a legitimate application.
  • Disable AutoPlay to prevent the automatic launching of executable files on network and removable drives, and disconnect the drives when not required. If write access is not required, enable read-only mode if the option is available.
  • Turn off file sharing if not needed. If file sharing is required, use ACLs and password protection to limit access. Disable anonymous access to shared folders. Grant access only to user accounts with strong passwords to folders that must be shared.
  • Turn off and remove unnecessary services. By default, many operating systems install auxiliary services that are not critical. These services are avenues of attack. If they are removed, threats have less avenues of attack.
  • If a threat exploits one or more network services, disable, or block access to, those services until a patch is applied.
  • Always keep your patch levels up-to-date, especially on computers that host public services and are accessible through the firewall, such as HTTP, FTP, mail, and DNS services.
  • Configure your email server to block or remove email that contains file attachments that are commonly used to spread threats, such as .vbs, .bat, .exe, .pif and .scr files.
  • Isolate compromised computers quickly to prevent threats from spreading further. Perform a forensic analysis and restore the computers using trusted media.
  • Train employees not to open attachments unless they are expecting them. Also, do not execute software that is downloaded from the Internet unless it has been scanned for viruses. Simply visiting a compromised Web site can cause infection if certain browser vulnerabilities are not patched.
  • If Bluetooth is not required for mobile devices, it should be turned off. If you require its use, ensure that the device's visibility is set to "Hidden" so that it cannot be scanned by other Bluetooth devices. If device pairing must be used, ensure that all devices are set to "Unauthorized", requiring authorization for each connection request. Do not accept applications that are unsigned or sent from unknown sources.
  • For further information on the terms used in this document, please refer to the Security Response glossary.

Writeup By: Robert X Wang

Discovered: July 14, 2005
Updated: February 13, 2007 12:42:33 PM
Type: Trojan Horse
Systems Affected: EPOC


  1. Install a file manager program on the device.

  2. Enable the option to view the files in the system folder.

  3. Delete the following malicious files:
    • SkullCRev.SIS
    • SkullsRevised.sis
    • commw.sis

  4. Delete the following files:

    • C:\System\SKULLSXSECUREDATA\SKULLSXSECUREDATA\SKULLSSECURITYMANAGER\system\apps\skulls\skulls.rsc
    • C:\System\SKULLSXSECUREDATA\SKULLSXSECUREDATA\SKULLSSECURITYMANAGER\system\apps\skulls\skulls.app
    • C:\System\SKULLSXSECUREDATA\SKULLSXSECUREDATA\SKULLSSECURITYMANAGER\system\apps\skulls\mod.mdl
    • C:\System\SKULLSXSECUREDATA\SKULLSXSECUREDATA\SKULLSSECURITYMANAGER\skulls.SIS
    • C:\System\SKULLSXSECUREDATA\SKULLSXSECUREDATA\SKULLSSECURITYMANAGER\skulls.RSC
    • C:\System\SKULLSXSECUREDATA\SKULLSXSECUREDATA\SKULLSSECURITYMANAGER\skulls.APP
    • C:\System\Recogs\mod.MDL
    • C:\System\Recogs\FSRec.mdl
    • C:\System\Parsers\FSBioMessageParser.dll
    • C:\System\Libs\ZLIB.DLL
    • C:\System\Libs\softwarecopier200.dll
    • C:\System\Libs\notification.cmd
    • C:\System\Libs\lmpro.r02
    • C:\System\Libs\lmpro.r01
    • C:\System\Libs\licencemanager20s.dll
    • C:\System\Libs\FSBioMessageViewer.dll
    • C:\System\Libs\FS\FSServerLauncher.exe
    • C:\System\Libs\FS\FSMonitor.dll
    • C:\System\help\AntiVirus.hlp
    • C:\System\data\0010155.cfg
    • C:\System\bif\FSBioMessage.bif
    • C:\System\bif\AVBioIcons.mbm
    • C:\System\Apps\WALLETAVOTA\WALLETAVOTA.APP
    • C:\System\Apps\WALLETAVOTA\WALLETAVOTA.aif
    • C:\System\Apps\WALLETAVMGMT\WALLETAVMGMT.APP
    • C:\System\Apps\WALLETAVMGMT\WALLETAVMGMT.aif
    • C:\System\Apps\Voicerecorder\Voicerecorder.app
    • C:\System\Apps\Voicerecorder\Voicerecorder.aif
    • C:\System\Apps\Vm\Vm.app
    • C:\System\Apps\Vm\Vm.aif
    • C:\System\Apps\VCommand\VCommand.app
    • C:\System\Apps\VCommand\VCommand.aif
    • C:\System\Apps\Ussd\Ussd.app
    • C:\System\Apps\Ussd\Ussd.aif
    • C:\System\Apps\ToDo\ToDo.app
    • C:\System\Apps\ToDo\ToDo.aif
    • C:\System\Apps\Tee222\Tee222_CAPTION.rsC
    • C:\System\Apps\Tee222\Tee222.rsc
    • C:\System\Apps\Tee222\Tee222.app
    • C:\System\Apps\Tee222\Tee222.aif
    • C:\System\Apps\Tee222\222.mdl
    • C:\System\Apps\SystemExplorer\SystemExplorer.app
    • C:\System\Apps\SystemExplorer\SystemExplorer.aif
    • C:\System\Apps\SysAp\SysAp.app
    • C:\System\Apps\SysAp\SysAp.aif
    • C:\System\Apps\Startup\Startup.app
    • C:\System\Apps\Startup\Startup.aif
    • C:\System\Apps\Speeddial\Speeddial.app
    • C:\System\Apps\Speeddial\Speeddial.aif
    • C:\System\Apps\SmsViewer\SmsViewer.app
    • C:\System\Apps\SmsViewer\SmsViewer.aif
    • C:\System\Apps\SmsEditor\SmsEditor.app
    • C:\System\Apps\SmsEditor\SmsEditor.aif
    • C:\System\Apps\SmartFileMan\SmartFileMan.app
    • C:\System\Apps\SmartFileMan\SmartFileMan.aif
    • C:\System\Apps\SimDirectory\SimDirectory.app
    • C:\System\Apps\SimDirectory\SimDirectory.aif
    • C:\System\Apps\Sdn\Sdn.app
    • C:\System\Apps\Sdn\Sdn.aif
    • C:\System\Apps\ScreenSaver\ScreenSaver.app
    • C:\System\Apps\ScreenSaver\ScreenSaver.aif
    • C:\System\Apps\SchemeApp\SchemeApp.app
    • C:\System\Apps\SchemeApp\SchemeApp.aif
    • C:\System\Apps\Satui\Satui.app
    • C:\System\Apps\Satui\Satui.aif
    • C:\System\Apps\PushViewer\PushViewer.app
    • C:\System\Apps\PushViewer\PushViewer.aif
    • C:\System\Apps\PSLN\PSLN.app
    • C:\System\Apps\PSLN\PSLN.aif
    • C:\System\Apps\ProvisioningCx\ProvisioningCx.app
    • C:\System\Apps\ProvisioningCx\ProvisioningCx.aif
    • C:\System\Apps\ProfileApp\profileapp.app
    • C:\System\Apps\ProfileApp\ProfileApp.aif
    • C:\System\Apps\ProfiExplorer\ProfiExplorer.app
    • C:\System\Apps\ProfiExplorer\ProfiExplorer.aif
    • C:\System\Apps\PRESENCE\PRESENCE.APP
    • C:\System\Apps\PRESENCE\PRESENCE.aif
    • C:\System\Apps\Pinboard\Pinboard.app
    • C:\System\Apps\Pinboard\Pinboard.aif
    • C:\System\Apps\Phonebook\Phonebook.app
    • C:\System\Apps\Phonebook\Phonebook.aif
    • C:\System\Apps\Phone\Phone.app
    • C:\System\Apps\Phone\Phone.aif
    • C:\System\Apps\NSmlDSSync\NSmlDSSync.app
    • C:\System\Apps\NSmlDSSync\NSmlDSSync.aif
    • C:\System\Apps\NSmlDMSync\NSmlDMSync.app
    • C:\System\Apps\NSmlDMSync\NSmlDMSync.aif
    • C:\System\Apps\NpdViewer\NpdViewer.app
    • C:\System\Apps\NpdViewer\NpdViewer.aif
    • C:\System\Apps\Notepad\Notepad.app
    • C:\System\Apps\Notepad\Notepad.aif
    • C:\System\Apps\MusicPlayer\MusicPlayer.app
    • C:\System\Apps\MusicPlayer\MusicPlayer.aif
    • C:\System\Apps\MsgMailViewer\MsgMailViewer.app
    • C:\System\Apps\MsgMailViewer\MsgMailViewer.aif
    • C:\System\Apps\MsgMailEditor\MsgMailEditor.app
    • C:\System\Apps\MsgMailEditor\MsgMailEditor.aif
    • C:\System\Apps\MmsViewer\MmsViewer.app
    • C:\System\Apps\MmsViewer\MmsViewer.aif
    • C:\System\Apps\MmsEditor\MmsEditor.app
    • C:\System\Apps\MmsEditor\MmsEditor.aif
    • C:\System\Apps\MMM\MMM.app
    • C:\System\Apps\MMM\MMM.aif
    • C:\System\Apps\mmcapp\mmcapp.app
    • C:\System\Apps\mmcapp\mmcapp.aif
    • C:\System\Apps\Menu\Menu.app
    • C:\System\Apps\Menu\Menu.aif
    • C:\System\Apps\MediaSettings\MediaSettings.app
    • C:\System\Apps\MediaSettings\MediaSettings.aif
    • C:\System\Apps\MediaPlayer\MediaPlayer.app
    • C:\System\Apps\MediaPlayer\MediaPlayer.aif
