|
UMU Scan protects against this virus. |
|
Low |
Trojan |
147 |
27/02/2008 |
14/05/2008 |
Arriving on your phone disguised as an application to help you remove the Cabir virus from your phone, once run it claims to find Cabir and asks you if you want to disinfect your phone. If you do, the virus disables your antivirus protection and puts your phone at risk from other viruses.
SymbOS/AVKiller.A arrives disguised as a SIS installer for an application that cleans Cabir infections:
Once installed, it appears in the device’s list of applications as F-Cabir and even uses the logo of F-Secure to trick users into executing it:
* ! signifies a user defined installation drive
When executed, it displays a fake message that says that it will scan the device for Cabir infection. It even displays an option to scan:
Choosing to run the scan will always have a fake result of a Cabir infection being found in the system:
If, at this point, the user chooses the option to disinfect the phone, SymbOS/AVKiller.A then proceeds to disable any installed antivirus programs that are included in its target list (Disinfect.lst). The list is as follows:
BitDefender
Bullguard
CalvinSettinger
Disinfector
ExoVirusStop
F-Secure
FB-4 Virus Guard
Fonoinfo
SymbOS/AVKiller.A disables these antivirus programs by deleting the following folders where their components are located:
* ! signifies a user defined installation drive
Manual Disinfection
- Scan your mobile device using UMU Scan and delete all files detected as SymbOS/AVKiller.A.
- Reboot your device to kill malware residue processes.
- Download a third party File Explorer.
- Locate and delete the following files and folders if they exist:
* ! signifies a user defined installation drive