Saipan S60 Smartphone malicious plugin list collection announced
Malicious plugin name:
01. the "auto-surfing" lead sdrsdat.dat. File location: C:\system\date\sdrsdat.dat;
02. "soundman.exe videoman.exe" lead to automatic and the Internet. File location: c:\system\programs;
03. the "auto-surfing" lead s60sys.exe. File location: c:\system\programs\s60sys.exe;
04. "mssver.exe" lead to not receive 10086 SMS is also can lead to automatically send text messages. File location: x:\system\apps\aknrep1;
05. the "auto-surfing" lead servtimer.dat and not receive 10086 SMS. File location: C/system/data/servtimer.dat;
06. "nokiaSystem.exe" lead to automatically send SMS. file location:/system/progams; system.exe
07. "sysabout.exe" lead to automatically send SMS. file location: system\programs\sysabout.exe;
08. "aknins.exe" cause malicious billing, Internet plug-ins automatically release.-file location: system\programs\aknins;
09. "dtsmsserver.exe" mobile head attached file, causes the automatic online, some friends reflect results automatically send text messages. File location: system\programs\dtsmsserver.exe;
10. "** * .exe" specific also unknown, usually bundled with a.exe. File location: x:\system\t\ ** * .exe;
11. "usbwatcher.exe" specific unknown. file location: x:\system\programs\usbwatcher.exe, x:\system\recogs\usbwatcher;
12. "datBTObex.tmp" mobile phone virus files, the virus name symbos.cabir.b! file location: c:/temp/BTObex.tmp system;
14. the "auto-surfing" lead siswapph. File location: x: \system/programs/wapph.exe; x: \system/programs/wapph.dat; x: \system/recogs/wapphs.mdl;
15. "MediaPlay.exe SrvMail.exe" lead automatically and send text messages, APPMAN use is not working properly. File location: x:system\apps\MediaPlay\MediaPlay.exe x:system\recogs\AppUpdate.mdl x:\system\Mail\SrvMail.exe;;;;; x:system\data\favorite.dat x:system\recogs\MediaPlay.mdl; x:system\apps\MediaPlay\encode.dat x:system\apps\Sender\Sender.dat.
16. after the "logo.exe" run, resulting in the release plugin smserv automatically send text messages and the saved information is lost. File location: c:\system\data\starter.exe c:\system\data\smserv.rsc c:\system\data\smserv.app;;;;; c:\system\reptm.txt c:\system\data\updater.app; c:\system\logs.txt c:\system\data\updater.rsc; c:\system\data\Tid.txt.
17. "Orc.sis" lead to automatically send text messages. File location: c:\system\recogs\MDL1.MDL c:\system\Data\MSGOBSVC.EXE c:\system\Data\Etel3rdParty.dll;;; c:\system\Data\SYSOBSVC.EXE.
18. with regard to the analysis of your thumb fairy and workaround:
File build path: 1 > System\apps\SmsShortcut_2nd\ this folder are 4 files: SmsShortcut_2nd.rsc SmsShortcut_2nd.app SmsShortcut_2nd.aif;;; SmsShortcut_2nd_caption.rsc;
P > 2 > 3 > c:\system\recogs\smsauto.mdl c:\system\programs\SmsAdvert.exe;; their app program contains information center number itself has features that will send information to an unknown content sent 10665786930010000 SMS. Automatically run after the page opens, www.diqiqu.com. This app is very likely the generated files are: c:\system\data\smsshortcut.dat.19. "SmsAdvert.exe" this program has a networking function, and has the function of sending information. File location: c:\system\recogs\smsauto.mdl c:\Nokia\Others\SmsAdvert.log c:\system\data\Ndtp.dat;;;
20. "fexandem" lead to automatically send A short message to 99112546040. File location: x:\system\apps\zlexander\fexandem.aif, x:\system\apps\zlexander\fexandem.rsc, x:\system\apps\zlexander\fexandem.app.
21. "a.exe" activated plugins can cause auto-surf the Internet. Unzip the file after obtained as follows: x:\system\sw_auto.exe, c:\pwdictaphoned.aex, x:\system\t\c.dat, x:\system\t\l.dat, x:\system\t\p.dat.
When you run the Setup file:!: \ system\programs\a.exe,!:\ System\t\ ** * .exe, release LIVESTARTUP.MDL file to \system\recogs\, release LIVEUPDATESERVER.EXE file to \system\programs\. Program LIVEUPDAT/ESERVER.EXE will restart automatically after the mobile phone.
Symptoms: start slow, cell phone, because running a program; 2 that comes with the browser add "every day Web site navigation," "every software download" two bookmarks; 3, UCWEB browser "software download" and "every day, every day Web site navigation," two bookmarks; 4, in the directory where the file is released LIVEUPDATESERVER.EXE lvs.ini, will automatically connect to GPRS.
Delete method: remove \system\recogs\LIVESTARTUP.MDL, \system\programs\LIVEUP.DAT\system\programs\ESERVER.EXE, \system\programs\lvs.ini.
22. "Your.sis" automatic release messagedemo, lead to automatically send text messages and receive 10086 SMS, bundled with the theme. File location: c:\system\apps\your\your.aif, c:\system\apps\your\your.rsc, c:\system\apps\your\your_caption.rsc, c:\system\apps\your\your.app, c:\messagedemo\messagedemo.app, c:\messagedemo\messagedemo.aif, c:\messagedemo\messagedemo.rsc, c:\messagedemo\messagedemo._caption.rsc, c:\messagedemo\sendnum.dat, c:\messagedemo\revnum.dat, c:\messagedemo\senddata.dat.
23.s60v2APP.app, bundled themes, themeorder following the entire file has a problem, the red box is after you install the plug-ins to install theme data.
No comments:
Post a Comment