top 10 virus

Here are the most dangerous cell phone viruses for symbian based cell phone. Like Computer, cell phone are also using system that keep the cell phone running in a proper way. Cell phone are having a problem as well with viruses that attach their operating system. There are quite a lot cell phone viruses. But here’s the most dangerous cell phone viruses for symbian based cell phone as one of the most popular operating system for cell phone. You have to kept away from it.

10. Cabir Virus

The target of this cell phone virus is Symbian s60v2 mobile phone. Cabir is a virus that spreads via a Bluetooth connection and come into your inbox with an interesting message. It won’t cause a fatal damage, but the battery of the cell phone will quickly run out because this virus periodically activate bluetooth of the infected cell phone.

9. Skulls Virus

The target of this virus is symbian cell phone and spread via the internet. The damage resulted is the mobile phone can not be used again except to call and receive calls.

8. CommWarrior Virus

The target of this virus is symbian s60v2 mobile phones. The Virus spreaded via bluetooth and MMS. It will send replication through MMS to all numbers in contacts, so will make your mobile phone bill high.

7. Locknut Virus

The target of this virus is the symbian s60 mobile phone and spread through the internet download. Locknut E, one variant of this virus, will damage important files in a Symbian system and causes the infected application could not be opened. By using that way, step by step the cell phone will be locked totally by this virus.

6. Fontal Virus

The target of this virus is symbian s60 mobile phone and spread through internet download. This virus will lock the cell phone in stages. It will finally lock the phone since it was first turned on.

5. Rommwar Virus

The Targets of this virus is symbian s60 cell phone and it’s spreaded through Bluetooth, MMS, and internet. This virus cause the phone can’t do booting and often restart itself.

4. DoomBoot Virus

The target of this virus is symbian S60 cell phone and spread via Bluetooth. Doomboot make files become corrupted, and after infecting a file, it will put other viruses such as Commwarrior into the mobile phone. Damaged file will prevent the phone to do rebooting. In addition, this virus also causes the battery run out quickly due to constant use bluetooth connection.

3. CardTrap Virus

The target of this virus are the symbian s60 mobile phone and Windows-based PC. It spread through the memory card and cause important applications become malfunctioned, the chaos system, and damage to the function of the keypad.

2. PBstealer Virus

The target of this virus is Symbian S60 cell phone and spread via bluetooth. This virus will copy the necessary data in the mobile phone, for example, contacts, to-do lists, notes to the format. txt and then will be spreaded to other mobile phone, using bluetooth.

1. AppDisabler

The target of this virus is symbian based mobile phone and spread through Bluetooth, MMS, and internet. This virus will install other dangerous viruses like Locknut, Cabir, Skulls, etc. Thus causing the entire operating system broken. You can say, this is the most dangerous viruses that never existed because they combine several types of viruses in once.


source

Read More »

Add Comment

~VIRGO~ old site, virus inform.

skulls disinfect. step

If you have a file manager on the phone that still works

This disinfection method works on a single phone if you have a working third party file manager on the phone.

1. Go to c:\System\apps\appinst and delete

• c:\System\apps\appinst
• c:\System\apps\menu
• c:\System\apps\mce

2. Open the applications menu
3. Look for web browser, it's icon should still be normal
4. Download F-Secure Mobile Anti-Virus (http://mobile.f-secure.com) for your device
5. Install F-Secure Mobile Anti-Virus
6. Start F-Secure mobile Anti-Virus
7. Scan your device to remove files used to block critical system applications
8. Go to application manager
9. Uninstall "Extended theme.sis"

Read More »

Add Comment

~VIRGO~ old site, virus disinfect.

skulls

Trojan:SymbOS/Skulls is distributed in a malicious SIS file named "Extended theme.SIS", allegedly a theme manager for Nokia 7610 smart phone (authored by "Tee-222").

Skulls.A and other Skulls trojans are targeted against Symbian Series 60 devices, but can also affect other Symbian devices, for example Nokia 9500, which is a Series 80 device. However when trying to install Skulls trojan on Nokia 9500, the user will get a warning that the SIS file is not intended for the device, so risk of accidental infection is low.



On installation, the trojan will replace the system applications with non-functional versions, so that all but the phone functionality will be disabled. It will also cause all application icons to be replaced with picture of skull and cross bones; the icons don't refer to the actual applications anymore so none of the phone's normal applications will be able to start.



This basically means that if Skulls is installed, only calling from the phone and answering calls works. All functions which need some system application, such as SMS and MMS messaging, web browsing and camera no longer function.

If you have installed Skulls, the most important thing is: do not to reboot the phone; follow the disinfection instructions in this description.


Installation

Skulls SIS file does not contain any malicious code as such, it is just a Symbian Installation file that installs critical System ROM binaries into C: drive in with exact same names and locations as in the ROM drive.

Symbian operating system has a feature which causes any file that is in C: drive replace file in ROM drive with identical name and location.

The application files installed by Skulls are normal Symbian OS files extracted from the phone ROM. However due to feature in Symbian OS, copying them into correct locations in the device C: drive, causes critical system applications fail to function.

Read More »

Add Comment

~VIRGO~ old site, virus inform.

commwar disinfect. step

disinfection

just can remove use "f-commwarrior" and "anti-commwarr"


or follow this step
CAUTION! this method will remove all data on the device including calendar and phone numbers:

• Power off the phone
• Remove your external memory card
• Hold the following three buttons down - "answer call" + "*" + "3"
• Keep holding down the buttons and power on the phone
• Depending on the model, you will either get text that reads "formatting" or a start-up dialog that asks for the initial phone settings
• Your phone is now formatted
• Scan your memory card on your computer with "Avira" or "KAV" or maybe AnVir that has beselo variant in database
• Put your memory card on your phone, your phone is clean now

Read More »

Add Comment

~VIRGO~ old site, virus disinfect.

commwar.variant

Commwarrior is a worm that operates on Symbian Series 60 2nd Edition devices.
The worm is capable of spreading itself via Bluetooth and MMS.

Phones infected with Commwarrior will start searching for other devices within Bluetooth wireless range and will attempt to send infected SIS files to the discovered devices.

The SIS files that Commwarrior transmits are randomly named so that phone users cannot be warned to avoid files with any particular given name.

In addition to using Bluetooth, Commwarrior will also read the user's local address book for phone numbers and will then start sending MMS messages containing Commwarrior.

Name : Worm:SymbOS/Commwarrior
Category : Malware
Type : Worm
Platform : SymbOS
Origin : Russia

commwarrior has 15 variants :

• Commwarrior.B
• Commwarrior.C
• Commwarrior.D
• Commwarrior.E
• Commwarrior.F
• Commwarrior.G
• Commwarrior.H
• Commwarrior.I
• Commwarrior.J
• Commwarrior.K
• Commwarrior.L
• Commwarrior.M
• Commwarrior.N
• Commwarrior.Q
• Commwarrior.Z

free dowmload commwarrior :
commwar.a.sis
commwar.a.exe

commwar.c.sis
commwar.c.exe

commwar.g.sis
commwar.g.exe

Read More »

Add Comment

~VIRGO~ old site, virus inform.

beselo remove step

beselo just can remove with "FortiCleanUp Beselo"

or follow this step
CAUTION! this method will remove all data on the device including calendar and phone numbers:

• Power off the phone
• Remove your external memory card
• Hold the following three buttons down - "answer call" + "*" + "3"
• Keep holding down the buttons and power on the phone
• Depending on the model, you will either get text that reads "formatting" or a start-up dialog that asks for the initial phone settings
• Your phone is now formatted
• Scan your memory card on your computer with "Avira" or "KAV" or maybe AnVir that has beselo variant in database
• Put your memory card on your phone, your phone is clean now

Read More »

Add Comment

~VIRGO~ old site, virus disinfect.

beselo.variant

Beselo is a MMS and Bluetooth worm family that operates on Symbian S60 Second Edition devices.

The Beselo family is very similar to the Commwarrior family but contains enough differences in the code base and behavior that it is counted as separate family.

beselo has 5 variants :

1. beselo.a
2. beselo.b
3. beselo.c
4. beselo.d
5. beselo.e

Variants Beselo.C, Beselo.D and Beselo.E are closely related to Beselo.B

Beselo.a details

Name : Worm:SymbOS/Beselo.A
Category : Malware
Type : Bluetooth-Worm
Platform : SymbOS
Origin : Asia
Date of Discovery: December 21, 2007

Infection

The worm's SIS installation package contains .exe, .ini, and .dat files named using a random format that has seven letters followed by the extension. For example, qsnpwsg.exe,qsnpwsg.ini, and qsnpwsg.dat.

When Beselo.A is run the installer will copy the worm's main executable to C:\system\data and execute. After execution the worm will copy its executable file to C:\system\apps with the same name as worm's main executable. Additionally, the worm creates a new unique SIS installation package to C:\systems\apps and recognizer to C:\system\recogs with the name that has the same first four letters as worm's executable. If the phone has a memory card the worm will also copy itself there. To summarize, here is a list of all files created in one installation using example filenames.

Files created on the phone:
• C:\system\data\qsnpwsg.exe
• C:\system\apps\qsnpwsg.exe
• C:\system\apps\qsnpwsg.sis
• C:\system\recogs\gsnp.mdl

The following file does not have a variable name:

• C:\system\data\SIMLanguage.dat

Files created on the memory card:
• E:\system\apps\qsnpwsg.exe
• E:\system\recogs\gsnp.mdl

Hiding and Protecting the Process from the User

Beselo.A attempts to hide its process from the user by running as executable, so that it is not visible in the standard application list. The process is visible in third party tools that show system processes. It is named with same random name as the worm's main executable.

The worm protects its process from being killed by setting the process type to "system". It is not possible to kill a system process.

Replication via MMS Messages

Beselo.A replicates using MMS with SIS files that have the text "Photo" as message body and a SIS file attachment named beauty.jpg, sex.mp3, or love.rm.

The MMS messages are sent to numbers found in the device phone book.

Replication via Bluetooth

Beselo.A replicates using Bluetooth in SIS files using the same name as the MMS messages. Bluetooth messages are attempt in one minute intervals to one phone number at a time.

The extension used in the worm installation file causes the message to be shown with an icon that indicates a broken media file.

Replication to an MMC Card

Beselo.A listens for any MMC cards inserted to the infected phone, and copies itself to inserted card. The infected card contains both the worm executable and the bootstrap component, so that if infected card is inserted into another phone it will also be infected.

Beselo.b details

Name : Worm:SymbOS/Beselo.B
Category : Malware
Type : Bluetooth-Worm
Platform : SymbOS
Origin : Asia
Date of Discovery: December 21, 2007

Beselo.B is an MMS and Bluetooth worm that operates on Symbian S60 Second Edition devices.

Beselo.B spreads via MMS messages and Bluetooth using the filenames beauty.jpg, sex.mp3, or love.rm

Infection

The worm's SIS installation package contains .exe, .ini, and .dat files named using a random format that has seven letters followed by the extension. For example, qsnpwsg.exe,qsnpwsg.ini, and qsnpwsg.dat.

When Beselo.B is run the installer will copy the worm's main executable to C:\system\data and execute. After execution the worm will copy its executable file to C:\system\apps with the same name as worm's main executable. Additionally, the worm creates a new unique SIS installation package to C:\systems\apps and recognizer to C:\system\recogs with the name that has the same first four letters as worm's executable. If the phone has a memory card the worm will also copy itself there. To summarize, here is a list of all files created in one installation using example filenames.