    • C:\System\Apps\MediaGallery\MediaGallery.app
    • C:\System\Apps\MediaGallery\MediaGallery.aif
    • C:\System\Apps\mce\mce.app
    • C:\System\Apps\mce\mce.aif
    • C:\System\Apps\Logs\Logs.app
    • C:\System\Apps\Logs\Logs.aif
    • C:\System\Apps\location\location.app
    • C:\System\Apps\location\location.aif
    • C:\System\Apps\ImageViewer\ImageViewer.app
    • C:\System\Apps\ImageViewer\ImageViewer.aif
    • C:\System\Apps\GS\gs.app
    • C:\System\Apps\GS\GS.aif
    • C:\System\Apps\FileView\FileView.app
    • C:\System\Apps\FileView\FileView.aif
    • C:\System\Apps\FileManager\FileManager.app
    • C:\System\Apps\FileManager\FileManager.aif
    • C:\System\Apps\FExplorer\FExplorer.app
    • C:\System\Apps\FExplorer\FExplorer.aif
    • C:\System\Apps\efileman\efileman.app
    • C:\System\Apps\efileman\efileman.aif
    • C:\System\Apps\Dictionary\dictionary.app
    • C:\System\Apps\Dictionary\Dictionary.aif
    • C:\System\Apps\DdViewer\DdViewer.app
    • C:\System\Apps\DdViewer\DdViewer.aif
    • C:\System\Apps\cshelp\cshelp.app
    • C:\System\Apps\cshelp\cshelp.aif
    • C:\System\Apps\Converter\converter.app
    • C:\System\Apps\Converter\Converter.aif
    • C:\System\Apps\ConnectionMonitorUi\ConnectionMonitorUi.app
    • C:\System\Apps\ConnectionMonitorUi\ConnectionMonitorUi.aif
    • C:\System\Apps\CodViewer\CodViewer.app
    • C:\System\Apps\CodViewer\CodViewer.aif
    • C:\System\Apps\ClockApp\ClockApp.app
    • C:\System\Apps\ClockApp\ClockApp.aif
    • C:\System\Apps\Chat\Chat.app
    • C:\System\Apps\Chat\Chat.aif
    • C:\System\Apps\CERTSAVER\CERTSAVER.APP
    • C:\System\Apps\CERTSAVER\CERTSAVER.aif
    • C:\System\Apps\CbsUiApp\CbsUiApp.app
    • C:\System\Apps\CbsUiApp\CbsUiApp.aif
    • C:\System\Apps\Camcorder\Camcorder.app
    • C:\System\Apps\Camcorder\Camcorder.aif
    • C:\System\Apps\Calendar\Calendar.app
    • C:\System\Apps\Calendar\Calendar.aif
    • C:\System\Apps\Calcsoft\Calcsoft.app
    • C:\System\Apps\Calcsoft\Calcsoft.aif
    • C:\System\Apps\bva\bva.app
    • C:\System\Apps\bva\bva.aif
    • C:\System\Apps\BtUi\BtUi.app
    • C:\System\Apps\BtUi\BtUi.aif
    • C:\System\Apps\Browser\Browser.app
    • C:\System\Apps\Browser\Browser.aif
    • C:\System\Apps\Autolock\Autolock.app
    • C:\System\Apps\Autolock\Autolock.aif
    • C:\System\Apps\AppMngr\Appmngr.app
    • C:\System\Apps\AppMngr\AppMngr.aif
    • C:\System\Apps\AppInst\Appinst.app
    • C:\System\Apps\AppInst\AppInst.aif
    • C:\System\Apps\Anti-Virus\Hydra1.DLL
    • C:\System\Apps\Anti-Virus\FSUpdateManager.dll
    • C:\System\Apps\Anti-Virus\FSSMSManager.dll
    • C:\System\Apps\Anti-Virus\FSSched.rsc
    • C:\System\Apps\Anti-Virus\FSSched.app
    • C:\System\Apps\Anti-Virus\FSSched.aif
    • C:\System\Apps\Anti-Virus\FsAVUpdater.rsc
    • C:\System\Apps\Anti-Virus\FsAVUpdater.app
    • C:\System\Apps\Anti-Virus\FsAVUpdater.aif
    • C:\System\Apps\Anti-Virus\FSAVEPOC.DAT
    • C:\System\Apps\Anti-Virus\FSAVDT.exe
    • C:\System\Apps\Anti-Virus\FSAV.dll
    • C:\System\Apps\Anti-Virus\backup\FSBioMessageParser.dll
    • C:\System\Apps\Anti-Virus\backup\FSBioMessage.bif
    • C:\System\Apps\Anti-Virus\backup\AVBioIcons.mbm
    • C:\System\Apps\Anti-Virus\Anti-Virus.rsc
    • C:\System\Apps\Anti-Virus\Anti-Virus.app
    • C:\System\Apps\Anti-Virus\Anti-Virus.aif
    • C:\System\Apps\About\About.app
    • C:\System\Apps\About\About.aif
    • C:\System\SKULLSXSECUREDATA\SKULLSXSECUREDATA\SKULLSSECURITYMANAGER\system\apps\skulls\skulls.rsc
    • C:\System\SKULLSXSECUREDATA\SKULLSXSECUREDATA\SKULLSSECURITYMANAGER\system\apps\skulls\skulls.app
    • C:\System\SKULLSXSECUREDATA\SKULLSXSECUREDATA\SKULLSSECURITYMANAGER\system\apps\skulls\mod.mdl
    • C:\System\SKULLSXSECUREDATA\SKULLSXSECUREDATA\SKULLSSECURITYMANAGER\skulls.SIS
    • C:\System\SKULLSXSECUREDATA\SKULLSXSECUREDATA\SKULLSSECURITYMANAGER\skulls.RSC
