Fandom

Malware Wiki

Doomboot

1,321pages on
this wiki
Add New Page
Comments0 Share

Doomboot or Doomboot.A is a SymbOS trojan that installs corrupted binaries to prevent the device from booting, similar to Fontal.

PayloadEdit

Doomboot installs by Bluetooth, and undergoes the name as "Doom_2_wad_cracked_by_DFT_S60_v1.0.sis", trying to be a cracked version of Doom 2 for SymbOS. When this is installed, it installs corrupted binaries to the phone. This is hidden as the virus has also installed Commwarrior.B to the phone.

The binaries are listed as the following:

  • Etel.dll
  • etelmm.dll
  • etelpckt.dll
  • etelsat.dll

If the phone reboots, the corrupted binaries are loaded and the phone will fail to boot.

Commwarrior.B also tries to spread the infection more by spreading through Bluetooth. This causes the battery drain quicker and thus the phone will run quickly out of battery. This is problematic as the phone will not boot again should the phone's power run out.

VariantsEdit

Like Skulls, this virus is one of the well-known SymbOS malware, hence Doomboot has 26 different variants.

Doomboot.B (Variant 1)Edit

Instead of installing Commwarrior, it installs an application that causes the phone to reboot. This is also problematic as the phone will not boot again if this application is run. It undergoes as "Restart_20.sis".

Doomboot.B (Variant 2)Edit

It also drops Cabir, MGDropper, and Skulls.L also, and tries to corrupt applications on the phone.

Doomboot.C and Doomboot.Q (Variant 1)Edit

It drops Cabir variants (original, F, G, M), Skulls.D, and Doomboot.A.

Doomboot.D, Doomboot.E, Doomboot.M, Doomboot.N, Doomboot.UEdit

These variants either install the same files with different names, or installs additional non-malicious files, some that corrupts phone applications. These variants usually do not come with Commwarrior.

Doomboot.E is named "Jennifer Lopez Theme++ by Dj Hardcore.sis".

Doomboot.M undergoes as "exoVirusStop v 2.13.16.sis" and displays a message after installation:

For Updates visit www.exosyphenstudio.com. If there is a virus re-boot your phone 
after disinfection

Doomboot.N is named "exoVirusStop v 1.69.90", attempts to install Cydog to a removable device, and displays a message after installation:

For Updates visit [http://]www.exosyphenstudio.com/[REMOVED]. If there is a virus 
re-boot your phone after disinfection.

Doomboot.U is named "Symbian Anti-Virus.sis". After installation it displays the message:

Symbian Anti-Virus Version 1.10 Copyright©2006 Symbian Ltd. * Phone Protection *  
Note: Restart Your Phone After installation complete.

Doomboot.FEdit

Like Doomboot.E, it is named "Jennifer Lopez Theme++ by Dj Hardcore.sis". It also drops Skulls.D and Cabir.M and displays the following message after installation:

This Installation was created with KVT Symbian Installer. Get it free from:
[www].kvtsoft.vze.com/[Removed] by Kheng Vandha
------------------
 This Theme is a Special Edition, so the device need to be restarted!
 This theme is a new generationn of theme, Enjoy!
 Regards DFT!

Doomboot.GEdit

It is named "Cowgirl Babe++ by Dj 6600.sis" and when installed it drops multiple Commwarrior.A and Commwarrior.B, alongside Fontal.A and displays the message after installation:

This Installation was created with KVT Symbian Installer. Get it free from:
[www].kvtsoft.vze.com/[Removed] by Khang Vandha
------------------
 This Theme is so good that you have to restart the device ;)
 A very hot theme by, DFT!

Doomboot.K (also known as Doomboot.R)Edit

It undergoes as "F-secure Antivirus.sis".

Doomboot.PEdit

It displays a message before installation:

Do you know this will help to maintain battery power 
put AntiVirus on battery against battery drainer virus
Your Regards Ximplify

If installed, it tries to corrupt applications, drops Cabir, Cabir.B, Locknut.A, Skulls.C, changes the application icons to generic application icons, blanks out all the application names, and displays the following message:

App. closed
AppArcServerThread

Doomboot.Q (Variant 2)Edit

It is named as "Symbian_DFT v1.0", corrupts the Application Manager and displays a message after installation:

New Protection for Symbian Device created By Tomas DFT for Anti-files corrupt. 
-------------
 Please Press OK And Restart Your Phone.

Doomboot.SEdit

It is named "Security - Application.sis". If installed, it drops the following: Cardblock.A, Sendtool.A, Mos, Cabir, Mabir.A, Fontal.A, Blankfont.A, Pbstealer.A, Cabir.C, Commwarrior.A, and displays a message:

Security - Application For Series 60 Copyright © 2006 0ID500 Inc. All rights 
reserved *** 0ID500 TEAM ***

Doomboot.TEdit

Named as "Leslie Loves.sis", after installation it installs Comwarrior.I and displays the message:

File Uploading & Modified by [REMOVED].

Doomboot.VEdit

It is named as "restart 2.0.sis" and when installed it drops Skulls.A and displays the message:

enjoy! whith this software, you can restart your phone with press only a button.

Doomboot.WEdit

It is named as "Ximplify Battery Extender.sis". When installed, it drops Cabir, Cabir.B, MGDropper, Locknut, and displays the message:

Do you know this will help to maintain battery power
put AntiVirus on battery against battery drainer virus.


Your Regards [REMOVED]

Doomboot.XEdit

It undergoes as "simworks 1.2.2.sis" and drops Cabir, Cabir.B, Blankfont.A, Cdropper.H, Commwarrior.A, and Commwarrior.B.

Ad blocker interference detected!


Wikia is a free-to-use site that makes money from advertising. We have a modified experience for viewers using ad blockers

Wikia is not accessible if you’ve made further modifications. Remove the custom ad blocker rule(s) and the page will load as expected.