Files created on the phone:

• c:\system\data\qsnpwsg.exe
• c:\system\data\qsnpwsg.dat
• c:\system\data\qsnpwsg.ini
• c:\system\apps\qsnpwsg.exe
• c:\system\apps\qsnpwsg.sis
• c:\system\recogs\gsnp.mdl

Files created on the memory card:
• e:\system\apps\qsnpwsg.exe
• e:\system\recogs\gsnp.mdl

Hiding and Protecting the Process from the User

Beselo.B attempts to hide its process from the user by running as executable, so that it is not visible in the standard application list. The process is visible in third party tools that show system processes. It is named with same random name as the worm's main executable.

The worm protects its process from being killed by setting the process type to "system". It is not possible to kill a system process.

Replication via MMS Messages

Beselo.B replicates using MMS with SIS files that have the text "Photo" as message body and a SIS file attachment named beauty.jpg, sex.mp3, or love.rm.

The MMS messages are sent in 1 minute interval to either numbers found in the device phone book or else to internally generated numbers.

Beselo.B also listens for incoming SMS messages and responds to any message with an infected MMS message.

Replication via Bluetooth

Beselo.B replicates using Bluetooth in SIS files using the same name as the MMS messages. Bluetooth messages are attempt in one minute intervals to one phone number at a time.

The extension used in the worm installation file causes the message to be shown with an icon that indicates a broken media file.

Replication to an MMC Card

Beselo.B listens for any MMC cards inserted to the infected phone, and copies itself to inserted card. The infected card contains both the worm executable and the bootstrap component, so that if infected card is inserted into another phone it will also be infected.

free download beselo:
beselo.a.sis
beselo.a.exe

beselo.b.sis
beselo.b.exe

Read More »

Add Comment

~VIRGO~ old site, virus inform.

virus scine

Adware
Adware is software that presents banner ads or in pop-up windows through a bar that appears on a computer screen. Those advertising spots usually can't be removed and are consequently always visible. The connection data allow many conclusions on the usage behavior and are problematic in terms of data security.

Backdoors
A backdoor can gain access to a computer by going around the computer access security mechanisms.

A program that is being executed in the background generally enables the attacker almost unlimited rights. User's personal data can be spied with the backdoor's help, but are mainly used to install further computer viruses or worms on the relevant system.

Boot viruses
The boot or master boot sector of hard drives is mainly infected by boot sector viruses. They overwrite important information necessary for the system execution. One of the awkward consequences: the computer system cannot be loaded any more…

Bot-Net
A Bot-Net is collection of softwarre bots, which run autonomously. A Bot-Net can comprise a collection of cracked machines running programs (usually referred to as worms, Trojans) under a common command and control infrastructure. Boot-Nets server various purposes, including Denial-of-service attacks, etc., partly without the affected PC user's knowledge. The main potential of Bot-Nets is that the networks can achieve dimensions on thousands of computers and its bandwidth sum bursts most conventional Internet accesses.

Dialer
A dialer is a computer programm that establishes a connection to the Internet or to another computer network through the telephone line or the digital ISDN network. Fraudsters use dialers to charge users high rates when dialing up to the Internet without their knowledge.

EICAR test file
The EICAR test file is a test pattern that was developed at the European Institute for Computer Antivirus Research for the purpose to test the functions of anti-virus programs. It is a text file which is 68 characters long and its file extension is “.COM” all virus scanners should recognize as virus.

Exploit
An exploit (vulnerability) is a computer program or script that takes advantage of a bug, glitch or vulnerability leading to privilege escalation or denial of service on a computer system. A form of an exploit for example are attacks from the Internet with the help of manipulated data packages. Programs can be infiltrated in order to obtain higher access.

Grayware
Grayware operates in a way similar to malware, but it is not spread to harm the users directly. It does not affect the system functionality as such. Mostly, information on the patterns of use is collected in order to either sell these data or to place advertisements systematically.

