English Deutsch Français Italiano Español Português 繁體中文 Bahasa Indonesia Tiếng Việt ภาษาไทย
All categories

when i run Antivir Mobile (antiviurs software) virus defination july 2006, than it show Malware found (SymbOS/Drever.A) what is this friends ??? what should i do for it. can i delete it or it is a system file pls tell me i am using nokia 3230..

2007-01-21 19:29:04 · 3 answers · asked by Anonymous in Consumer Electronics Cell Phones & Plans

when i run Antivir Mobile (antiviurs software) virus defination july 2006, than it show Malware found (SymbOS/Drever.A) what is this friends ??? what should i do for it. it only show this malware but my cellphone has no problem it is working perfectly...can i delete it or it is a system file pls tell me i am using nokia 3230..

2007-01-21 20:31:08 · update #1

3 answers

Drever.A is a Trojan horse (*not* a virus) for Simbian phones like your Nokia model - see the first link below for a description. Since it is not a virus, it cannot spread by itself. Therefore, unless you have recently downloaded and installed on your phone software from dubious sites, it is *extremely* unlikely that you indeed have it. Most likely, your anti-virus program is causing a false positive - not a difficult thing with this particular malware program, because it consists of very few and very small files.

Here is how to check for yourself. First of all, make sure that you have some kind of file manager on your phone. FExplore is a very good one and is free - you can get it from the second link below.

Then use FExplore to check if the directory

C:\system\apps\GavnoWin!

exists on your phone. If it does not exist, then relax - your anti-virus program is causing a false positive. Report the problem to the producer and request a fix. If they don't provide you with one in a timely manner, consider switching to a better anti-virus program. The third link below points to an excellent one, made by F-Secure.

If the directory does exist, then you indeed have (or at least have had in the past) this Trojan horse. In this case, you have two options. One is to request that your anti-virus program removes it. If it cannot, ask the producer for a fix; if they don't provide one, switch to a better program.

The other option is to remove the Trojan horse manually. In this particular case it is very easy - no need to format your phone or do anything fancy. Just use FExplore to remove the following files and directories from your phone:

C:\system\apps\GavnoWin!\Gavnowin.app
C:\system\apps\GavnoWin!\Gavnowin.rsc
C:\system\apps\GavnoWin!\Gavnowin_caption.rsc
C:\system\apps\GavnoWinYou\Gavnow.app
C:\system\apps\GavnoWinYou\Gavnow.rsc
C:\system\apps\GavnoWinYou\Gavnow_caption.app
C:\system\recogs\AVBoot.mdl
C:\system\recogs\kl_antivirus.mdl
C:\system\apps\GavnoWin!
C:\system\apps\GavnoWinYou

(The last two are directories; the rest are files.)

The above instructions assume that your anti-virus program is right and you indeed have the .A variant of this Trojan. If you have any of the remaining variants (.B, .C or .D), you'll have to remove a different set of files. But if your anti-virus program misidentifies the malware it detects, I would consider replacing it with a different one.

2007-01-21 22:32:32 · answer #1 · answered by Vesselin Bontchev 6 · 1 0

Let me tell you...!!

I am not sure about fixing this problem... Deleting a Specific Infected file is somewhat complicated... I suggest you to Format ur mobile... But think a while before continuing... All the files stored in phone memory will be deleted...

But do copy ur Phone stored datas to memory card and remove it... Now check out with formatting... This will work out...!! If the virus continues, Format ur memory card also (search option within)...

Formatting tips: *#7370# (for normal formatting) and *#7780# (for deep formatting)... Try normal one... Make a note of ur lock code... Try 0000, 1234, 00000, 12345....

Hope the info satisfies you...

2007-01-21 20:08:35 · answer #2 · answered by abul 3 · 0 0

you may need to reformat.

2007-01-21 19:37:18 · answer #3 · answered by majj 3 · 0 0

fedest.com, questions and answers