All About Symbian - Nokia (S60) and Sony Ericsson (UIQ) smartphones unwrapped

  #1  
Old 29-11-2008, 02:11 PM
weaaselchops weaaselchops is offline
Registered User
 
Join Date: Nov 2008
Posts: 6
weaaselchops is on a distinguished road
Angry Windows Viruses on new i8510!!

Hi all,

Just got my new i8510 yesterday, put it into USB storage mode and immediately noticed some off looking .exe files

I didn't that think symbian normally used .exe for internal apps. So I right clicked for properties in explorer and my anti virus software went mad!

The phone was brand new sealed from Carphone Warehouse: 8gb model software 20/08/2008 i8510xxhh7

screen shots attached




  #2  
Old 29-11-2008, 02:32 PM
cally78 cally78 is offline
Registered User
 
Join Date: Oct 2008
Posts: 12
cally78 is on a distinguished road
i just did a google search on bluesoldier.exe as came up with this

W32/AutoRun-IH is a worm for the Windows platform. When run W32/AutoRun-IH copies itself to: <System>\savage.exe <System>\bluesoldier.exe <System>\<random characters>.exe W32/AutoRun-IH spreads via removable shared drives by copying itself to <Root>\W32/AutoRun-IH W32/AutoRun-IH sets the following registry entry: HKCU\Software\Microsoft\Windows NT\CurrentVersion\Windows run <System>\<random characters>.exe

is it possible your computer already had a virus.someone will be along shortly who knows more i should imagine.

http://www.sophos.com/security/analy...autorunih.html

Last edited by cally78; 29-11-2008 at 02:46 PM.

  #3  
Old 30-11-2008, 05:50 PM
weaaselchops weaaselchops is offline
Registered User
 
Join Date: Nov 2008
Posts: 6
weaaselchops is on a distinguished road
Quote:
Originally Posted by cally78 View Post

is it possible your computer already had a virus.someone will be along shortly who knows more i should imagine.

Hmm it is possible that it was my computer...but very unlikely!
If I did have have a virus why would it only infect the Phone drive and no other removable media? I have an IPOD, COMPACT flash drives, SD, SDHC and numerous memory sticks all seem mysteriously unaffected!?

I have done full virus sweep and nothing... unless this virus hates Samsung!

Wouldn't be unheard of for a device to ship with a virus!
I would post some links to to some cases, but as I am seem to be a fail n00b I can't (less that 10 posts meh!)
anyway google for "virus shipped"

  #4  
Old 01-12-2008, 09:37 PM
genie genie is offline
Registered User
 
Join Date: Aug 2008
Posts: 21
genie is on a distinguished road
Same here, my nod32 first saw the autorun.inf, and then when I went to the removable disk, it saw another 5 pottential virusses.

Are they false-positives or somekind of chinese trojans horses who are send to spie on i8510 users...?

I send one of them to eset nod32 for analysis. But it is quit strange, isn't it?

  #5  
Old 02-12-2008, 12:58 PM
stuclark's Avatar
stuclark stuclark is offline
Super Moderator
 
Join Date: Aug 2004
Location: London, UK
Posts: 1,575
stuclark is on a distinguished road
This has been reported before... what we need to be 100% sure about is where this is coming from...

Are these "viruses" showing up on brand new, out of the box phones; or are they showing up on phones which have been "upgraded" using some of the tools available on the internet?

My suspicion is that this is the result of a firmware "upgrade" from an unknown, untrusted and illegal source, and not something Samsung themselves are responsible for.

If you know different, please post that information.

  #6  
Old 02-12-2008, 01:36 PM
weaaselchops weaaselchops is offline
Registered User
 
Join Date: Nov 2008
Posts: 6
weaaselchops is on a distinguished road
Beer

Quote:
Originally Posted by stuclark View Post
This has been reported before... what we need to be 100% sure about is where this is coming from...

Are these "viruses" showing up on brand new, out of the box phones; or are they showing up on phones which have been "upgraded" using some of the tools available on the internet?

My suspicion is that this is the result of a firmware "upgrade" from an unknown, untrusted and illegal source, and not something Samsung themselves are responsible for.

