Home / malware Romride.G
First posted on 13 September 2006.
Source: SecurityHomeAliases :
There are no other names known for Romride.G.
Explanation :
Romride.G is a malicious SIS trojan that installs malfunctioning system configuration components that cause different behaviour depending on the ROM software version on the device. Different effects witnessed range from start up failure to no apparent effect on the device at all. During install of the malicious software Romride.G shows a Nokia logo and plays an audio file that contains short piece of music. After installing Romride.G the phone restarts automatically.
Spreading in Nokia Live.sis
Installation to System
SymbOS/Romride.A installs a malfunctioning system configuration files into the C: drive of the phone. This is followed by different effect depending on the version of the ROM software on the device. Effects witnessed vary from start up failure, to no apparent effect at all.
Payload
Replaces system configuration files with corrupted configuration files
Shortly after the device infected with SymbOS/Romride.A restarts, it shows a notification similar to "Selftest failed. Contact service". When this notification is displayed the only working function on the device is the option to power-off.Solution :
Disinfection for the cases when phone cannot start up
CAUTION! this method will remove all data on the device including calendar and phone numbers:
- Power off the phone
- Hold the following three buttons down - "answer call" + "*" + "3"
- Keep holding down the buttons and power on the phone
- Depending on the model, you will either get text that reads "formatting" or a start-up dialog that asks for the initial phone settings
- Your phone is now formatted and can be used again
Last update 13 September 2006
