booton how to fix it - mobile-antivirus.org - information on mobile virus threats and more.........
mobile-antivirus.org
the site that specializes in keeping mobile devices safe

 

Booton Threat how to fix it

 

This site is a free information base of anti virus knowledge which is sponsered and kept free thanks to the sponsership of UMU mobile antivirus....please visit our sponsers link to keep mobile-antivirus.org free.

umu global mobile antivirus

Bootton usually arrives on a phone disguised as a SIS installer for normal applications or dropped by other malwares. When this malicious SIS package is executed, it overwrites normal application files in the device’s C drive with copies that, when executed, restarts the compromised device. Some of the popular applications it disables in this way include the following:

C:\System\apps\Appctrl\Appctrl.aif
C:\System\apps\Appctrl\Appctrl.app
C:\System\apps\Appinst\Appinst.aif
C:\System\apps\Appinst\Appinst.app
C:\System\apps\Appmngr\Appmngr.aif
C:\System\apps\Appmngr\Appmngr.app
C:\System\apps\BtUi\BtUi.aif
C:\System\apps\BtUi\BtUi.app
C:\System\apps\Camcorder\Camcorder.aif
C:\System\apps\Camcorder\Camcorder.app
C:\System\apps\Camera\Camera.aif
C:\System\apps\Camera\Camera.app
C:\System\apps\efileman\efileman.aif
C:\System\apps\efileman\efileman.app
C:\System\apps\FExplorer\FExplorer.aif
C:\System\apps\FExplorer\FExplorer.app
C:\System\apps\FExplorer\FExplorer_caption.rsc
C:\System\apps\File\File.aif
C:\System\apps\File\File.app
C:\System\apps\FileManager\FileManager.aif
C:\System\apps\FileManager\FileManager.app
C:\System\apps\ILoveU\ILoveU.aif
C:\System\apps\ILoveU\ILoveU.APP
C:\System\apps\ILoveU\ILoveU.RSC
C:\System\apps\ILoveU\ILU.mdl
C:\System\apps\IrApp\IrApp.aif
C:\System\apps\IrApp\IrApp.app
C:\System\apps\Logs\Logs.aif
C:\System\apps\Logs\Logs.app
C:\System\apps\mce\mce.aif
C:\System\apps\mce\mce.app
C:\System\apps\MediaGallery\MediaGallery.aif
C:\System\apps\MediaGallery\MediaGallery.app
C:\System\apps\Menu\Menu.aif
C:\System\apps\Menu\Menu.app
C:\System\apps\Phone\Phone.aif
C:\System\apps\Phone\Phone.app
C:\System\apps\Phonebook\Phonebook.aif
C:\System\apps\Phonebook\Phonebook.app
C:\System\apps\SymCommander\SymCommander.aif
C:\System\apps\SymCommander\SymCommander.app
C:\System\apps\SystemExplorer\SystemExplorer.aif
C:\System\apps\SystemExplorer\SystemExplorer.app
C:\System\apps\ThNdRbRd.gif
C:\System\RECOGS\ILU.mdl

During installation, SymbOS/Bootton displays any of the following messages:

This app can restart your phone by only clicking on the restart icon. It is suitable for S60 phones. Enjoy!!

Created By:

Symbian Corporation ©2006
=================================


° ¨ ¨ ™ ¤ ¦ T h N d R b R d ¦ ¤ ™ ¨ ¨ °

Some variants also drop a file named Dont4get2readme.txt. It contains the following message:

Saying HELLO From Here (SYRIA)
TO All The WORLD !!!

I Wish U N-Joy UR
Damaged Device ..

U Know, Not all may Read These Words But,
No Problem Bcuz Some will,

But even This, Thats The Way I Love U All ...

;-)


Regards,
ThNdRbRd

SymbOS/Bootton affects phones running the Symbian S60 platform. Some affected phones include the following:

Nokia 3650, 3600
Nokia 3660, 3620
Nokia 6600
Nokia 6620
Nokia 7610
Nokia 7650
Nokia N-Gage
Panasonic X700
Sendo X
Siemens SX1

Manual Disinfection

To disinfect a compromised device, it is necessary to reinstall all overwritten applications. The SymbOS/Bootton SIS installer must then be deleted. If this does not restore the phone, a formatting the phone may be necessary. All data saved in the C drive will be lost during a format.

Articles & Info
SymbOS Threats
Threats by Phone

 
Anti virus Articles

 
 

Home | Site Map | Contact Us | Links Directory