病毒名称:
SymbOS.Cardtrp.F
类别: 手机病毒
病毒资料:
SymbOS.Cardtrp.F 是一个手机病毒,该病毒长度 302,342 字节,感染 S60 智能手机系统,破坏手机很多程序运行,释放多种手机病毒,并且生成病毒W32.Ifbo.A, W32.HLLW.Cydog@mm, 和 W32.Wullik@mm,感染读取手机存储卡的计算机,病毒通常具有的文件名为 Antiviruspack.sis。当收到、打开此病毒时,主要有以下危害:
A 生成以下文件
.\Risk.exe, 病毒 W32.HLLW.Cydog@mm
.\fsb.exe 病毒 W32.Ifbo.A
.\Anti-VirusPack(Pack1).sis 病毒 SymbOS.Cabir
.\Anti-VirusPack(Pack1)0.sis 病毒 SymbOS.Cabir
.\PopUp0.txt
.\About0.txt
C:\autorun.inf
C:\etelsat.dll
C:\etelpckt.dll
C:\etelmm.dll
C:\ETel.dll
C:\system\Programs\cwoutcast.exe
C:\system\apps\Anti-Virus\FSAVDT.exe
C:\system\apps\Anti-Virus\Anti-Virus.rsc
C:\system\apps\Anti-Virus\Anti-Virus.app
C:\system\apps\Anti-Virus\FsAVUpdater.rsc
C:\system\apps\Anti-Virus\FsAVUpdater.app
C:\system\apps\Anti-Virus\FSAVEPOC.DAT
C:\system\apps\AntiVirus\flo.mdl
C:\system\apps\AntiVirus\Antivirus.rsc
C:\system\apps\AntiVirus\Antivirus.app
C:\system\apps\AppCtrl\AppCtrl.app
C:\system\apps\AppInst\Appinst.app
C:\system\apps\AppInst\Appinst.aif
C:\system\apps\AppMngr\AppMngr.app
C:\system\apps\AppMngr\AppMngr.aif 病毒 SymbOS.Skulls.C
C:\system\apps\autolock\Autolock.app
C:\system\apps\autolock\Autolock.aif 病毒 SymbOS.Skulls.C
C:\system\apps\bootdata\bootdata_CAPTION.rsC
C:\system\apps\bootdata\bootdata.app
C:\system\apps\CallManager\CallManager.App
C:\system\apps\caribe\flo.mdl
C:\system\apps\caribe\caribe.rsc
C:\system\apps\caribe\caribe.app 病毒 SymbOS.Cabir
C:\system\apps\CommWarrior\commwarrior.exe
C:\system\apps\CommWarrior\commrec.mdl
C:\system\apps\EVS\EVS.rsc
C:\system\apps\EVS\EVS.app
C:\system\apps\FileManager\FileManager.app
C:\system\apps\FileManager\FileManager.aif 病毒 SymbOS.Skulls.C
C:\system\apps\FSECUREANTIVIRUS\FSECUREANTIVIRUS.rsc
C:\system\apps\FSECUREANTIVIRUS\FSECUREANTIVIRUS.mdl
C:\system\apps\FSECUREANTIVIRUS\FSECUREANTIVIRUS.app 病毒 SymbOS.Cabir
C:\system\apps\Gavno\gavno_caption.Rsc
C:\system\apps\Gavno\gavno.Rsc
C:\system\apps\Gavno\gavno.App
C:\system\apps\Menu\Menu.app
C:\system\apps\Menu\Menu.aif 病毒 SymbOS.Skulls.C
C:\system\apps\MMCApp\MMCApp.app
C:\system\apps\MMCApp\mmcapp.aif 病毒 SymbOS.Skulls.C
C:\system\apps\MultiTrap\MultiTrap
C:\system\apps\MultiTrap\MultiTrap.app
C:\system\apps\MultiTrap\ezrecog.MDL
C:\system\apps\MultiTrap\MultiTrap.rsc
C:\system\apps\OIDI500\OIDI500.rsc
C:\system\apps\OIDI500\OIDI500.mdl
C:\system\apps\OIDI500\OIDI500.app 病毒 SymbOS.Cabir
C:\system\apps\OIDI500\OIDI500.aif
C:\system\apps\symcs\symcs.rsc
C:\system\apps\symcs\symcs.app
C:\system\apps\symcs\Security.rsc
C:\system\apps\symcs\Security.app
C:\system\apps\symlu\symlu.rsc
C:\system\apps\symlu\symlu.exe
C:\system\apps\velasco\velasco.rsc
C:\system\apps\velasco\velasco.app
C:\system\apps\velasco\marcos.mdl
C:\system\bif\FSBioMessage.bif
C:\system\bif\AVBioIcons.mbm
C:\system\bootdata\LocaleData.D01
