Home / malwarePDF  

Doomboot.O


First posted on 13 September 2006.
Source: SecurityHome

Aliases :

There are no other names known for Doomboot.O.

Explanation :

SymbOS/Doomboot.O is a malicious SIS file trojan that drops corrupted system binaries into the infected device. The system files dropped by Doomboot.O cause the device to fail at its next reboot. In addition to corrupted binaries, Doomboot.O also installs following malware:

  • SymbOS/Cabir.B

  • SymbOS/Commwarrior.B

  • SymbOS/Cdropper.H


If you have installed Doomboot.O, the most important thing is to not reboot the phone and to follow the disinfection instructions in the section below.
If you have rebooted the phone and the phone will not start again, the phone can be recovered with a hard format key code that is entered during the phone boot.

Installation to System
Doomboot.O installs a corrupted system binary into the C: drive of the phone. When the phone boots this corrupted binary will be loaded instead of the correct one, and the phone will crash.

Payload
Installs following symbian malware:
  • SymbOS/Cabir.B

  • SymbOS/Commwarrior.B

  • SymbOS/Cdropper.H

Solution :

Disinfection with two Series 60 phones
For full disinfection of Doomboot.O you need help of another Series 60 phone that is not infected with the trojan, and clean memory card on that phone.

Download F-Skulls tool from ftp.f-secure.com/anti-virus/tools/f-skulls.zip or directly with phone http://www.europe.f-secure.com/tools/f-skulls.sis

  1. Install F-Skulls.sis into clean phones memory card with a clean phone

  2. Put the memory card with F-Skulls into infected phone

  3. Start up the infected phone. The application menu should work now

  4. Go to application manager and uninstall the SIS file in which you installed the skulls variant

  5. Download and install F-Secure Mobile Anti-Virus to remove any Cabir variants from http://www.europe.f-secure.com/estore/avmobile.shtml or with mobile from http://mobile.f-secure.com

  6. Insert the infected memory card into the phone and remove installed files



Disinfection for the cases when the phone is already rebooted and cannot start up

CAUTION! this method will remove all data on the device including calendar and phone numbers:
  1. Power off the phone

  2. Hold the following three buttons down - "answer call" + "*" + "3"

  3. Keep holding down the buttons and power on the phone

  4. Depending on the model, you will either get text that reads "formatting" or a start-up dialog that asks for the initial phone settings

  5. Your phone is now formatted and can be used again

Last update 13 September 2006

 

TOP

Malware :

Family: