Saturday, February 14, 2009

The Folder.exe virus - only known attacker on the s60 v3


This is a question put forward at one of the Orkut Communities regarding the folder.exe virus:
Heard that there is none of the virus affect still in N95.

But I think my N95 is infected by the Virus.

I had File Explorer installed in my cell. I had checked that all my folders attributes in the E: turned to Read, Hidden & system and also .exe file at each place were created, same as the folder name.

This happened after I connected my cell though a Virus infected system and transferred some data.

Should I install an antivirus or format my cell?


Actually, the name "new folder.exe" is not the real name of the virus - it's a Brontok virus. And it doesn't really affect the Symbian S60 v3 operating system, it only affects windoes systems. So the effect of the virus is most probably done while you were browsing the contents of your phone through your PC. This is my assumption ofcourse!

The Brontok worm is a computer worm that affects computers running Microsoft Windows. It spreads by sending itself to email addresses harvested from the affected computer. Variants of the Brontok worm include:
Brontok.A
Brontok.B
Brontok.C
Brontok.D
Brontok.F
Brontok.G
Brontok.H
Brontok.I
Brontok.K
Brontok.Q

In order to remove this virus you will have to format your phone memory, but there is still a chance of saving your microSD. But if you had inserted the microSD into your computer's card reader then it might have been affected as well! In that case follow these steps:

  1. Boot my computer with the XP LifeCD (I use XP - OS). The XP LifeCD made by Bart PEBuilder (http://www.nu2.nu/pebuilder). or can use Knoppix LifeCD.
  2. With the LifeCD, all of the hidden files can be shown. So I can rename the MSVBVM60.dll (it's a hidden file) with the new one name (example : MSVBVM60-old.dll). If this file missing/ unavailabled, the virus can't active.
  3. Boot the computer by the HDD and turned off the System Restore.
  4. Delete all the task in Schedule Task.
  5. Remove all the entries in the Registry. (to unlock the registry, install the UnHookExec (right click this file and choose install), it can be downloaded in www.symantec.com
  6. This virus entries names like : "kesenjangansosial","rakyatkelaparan","b..." just find these items in the registry. Examples : HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Wi... HKEY_USERS\SOFTWARE\Microsoft\Windows\...
  7. Install the Antivirus with the newest Definition Files.
  8. Scan it.
  9. Done.

Or you could try this, it's known to work:
Download here: http://technize.com/2008/01/22/smart-anti-virus/

Read more about anti-virus apps for the s60 v3 here.
Shared by Mr. Anand at Saturday, February 14, 2009
Tags: , , ,

Facebook Comments

0 comments:

Post a Comment

Subscribe to: Post Comments (Atom)

The Pundit Report

Loading...

Search Me