C:\system\bootdata\HALData.dat
C:\system\bootdata\FirstBoot.dat
C:\system\bootdata\CommonData.D00
C:\system\bootdata\SIMLanguage.dat
C:\system\CARIBESECURITYMANAGER\caribe.app 病毒 SymbOS.Cabir
C:\System\MALAYSIAJOHOR--jb\yuanV3-diy-by-7022207\free$8.RSC
C:\System\MALAYSIAJOHOR--jb\yuanV3-diy-by-7022207\free$8.APP 病毒 SymbOS.Cabir
C:\system\RECOGS\YYSBootRec.mdl
C:\system\RECOGS\mod.MDL
C:\system\RECOGS\FSRec.mdl
C:\system\RECOGS\flo.mdl
C:\system\RECOGS\$$$.MDL
C:\System\SKULLSXSECUREDATA\SKULLSXSECUREDATA\SKULLSSECURITYMANAGER\system
\apps\skulls\skulls.rsc
C:\System\SKULLSXSECUREDATA\SKULLSXSECUREDATA\SKULLSSECURITYMANAGER\system
\apps\skulls\skulls.app 病毒 SymbOS.Cabir
C:\System\SKULLSXSECUREDATA\SKULLSXSECUREDATA\SKULLSSECURITYMANAGER\system
\apps\skulls\mod.mdl
C:\System\SKULLSXSECUREDATA\SKULLSXSECUREDATA\SKULLSSECURITYMANAGER\skulls.RSC
C:\System\SKULLSXSECUREDATA\SKULLSXSECUREDATA\SKULLSSECURITYMANAGER\skulls.APP 病毒 SymbOS.Cabir
C:\nokia\images\nokias\malaysia\johor\pj\pj\pj\jb\jb\jb\imos\yuan\yuan\yuanyuan
\blue\a-team\terence\ownpda\fuyuan.gif
Z:\System\Apps\AppInst\Appinst.app
Z:\System\Apps\AppInst\Appinst.aif
Z:\System\Apps\Phone\Menu.app
Z:\System\Apps\Phone\Menu.aif 病毒 SymbOS.Skulls.C
Z:\System\Apps\Phone\Phone.app
Z:\System\Apps\Phone\Phone.aif 病毒 SymbOS.Skulls.C
Z:\System\Apps\Phone\FREAKPHONE_CAPTION.RSC
Z:\System\Apps\Phone\FREAKPHONE.RSC
Z:\System\Apps\Phone\FREAKPHONE.APP
Z:\System\Apps\Phone\FreakPhone.aif
Z:\System\bin\pbe.dll
Z:\system\install\languages.txt
Z:\system\install\operinfo.txt
Z:\System\Programs\Starter.exe
Z:\System\Programs\midp2.exe
Z:\System\Programs\dnd.exe
Z:\System\Programs\AppRun.exe
B 生成以下文件到手机存储卡
E:\autorun.inf
E:\system.exe 病毒 W32.Wullik@mm
E:\system\APPS.exe 病毒 W32.Ifbo.A
E:\system\apps\ProfiEXPlorer\ProfiExplorer.app
E:\system\apps\ProfiExplorer\ProfiExplorer.aif 病毒 SymbOS.Skulls.C
E:\system\CARIBESECURITYMANAGER\caribe.rsc
E:\system\apps\SmartFileMan\SmartFileMan_CAPTION.rsC
E:\system\apps\SmartFileMan\SmartFileMan.rsc
E:\system\apps\SmartFileMan\SmartFileMan.app
E:\system\apps\SmartFileMan\SmartFileMan.aif
E:\system\apps\SmartFileMan\flo.mdl
E:\system\apps\Launcher\Launcher.app
E:\system\apps\FExplorer\flo.mdl
E:\system\apps\FExplorer\FExplorer_CAPTION.rsC
E:\system\apps\FExplorer\FExplorer.rsc
E:\system\apps\FExplorer\FExplorer.app
E:\system\apps\FExplorer\FExplorer.aif
E:\system\apps\SystemExplorer\SystemExplorer_CAPTION.rsC
E:\system\apps\SystemExplorer\SystemExplorer.rsc
E:\system\apps\SystemExplorer\SystemExplorer.app
E:\system\apps\SystemExplorer\SystemExplorer.aif
C 当手机存储卡连接到计算机时, autorun.inf 文件试图执行 Risk.exe 和 fsb.exe, (Risk.exe是病毒 W32.HLLW.Cydog@mm , fsb.exe 是病毒 W32.Ifbo.A)
病毒的清除法:
使用光华反病毒软件,彻底删除。
病毒演示:
病毒FAQ:
Windows下的PE病毒。
发现日期:
2005-11-21