BlackBerry Forums Support Community               

Closed Thread
 
LinkBack Thread Tools
Old 08-17-2005, 05:05 PM   #1 (permalink)
New Member
 
Join Date: Aug 2005
Model: 7290
Posts: 3
Post Thanks: 0
Thanked 0 Times in 0 Posts
Default SMS virus?

Please Login to Remove!

In the past couple of weeks, my Blackberry 7290 seems to have acquired some sort of virus or trojan. Every time it boots up, a sales message appears offering a 'free ringtone' with three options: Load, Postpone or Ignore. Hitting Ignore enables me to carry on using the Blackberry, but I know the same thing will happen next time I switch on. Hitting the 'back' button on the side of the Blackberry (the one under the wheel) sends me to the WAP screen, as if it had all been set to get onto the internet to download whatever it is this virus is trying to install. I can get out of this with further hits of the 'back' button, but then I get an entry in my message log, with a world symbol next to it. The message gives some web address, that's all. Anyone else had this nuisance virus? How can I eradicate it? Thanks,

Lorna
Offline  
Old 08-17-2005, 05:25 PM   #2 (permalink)
CrackBerry Addict
 
jetspeedz's Avatar
 
Join Date: Feb 2005
Model: 9900
Carrier: ATT
Posts: 592
Post Thanks: 1
Thanked 0 Times in 0 Posts
Default

check your applications and see if there is anything unusual there if you cant find it whipe the bb and start over
Offline  
Old 08-17-2005, 11:41 PM   #3 (permalink)
ajg
Thumbs Must Hurt
 
ajg's Avatar
 
Join Date: Aug 2005
Location: Chicago
Model: M600i
Carrier: T-Mobile
Posts: 109
Post Thanks: 0
Thanked 0 Times in 0 Posts
Default

Quote:
Originally Posted by Lorna Spenceley
In the past couple of weeks, my Blackberry 7290 seems to have acquired some sort of virus or trojan. Every time it boots up, a sales message appears offering a 'free ringtone' with three options: Load, Postpone or Ignore. Hitting Ignore enables me to carry on using the Blackberry, but I know the same thing will happen next time I switch on. Hitting the 'back' button on the side of the Blackberry (the one under the wheel) sends me to the WAP screen, as if it had all been set to get onto the internet to download whatever it is this virus is trying to install. I can get out of this with further hits of the 'back' button, but then I get an entry in my message log, with a world symbol next to it. The message gives some web address, that's all. Anyone else had this nuisance virus? How can I eradicate it? Thanks,

Lorna
Oh great! We have adware now!!!
Offline  
Old 08-18-2005, 12:55 AM   #4 (permalink)
BlackBerry Extraordinaire
 
Soapm's Avatar
 
Join Date: Apr 2005
Location: The Mile Hi City
Model: 9780
OS: 6.0
Carrier: TMO
Posts: 2,790
Post Thanks: 3
Thanked 4 Times in 4 Posts
Default

1 person reporting??? 1st post???
Offline  
Old 08-18-2005, 01:03 AM   #5 (permalink)
New Member
 
Join Date: Aug 2005
Model: 7290
Posts: 3
Post Thanks: 0
Thanked 0 Times in 0 Posts
Default

Thanks. I'd rather avoid wiping and reinstalling if I could, not least because I had to upgrade the Blackberry operating software to get it to recognise my Bluetooth headset and I don't really want to go through that again. Can't find anything odd in the Applications list; if it's there it's pretty well disguised.
Offline  
Old 08-18-2005, 06:33 AM   #6 (permalink)
No longer Registered.
 
Dawg's Avatar
 
Join Date: Mar 2005
Location: Atlanta
Model: 8330
OS: 4.5.0.138
PIN: 31a6c9c9
Carrier: Verizon BIS
Posts: 13,962
Post Thanks: 0
Thanked 0 Times in 0 Posts
Default

if you wipe the os system will still be there so not a big problem
Offline  
Old 08-18-2005, 11:10 AM   #7 (permalink)
CrackBerry Addict
 
dkmadrid's Avatar
 
Join Date: Feb 2005
Location: Pueblo, CO
Model: 9530
Carrier: Verizon
Posts: 712
Post Thanks: 0
Thanked 0 Times in 0 Posts
Unhappy

Quote:
Originally Posted by ajg
Oh great! We have adware now!!!
This is the first specific instance I've heard about on any BB, let's hope it's the last....!!!
__________________
Now you can call me STORMin' Norman, except my name isn't Norman.
Offline  
Old 08-18-2005, 04:11 PM   #8 (permalink)
New Member
 
Join Date: Aug 2005
Model: 7290
Posts: 3
Post Thanks: 0
Thanked 0 Times in 0 Posts
Default

Quote:
Originally Posted by jetspeedz
check your applications and see if there is anything unusual there if you cant find it whipe the bb and start over
Thanks - took your advice and it seems to have worked. I'll need to re-pair the bluetooth but that was the least of my worries.
Offline  
Old 09-27-2005, 08:14 AM   #9 (permalink)
New Member
 
Join Date: Sep 2005
Location: Cambridge, UK
Model: 7100t
Posts: 4
Post Thanks: 0
Thanked 0 Times in 0 Posts
Angry

Quote:
Originally Posted by dkmadrid
This is the first specific instance I've heard about on any BB, let's hope it's the last....!!!