Hoaxes
The users have obtained virus alerts from the Internet for a few years and alerts against viruses in other networks that are supposed to spread via email. These alerts are spread per email with the request that they should be sent to the highest possible number of colleagues and to other users, in order to warn everyone against the "danger".

Honeypot
A honeypot is a service (program or server), which is installed in a network.

It has the function to monitor a network and to protocol attacks. This service is unknown to the legitime user - because of this reason he is never addressed. If an attacker examines a network for the weak points and uses the services which are offered by a Honeypot, it is protocolled and an alert sets off.

Keystroke logging
Keystroke logging is a diagnostic tool used in software development that captures the user's keystrokes. It can be useful to determine sources of error in computer systems and is sometimes used to measure employee productivity on certain clerical tasks. Like this, confidential and personal data, such as passwords or PINs, can be spied and sent to other computers via the Internet.

Macro viruses
Macro viruses are small programs that are written in the macro language of an application (e.g. WordBasic under WinWord 6.0) and that can normally only spread within documents of this application. Because of this, they are also called document viruses. In order to be active, they need that the corresponding applications are activated and that one of the infected macros has been executed. Unlike "normal" viruses, macro viruses do consequently not attack executable files but they do attack the documents of the corresponding host-application.

Polymorph viruses
Polymorph viruses are the real masters of disguise. They change their own programming codes - and are therefore very hard to detect.

Program viruses
A computer virus is a program that is capable to attach itself to other programs after being executed and cause an infection. Viruses multiply themselves unlike logic bombs and Trojans. In contrast to a worm, a virus always requires a program as host, where the virus deposits his virulent code. The program execution of the host itself is not changed as a rule.

Scareware
The term scareware refers to software which has been designed with the intent to cause anxiety or panic. The victim could be tricked and feels threatened and usually accepts an offer to pay and have the inexistent threat removed. In some cases the victim is seduced to cause the attack himself by making him think this intervention will successfully remove the threat.

Script viruses and worms
Such viruses are extremely easy to program and they can spread - if the required technology is on hand - within a few hours via email round the globe.

Script viruses and worms use a script language such as Javascript, VBScript etc. to infiltrate in other new scripts or to spread by activation of operating system functions. This frequently happens via email or through the exchange of files (documents).

A worm is a program that multiplies itself but that does not infect the host. Worms can consequently not form part of other program sequences. Worms are often the only possibility to infiltrate any kind of damaging programs on systems with restrictive security measures.

Security Privacy Risk (SPR)
The term "SPR/" ("Security or Privacy Risk") refers to a program which can damage the security of your system, trigger program activities you do not want or harm your private environment.

Spyware
Spyware are so called spy programs that intercept or take partial control of a computer's operation without the user's informed consent. Spyware is designed to expolit infected computers for commerical gain. Typical tactics furthering this goal include delivery of unsolicited pop-up advertisements. AntiVir is able to detect this kind of software with the category "ADSPY" or "adware-spyware".

Trojan horses (short Trojans)
Trojans are pretty common nowadays. We are talking about programs that pretend to have a particular function, but that show their real image after execution and carry out a different function that, in most cases, is destructive. Trojan horses cannot multiply themselves, which differenciates them from viruses and worms. Most of them have an interesting name (SEX.EXE or STARTME.EXE) with the intention to induce the user to start the Trojan. Immediately after execution they become active and can, for example, format the hard drive. A dropper is a special form of Trojan that 'drops' viruses, i.e. embeds viruses on the computer system.

Zombie
A Zombie-PC is a computer that is infected with malware programs and that enables hackers to abuse computers via remote control for criminal purposes. The affected PC, for example, can start Denial-of-Service- (DoS) attacks at command or send spam and phishing emails.

Read More »

Add Comment

~VIRGO~ old site, virus inform.