Trojan.SymbOS.Appdisabler.a
Po uruchomieniu trojan zapisuje nast臋puj膮ce pliki w infekowanym telefonie:
- aghu.txt (275 bajt贸w)
- Images aghu.txt (275 bajt贸w)
- Images aghu crack.jpg (12 554 bajt贸w)
- systemapps A-RAGHU.txt (201 bajt贸w)
- systemappsRAGHU aghu.app (6 864 bajt贸w)
- systemappsRAGHUMenu aghumenu.app (5 332 bajt贸w)
- systemappsRAGHUMenu aghumenu.rsc (60 bajt贸w)
- systemappsRAGHUMenuRAGHUMenu_caption.rsc (28 bajt贸w)
Nast臋pnie trojan nadpisuje zawarto艣膰 poni偶szych katalog贸w. Je偶eli dany katalog nie istnieje, trojan tworzy go:
systemappsAD7650 systemappsAnswRec systemappsBlackList systemappsBlueJackX systemappscallcheater systemappsCallManager systemappsCamcoder systemappscamerafx systemappsETICamcorder systemappsETIMovieAlbum systemappsETIPlayer systemappsextendedrecorder systemappsFaceWarp systemappsFExplorer systemappsFSCaller systemappsHair systemappsHantroCP systemappsirremote systemappsJelly systemappsKPCaMain systemappsLauncher systemappslogoMan systemappsMIDIED systemappsmmp systemappsMp3Go systemappsMp3Player systemappsphotoacute systemappsPhotoEditor systemappsPhotographer systemappsPhotoSafe systemappsPhotoSMS systemappsPVPlayer systemappsRallyProContest systemapps ealplayer systemappsRingMaster systemappsSmartAnswer systemappsSmartMovie systemappsSmsMachine systemappsSounder systemappssSaver systemappsSystemExplorer systemappsUltraMP3 systemappsUVSMStyle systemappsWILDSKIN
W ka偶dym z wymienionych katalog贸w tworzony jest plik o nazwie tego katalogu z dodanym rozszerzeniem .app. Rozmiar tych plik贸w to 6 bajt贸w i nie mog膮 one by膰 uruchamiane. W rezultacie, wszystkie pliki nadpisane przez trojana przestan膮 funkcjonowa膰, co uniemo偶liwi poprawne dzia艂anie zainfekowanego telefonu.
W pliku raghu.txt zapisany jest nast臋puj膮cy tekst:
----R A G H U---- VIRUS BORN IN SURAT(GUJRAT/INDIA/ASIA). THE NAME OF THIS VIRUS IS RAGHU.... U KNOW WHY....???????? BECAUSE I LIKE VASTAV MOVIE AND SANJU BABA. U LIKE THIS VIRUS? SO MANY SOFTWARE CRACKS AND VIRUS AVAILABLE SOON.... RAGHU NAM HE RAGHU...
W pliku 0A-raghu.txt zapisany jest nast臋puj膮cy tekst:
MY NAME IS -----R A G H U----- FROM SURAT/GUJARAT/INDIA/ASIA/WORLD/HEVEN/ U LIKE THIS VIRUS? HA.......HAHA............HAHAHA WARNING-NEVER INSTALL RAGHU.SIS ITS HARMFULL FOR YOUR MOBILE