If you know different, please post that information.
Quote:
Originally Posted by weaaselchops View Post
Hi all,

The phone was brand new sealed from Carphone Warehouse: 8gb model software 20/08/2008 i8510xxhh7
I broke the seal myself! Carphone Warehouse are a few things but are not an "unknown, untrusted and illegal source"

From reading this sub forum it seems that some people seem very quick to doubt others.
I have seen people being called liars, "you don't know what you are talking about" and "you MUST be wrong"
Seeing as we are all fairly anonymous on the Interwebs, you don't know how many years I or others have been working in the mobile phone industry, you don't know how many Symbian phones we have owned in the past or our general competence level.

How about asking a few more questions instead of wild accusations?
This is not aimed at you stuclark directly just a general observation.
/rant


  #7  
Old 02-12-2008, 01:50 PM
bartmanekul bartmanekul is offline
Super Moderator
 
Join Date: Jul 2007
Posts: 2,653
bartmanekul is on a distinguished road
Has anyone contacted carphone warehouse about this? And has anyone got it from another supplier?

Obviously its not CPW doing this, as they dont seal the boxes, but it would narrow down the point of origin.

  #8  
Old 02-12-2008, 01:56 PM
weaaselchops weaaselchops is offline
Registered User
 
Join Date: Nov 2008
Posts: 6
weaaselchops is on a distinguished road
Quote:
Originally Posted by bartmanekul View Post
Has anyone contacted carphone warehouse about this? And has anyone got it from another supplier?

Obviously its not CPW doing this, as they dont seal the boxes, but it would narrow down the point of origin.
I have contact Samsung via email and phone. Not sure I will get any feedback, but I did my bit

  #9  
Old 02-12-2008, 03:12 PM
Jules_N93 Jules_N93 is offline
Registered User
 
Join Date: Oct 2006
Posts: 143
Jules_N93 is on a distinguished road
Quote:
Originally Posted by weaaselchops View Post
I broke the seal myself! Carphone Warehouse are a few things but are not an "unknown, untrusted and illegal source"

From reading this sub forum it seems that some people seem very quick to doubt others.
I have seen people being called liars, "you don't know what you are talking about" and "you MUST be wrong"
Seeing as we are all fairly anonymous on the Interwebs, you don't know how many years I or others have been working in the mobile phone industry, you don't know how many Symbian phones we have owned in the past or our general competence level.

How about asking a few more questions instead of wild accusations?
This is not aimed at you stuclark directly just a general observation.
/rant

Well put. Good luck with your investigations.

  #10  
Old 03-12-2008, 11:04 AM
stuclark's Avatar
stuclark stuclark is offline
Super Moderator
 
Join Date: Aug 2004
Location: London, UK
Posts: 1,575
stuclark is on a distinguished road
Quote:
Originally Posted by weaaselchops View Post
I broke the seal myself! Carphone Warehouse are a few things but are not an "unknown, untrusted and illegal source"

From reading this sub forum it seems that some people seem very quick to doubt others.
I have seen people being called liars, "you don't know what you are talking about" and "you MUST be wrong"
Seeing as we are all fairly anonymous on the Interwebs, you don't know how many years I or others have been working in the mobile phone industry, you don't know how many Symbian phones we have owned in the past or our general competence level.

How about asking a few more questions instead of wild accusations?
This is not aimed at you stuclark directly just a general observation.
/rant

There have been a lot of wild claims made with regard to the 8510; a lot of them made without proper understanding, or as the result of user error, or as the result of user actions.

My phone too came from the Carephone Warehouse and is a XXHH7 firmware model, and while we each may call CPW lots of names, you're right, "unknown, untrusted and illegal" can not be used together when discussing them! ()

While no-one is calling anyone else a liar, it's important we all make sure of the facts before throwing accusations around. It would seem in your case that the fault lies squarely with Samsung or one of their agents (the phone configuration agents for example). This is not good news and needs investigating, as I believe is being done...

Keep us informed please.

  #11  
Old 17-12-2008, 11:53 PM
mrFlibble47 mrFlibble47 is offline
Registered User
 
Join Date: Dec 2008
Posts: 13
mrFlibble47 is on a distinguished road
I had to register immediately so i could reply to this thread.
I got a new i8510 delivered today (17/12/08) from mobiles.co.uk (owned by the carphone warehouse) in a sealed box. When i came to plug it into my usb port my anti-virus (AVG Free) also detected almost the exact same viruses mentioned above. This was definitely nothing that had come from my computer (everything fully patched) over to the phone - they were already on the phone straight out of the box.

Incidentally, I cannot explore the contents of the phone in explorer (i select mass storage device on the phone when connecting it to the computer) although the contents of the phone are visible to AVG and Spybot for that matter. The removable hard drive (2 of them) get added in My Computer when I connect it, but when double clicking on one it asks me "what program I want to use to use to open this file E:\ " when it should just go to the normal folder view as the person who started this thread seems to be able to do with no problem

  #12  
Old 28-12-2008, 08:49 PM
storvandre storvandre is offline
Registered User
 
Join Date: Dec 2008
Posts: 2
storvandre is on a distinguished road
Angry virus on i8510 - italy

hi all
I have unpacked 2 i8510 (bought in italy, at marcopoloshop.com), and both have the virus above, totti.exe,etc...

detected and deleted by avast!

Ads

  #13  
Old 31-12-2008, 08:29 PM
Beefman Beefman is offline
Registered User
 
Join Date: Dec 2008
Posts: 1
Beefman is on a distinguished road
No, it's not BS, the phone has a virus as built from Samsung. I bought mine at the Sin Tat mall in Hong Kong. I broke the Samsung seal on it, and when I connected it in Mass Storage mode my antivirus software went nuts. All the same virii and I *know* I'm not and haven't been infected. I expect something like that out of a no-name clone-phone from China but not from Samsung! It's pretty clear whomever built the image either had an infected computer or was having a laugh.

  #14  
Old 24-01-2009, 01:40 PM
garyhgaryh garyhgaryh is offline
Registered User
 
Join Date: Jan 2009
Posts: 2
garyhgaryh is on a distinguished road
Quote:
Originally Posted by mrFlibble47 View Post
I had to register immediately so i could reply to this thread.
I got a new i8510 delivered today (17/12/08) from mobiles.co.uk (owned by the carphone warehouse) in a sealed box. When i came to plug it into my usb port my anti-virus (AVG Free) also detected almost the exact same viruses mentioned above. This was definitely nothing that had come from my computer (everything fully patched) over to the phone - they were already on the phone straight out of the box.

Incidentally, I cannot explore the contents of the phone in explorer (i select mass storage device on the phone when connecting it to the computer) although the contents of the phone are visible to AVG and Spybot for that matter. The removable hard drive (2 of them) get added in My Computer when I connect it, but when double clicking on one it asks me "what program I want to use to use to open this file E:\ " when it should just go to the normal folder view as the person who started this thread seems to be able to do with no problem
I also registered just so I can put in my 2 cent. I got my innov8 in dec and read about the virus. I also connected using the samsung app, but this morning I used the usb mode and my expired aol active virus shield (avs) went crazy.

Here's what I got (see attached).

Yes, I think it came from the factory, although I did buy my innov8 second hand.

How can I verify I'm not infected? The bluesoldier.exe virus and a dll was detected last. I hope it wasn't running.
Gary
Attached Thumbnails
Click image for larger version

Name:	samsungphonedriveE-2.jpg
Views:	223
Size:	62.4 KB
ID:	4358  

  #15  
Old 24-01-2009, 01:46 PM
garyhgaryh garyhgaryh is offline
Registered User
 
Join Date: Jan 2009
Posts: 2
garyhgaryh is on a distinguished road
[quote=weaaselchops;402546]Hi all,

Just got my new i8510 yesterday, put it into USB storage mode and immediately noticed some off looking .exe files

I didn't that think symbian normally used .exe for internal apps. So I right clicked for properties in explorer and my anti virus software went mad!

The phone was brand new sealed from Carphone Warehouse: 8gb model software 20/08/2008 i8510xxhh7

screen shots attached

CAN'T POST YOUR IMAGE AS I'M TOO NEW.


Hmm.. you detected 7 viruses. AVS only detected 6 on mine. I don't have the XSDELECT.COM virus. I hope it didn't pass through my virus checker and delete itself after running. Do you all have XSDELECT.COM?

Worried,
Gary
 

Bookmarks

Tags
i8510, viruses, windows

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
UPDATE: Windows Live! for Nokia S60 v1.1.9000 henklbr S60 Software 2 03-08-2008 06:21 AM



All times are GMT. The time now is 02:02 AM.


vBulletin skins developed by: eXtremepixels
Powered by vBulletin® Version 3.8.0
Copyright ©2000 - 2020, Jelsoft Enterprises Ltd.
Copyright Notes || Contact Us || Privacy Policy