PDA

View Full Version : How To Fix CommWarrior Mobile Virus



craigmiya
12-04-2007, 08:44 PM
I hope this Article can help some of you......

CommWarrior is the first known mobile malware that spreads via both Bluetooth and Multimedia Messaging Service (MMS). It can also be downloaded from malicious web sites as an archive file named COMMWARRIOR.ZIP.

It affects phones running the Symbian S60 platform. Some phones affected by commWarrior include the following:

Nokia 3650, 3600, 3660, 3620
Nokia 6600, 6620
Nokia 7610, 7650
Nokia N-Gage
Panasonic X700
Sendo X
Siemens SX1


Bluetooth Propagation

Once running in a device, CommWarrior searches for other phones with Bluetooth. Once a target phone is found, it sends a randomly named SIS file to the target.

The SIS file enters the target phone’s Inbox attached to a message. When the message is opened, it activates the SIS file and installs the following:

$:\system\apps\CommWarrior\commwarrior.exe
$:\system\apps\CommWarrior\commrec.mdl

“$” representive of drive chosen by the user during installation (drive C for the phone’s default root…or drive E for the phone’s Multimedia Card).

Commwarrior.exe is executed immediately after installation. It copies the dropped components into the following paths:

C:\system\updates\commwarrior.exe
C:\system\updates\commrec.mdl
C:\system\recogs\commrec.mdl

It also drops a copy of the SIS installation package:

C:\system\updates\commw.sis

Commrec.mdl executes CommWarrior every time the phone is rebooted.

MMS Propagation

CommWarrior attempts to create and send out an MMS message with a copy of its SIS installer as attachment.

MMS messages spread by this malware may have the following Subjects and Messages:

Norton AntiVirus
Released now for mobile, install it!

3DGame
3DGame from me. It is FREE !

3DNow!
3DNow!(tm) mobile emulator for *GAMES*.

Audio driver
Live3D driver with polyphonic virtual speakers!

CheckDisk
*FREE* CheckDisk for SymbianOS released!MobiComm

Desktop manager
Official Symbian desctop manager.

Display driver
Real True Color mobile display driver!

Dr.Web
New Dr.Web antivirus for Symbian OS. Try it!

Free SEX!
Free *SEX* software for you!

Happy Birthday!
Happy Birthday! It is present for you!

Internet Accelerator
Internet accelerator, SSL security update #7.

Internet Cracker
It is *EASY* to *CRACK* provider accounts!

MS-DOS
MS-DOS emulator for SymbvianOS. Nokia series 60 only. Try it!

MatrixRemover
Matrix has you. Remove matrix!

Nokia ringtoner
Nokia RingtoneManager for all models.

PocketPCemu
PocketPC *REAL* emulator for Symbvian OS! Nokia only.

Porno images
Porno images collection with nice viewer!

PowerSave Inspector
Save you battery and *MONEY*!

Security update #12
Significant security update. See www.symbian.com

Symbian security update
See security news at www.symbian.com

SymbianOS update
OS service pack #1 from Symbian inc.

Virtual SEX
Virtual SEX mobile engine from Russian hackers!

WWW Cracker
Helps to *CRACK* WWW sites like hotmail.com

Other Details

It contains the following strings in its codes:

CommWarrior v1.0 (c) 2005 by e10d0r
CommWarrior is freeware product. You may freely distribute it in it's original unmodified form.

OTMOP03KAM HET!


Manual Virus Removal

To kill the running CommWarrior process:

1. Download a third party Application Manager or used the Application Manager that comes with the phone.
2. Locate the CommWarrior process in the list of running applications.
3. Choose and cancel or terminate the process.

To remove the dropped components:

1. Download a third party File Explorer.
2. Locate and delete the following files:

C:\system\updates\commwarrior.exe
C:\system\updates\commrec.mdl
C:\system\recogs\commrec.mdl
C:\system\updates\commw.sis
!:\system\apps\CommWarrior\commwarrior.exe
!:\system\apps\CommWarrior\commrec.mdl

where “$” stand for a drive chosen by the user during installation (drive C for the phone’s default root…or drive E for the phone’s Multimedia Card).

blissful
09-01-2008, 08:45 PM
best way to be safe is to switch off BT while not in use. and don't open MMS from unknowns. Precaution better than cure.