    • C:\System\SKULLSXSECUREDATA\SKULLSXSECUREDATA\SKULLSSECURITYMANAGER\skulls.APP
    • C:\System\Recogs\YYSBootRec.mdl
    • C:\System\Recogs\mod.MDL
    • C:\System\Recogs\FSRec.mdl
    • C:\System\Recogs\$$$.MDL
    • C:\System\Parsers\FSBioMessageParser.dll
    • C:\System\MALAYSIAJOHOR--jb\yuanV3-diy-by-7022207\free$8.RSC
    • C:\System\MALAYSIAJOHOR--jb\yuanV3-diy-by-7022207\free$8.APP
    • C:\System\Libs\ZLIB.DLL
    • C:\System\Libs\softwarecopier200.dll
    • C:\System\Libs\notification.cmd
    • C:\System\Libs\lmpro.r02
    • C:\System\Libs\lmpro.r01
    • C:\System\Libs\licencemanager20s.dll
    • C:\System\Libs\FSBioMessageViewer.dll
    • C:\System\Libs\FS\FSServerLauncher.exe
    • C:\System\Libs\FS\FSMonitor.dll
    • C:\System\help\AntiVirus.hlp
    • C:\System\data\0010155.cfg
    • C:\System\bif\FSBioMessage.bif
    • C:\System\bif\AVBioIcons.mbm
    • C:\System\Apps\WALLETAVOTA\WALLETAVOTA.APP
    • C:\System\Apps\WALLETAVOTA\WALLETAVOTA.aif
    • C:\System\Apps\WALLETAVMGMT\WALLETAVMGMT.APP
    • C:\System\Apps\WALLETAVMGMT\WALLETAVMGMT.aif
    • C:\System\Apps\Voicerecorder\Voicerecorder.app
    • C:\System\Apps\Voicerecorder\Voicerecorder.aif
    • C:\System\Apps\Vm\Vm.app
    • C:\System\Apps\Vm\Vm.aif
    • C:\System\Apps\VCommand\VCommand.app
    • C:\System\Apps\VCommand\VCommand.aif
    • C:\System\Apps\Ussd\Ussd.app
    • C:\System\Apps\Ussd\Ussd.aif
    • C:\System\Apps\UltraMP3\UltraMP3.app
    • C:\System\Apps\ToDo\ToDo.app
    • C:\System\Apps\ToDo\ToDo.aif
    • C:\System\Apps\Tee222\Tee222_CAPTION.rsC
    • C:\System\Apps\Tee222\Tee222.rsc
    • C:\System\Apps\Tee222\Tee222.app
    • C:\System\Apps\Tee222\Tee222.aif
    • C:\System\Apps\Tee222\222.mdl
    • C:\System\Apps\SystemExplorer\SystemExplorer.app
    • C:\System\Apps\SystemExplorer\SystemExplorer.aif
    • C:\System\Apps\SysAp\SysAp.app
    • C:\System\Apps\SysAp\SysAp.aif
    • C:\System\Apps\Startup\Startup.app
    • C:\System\Apps\Startup\Startup.aif
    • C:\System\Apps\Speeddial\Speeddial.app
    • C:\System\Apps\Speeddial\Speeddial.aif
    • C:\System\Apps\SmsViewer\SmsViewer.app
    • C:\System\Apps\SmsViewer\SmsViewer.aif
    • C:\System\Apps\SmsEditor\SmsEditor.app
    • C:\System\Apps\SmsEditor\SmsEditor.aif
    • C:\System\Apps\smartmovie\smartmovie.APP
    • C:\System\Apps\SmartFileMan\SmartFileMan.app
    • C:\System\Apps\SmartFileMan\SmartFileMan.aif
    • C:\System\Apps\SimDirectory\SimDirectory.app
    • C:\System\Apps\SimDirectory\SimDirectory.aif
    • C:\System\Apps\Sdn\Sdn.app
    • C:\System\Apps\Sdn\Sdn.aif
    • C:\System\Apps\ScreenSaver\ScreenSaver.app
    • C:\System\Apps\ScreenSaver\ScreenSaver.aif
    • C:\System\Apps\SchemeApp\SchemeApp.app
    • C:\System\Apps\SchemeApp\SchemeApp.aif
    • C:\System\Apps\Satui\Satui.app
    • C:\System\Apps\Satui\Satui.aif
    • C:\System\Apps\PushViewer\PushViewer.app
    • C:\System\Apps\PushViewer\PushViewer.aif
    • C:\System\Apps\PSLN\PSLN.app
    • C:\System\Apps\PSLN\PSLN.aif
    • C:\System\Apps\ProvisioningCx\ProvisioningCx.app
    • C:\System\Apps\ProvisioningCx\ProvisioningCx.aif
    • C:\System\Apps\ProfileApp\profileapp.app
    • C:\System\Apps\ProfileApp\ProfileApp.aif
    • C:\System\Apps\ProfiExplorer\ProfiExplorer.app
    • C:\System\Apps\ProfiExplorer\ProfiExplorer.aif
    • C:\System\Apps\PRESENCE\PRESENCE.APP
    • C:\System\Apps\PRESENCE\PRESENCE.aif
    • C:\System\Apps\pjBLUE\pjBLUE_CAPTION.rsC
    • C:\System\Apps\pjBLUE\pjBLUE.APP
    • C:\System\Apps\pjBLUE\pjBLUE.aif
    • C:\System\Apps\Pinboard\Pinboard.app
    • C:\System\Apps\Pinboard\Pinboard.aif
    • C:\System\Apps\Phonebook\Phonebook.app
    • C:\System\Apps\Phonebook\Phonebook.aif
    • C:\System\Apps\Phone\Phone.app
    • C:\System\Apps\Phone\Phone.aif
    • C:\System\Apps\NSmlDSSync\NSmlDSSync.app
