UMU - Virus Definitions - SymbOS/SrvSender.A

Home / Virus Definitions

SymbOS/SrvSender.A

UMU Scan protects against this virus.

Threat Level:
Low

Type:
Trojan

SDB Version:
155

SDB Release Date:
23/04/2008

Description Date:
27/10/2008

What does this virus do?
This virus arrives on your device as an installation package for an application called Assist. Once installed, it monitors incoming SMS messages and voice calls and attempts to send a random SMS message as a reply.

SymbOS/SrvSender.A is a mobile Trojan disguised as an application named Assist:

Screenshot of installation of SymbOS/SrvSender.A

When installed, it appears in the phone’s Menu list as follows:

Screenshot of SymbOs/SrvSender.A installed on a phone as Assist

It drops the following files:

c:\system\apps\Sender\Sender.app

c:\system\apps\Sender\Sender.aif

c:\system\apps\Sender\Sender_caption.rsc

c:\system\apps\Sender\Sender.rsc

c:\system\apps\Sender\Sender.dat

These files in turn drop the following components:

c:\system\apps\MediaPlay\MediaPlay.exe

c:\system\Data\favorite.dat

c:\system\Mail\SrvMail.exe

c:\system\recogs\AppUpdate.mdl

e:\system\apps\MediaPlay\MediaPlay.exe

e:\system\apps\MediaPlay\encode.dat

e:\system\recogs\MediaPlay.mdl

It then monitors incoming SMS-messages and voice calls and then attempts to send a random SMS message as a reply.

It also attempts to kill the following processes:

Euninstall

Ewapstore

And to delete the following files:

c:\system\recogs\AppToolkit.mdl

e:\system\recogs\RecMemCard.mdl

These files and processes are components for SymbOS/LianFeng.A.

Manual Disinfection

Scan your mobile device using UMU Scan and delete all files detected as SymbOS/SrvSender.A.
Reboot your device to kill malware residue processes.
Download a third party File Explorer.
Locate and delete the following files and folders if they exist: