Google
 
Web www.howardforums.com
Pages: 1

official caribe.sis Q&A (Virus info)

(Click here to view the original thread with full colors/images)

Posted by: ollywompus

Ok, since I have seen two threads today regarding caribe.sis, i thought i would start a thread where anyone who has any info/experiences/etc. with caribe.sis can post your story and whatnot... this is a rather pointless virus, as it doesn't do much, but still it's no fun to have even a pointless virus on their phones... my intent with this thread is to try and catalog where people have gotten it from, what they have done to get rid of it, etc.

for example, i know that one user in the phillipines got it in the wild...

another user said that he got it from a download...

share your story, and lets see what we can learn.

PEACE!

-matt


Posted by: nemik

i have a 3650 i could use for testing. if seriously given the .sis file, i will look into a method for deleting it without having to format the phone.
although i don't use it currently, i think i'm familiar enough with the S60 OS to be able to do something like this.

btw, does this virus "work" on the UIQ version of symbian (p9X0, p800)? I can try it on my p900 to make sure.


Posted by: ollywompus

that's a good question about UIQ... i'm gonna say no off the top of my head, simply because even though it's still symbian, the file systems work differently...

as for testing, that would be great if you could test it, since it wouldn't be your primary phone you'd be losing out on... and if you could come up with a way to remove without havnig to reformat, you'd be a genius!

thanks man, keep the ideas coming, and i want to hear some experiences from people.

-matt


Posted by: nemik

if any of you locate a copy of the .sis file, PM me. i don't think we want it spreading more than it has already, assuming the phillipines guy's story is true.


Posted by: praz

Quote:
Originally posted by punkserb
if any of you locate a copy of the .sis file, PM me. i don't think we want it spreading more than it has already, assuming the phillipines guy's story is true.





i am starting to wonder why u want it so desperately


Posted by: Agent Guile

http://www.technewsworld.com/story/34542.html


Posted by: csiwireless

I thought u guyz might wanna check this out -

Caribe Virus Removal Instructions

My phone had got infected with this virus but with the help of these instructions and the Seleq FileExplorer i was able to delete all its files this virus was running in the background but i still cant get rid of the blank icon its displaying in my menu. Also when i goto Manager to see a list of apps, it still shows caribe and would not delete it but instead ends up closing my Manager program.

This icon really bothers me and im afraid it could infect my phone with this virus again or it still may be infected. Atleast now it does not show caribe loading up when i reset the phone.

Please Helpp !!! Thnx in advance ...


Posted by: nemik

has anyone gotten a 3650 infected on it? since that's all i'll be able to test on. but i think i could do this...just use the symbian sdk to see what resources it uses and where it might hide itself and i think this can be solved...


Posted by: csiwireless

Check this out -

Caribe Removal Tool

Tool to disinfect your phone. I'm going to try this myself on my Nokia 6600 which right now is infected. Ill keep you guys updated. Hope this works !!


Posted by: nemik

cool! let us know how it works!


Posted by: friedbrains

IMPORTANT NOTE:

Caribe.sis virus is propagated via BT, so the BEST CURE IS STILL PROTECTION, hence:

1) If your BT is ON, make sure that your phone visibility is set to "HIDDEN", that way nobody can Bluejack you.

2) The Best BT Security is, if your not using your BT, then TURN IT OFF

3) If for instance, that you did not do all of the above, and for some reason, somebody you dont know is sending you something via BT, simply REJECT it.


Posted by: UAE

this is the easiest way to remove it
Removal
Kaspersky Labs has developed a utility to remove Cabir.a from infected handsets.

The utility will detect and delete the worm from Nokia 3650 and 6600, and Siemens SX1 handsets. It is also designed to work on Nokia N-Gage and Sony Ericsson P900 handsets, but it has not been tested on these handsets.

The utility can be found on the WAP site wap.kaspersky.com. It can be downloaded either directly from the WAP site or via the Internet by following the link wap.kaspersky.com/downloads/decabir-1.0.sis

How to use the utility:
upload the installation file, decabir.sis, to the handset, and launch it.
choose the Decabir icon in the main menu
if the handset is not infected, the message 'Device is clean' will be displayed.
if the handset is infected, the message 'Cabir has been removed. Please reboot' will be displayed. You should now switch your handset off and on again.

http://wap.kaspersky.com/downloads/decabir-1.0.sis



website


Posted by: ollywompus

good find, thank you UAE... but does this solve the prolbem that was mentioned above about the Cabir icon still sitting there on your phone?

thanks for the info!
-matt


Posted by: UAE

yes it should solve that problem


Posted by: ollywompus

good!

just as an aside, i still would like to hear people's experiences of where they got the virus, etc... particularly those that downloaded it somewhere... if people are attaching this as malware to other programs, might as well know that to avoid it.

PEACE!

-matt


Posted by: nemik

if it does not, this may sound funny, but my advice would be to re-install the virus, then use that tool that was posted!

nevertheless, great find everyone, this should really be stickied. I'll report it to the mods for consideration.


