How to Fix Skulls mobile virus threat - from mobile-antivirus.org

Skulls how to fix it - mobile-antivirus.org - information on mobile virus threats and more.........

the site that specializes in keeping mobile devices safe

Skulls How to fix this mobile threat

This site is a free information base of anti virus knowledge which is sponsered and kept free thanks to the sponsership of UMU mobile antivirus....please visit our sponsers link to keep mobile-antivirus.org free.

Skulls is a highly destructive mobile Trojan program. It may arrive on a phone disguised as an installer for normal applications or theme packages. Some known names it may use include the following:

Extended Theme.sis
ICONS.sis

When these malicious SIS packages are executed, they overwrite normal application files in the device’s C drive with damaged copies. Some of the popular applications it disables in this way include the following:

C:\System\Apps\Voicerecorder\Voicerecorder.app
C:\System\Apps\Voicerecorder\Voicerecorder.aif
C:\System\Apps\Vm\Vm.app
C:\System\Apps\Vm\Vm.aif
C:\System\Apps\VCommand\VCommand.app
C:\System\Apps\VCommand\VCommand.aif
C:\System\Apps\Ussd\Ussd.app
C:\System\Apps\Ussd\Ussd.aif
C:\System\Apps\ToDo\ToDo.app
C:\System\Apps\ToDo\ToDo.aif
C:\System\Apps\SysAp\SysAp.app
C:\System\Apps\SysAp\SysAp.aif
C:\System\Apps\Startup\Startup.app
C:\System\Apps\Startup\Startup.aif
C:\System\Apps\Speeddial\Speeddial.app
C:\System\Apps\Speeddial\Speeddial.aif
C:\System\Apps\SmsViewer\SmsViewer.app
C:\System\Apps\SmsViewer\SmsViewer.aif
C:\System\Apps\SmsEditor\SmsEditor.app
C:\System\Apps\SmsEditor\SmsEditor.aif
C:\System\Apps\SimDirectory\SimDirectory.app
C:\System\Apps\SimDirectory\SimDirectory.aif
C:\System\Apps\Sdn\Sdn.app
C:\System\Apps\Sdn\Sdn.aif
C:\System\Apps\ScreenSaver\ScreenSaver.app
C:\System\Apps\ScreenSaver\ScreenSaver.aif
C:\System\Apps\SchemeApp\SchemeApp.app
C:\System\Apps\SchemeApp\SchemeApp.aif
C:\System\Apps\Satui\Satui.app
C:\System\Apps\Satui\Satui.aif
C:\System\Apps\PushViewer\PushViewer.app
C:\System\Apps\PushViewer\PushViewer.aif
C:\System\Apps\PSLN\PSLN.app
C:\System\Apps\PSLN\PSLN.aif
C:\System\Apps\ProvisioningCx\ProvisioningCx.app
C:\System\Apps\ProvisioningCx\ProvisioningCx.aif
C:\System\Apps\ProfileApp\profileapp.app
C:\System\Apps\ProfileApp\profileapp.aif
C:\System\Apps\PRESENCE\PRESENCE.APP
C:\System\Apps\PRESENCE\PRESENCE.AIF
C:\System\Apps\Pinboard\Pinboard.app
C:\System\Apps\Pinboard\Pinboard.aif
C:\System\Apps\Phonebook\Phonebook.app
C:\System\Apps\Phonebook\Phonebook.aif
C:\System\Apps\Phone\Phone.app
C:\System\Apps\Phone\Phone.aif
C:\System\Apps\NSmlDSSync\NSmlDSSync.app
C:\System\Apps\NSmlDSSync\NSmlDSSync.aif
C:\System\Apps\NSmlDMSync\NSmlDMSync.app
C:\System\Apps\NSmlDMSync\NSmlDMSync.aif
C:\System\Apps\NpdViewer\NpdViewer.app
C:\System\Apps\NpdViewer\NpdViewer.aif
C:\System\Apps\Notepad\Notepad.app
C:\System\Apps\Notepad\notepad.aif
C:\System\Apps\MusicPlayer\MusicPlayer.app
C:\System\Apps\MusicPlayer\MusicPlayer.aif
C:\System\Apps\MsgMailViewer\MsgMailViewer.app
C:\System\Apps\MsgMailViewer\MsgMailViewer.aif
C:\System\Apps\MsgMailEditor\MsgMailEditor.app
C:\System\Apps\MsgMailEditor\MsgMailEditor.aif
C:\System\Apps\MmsViewer\MmsViewer.app
C:\System\Apps\MmsViewer\MmsViewer.aif
C:\System\Apps\MmsEditor\MmsEditor.app
C:\System\Apps\MmsEditor\MmsEditor.aif
C:\System\Apps\MMM\MMM.app
C:\System\Apps\MMM\Mmm.aif
C:\System\Apps\mmcapp\mmcapp.app
C:\System\Apps\mmcapp\mmcapp.aif
C:\System\Apps\Menu\Menu.app
C:\System\Apps\Menu\Menu.aif
C:\System\Apps\MediaSettings\MediaSettings.app
C:\System\Apps\MediaSettings\MediaSettings.aif
C:\System\Apps\MediaPlayer\MediaPlayer.app
C:\System\Apps\MediaPlayer\MediaPlayer.aif
C:\System\Apps\MediaGallery\MediaGallery.app
C:\System\Apps\MediaGallery\MediaGallery.aif
C:\System\Apps\mce\mce.app
C:\System\Apps\mce\mce.aif
C:\System\Apps\Logs\Logs.app
C:\System\Apps\Logs\Logs.aif
C:\System\Apps\location\location.app
C:\System\Apps\location\location.aif
C:\System\Apps\ImageViewer\ImageViewer.app
C:\System\Apps\ImageViewer\ImageViewer.aif
C:\System\Apps\GS\gs.app
C:\System\Apps\GS\GS.aif
C:\System\Apps\FileManager\FileManager.app
C:\System\Apps\FileManager\FileManager.aif
C:\System\Apps\DdViewer\DdViewer.app
C:\System\Apps\DdViewer\DdViewer.aif
C:\System\Apps\cshelp\cshelp.app
C:\System\Apps\cshelp\cshelp.aif
C:\System\Apps\Converter\converter.app
C:\System\Apps\Converter\Converter.aif
C:\System\Apps\ConnectionMonitorUi\ConnectionMonitorUi.app
C:\System\Apps\ConnectionMonitorUi\ConnectionMonitorUi.aif
C:\System\Apps\CodViewer\CodViewer.app
C:\System\Apps\CodViewer\CodViewer.aif
C:\System\Apps\ClockApp\ClockApp.app
C:\System\Apps\ClockApp\ClockApp.aif
C:\System\Apps\Chat\Chat.app
C:\System\Apps\Chat\Chat.aif
C:\System\Apps\CERTSAVER\CERTSAVER.APP
C:\System\Apps\CERTSAVER\CERTSAVER.AIF
C:\System\Apps\CbsUiApp\CbsUiApp.app
C:\System\Apps\CbsUiApp\cbsuiapp.aif
C:\System\Apps\CamTimer\camtimer.rsc
C:\System\Apps\CamTimer\camtimer.app
C:\System\Apps\Camcorder\Camcorder.app
C:\System\Apps\Camcorder\Camcorder.aif
C:\System\Apps\Calendar\Calendar.app
C:\System\Apps\Calendar\Calendar.aif
C:\System\Apps\Calcsoft\Calcsoft.app
C:\System\Apps\Calcsoft\Calcsoft.aif
C:\System\Apps\bva\bva.app
C:\System\Apps\bva\bva.aif
C:\System\Apps\BtUi\BtUi.app
C:\System\Apps\BtUi\BtUi.aif
C:\System\Apps\Browser\Browser.app
C:\System\Apps\Browser\Browser.aif
C:\System\Apps\Autolock\Autolock.app
C:\System\Apps\Autolock\Autolock.aif
C:\System\Apps\AppMngr\Appmngr.app
C:\System\Apps\AppMngr\AppMngr.aif
C:\System\Apps\AppInst\Appinst.app
C:\System\Apps\AppInst\Appinst.aif
C:\System\Apps\About\About.app
C:\System\Apps\About\About.aif

