Hobbes Virus - How to fix this mobile device virus

How to Fix hobbes - mobile-antivirus.org - information on mobile virus threats and more.........

the site that specializes in keeping mobile devices safe

Hobbes Virus - How To fix it

This site is a free information base of anti virus knowledge which is sponsered and kept free thanks to the sponsership of UMU mobile antivirus....please visit our sponsers link to keep mobile-antivirus.org free.

Virus Type: Trojan
Virus Severity: Low
Discovery Date: 17/02/2007

Can UMU Guard Against This?: Yes

SymbOS/Hobbes disguises itself as a Symantec Anti-Virus application. It may arrive as a SIS installation package named SYMANTEC.SIS or pop messages during installation hinting that it is a normal application from Symantec.

It drops the following files:

C:\system\recogs\jjlas.mdl
C:\system\recogs\RecAppForge.mdl
E:\system\recogs\recAutoExec.mdl
E:\system\recogs\UltraMP3Rec.mdl

These files may be components of normal applications. But since the entire package for these applications does not get installed, these dropped files may cause erratic phone behaviors after reboot.

SymbOS/Hobbes also attempt to disable the phone’s file explorer application by dropping the following damaged files:

C:\apps\FExplorer\FExplorer.aif
C:\apps\FExplorer\FExplorer.app
C:\apps\FExplorer\FExplorer.rsc
C:\apps\FExplorer\FExplorer_CAPTION.rsC
E:\apps\FExplorer\FExplorer.mbm

This application disabling routine fails because the damaged files are dropped in the wrong directories.

SymbOS/Hobbes drops and executes a copy of SymbOS/Cabir.

Some phones affected by SymbOS/Hobbes include the following:

Nokia 3650, 3600
Nokia 3660, 3620
Nokia 6600
Nokia 6620
Nokia 7610
Nokia 7650
Nokia N-Gage
Panasonic X700
Sendo X
Siemens SX1

Manual Disinfection

The Fix to remove the dropped components:

1. Download a third party File Explorer.
2. Locate and delete the following files:

C:\system\recogs\jjlas.mdl
C:\system\recogs\RecAppForge.mdl
C:\apps\FExplorer\FExplorer.aif
C:\apps\FExplorer\FExplorer.app
C:\apps\FExplorer\FExplorer.rsc
C:\apps\FExplorer\FExplorer_CAPTION.rsC
E:\system\recogs\recAutoExec.mdl
E:\system\recogs\UltraMP3Rec.mdl
E:\apps\FExplorer\FExplorer.mbm

Due to the erratic behavior after the phone is restarted, it may be necessary to use a second mobile device to completely clean the E drive (memory card).

Turn off the infected device, remove its memory card and insert it in an uninfected phone or PC card reader. Using the uninfected device delete the files dropped in the E drive. Turn on the infected phone and delete the files dropped in the C drive.

For more useful sites try A1 Directory

Articles & Info
SymbOS Threats
Flexispy Hobbes SendTool Cadmesk Doomed Fontal Bootton Skulls Disable Dampig CardTrap Drever CommWarrior Blanfon Cabir PBSteal CardBlock Locknut
Threats by Phone
Nokia 3650, 3600 Nokia 3660, 3620 Nokia 6600 Nokia 6620 Nokia 7610 Nokia 7650 Nokia N-Gage Panasonic Sendo Siemens
Anti virus Articles
The gowth of mobile viruses Mobile Viruses 101 Cell phone viruses - cabir A irony A Virus is just a call away Downloading a Free Ring Tone...?Downloading a Virus...

Home | Site Map | Contact Us | Links Directory