SymbOS.Hatihati.A is a Trojan horse that runs on the Symbian OS. The Trojan is a pirated version of the anti-theft software Guardian v0.95 which contains a bad configuration file. This virus resides at Mobile Memory and tries to send SMS automatically to the predefined numbers like +3396003964. HatiHati.A is a worm-like application that spreads via MMC cards. Once the worm copies itself to a new device, it starts sending a very high volume of SMS messages to a predefined number. The predefined number is inherent with the Hatihati.A malware and will not be picked from the contact list.
Below mentioned are the destination numbers detected so far that affected mobile is trying to send SMS automatically (due to virus infection).
• 3355713230
• 3203848325
• 3474935252
• 3207012810
• 3932590983
• 3396003964
* MMS sending is not affected by this virus because MMS is sent via GPRS.
* There is no known application that can detect this virus in any brand of mobile set.
Common symptoms of Hatihati.A malware infection:
* A Hatihati.A malware icon in the applications folder of the phone when the phone is rebooted without the SIM card.
* Unrecognized texted numbers on your cellphone logs.
* Difficulty in sending SMS due to the continuous sending of the said malware.
* Abnormally fast depletion of battery charge/power.
Location of Hatihati.A malware icon in the mobile set:
You can perform a simple test to verify that you are infected with the Hatihati.A Malware:
Step 1: Turn-off your mobile phone and remove the attached SIM card.
Step 2: Turn-on your mobile phone without the SIM card.
Step 3: Go to your applications folder and you should see a Hatihati.A application icon named “Guardian" (as seen below).
Note: Image above is sourced from an infected Nokia N70 phone.
If after you have performed step mentioned above and have not seen the icon as specified, please contact your nearest Wireless Center for assistance.
Ways of spreading virus:
The Hatihati.A malware spread by the following ways:
* By inserting with an infected MMC or Memory Card and vice-versa. Sharing of MMC or Memory Card in phones can spread the Hatihati.A malware.
* By downloading free mobile applications via untrusted WAP sites.
Note that this malware does not spread via sharing or transfer of SIM from one mobile phone to another, nor via Bluetooth or Infrared.
Mobile units that are prone to Hatihati.A malware:
So far, high-end mobile phones with Symbian Operating System (OS) are found to be prone to infection from Hatihati.A malware. Different brands, units, and models can be infected regardless of its mobile service provider. Common infected phones include:
. N70
. N73
. N80
. Nokia 6680
You can check if your phone is vulnerable to the malware from below link:
http://www.s60.com/life/s60phones/browseDevices.do
Removal processes of the Hatihati.A Malware:
These are the recommended ways to remove the Hatihati.A malware:
1. Download F-secure software antivirus for Nokia and Non Nokia handsets and delete the "Guardian" Folder.
2. Soft or hard formatting.
i. Create backup the address book, calendar and settings using "Nokia PC Suite"
ii. Format the MMC card from the computer using card reader
3. Use Deep Reset using code (*#7370# or *#7780")
Normal Reset (*#7780#) : Restores ini files from rom but preserves user data (photos, 3rd party apps etc)
Deep Reset (*#7370#) : This reformats completely the C: drive. All applications and files stored in this drive will be lost and clean default files will be rewritten.
4. Use 12345 as lock code ( for Nokia handsets ) when asked and press OK
5. Now Mobile will be restarted and will beback to its previous settings
* For detailed information regarding soft and hard formatting, please refer to the last section ( Step by step information on how to remove Hati Hati virus).
Safety & Security Tips for Prevention of the Hatihati.A Malware:
Here are some recommended preventive measures:
1. Refrain from phone sharing or swapping. Do not let others use your phone without your discretion.
2. Refrain from memory card sharing or swapping. Do not let others use your memory card without your discretion.
3. Avoid downloading free mobile applications from suspicious WAP sites or from Internet.
4. Do not install a pirated version of the anti-theft software Guardian v 0.95
Name :
Worm:SymbOS/HatiHati.A
Alias:
HatiHati.A
Type:
Worm
Category:
Malware
Platform:
SymbOS
To Remove the virus boot.vbs wproxp.exe isetup.exe imapd.exe ActMon.ini dxdlg.exe .dll imapdd.dll imapdc.dll imapdb.exe imapd.exe imapdb.dll imapdb.exe1.
- Turn off Restore point
- Download This file (Click here)(size:252Bytes)
- Extract it and double click isetup.bat file.
- run regedit(hklm\software\microsoft\windows NT\Currentuser\Winlogon)a. userinit=>%systemroot%\system32\userinit.exeb. Shell=>explorer.exe
- Remove temp file from the drive
- Restart
And If Isetup.exe is in Pendrive then First Trunoff autoplay
STEPs to trun off autoplay:
- Start>Run
- Type gpedit.msc
- Click on Administrative templates>system>Trun oFF Autoplay
- Check Enabled> All drives
- Ok
- Plug Ur Pendrive
- Format your Pendrive
Filed under
PC
0
comments
Namaste,
For websms to Mero mobile
- Log on to http://www.spicenepal.com/
- In right corner of Meromobile’s website u see web portal, Enter ur No. choose ICS and enter Password.(for password dail 9006 from Mobile) and login
- click on Third Box
- click on sending sms & send
For Websms to Namaste mobile
- Log on to http://www.ntc.net.np/
- Click on websms on left side of NTC’s website
- Enter ur no. & password
- Send Sms
U can also send sms to Nepal in Mero mobile or Namaste mobile or Ntc u can Log on to http://www.hamrosms.com/ & http://www.wadja.com/
Filed under
Mobile
0
comments
