SymbOS/KillAV.C

Virus Type: Trojan

Threat Level: Low

SDB Version: 236

SDB Release Date: 15.10.2009

SymbOS/KillAV.C is a destructive mobile Trojan program aimed at disabling normal mobile applications specifically Mobile Anti-Virus applications by dropping corrupted copies of the application’s files.

It may arrive on a phone disguised as a SIS installer for normal applications or theme packages.  It may even display misleading messages such as the following:

When the malicious SIS installer is executed, it overwrites normal application files in the device’s application directories, with damaged copies.  Some of the popular applications it disables in this way include the following:

!:\system\apps\Anti-Virus\FSAVDT.EXE

!:\system\apps\Anti-Virus\FSAVMANAGER.EXE

!:\system\apps\AntiVirMobile\update\UPDATER.EXE

!:\system\apps\BdMobile\Bdinst.EXE

!:\system\apps\FortiClient\AUTOSCAN.EXE

!:\system\apps\FortiClient\AUTOUPDATE.EXE

!:\system\apps\FortiClient\FORTIREG.EXE

!:\system\apps\FortiClient\UNINSTALL.EXE

!:\system\apps\KSMobile\ksinstaller.exe

!:\system\apps\KSMobile\ksserver.exe

!:\system\apps\mobilesecurity\MOBILESECURITYBOOTER.EXE

!:\system\apps\mobilesecurity\TMSCANSERVER.exe

!:\system\apps\NewFileScan\CUSSERVER.EXE

!:\system\apps\NewFileScan\MANAGESRV.EXE

!:\system\apps\NewFileScan\NETQINMONITOR.EXE

!:\system\apps\NewFileScan\SCANENGINESRV.EXE

!:\system\apps\NewFileScan\UNINSTALLER.EXE

!:\system\apps\symcs\avcfg.EXE

!:\system\apps\symcs\avpatcher.EXE

!:\system\apps\symcs\eventreport.EXE

!:\system\apps\symcs\fwcfg.EXE

!:\system\apps\symcs\inav.EXE

!:\system\apps\symcs\inav2.EXE

!:\system\apps\symcs\listenerexe.EXE

!:\system\apps\symcs\listenernotifier.EXE

!:\system\apps\symcs\listenerserverexe.EXE

!:\system\apps\symcs\symactcons.EXE

!:\system\apps\symcs\symantecei.EXE

!:\system\apps\symcs\symapsrv.EXE

!:\system\apps\symcs\taskimplementor.EXE

!:\system\apps\symcs\unav.EXE

!:\system\apps\umuscanner\scanmanager.exe

!:\system\apps\umuscanner\umuscanserver.EXE

!:\system\apps\umuscanner\uninstallscan.EXE

!:\system\apps\VirusScan\clean_install.EXE

!:\system\apps\VirusScan\vscansrv.exe

!:\system\apps\VirusScan\vsuninstall.EXE

*where ! represents a drive specified by the user during installation

SymbOS/KillAV.C affects Symbian 2^nd edition devices. 

Other Details

SymbOS/KillAV.C may also display the following messages:

           My Name Is jAbRig       

       I COME FOR ATTACK YOUR                   P___H___O___N___E     

    __________________________________

       __._________________________

           ____________________

        DONT FORGET ME "jAbRig"

       --> <--    jAbRig    --> <--

           ALWAYS COME BACK

               FOR WINNER

     [ HA HA HA ]

Norton AntiVirus 2009

Protect your phone from trojan,worm,spyware,and malicious code dangerous symbian phone.This software only for symbian os 2nd edition.
License valid until 25 december 2019.

All right reserved

Manual Disinfection

To disinfect a compromised device, it is necessary to reinstall all overwritten applications.  The SymbOS/KillAV.C SIS installer must then be deleted.  If this does not restore the phone, formatting the phone may be necessary.  All data saved in the C drive will be lost during a format.