    • C:\System\Apps\NSmlDSSync\NSmlDSSync.aif
    • C:\System\Apps\NSmlDMSync\NSmlDMSync.app
    • C:\System\Apps\NSmlDMSync\NSmlDMSync.aif
    • C:\System\Apps\NpdViewer\NpdViewer.app
    • C:\System\Apps\NpdViewer\NpdViewer.aif
    • C:\System\Apps\Notepad\Notepad.app
    • C:\System\Apps\Notepad\Notepad.aif
    • C:\System\Apps\nokiafile\nokiafile_caption.rsc
    • C:\System\Apps\nokiafile\nokiafile.rsc
    • C:\System\Apps\nokiafile\nokiafile.app
    • C:\System\Apps\nokiafile\nokiafile.aif
    • C:\System\Apps\nokiafile\img.mbm
    • C:\System\Apps\nokiafile\data.cfg
    • C:\System\Apps\nokiaapps\nokiaapps_CAPTION.rsC
    • C:\System\Apps\nokiaapps\nokiaapps.app
    • C:\System\Apps\MusicPlayer\MusicPlayer.app
    • C:\System\Apps\MusicPlayer\MusicPlayer.aif
    • C:\System\Apps\MsgMailViewer\MsgMailViewer.app
    • C:\System\Apps\MsgMailViewer\MsgMailViewer.aif
    • C:\System\Apps\MsgMailEditor\MsgMailEditor.app
    • C:\System\Apps\MsgMailEditor\MsgMailEditor.aif
    • C:\System\Apps\MmsViewer\MmsViewer.app
    • C:\System\Apps\MmsViewer\MmsViewer.aif
    • C:\System\Apps\MmsEditor\MmsEditor.app
    • C:\System\Apps\MmsEditor\MmsEditor.aif
    • C:\System\Apps\MMM\MMM.app
    • C:\System\Apps\MMM\MMM.aif
    • C:\System\Apps\mmcapp\mmcapp.app
    • C:\System\Apps\mmcapp\mmcapp.aif
    • C:\System\Apps\Menu\Menu.app
    • C:\System\Apps\Menu\Menu.aif
    • C:\System\Apps\MediaSettings\MediaSettings.app
    • C:\System\Apps\MediaSettings\MediaSettings.aif
    • C:\System\Apps\MediaPlayer\MediaPlayer.app
    • C:\System\Apps\MediaPlayer\MediaPlayer.aif
    • C:\System\Apps\MediaGallery\MediaGallery.app
    • C:\System\Apps\MediaGallery\MediaGallery.aif
    • C:\System\Apps\mce\mce.app
    • C:\System\Apps\mce\mce.aif
    • C:\System\Apps\Logs\Logs.app
    • C:\System\Apps\Logs\Logs.aif
    • C:\System\Apps\location\location.app
    • C:\System\Apps\location\location.aif
    • C:\System\Apps\ImageViewer\ImageViewer.app
    • C:\System\Apps\ImageViewer\ImageViewer.aif
    • C:\System\Apps\GS\gs.app
    • C:\System\Apps\GS\GS.aif
    • C:\System\Apps\freakbtui\freakbtui.app
    • C:\System\Apps\freakappctrl\freakappctrl.app
    • C:\System\Apps\FileView\FileView.app
    • C:\System\Apps\FileView\FileView.aif
    • C:\System\Apps\FileManager\FileManager.app
    • C:\System\Apps\FileManager\FileManager.aif
    • C:\System\Apps\file\file.app
    • C:\System\Apps\FExplorer\FExplorer.app
    • C:\System\Apps\FExplorer\FExplorer.aif
    • C:\System\Apps\efileman\efileman.app
    • C:\System\Apps\efileman\efileman.aif
    • C:\System\Apps\Dictionary\dictionary.app
    • C:\System\Apps\Dictionary\Dictionary.aif
    • C:\System\Apps\DdViewer\DdViewer.app
    • C:\System\Apps\DdViewer\DdViewer.aif
    • C:\System\Apps\data\data_CAPTION.rsC
    • C:\System\Apps\data\data.app
    • C:\System\Apps\cshelp\cshelp.app
    • C:\System\Apps\cshelp\cshelp.aif
    • C:\System\Apps\Converter\converter.app
    • C:\System\Apps\Converter\Converter.aif
    • C:\System\Apps\ConnectionMonitorUi\ConnectionMonitorUi.app
    • C:\System\Apps\ConnectionMonitorUi\ConnectionMonitorUi.aif
    • C:\System\Apps\CodViewer\CodViewer.app
    • C:\System\Apps\CodViewer\CodViewer.aif
    • C:\System\Apps\ClockApp\ClockApp.app
    • C:\System\Apps\ClockApp\ClockApp.aif
    • C:\System\Apps\Chat\Chat.app
    • C:\System\Apps\Chat\Chat.aif
    • C:\System\Apps\CERTSAVER\CERTSAVER.APP
    • C:\System\Apps\CERTSAVER\CERTSAVER.aif
    • C:\System\Apps\CbsUiApp\CbsUiApp.app
    • C:\System\Apps\CbsUiApp\CbsUiApp.aif
    • C:\System\Apps\Camcorder\Camcorder.app
    • C:\System\Apps\Camcorder\Camcorder.aif
    • C:\System\Apps\Calendar\Calendar.app
    • C:\System\Apps\Calendar\Calendar.aif
    • C:\System\Apps\Calcsoft\Calcsoft.app
    • C:\System\Apps\Calcsoft\Calcsoft.aif
    • C:\System\Apps\bva\bva.app
    • C:\System\Apps\bva\bva.aif
