Drever mobile virus - how to fix it.....for free

Drever how to fix it - mobile-antivirus.org - information on mobile virus threats and more.........

the site that specializes in keeping mobile devices safe

Drever how to fix this threat

This site is a free information base of anti virus knowledge which is sponsered and kept free thanks to the sponsership of UMU mobile antivirus....please visit our sponsers link to keep mobile-antivirus.org free.

Drever can be manually downloaded or spread as a SIS installation package disguised as an installer for mobile antivirus applications.

When executed, it drops any of the following files:

C:\system\recogs\AVBoot.mdl
C:\system\recogs\kl_antivirus.mdl
C:\System\Apps\recogs\AVBoot.mdl
C:\System\Apps\Antivirus\AntiVirus.lsc
C:\System\Apps\Antivirus\Definitions.dat

These are corrupted versions of files used by popular antivirus applications for mobile devices. Once these copies overwrite the antivirus files, the antivirus application is effectively disabled.

Some variants of SymbOS/Drever also drop the following files:

C:\system\apps\GavnoWin!\Gavnowin.app
C:\system\apps\GavnoWin!\Gavnowin.rsc
C:\system\apps\GavnoWin!\Gavnowin_caption.rsc
C:\system\apps\GavnoWinYou\Gavnowin.app
C:\system\apps\GavnoWinYou\Gavnowin.rsc
C:\system\apps\GavnoWinYou\Gavnowin_caption.app

These files contain only the following string:

Dr Web FOREVER!!!!

SymbOS/Drever affects phones running the Symbian S60 platform. Some phones affected by SymbOS/Cabir include the following:

Nokia 3650, 3600
Nokia 3660, 3620
Nokia 6600
Nokia 6620
Nokia 7610
Nokia 7650
Nokia N-Gage
Panasonic X700
Sendo X
Siemens SX1

Manual Disinfection

The disabled antivirus application must be reinstalled.

Kill the running SymbOS/Drever process:

1. Download a third party Application Manager or used the Application Manager that comes with the phone.
2. Locate the Drever process in the list of running applications.
3. Choose and cancel or terminate the process.

Remove the dropped components:

1. Download a third party File Explorer.
2. Locate and delete the following files if present:

C:\system\apps\GavnoWin!\Gavnowin.app
C:\system\apps\GavnoWin!\Gavnowin.rsc
C:\system\apps\GavnoWin!\Gavnowin_caption.rsc
C:\system\apps\GavnoWinYou\Gavnowin.app
C:\system\apps\GavnoWinYou\Gavnowin.rsc
C:\system\apps\GavnoWinYou\Gavnowin_caption.app

Articles & Info
SymbOS Threats
Flexispy Hobbes SendTool Cadmesk Doomed Fontal Bootton Skulls Disable Dampig CardTrap Drever CommWarrior Blanfon Cabir PBSteal CardBlock Locknut
Threats by Phone
Nokia 3650, 3600 Nokia 3660, 3620 Nokia 6600 Nokia 6620 Nokia 7610 Nokia 7650 Nokia N-Gage Panasonic Sendo Siemens
Anti virus Articles
The gowth of mobile viruses Mobile Viruses 101 Cell phone viruses - cabir A irony A Virus is just a call away Downloading a Free Ring Tone...?Downloading a Virus...

Home | Site Map | Contact Us | Links Directory