Ok, since I have seen two threads today regarding caribe.sis, i thought i would start a thread where anyone who has any info/experiences/etc. with caribe.sis can post your story and whatnot... this is a rather pointless virus, as it doesn't do much, but still it's no fun to have even a pointless virus on their phones... my intent with this thread is to try and catalog where people have gotten it from, what they have done to get rid of it, etc.
for example, i know that one user in the phillipines got it in the wild...
another user said that he got it from a download...
i have a 3650 i could use for testing. if seriously given the .sis file, i will look into a method for deleting it without having to format the phone.
although i don't use it currently, i think i'm familiar enough with the S60 OS to be able to do something like this.
btw, does this virus "work" on the UIQ version of symbian (p9X0, p800)? I can try it on my p900 to make sure.
that's a good question about UIQ... i'm gonna say no off the top of my head, simply because even though it's still symbian, the file systems work differently...
as for testing, that would be great if you could test it, since it wouldn't be your primary phone you'd be losing out on... and if you could come up with a way to remove without havnig to reformat, you'd be a genius!
thanks man, keep the ideas coming, and i want to hear some experiences from people.
if any of you locate a copy of the .sis file, PM me. i don't think we want it spreading more than it has already, assuming the phillipines guy's story is true.
Originally posted by punkserb if any of you locate a copy of the .sis file, PM me. i don't think we want it spreading more than it has already, assuming the phillipines guy's story is true.
i am starting to wonder why u want it so desperately
My phone had got infected with this virus but with the help of these instructions and the Seleq FileExplorer i was able to delete all its files this virus was running in the background but i still cant get rid of the blank icon its displaying in my menu. Also when i goto Manager to see a list of apps, it still shows caribe and would not delete it but instead ends up closing my Manager program.
This icon really bothers me and im afraid it could infect my phone with this virus again or it still may be infected. Atleast now it does not show caribe loading up when i reset the phone.
has anyone gotten a 3650 infected on it? since that's all i'll be able to test on. but i think i could do this...just use the symbian sdk to see what resources it uses and where it might hide itself and i think this can be solved...
Caribe.sis virus is propagated via BT, so the BEST CURE IS STILL PROTECTION, hence:
1) If your BT is ON, make sure that your phone visibility is set to "HIDDEN", that way nobody can Bluejack you.
2) The Best BT Security is, if your not using your BT, then TURN IT OFF
3) If for instance, that you did not do all of the above, and for some reason, somebody you dont know is sending you something via BT, simply REJECT it.
this is the easiest way to remove it Removal
Kaspersky Labs has developed a utility to remove Cabir.a from infected handsets.
The utility will detect and delete the worm from Nokia 3650 and 6600, and Siemens SX1 handsets. It is also designed to work on Nokia N-Gage and Sony Ericsson P900 handsets, but it has not been tested on these handsets.
The utility can be found on the WAP site wap.kaspersky.com. It can be downloaded either directly from the WAP site or via the Internet by following the link wap.kaspersky.com/downloads/decabir-1.0.sis
How to use the utility:
upload the installation file, decabir.sis, to the handset, and launch it.
choose the Decabir icon in the main menu
if the handset is not infected, the message 'Device is clean' will be displayed.
if the handset is infected, the message 'Cabir has been removed. Please reboot' will be displayed. You should now switch your handset off and on again.
just as an aside, i still would like to hear people's experiences of where they got the virus, etc... particularly those that downloaded it somewhere... if people are attaching this as malware to other programs, might as well know that to avoid it.
Bookmarks