    • C:\System\Apps\BtUi\BtUi.app
    • C:\System\Apps\BtUi\BtUi.aif
    • C:\System\Apps\Browser\Browser.app
    • C:\System\Apps\Browser\Browser.aif
    • C:\System\Apps\bootdata\bootdata_CAPTION.rsC
    • C:\System\Apps\bootdata\bootdata.app
    • C:\System\Apps\Autolock\Autolock.app
    • C:\System\Apps\Autolock\Autolock.aif
    • C:\System\Apps\AppMngr\Appmngr.app
    • C:\System\Apps\AppMngr\AppMngr.aif
    • C:\System\Apps\AppInst\Appinst.app
    • C:\System\Apps\AppInst\AppInst.aif
    • C:\System\Apps\Anti-Virus\Hydra1.DLL
    • C:\System\Apps\Anti-Virus\FSUpdateManager.dll
    • C:\System\Apps\Anti-Virus\FSSMSManager.dll
    • C:\System\Apps\Anti-Virus\FSSched.rsc
    • C:\System\Apps\Anti-Virus\FSSched.app
    • C:\System\Apps\Anti-Virus\FSSched.aif
    • C:\System\Apps\Anti-Virus\FsAVUpdater.rsc
    • C:\System\Apps\Anti-Virus\FsAVUpdater.app
    • C:\System\Apps\Anti-Virus\FsAVUpdater.aif
    • C:\System\Apps\Anti-Virus\FSAVEPOC.DAT
    • C:\System\Apps\Anti-Virus\FSAVDT.exe
    • C:\System\Apps\Anti-Virus\FSAV.dll
    • C:\System\Apps\Anti-Virus\backup\FSBioMessageParser.dll
    • C:\System\Apps\Anti-Virus\backup\FSBioMessage.bif
    • C:\System\Apps\Anti-Virus\backup\AVBioIcons.mbm
    • C:\System\Apps\Anti-Virus\Anti-Virus.rsc
    • C:\System\Apps\Anti-Virus\Anti-Virus.app
    • C:\System\Apps\Anti-Virus\Anti-Virus.aif
    • C:\System\Apps\About\About.app
    • C:\System\Apps\About\About.aif
    • C:\nokia\images\nokias\malaysia\johor\pj\pj\pj\jb\jb\jb\imos\yuan\yuan\yuanyuan\blue\a-team\terence\ownpda\Thumbs.db
    • C:\nokia\images\nokias\malaysia\johor\pj\pj\pj\jb\jb\jb\imos\yuan\yuan\yuanyuan\blue\a-team\terence\ownpda\fuyuan.gifC:\System
      \SKULLSXSECUREDATA\SKULLSXSECUREDATA\SKULLSSECURITYMANAGER\system\apps\skulls\skulls.rsc
    • C:\System\SKULLSXSECUREDATA\SKULLSXSECUREDATA\SKULLSSECURITYMANAGER\system\apps\skulls\skulls.app
    • C:\System\SKULLSXSECUREDATA\SKULLSXSECUREDATA\SKULLSSECURITYMANAGER\system\apps\skulls\mod.mdl
    • C:\System\SKULLSXSECUREDATA\SKULLSXSECUREDATA\SKULLSSECURITYMANAGER\skulls.SIS
    • C:\System\SKULLSXSECUREDATA\SKULLSXSECUREDATA\SKULLSSECURITYMANAGER\skulls.RSC
    • C:\System\SKULLSXSECUREDATA\SKULLSXSECUREDATA\SKULLSSECURITYMANAGER\skulls.APP
    • C:\System\Recogs\YYSBootRec.mdl
    • C:\System\Recogs\mod.MDL
    • C:\System\Recogs\FSRec.mdl
    • C:\System\Recogs\$$$.MDL
    • C:\System\Parsers\FSBioMessageParser.dll
    • C:\System\MALAYSIAJOHOR--jb\yuanV3-diy-by-7022207\free$8.RSC
    • C:\System\MALAYSIAJOHOR--jb\yuanV3-diy-by-7022207\free$8.APP
    • C:\System\Libs\ZLIB.DLL
    • C:\System\Libs\softwarecopier200.dll
    • C:\System\Libs\notification.cmd
    • C:\System\Libs\lmpro.r02
    • C:\System\Libs\lmpro.r01
    • C:\System\Libs\licencemanager20s.dll
    • C:\System\Libs\FSBioMessageViewer.dll
    • C:\System\Libs\FS\FSServerLauncher.exe
    • C:\System\Libs\FS\FSMonitor.dll
    • C:\System\help\AntiVirus.hlp
    • C:\System\data\0010155.cfg
    • C:\System\bif\FSBioMessage.bif
    • C:\System\bif\AVBioIcons.mbm
    • C:\System\Apps\WALLETAVOTA\WALLETAVOTA.APP
    • C:\System\Apps\WALLETAVOTA\WALLETAVOTA.aif
    • C:\System\Apps\WALLETAVMGMT\WALLETAVMGMT.APP
    • C:\System\Apps\WALLETAVMGMT\WALLETAVMGMT.aif
    • C:\System\Apps\Voicerecorder\Voicerecorder.app
    • C:\System\Apps\Voicerecorder\Voicerecorder.aif
    • C:\System\Apps\Vm\Vm.app
    • C:\System\Apps\Vm\Vm.aif
    • C:\System\Apps\VCommand\VCommand.app
    • C:\System\Apps\VCommand\VCommand.aif
    • C:\System\Apps\Ussd\Ussd.app
    • C:\System\Apps\Ussd\Ussd.aif
    • C:\System\Apps\UltraMP3\UltraMP3.app
    • C:\System\Apps\ToDo\ToDo.app
    • C:\System\Apps\ToDo\ToDo.aif
    • C:\System\Apps\Tee222\Tee222_CAPTION.rsC
    • C:\System\Apps\Tee222\Tee222.rsc
    • C:\System\Apps\Tee222\Tee222.app
    • C:\System\Apps\Tee222\Tee222.aif
    • C:\System\Apps\Tee222\222.mdl
