Bluetooth Virus!

Thursday 24th August, 2006
We had some important overseas visitors arrive this morning and just as they walked past my desk he unknowingly sent me a bluetooth message. A Symbian Series 60 based Nokia 6600 phone had been infected with the lovely Commwarrior virus.

After I'd located who's phone it was I offered to clean it up for them. Simple thought Ben, just download the free trial of F-secure and disinfect. Things are never that simple though.

It seems his phone wouldn't connect on GPRS, I tried many ways without success. This meant I couldn't download the AV code. I thought perhaps it was a roaming issue, the SIM being German issued, so I put in my own SIM card. Still no success. I reconfigured the GPRS access points for Vodafone UK...nothing. It just wouldn't connect. I spoke to my buddy Andi and he told me that there was a bad 6600 firmware release that caused GPRS connectivity issues...great!

So, I picked up my Nokia S80 based 9300 and downloaded the code required to that. Simple, I thought, I'll just send the files over by bluetooth. No such luck...the virus not only blocked the bluetooth functionality, it also stop me disabling connectivity...so it was still trying to spread the virus to other phones in the area.

Thankfully infra-red worked and I got the F-secure AV installed, but then another hurdle. F-secure needs to be activated...over a live GPRS connection. I hadn't got one and, without it, the AV wasn't playing ball. My buddy found Bullguard AV, but again this needed activating...no good.

So then we found the manual removal instructions, not as simple but effective. All you have to do is show the hidden system files in File Manager. Not so simple, you can't do that on the series 60 phones!

More google hunting for a 3rd party file manager and I found a free trial of Best FileMan. After installation (via my 9300 and infrared), I was finally in a position to clean up the virus. It's all gone now and ready to go back to the user.

Unfortunately, I can't leave him with some AV installed as none of it can be activated without an live connection...useless.

Comments/Trackbacks [0]