My Bitdefender
  • 0 Shopping Cart


Facebook Twitter Google Plus




Presence of .dat, .exe, .ini files in C:\SYSTEM\DATA or C:\SYSTEM\APPS.

Removal instructions:

Please let BitDefender disinfect your files.

Analyzed By

Alexandru Maximciuc, virus researcher

Technical Description:

SymbOS.Worm.Beselo.B is a worm that infects devices with Symbian S60 Second Edition. It spreads by sending copies of itself through MMS and Bluetooth as a message with "Photo" as body and with as an installation file attached. Instead of using the standard .sis extension, it uses beauty.jpg, sex.mp3 and love.rm as filenames to make the users think it's a multimedia file. The operating system recognizes the file as an installation file and prompts asking for installation. Users are advised to never accept an installation triggered by a media file.

The installer copies the worm's executable in C:\system\data with a random name(7 characters long, given by the sender). When executed, the worm copies itself in C:\system\apps with the same name.

As a protection measure, it sets its process as a system process(making it invisible for the default process lister). Also, the worm waits for incoming MMS messages and replies with an infected MMS and infects memory cards inserted in the infected phone.