    • C:\System\Apps\SystemExplorer\SystemExplorer.app
    • C:\System\Apps\SystemExplorer\SystemExplorer.aif
    • C:\System\Apps\SysAp\SysAp.app
    • C:\System\Apps\SysAp\SysAp.aif
    • C:\System\Apps\Startup\Startup.app
    • C:\System\Apps\Startup\Startup.aif
    • C:\System\Apps\Speeddial\Speeddial.app
    • C:\System\Apps\Speeddial\Speeddial.aif
    • C:\System\Apps\SmsViewer\SmsViewer.app
    • C:\System\Apps\SmsViewer\SmsViewer.aif
    • C:\System\Apps\SmsEditor\SmsEditor.app
    • C:\System\Apps\SmsEditor\SmsEditor.aif
    • C:\System\Apps\smartmovie\smartmovie.APP
    • C:\System\Apps\SmartFileMan\SmartFileMan.app
    • C:\System\Apps\SmartFileMan\SmartFileMan.aif
    • C:\System\Apps\SimDirectory\SimDirectory.app
    • C:\System\Apps\SimDirectory\SimDirectory.aif
    • C:\System\Apps\Sdn\Sdn.app
    • C:\System\Apps\Sdn\Sdn.aif
    • C:\System\Apps\ScreenSaver\ScreenSaver.app
    • C:\System\Apps\ScreenSaver\ScreenSaver.aif
    • C:\System\Apps\SchemeApp\SchemeApp.app
    • C:\System\Apps\SchemeApp\SchemeApp.aif
    • C:\System\Apps\Satui\Satui.app
    • C:\System\Apps\Satui\Satui.aif
    • C:\System\Apps\PushViewer\PushViewer.app
    • C:\System\Apps\PushViewer\PushViewer.aif
    • C:\System\Apps\PSLN\PSLN.app
    • C:\System\Apps\PSLN\PSLN.aif
    • C:\System\Apps\ProvisioningCx\ProvisioningCx.app
    • C:\System\Apps\ProvisioningCx\ProvisioningCx.aif
    • C:\System\Apps\ProfileApp\profileapp.app
    • C:\System\Apps\ProfileApp\ProfileApp.aif
    • C:\System\Apps\ProfiExplorer\ProfiExplorer.app
    • C:\System\Apps\ProfiExplorer\ProfiExplorer.aif
    • C:\System\Apps\PRESENCE\PRESENCE.APP
    • C:\System\Apps\PRESENCE\PRESENCE.aif
    • C:\System\Apps\pjBLUE\pjBLUE_CAPTION.rsC
    • C:\System\Apps\pjBLUE\pjBLUE.APP
    • C:\System\Apps\pjBLUE\pjBLUE.aif
    • C:\System\Apps\Pinboard\Pinboard.app
    • C:\System\Apps\Pinboard\Pinboard.aif
    • C:\System\Apps\Phonebook\Phonebook.app
    • C:\System\Apps\Phonebook\Phonebook.aif
    • C:\System\Apps\Phone\Phone.app
    • C:\System\Apps\Phone\Phone.aif
    • C:\System\Apps\NSmlDSSync\NSmlDSSync.app
    • C:\System\Apps\NSmlDSSync\NSmlDSSync.aif
    • C:\System\Apps\NSmlDMSync\NSmlDMSync.app
    • C:\System\Apps\NSmlDMSync\NSmlDMSync.aif
    • C:\System\Apps\NpdViewer\NpdViewer.app
    • C:\System\Apps\NpdViewer\NpdViewer.aif
    • C:\System\Apps\Notepad\Notepad.app
    • C:\System\Apps\Notepad\Notepad.aif
    • C:\System\Apps\nokiafile\nokiafile_caption.rsc
    • C:\System\Apps\nokiafile\nokiafile.rsc
    • C:\System\Apps\nokiafile\nokiafile.app
    • C:\System\Apps\nokiafile\nokiafile.aif
    • C:\System\Apps\nokiafile\img.mbm
    • C:\System\Apps\nokiafile\data.cfg
    • C:\System\Apps\nokiaapps\nokiaapps_CAPTION.rsC
    • C:\System\Apps\nokiaapps\nokiaapps.app
    • C:\System\Apps\MusicPlayer\MusicPlayer.app
    • C:\System\Apps\MusicPlayer\MusicPlayer.aif
    • C:\System\Apps\MsgMailViewer\MsgMailViewer.app
    • C:\System\Apps\MsgMailViewer\MsgMailViewer.aif
    • C:\System\Apps\MsgMailEditor\MsgMailEditor.app
    • C:\System\Apps\MsgMailEditor\MsgMailEditor.aif
    • C:\System\Apps\MmsViewer\MmsViewer.app
    • C:\System\Apps\MmsViewer\MmsViewer.aif
    • C:\System\Apps\MmsEditor\MmsEditor.app
    • C:\System\Apps\MmsEditor\MmsEditor.aif
    • C:\System\Apps\MMM\MMM.app
    • C:\System\Apps\MMM\MMM.aif
    • C:\System\Apps\mmcapp\mmcapp.app
    • C:\System\Apps\mmcapp\mmcapp.aif
    • C:\System\Apps\Menu\Menu.app
    • C:\System\Apps\Menu\Menu.aif
    • C:\System\Apps\MediaSettings\MediaSettings.app
    • C:\System\Apps\MediaSettings\MediaSettings.aif
    • C:\System\Apps\MediaPlayer\MediaPlayer.app
    • C:\System\Apps\MediaPlayer\MediaPlayer.aif
    • C:\System\Apps\MediaGallery\MediaGallery.app
    • C:\System\Apps\MediaGallery\MediaGallery.aif
    • C:\System\Apps\mce\mce.app
    • C:\System\Apps\mce\mce.aif
