McAfee > Theat Center > Virus Detail Page

Overview

This is a trojan detection. Unlike viruses, trojans do not self-replicate. They are spread manually, often under the premise that they are beneficial or wanted. The most common installation methods involve system or security exploitation, and unsuspecting users manually executing unknown programs. Distribution channels include email, malicious or hacked web pages, Internet Relay Chat (IRC), peer-to-peer networks, etc.

Characteristics

Symbian/MultiDropper.H is an enhanced version of SymbOS/MultiDropper.G .  It has been augmented with an additional Win32 malware that is installed to external media and includes SymbOS/Doomboot.A as well.

Additionally, the malware drops Win32/Exploit-DcomRpc.gen   This additional payload has been renamed to APPS.exe   This renaming is intentional.  Most Windows distributions by default will hide the extension of a file, so it may masquerade as the Apps folder in order to trick a user into opening it (and, thus, activate the malware).  The same tactic is used by both SymbOS/MultiDropper.G and SymbOS/MultiDropper.H by naming one of the Win32 malware system.exe .

Another addition is the inclusion of SymbOS/Doomboot.A , which can potentially prevent the device from booting.

Cf. SymbOS/MultiDropper.G  

Cf. SymbOS/Doomboot.A

Symptoms

The changes between SymbOS/MultiDropper.G and SymbOS/MultiDropper.H are slight.  The only changes are:  the addition of another Win32 payload; the change to the text displayed during install “CamcorderPro v3.00 final release cracked by B_S ”; and the inclusion of SymbOS/Doomboot.A .

Otherwise the effect upon the handset is identical to that of  SymbOS/MultiDropper.G .

SymbOS/MultiDropper.H has been found in the file, CamcorderPro v3.00 final.Sis .

Method of Infection

This Trojan requies the user to install it.  Win32 payload requires being manually run from a Windows PC.

Removal

-

Variants

Variants

N/A

All Information

Overview -

This is a trojan detection. Unlike viruses, trojans do not self-replicate. They are spread manually, often under the premise that they are beneficial or wanted. The most common installation methods involve system or security exploitation, and unsuspecting users manually executing unknown programs. Distribution channels include email, malicious or hacked web pages, Internet Relay Chat (IRC), peer-to-peer networks, etc.

Characteristics

Characteristics -

Symbian/MultiDropper.H is an enhanced version of SymbOS/MultiDropper.G .  It has been augmented with an additional Win32 malware that is installed to external media and includes SymbOS/Doomboot.A as well.

Additionally, the malware drops Win32/Exploit-DcomRpc.gen   This additional payload has been renamed to APPS.exe   This renaming is intentional.  Most Windows distributions by default will hide the extension of a file, so it may masquerade as the Apps folder in order to trick a user into opening it (and, thus, activate the malware).  The same tactic is used by both SymbOS/MultiDropper.G and SymbOS/MultiDropper.H by naming one of the Win32 malware system.exe .

Another addition is the inclusion of SymbOS/Doomboot.A , which can potentially prevent the device from booting.

Cf. SymbOS/MultiDropper.G  

Cf. SymbOS/Doomboot.A

Symptoms

Symptoms -

The changes between SymbOS/MultiDropper.G and SymbOS/MultiDropper.H are slight.  The only changes are:  the addition of another Win32 payload; the change to the text displayed during install “CamcorderPro v3.00 final release cracked by B_S ”; and the inclusion of SymbOS/Doomboot.A .

Otherwise the effect upon the handset is identical to that of  SymbOS/MultiDropper.G .

SymbOS/MultiDropper.H has been found in the file, CamcorderPro v3.00 final.Sis .

Method of Infection

Method of Infection -

This Trojan requies the user to install it.  Win32 payload requires being manually run from a Windows PC.

Removal -

Removal -

-

Variants

Variants -

N/A