A trademark of the Skulls family of mobilewares is that it replaces the icon of all the disabled application with a skulls and crossbones image (some variant may use different images, such as that of a jigsaw piece).

SymbOS/Skulls affects phones running the Symbian S60 platform. Some affected phones include the following:

Nokia 3650, 3600
Nokia 3660, 3620
Nokia 6600
Nokia 6620
Nokia 7610
Nokia 7650
Nokia N-Gage
Panasonic X700
Sendo X
Siemens SX1

Other Details

SymbOS/Skulls may also drop and execute other mobilewares, such as SymbOS/Cabir, in the affected phone.

Some variants also drop DLL, ZIP, or RAR files that when opened actually contain different strings. Some known strings are:

T-VIRUS Notification.

T(heme) Virus for 7610
I hope you like it :)

==============================

What is T-VIRUS hideout?
ask your self...

==============================

Why do T-VIRUS created?
Cuz i love you so much... :)

==============================

Why do T-VIRUS belongs in this world?
Cuz i hate you very much... :)

==============================
Why do T-VIRUS infect phones?
Cuz it loves your phone very much... :)

Manual Disinfection

To disinfect a compromised device, it is necessary to reinstall all overwritten applications. The SymbOS/Skulls SIS installer must then be deleted. If this does not restore the phone, a formatting the phone may be necessary. All data saved in the C drive will be lost during a format.

Articles & Info
SymbOS Threats
Flexispy Hobbes SendTool Cadmesk Doomed Fontal Bootton Skulls Disable Dampig CardTrap Drever CommWarrior Blanfon Cabir PBSteal CardBlock Locknut
Threats by Phone
Nokia 3650, 3600 Nokia 3660, 3620 Nokia 6600 Nokia 6620 Nokia 7610 Nokia 7650 Nokia N-Gage Panasonic Sendo Siemens
Anti virus Articles
The gowth of mobile viruses Mobile Viruses 101 Cell phone viruses - cabir A irony A Virus is just a call away Downloading a Free Ring Tone...?Downloading a Virus...

Home | Site Map | Contact Us | Links Directory