Unfortunately not. My company has had this hit two of thier Blackberries - mine (a 7100x) and a 7230. Mine was hit a few months back, the other one last week. If you delete the message (possibly the world icon the previous poster mentioned), then it reappears on the next reboot - before it connects to the network. I've asked our telephony supplier to escalate it to the networks, and give this thread as a reference (Hi Chris!). I've been told that turning off wap push in options will prevent 'reinfection', but doesn't look like it will stop the message thats already there. I can't remember how I got rid of mine, and I have a feeling I let it access the site, which was stupid..

If anyone finds out how to remove this, please post it here.
Offline  
Old 09-27-2005, 08:24 AM   #10 (permalink)
New Member
 
Join Date: Sep 2005
Location: Cambridge, UK
Model: 7100t
Posts: 4
Post Thanks: 0
Thanked 0 Times in 0 Posts
Default

Quote:
Originally Posted by kriptnet
If anyone finds out how to remove this, please post it here.

Some further information, I forgot to add, if it helps; the ip address the wap browser was trying to connect to was 195.74.152.84 which is owned by (according to the WHOIS database;

whois 195.74.152.84
% This is the RIPE Whois query server #1.
% The objects are in RPSL format.
%
% Note: the default output of the RIPE Whois server
% is changed. Your tools may need to be adjusted. See
% http://www.ripe.net/db/news/abuse-pr...-20050331.html
% for more details.
%
% Rights restricted by copyright.
% See http://www.ripe.net/db/copyright.html

% Note: This output has been filtered.
% To receive output for a database update, use the "-B" flag.

% Information related to '195.74.152.0 - 195.74.152.255'

inetnum: 195.74.152.0 - 195.74.152.255
netname: WIRELESSINFO-REDNET
descr: Wireless Information Network Ltd
country: GB
admin-c: JR1855-RIPE
tech-c: RH1089
rev-srv: dns1.red.net
rev-srv: dns2.red.net
status: ASSIGNED PA
mnt-by: REDNET-MNT
remarks: Abuse reports can be sent to [email address]
source: RIPE # Filtered

person: John Rands
address: Wireless Information Network Ltd
address: 4 Lancaster Court
address: Cressex Business Park
address: High Wycombe
address: Buckinghamshire
address: UK
address: HP12 3TD
phone: +44 1494444415
fax-no: +44 1494444422
e-mail: [email address]
nic-hdl: JR1855-RIPE
source: RIPE # Filtered

person: REDNET Hostmaster
address: REDNET Ltd
address: Lancaster Road
address: High Wycombe
address: Bucks, HP12 3YZ
address: UK
phone: +44 1494 513333
fax-no: +44 1494 443374
e-mail: [email address]
nic-hdl: RH1089
source: RIPE # Filtered

% Information related to '195.74.128.0/19AS8586'

route: 195.74.128.0/19
descr: REDNET-RT
descr: REDNET core/customer route
origin: AS8586
mnt-by: AS8586-MNT
source: RIPE # Filtered


...make of that what you will.
Offline  
Old 09-27-2005, 09:03 AM   #11 (permalink)
New Member
 
Join Date: Sep 2005
Location: Cambridge, UK
Model: 7100t
Posts: 4
Post Thanks: 0
Thanked 0 Times in 0 Posts
Cool

Quote:
Originally Posted by kriptnet
Some further information, I forgot to add, if it helps; the ip address the wap browser was trying to connect to was 195.74.152.84 which is owned by (according to the WHOIS database;

...make of that what you will.

So.. looking at the owning companies web page, they have a wap push product;
http://www.winplc.com/solutions/wap-push.aspx

"WAP Push is essentially an extension to SMS that enables the recipient of the WAP Push message to immediately view an online page of content in one click. WAP Push messages are binary SMS messages that contain a URL."

Given this, I suspect that the message will continue to bug you even after WAp push is disabled in Options..Browser Push. However, if in the same option you change "Service Load -Process MDS" to 'prompt', I suspect this will stop the message from being opened, and you can then delete it. I'm trying this on the 'infected' one, I'll let you know how it goes..
Offline  
Old 09-27-2005, 09:28 AM   #12 (permalink)
Thumbs Must Hurt
 
Join Date: Mar 2005
Model: 8800
Carrier: T-Mobile
Posts: 121
Post Thanks: 0
Thanked 0 Times in 0 Posts
Default

Hi,

I can add to this, I think disabling wap push as mentioned above should solve it, but I had a customer with the same issue call the other day and what was suggested to me was to get them to go into wap push and unselect the option accept non default wap push applications (you may have a slightly different wording on your software version), this should hopefully also solve the problem!
Offline  
Old 09-27-2005, 11:23 AM   #13 (permalink)
New Member
 
Join Date: Sep 2005
Location: Cambridge, UK
Model: 7100t
Posts: 4
Post Thanks: 0
Thanked 0 Times in 0 Posts
Thumbs up

Quote:
Originally Posted by xombi
Hi,

I can add to this, I think disabling wap push as mentioned above should solve it, but I had a customer with the same issue call the other day and what was suggested to me was to get them to go into wap push and unselect the option accept non default wap push applications (you may have a slightly different wording on your software version), this should hopefully also solve the problem!

I can confirm that disabling WAP push works to stop this message. I've personally set all my options under "Browser Push" to prompt, as well, allthough I suspect that just applies to the items coming in through the BES connection (i.e. not the WAP browser)..
Offline  
Closed Thread


Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

vB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are On





Copyright 2004-2014 BlackBerryForums.com.
The names RIM and BlackBerry are registered Trademarks of BlackBerry Inc.