comm warrior VIRUS

**ScReWfAcE** · 05-13-2005, 12:00 PM

comm warrior VIRUS
for series 60

updates

**franz** · 05-13-2005, 12:08 PM

ha? unsa ni bai?

**ScReWfAcE** · 05-13-2005, 12:12 PM

worm diay ni dili virus hehee

**franz** · 05-13-2005, 12:14 PM

a ok.. haven;t encounter this, ngano man diay? nainfected ka? or naa kay source code ani, imo baligya? unsa diay ni siya about? hehe

**ScReWfAcE** · 05-13-2005, 12:17 PM

no wala pa ko na infected ani ..ako lang amiga

========
When SymbOS.Commwarrior.A arrives at a target device, it may perform the following actions:

Creates the following files on the phone:

\system\updates\commwarrior.exe
\system\updates\commrec.mdl
\system\apps\commwarrior\commwarrior.exe
\system\apps\commwarrior\commrec.mdl
\system\recogs\commrec.mdl

Rebuilds an .sis file from the above files into the following location:

\system\updates\commw.sis

Searches for Bluetooth-enabled devices and attempts to send a randomly named copy of the .sis file to all devices that it finds.

Randomly chooses a phone number from the device's phonebook and sends an MMS message containing the commw.sis file as an attachment. The MIME type of the attachment is application/vnd.symbian.install.

The MMS messages have the following characteristics:

Subject: Norton AntiVirus
Message: Released now for mobile, install it!
Subject: 3DGame
Message: 3DGame from me. It is FREE !
Subject: 3DNow!
Message: 3DNow!(tm) mobile emulator for *GAMES*.
Subject: Audio driver
Message: Live3D driver with polyphonic virtual speakers!
Subject: CheckDisk
Message: *FREE* CheckDisk for SymbianOS released!MobiComm
Subject: Desktop manager
Message: Official Symbian desctop manager.
Subject: Display driver
Message: Real True Color mobile display driver!
Subject: Dr.Web
Message: New Dr.Web antivirus for Symbian OS. Try it!
Subject: Free ***!
Message: Free ***** software for you!
Subject: Happy Birthday!
Message: Happy Birthday! It is present for you!
Subject: Internet Accelerator
Message: Internet accelerator, SSL security update #7.
Subject: Internet Cracker
Message: It is *EASY* to *CRACK* provider accounts!
Subject: MS-DOS
Message: MS-DOS emulator for SymbvianOS. Nokia series 60 only. Try it!
Subject: MatrixRemover
Message: Matrix has you. Remove matrix!
Subject: Nokia ringtoner
Message: Nokia RingtoneManager for all models.
Subject: PocketPCemu
Message: PocketPC *REAL* emulator for Symbvian OS! Nokia only.
Subject: Porno images
Message: Porno images collection with nice viewer!
Subject: PowerSave Inspector
Message: Save you battery and *MONEY*!
Subject: Security update #12
Message: Significant security update. See www.symbian.com
Subject: Symbian security update
Message: See security news at www.symbian.com
Subject: SymbianOS update
Message: OS service pack #1 from Symbian inc.
Subject: Virtual ***
Message: Virtual *** mobile engine from Russian hackers!
Subject: WWW Cracker
Message: Helps to *CRACK* WWW sites like hotmail.com

If it is the first hour of the 14th of any month, the threat resets the device.

**BhUr9z** · 05-13-2005, 04:17 PM

tinuod ni screwface ha...

unsa man best way to heal this worm...?

**ScReWfAcE** · 05-13-2005, 04:24 PM

heal? palit ka betadine hehehe

To remove SymbOS.Commwarrior.A:

Install a file manager program on the phone.
Enable the option to view the files in the system directory.
Search the drives, A through Y, for the \system\apps\commwarrior directory.
Delete the files commwarrior.exe and commrec.mdl.
Go to the \system\updates\commwarrior directory.
Delete the files commwarrior.exe, commrec.mdl, and commw.sis.
Go to the \system\recogs directory.
Delete the file commrec.mdl.

**BhUr9z** · 05-14-2005, 10:30 AM

hehehe...

**jungie** · 06-28-2005, 07:59 PM

naka dawat ko ani thru txt wa man epek hehehe

**AMD_infinium05** · 06-29-2005, 05:16 PM

manually delete the involved files.

Thread: comm warrior VIRUS

Thread Tools