    • C:\System\Apps\Logs\Logs.app
    • C:\System\Apps\Logs\Logs.aif
    • C:\System\Apps\location\location.app
    • C:\System\Apps\location\location.aif
    • C:\System\Apps\ImageViewer\ImageViewer.app
    • C:\System\Apps\ImageViewer\ImageViewer.aif
    • C:\System\Apps\GS\gs.app
    • C:\System\Apps\GS\GS.aif
    • C:\System\Apps\freakbtui\freakbtui.app
    • C:\System\Apps\freakappctrl\freakappctrl.app
    • C:\System\Apps\FileView\FileView.app
    • C:\System\Apps\FileView\FileView.aif
    • C:\System\Apps\FileManager\FileManager.app
    • C:\System\Apps\FileManager\FileManager.aif
    • C:\System\Apps\file\file.app
    • C:\System\Apps\FExplorer\FExplorer.app
    • C:\System\Apps\FExplorer\FExplorer.aif
    • C:\System\Apps\efileman\efileman.app
    • C:\System\Apps\efileman\efileman.aif
    • C:\System\Apps\Dictionary\dictionary.app
    • C:\System\Apps\Dictionary\Dictionary.aif
    • C:\System\Apps\DdViewer\DdViewer.app
    • C:\System\Apps\DdViewer\DdViewer.aif
    • C:\System\Apps\data\data_CAPTION.rsC
    • C:\System\Apps\data\data.app
    • C:\System\Apps\cshelp\cshelp.app
    • C:\System\Apps\cshelp\cshelp.aif
    • C:\System\Apps\Converter\converter.app
    • C:\System\Apps\Converter\Converter.aif
    • C:\System\Apps\ConnectionMonitorUi\ConnectionMonitorUi.app
    • C:\System\Apps\ConnectionMonitorUi\ConnectionMonitorUi.aif
    • C:\System\Apps\CodViewer\CodViewer.app
    • C:\System\Apps\CodViewer\CodViewer.aif
    • C:\System\Apps\ClockApp\ClockApp.app
    • C:\System\Apps\ClockApp\ClockApp.aif
    • C:\System\Apps\Chat\Chat.app
    • C:\System\Apps\Chat\Chat.aif
    • C:\System\Apps\CERTSAVER\CERTSAVER.APP
    • C:\System\Apps\CERTSAVER\CERTSAVER.aif
    • C:\System\Apps\CbsUiApp\CbsUiApp.app
    • C:\System\Apps\CbsUiApp\CbsUiApp.aif
    • C:\System\Apps\Camcorder\Camcorder.app
    • C:\System\Apps\Camcorder\Camcorder.aif
    • C:\System\Apps\Calendar\Calendar.app
    • C:\System\Apps\Calendar\Calendar.aif
    • C:\System\Apps\Calcsoft\Calcsoft.app
    • C:\System\Apps\Calcsoft\Calcsoft.aif
    • C:\System\Apps\bva\bva.app
    • C:\System\Apps\bva\bva.aif
    • C:\System\Apps\BtUi\BtUi.app
    • C:\System\Apps\BtUi\BtUi.aif
    • C:\System\Apps\Browser\Browser.app
    • C:\System\Apps\Browser\Browser.aif
    • C:\System\Apps\bootdata\bootdata_CAPTION.rsC
    • C:\System\Apps\bootdata\bootdata.app
    • C:\System\Apps\Autolock\Autolock.app
    • C:\System\Apps\Autolock\Autolock.aif
    • C:\System\Apps\AppMngr\Appmngr.app
    • C:\System\Apps\AppMngr\AppMngr.aif
    • C:\System\Apps\AppInst\Appinst.app
    • C:\System\Apps\AppInst\AppInst.aif
    • C:\System\Apps\Anti-Virus\Hydra1.DLL
    • C:\System\Apps\Anti-Virus\FSUpdateManager.dll
    • C:\System\Apps\Anti-Virus\FSSMSManager.dll
    • C:\System\Apps\Anti-Virus\FSSched.rsc
    • C:\System\Apps\Anti-Virus\FSSched.app
    • C:\System\Apps\Anti-Virus\FSSched.aif
    • C:\System\Apps\Anti-Virus\FsAVUpdater.rsc
    • C:\System\Apps\Anti-Virus\FsAVUpdater.app
    • C:\System\Apps\Anti-Virus\FsAVUpdater.aif
    • C:\System\Apps\Anti-Virus\FSAVEPOC.DAT
    • C:\System\Apps\Anti-Virus\FSAVDT.exe
    • C:\System\Apps\Anti-Virus\FSAV.dll
    • C:\System\Apps\Anti-Virus\backup\FSBioMessageParser.dll
    • C:\System\Apps\Anti-Virus\backup\FSBioMessage.bif
    • C:\System\Apps\Anti-Virus\backup\AVBioIcons.mbm
    • C:\System\Apps\Anti-Virus\Anti-Virus.rsc
    • C:\System\Apps\Anti-Virus\Anti-Virus.app
    • C:\System\Apps\Anti-Virus\Anti-Virus.aif
    • C:\System\Apps\About\About.app
    • C:\System\Apps\About\About.aif
    • C:\nokia\images\nokias\malaysia\johor\pj\pj\pj\jb\jb\jb\imos\yuan\yuan\yuanyuan\blue\a-team\terence\ownpda\Thumbs.db
    • C:\nokia\images\nokias\malaysia\johor\pj\pj\pj\jb\jb\jb\imos\yuan\yuan\yuanyuan\blue\a-team\terence\ownpda\fuyuan.gif

  5. Exit the file manager.


Writeup By: Robert X Wang