to unintalled the virus, just remove/delete the following files..

Discovered: February 6, 2008

Updated: February 13, 2008 10:07:33 AM

Type: Trojan

Infection Length: 23,643 bytes

Systems Affected: Symbian OS

The Trojan is a pirated version of the anti-theft software Guardian v0.95 which contains a bad configuration file.

When the Trojan executes, it creates the following files:

  • C:\system\recogs\1020DC95.mdl
  • C:\system\apps\Guardian\Guardian.exe
  • C:\System\apps\Guardian\Plugins\Fakesms.dll
  • C:\system\apps\Guardian\Guardian.aif
  • C:\system\apps\Guardian\Guardian_caption.r05
  • C:\system\apps\Guardian\Guardian_caption.r04
  • C:\system\apps\Guardian\Guardian_caption.r03
  • C:\system\apps\Guardian\Guardian_caption.r02
  • C:\system\apps\Guardian\Guardian_caption.r01
  • C:\system\apps\Guardian\Guardian.r05
  • C:\system\apps\Guardian\Guardian.r04
  • C:\system\apps\Guardian\Guardian.r03
  • C:\system\apps\Guardian\Guardian.r02
  • C:\system\apps\Guardian\Guardian.r01
  • C:\system\apps\Guardian\Guardian.app
  • C:\system\apps\Guardian\Guardian.dat

It also creates the following files on the compromised devices memory card:

  • E:\system\recogs\1020DC95.mdl
  • E:\system\apps\Guardian\Guardian.exe
  • E:\System\apps\Guardian\Plugins\Fakesms.dll
  • E:\system\apps\Guardian\Guardian.aif
  • E:\system\apps\Guardian\Guardian_caption.r05
  • E:\system\apps\Guardian\Guardian_caption.r04
  • E:\system\apps\Guardian\Guardian_caption.r03
  • E:\system\apps\Guardian\Guardian_caption.r02
  • E:\system\apps\Guardian\Guardian_caption.r01
  • E:\system\apps\Guardian\Guardian.r05
  • E:\system\apps\Guardian\Guardian.r04
  • E:\system\apps\Guardian\Guardian.r03
  • E:\system\apps\Guardian\Guardian.r02
  • E:\system\apps\Guardian\Guardian.r01
  • E:\system\apps\Guardian\Guardian.app

It sends SMS messages to a predefined number from the compromised device which is reported as the following:
+3396003964

Location of Hatihati.A malware icon in the mobile set:

You can perform a simple test to verify that you are infected with the Hatihati.A Malware:

Step 1: Turn-off your mobile phone and remove the attached SIM card.
Step 2: Turn-on your mobile phone without the SIM card.
Step 3: Go to your applications folder and you should see a Hatihati.A application icon named “Guardian” (as seen below).

Advertisements