UMU Mobile Security Banner
Home / Virus Definitions
SymbOS/Yxe.D
Green Tick UMU Scan protects against this virus.
Threat Level:
Low
Type:
Trojan
SDB Version:
223
SDB Release Date:
20/07/2009
Description Date:
04/08/2009
What does SymbOS/Yxe.D do?
Arriving on your phone as a SIS installation package for an application named “Sexy Space” the virus is a Trojan which can access your data files and email the information to a third party. The program allows an attacker to retrieve personal information about you by infecting your phone book and using the information to send Spam messages to your contacts. It can also access data on your network type and line, and gain access to your phone serial number, making it vulnerable to further data misappropriation.
 
It uses a valid certificate that allows it to be installed and infect Symbian 3rd Edition devices.   It does not affect 2nd Edition devices.
 
 Yxe_D Screenshot image 1
 

The certificate claims it was issued to a vendor named “Play Boy” from a company called “XinZhongLi Kemao Co. Ltd.”:

 Yxe_D Screen shot image 2
 
SymbOS/Yxe.D can be installed in English and Chinese. It does not have any user interface. It runs in the background without the user’s knowledge and creates a global semaphore named “EConServerSemaphore_0x20026CA5”.
­
 Yxe_D Screen shot image 3


What will happen to your mobile device?

 
Upon installation, it will create the following files:
 
c:\sys\bin\AcsServer.exe
c:\sys\bin\Installer_0x20026CA6.exe
c:\private\101f875a\import\[20026CA5].rsc
 
 
It attempts to kill the following processes to prevent users from uninstalling the malware:
 
AppMngr
TaskSpy
Y-Tasks
ActiveFile
TaskMan
 
It collects data about the infected device and uploads them onto a web site where an attacker can view:-
 
Phone Serial Number
Phone Settings
Line Information
Network Information
 
 
SymbOS/Yxe.D has the capability to connect to a remote site and retrieve spam messages that it will compose and send to the contact list of the infected device.
 
 
It can also create a file named mr.log that can include debug information for the malware.
 
Manual Disinfection
 
  1. Go to the device’s Application Manager and remove/uninstall applications named “Sexy Space”. 
  2. Scan your mobile device using UMU Scan and delete all files detected as SymbOS/Yxe.D
 
Virus Definitions

List of virus definitions
Report a new virus/spyware