Posted by: ollywompus

good call on the sticky, thanks punkserb

-matt


Posted by: UAE

mostly they get it via bluetooth and here's a simple way to avoid getting it

if someone send you a message via bluetooth



you can accept it, it wont install the virus



now if you hit show it will install the virus and you don't wanna do that !!! what you have to do it is hit the hang up button and your screen will look like this



now go to menu, choose messaging



go to inbox



after you open inbox the message that was sent via bluetooth will appear



this is a jpg file so it's safe to open it but if you get caribe.sis or any .sis file from someone you don't know



then delete it




Posted by: csiwireless

Ok .. i scanned my phone using the Cabir Removal Tool that I had posted earlier, and it said "Scan done, Cabir not found" but if i goto my Manager list .. it still shows Cabribe as a installed app on my Mem Card. And also its showing a blank icon with no pic or name on my menu list, which wont delete. That icon is veryy annoying.

If someone knows anything on how to get rid of the icon and the name on the installed app list in the Manager .. plz lemme kno !! Thnx.


Posted by: angel_wing0

Quote:
Originally posted by ollywompus
Ok, since I have seen two threads today regarding caribe.sis, i thought i would start a thread where anyone who has any info/experiences/etc. with caribe.sis can post your story and whatnot... this is a rather pointless virus, as it doesn't do much, but still it's no fun to have even a pointless virus on their phones... my intent with this thread is to try and catalog where people have gotten it from, what they have done to get rid of it, etc.

for example, i know that one user in the phillipines got it in the wild...

another user said that he got it from a download...

share your story, and lets see what we can learn.

PEACE!

-matt


dont use WAP...

and make sure when u receive stuff look at the frikkin FILE NAME!


Posted by: angel_wing0

Quote:
Originally posted by csiwireless
Ok .. i scanned my phone using the Cabir Removal Tool that I had posted earlier, and it said "Scan done, Cabir not found" but if i goto my Manager list .. it still shows Cabribe as a installed app on my Mem Card. And also its showing a blank icon with no pic or name on my menu list, which wont delete. That icon is veryy annoying.

If someone knows anything on how to get rid of the icon and the name on the installed app list in the Manager .. plz lemme kno !! Thnx.


i think u'll either need to find the file in your mmc directory, or u may need to format your memory card


Posted by: ollywompus

Quote:
Originally posted by angel_wing0
i think u'll either need to find the file in your mmc directory, or u may need to format your memory card


i second that, format your mmc and see what happens, that should get rid of it...

the cabir file removal tool probably doesn't scan the mem card.

peace!

-matt


Posted by: angel_wing0

i m just wondering..how do u guys get the virus into your phones?!


Posted by: csiwireless

Quote:
Originally posted by ollywompus
i second that, format your mmc and see what happens, that should get rid of it...

the cabir file removal tool probably doesn't scan the mem card.

peace!

-matt


Is there any other possible way .. cuz i got a lotta imp stuff stored on my Mem Card !! I know if i back up the Card its going to back up the virus too ..


Posted by: ollywompus

you could back the card up to your PC... i.e., copy the card to a folder in your pc (the cabir virus can't affect your PC) and then format your card... then you can transfer back everything except the cabir crap (images, videos, whatever)

-matt


Posted by: csiwireless

Quote:
Originally posted by angel_wing0
i m just wondering..how do u guys get the virus into your phones?!


I downloaded an app to my computer which i then transfered to my phone via bluetooth and the virus was attached to it ...


Posted by: UAE

Quote:
Originally posted by angel_wing0
i m just wondering..how do u guys get the virus into your phones?!


they get it via bluetooth and it can be sent in two ways. if your mad at someone and you wanna send it to him/her without installing it in your phone, you use mobiluck and SeleQ to send it via bluetooth. Now that they are infected. The Caribe will search for another devices and send itself with out your permission


Posted by: angel_wing0

wow...so what will happen if i send it to non-s60 devices?


Posted by: UAE

Quote:
Originally posted by csiwireless
Is there any other possible way .. cuz i got a lotta imp stuff stored on my Mem Card !! I know if i back up the Card its going to back up the virus too ..


try the removel I posted and let me know if it works


Posted by: angel_wing0

Quote:
Originally posted by csiwireless
I downloaded an app to my computer which i then transfered to my phone via bluetooth and the virus was attached to it ...


wow...warez site nowadays


Posted by: nemik

if removal app doesn't find it, i'm serious, search for a copy of caribe.sis or reinstall that tainted app. then try the tool. you probably removed enough for the tool not to detect it, but not completely so that's why you're still seeing it.
reinstall the virus then remove it. it sounds stupid but i'm confident it will work. keep us updated.


Posted by: UAE

if you can't reinstall the virus try deleting those files

C:\system\apps\caribe\caribe.app
C:\system\apps\caribe\flo.mdl
C:\system\apps\caribe\caribe.rsc

C:\SYSTEM\SYMBIANSECUREDATA\CARIBESECURITYMANAGER\ CARIBE.SIS
C:\SYSTEM\SYMBIANSECUREDATA\CARIBESECURITYMANAGER\ CARIBE.APP
C:\SYSTEM\SYMBIANSECUREDATA\CARIBESECURITYMANAGER\ CARIBE.RSC
C:\SYSTEM\RECOGS\FLO.MDL

some of the files might not be deleted from the first time, it will display " the program is already in use" restart the phone and try deleting them.


Posted by: angel_wing0

holy! i just got a friend who has this virus and successfully delete it...he is like "HOW CAN I THANK YOU!"


Posted by: ollywompus

excellent!

what really worries me is the idea of getting this virus from a freeware program... it's easy enough to not accept it via bluetooth, but to download somehting and have it attached is crappy. and not just warez, but freeware that people write and distribute...

crap crap crap i hate viruses.

-matt


Posted by: csiwireless

YAYYY !!!! I finally got rid of the virus from my Mem Card ....

Now when i goto my Manager list, it does not show caribe as an installed app.
But i still have that blank icon in my menu list ... does anyone know of what folder are the menu icons stored in .. that maybe i can get into by using Seleq FileExplorer and delete it ??? Also i think i had two versions of this viruses running.

Btw thnx for the help everyone .. atleast now we all kinda know of how to get rid of this virus !!


Posted by: csiwireless

Quote:
Originally posted by ollywompus
excellent!

what really worries me is the idea of getting this virus from a freeware program... it's easy enough to not accept it via bluetooth, but to download somehting and have it attached is crappy. and not just warez, but freeware that people write and distribute...

crap crap crap i hate viruses.

-matt


Yupp !!! mine i got it was from a freeware app and not warez. It just was attached to two of those programs.


Posted by: angel_wing0

Quote:
Originally posted by csiwireless
YAYYY !!!! I finally got rid of the virus from my Mem Card ....

Now when i goto my Manager list, it does not show caribe as an installed app.
But i still have that blank icon in my menu list ... does anyone know of what folder are the menu icons stored in .. that maybe i can get into by using Seleq FileExplorer and delete it ??? Also i think i had two versions of this viruses running.


thats good to hear


Posted by: csiwireless

I just backed up my memory card to my computer using the BT, and guess what ??
My 'Norton AntiVirus Corporate Edition' detected all the files on my mem card that were still infected with the caribe virus, and it quarantined all of them.
Now when i restore my mem card, after formatting it, it is going to be free of the virus.

It is amazing to see Norton AntiVirus detecting and cleaning the Caribe Virus !! Woww ...


Posted by: angel_wing0

OUCH!

ALL OF THE FILES? wow


Posted by: China DRagon

pretty amazing!!
could you acctually go somewhere with loads of people and use some program (you name it) and just search and send until everyone has it?


Posted by: gillofrompk

Welll Knowing this issue i must say that we must have NORTORN ANTIVIRUS installed on our S60 mobiles rather than computerssssss What do u think csiwireless


Posted by: portmans

I have a Sony Erricson K750i mobile phone.
I do not turn on Bluetooth always.
but I got a "accept download" (some .sis file) message while the bluetooth was switched off. this happened sometime back also.
it seems the viruses can switch on the bluetooth even without your knowledge and permission. its really dangerous.



Quote:
Originally Posted by friedbrains
IMPORTANT NOTE:

Caribe.sis virus is propagated via BT, so the BEST CURE IS STILL PROTECTION, hence:

1) If your BT is ON, make sure that your phone visibility is set to "HIDDEN", that way nobody can Bluejack you.

2) The Best BT Security is, if your not using your BT, then TURN IT OFF

3) If for instance, that you did not do all of the above, and for some reason, somebody you dont know is sending you something via BT, simply REJECT it.



Posted by: wakajawaka

< If your BT is ON, make sure that your phone visibility is set to "HIDDEN", that way nobody can Bluejack you. >

Not true. "Hidden" means your BT will not respond to any broadcast messages, like discovery probes. However, some clever dog figured out how to get around that using brute force..... you create a list of MAC addresses and start pinging them one by one. A BT device will respond to a message to its address even if it is "hidden".


Posted by: angel_wing0

^ nice method...but who would waste so much time doing that thou..


Posted by: lowe_75

thanks! good day...


Posted by: iPhone_1337

Quote:
Originally Posted by friedbrains
IMPORTANT NOTE:

Caribe.sis virus is propagated via BT, so the BEST CURE IS STILL PROTECTION, hence:

1) If your BT is ON, make sure that your phone visibility is set to "HIDDEN", that way nobody can Bluejack you.

2) The Best BT Security is, if your not using your BT, then TURN IT OFF

3) If for instance, that you did not do all of the above, and for some reason, somebody you dont know is sending you something via BT, simply REJECT it.


Bluejacking has nothing to do with viruses!!!!!!!!! http://www.bluejackq.com




vBulletin Copyright ©2000 - 2008, Jelsoft Enterprises Limited.
vB Easy Archive Final ©2000 - 2008 - Created by Stefan "Xenon" Kaeser