Flexispy.B
Summary
Flexispy is a spyphone application that monitors the user of the mobile phone. As the software itself is not malicious towards the phone's operating system, it is not classified as malware.
Removal
Removal using F-Secure Mobile Anti-Virus
If you feel you want to remove Flexispy from your device, you can do that by doing the following:
- Download https://phoneav.com and activate the Anti-Virus
- Scan the phone and remove any components of the malware
- Reboot the phone to remove memory resident components
After removing using F-Secure Mobile Anti-Virus, there will be remaining files from the spyware on the telephone. These files left on the phone are resource files, log files, etc. - files of non-functionality. These files can be removed manually with file exploring software such as FExplorer or something similar. Leaving these files on your phone does not harm the phone nor do they allow the spyware to function.
Here is a list of the files contained in the installation package that are installed on the phone, some of which you still see after removal:
- \system\apps\system\phones\FXMONITOR.DLL
- \system\apps\system\phones\Fxs.aif
- \system\apps\system\phones\Fxs.app
- \system\apps\system\phones\Fxs.rsc
- \system\apps\system\phones\FXSMON.EXE
- \system\apps\system\phones\Fxs_caption.rsc
- \system\apps\system\phones\MONUNINS.EXE
- \system\apps\system\phones\t4l.cfg
- \system\programs\fcex.exe
- \system\programs\FREM.EXE
- \system\recogs\FSLRECOG.MDL
- \system\recogs\FXSMON.MDL
These files are either on the c:\ or e:\ drive in the phone depending on where the Flexispy.B spyware was installed.
A False Positive is when a file is incorrectly detected as harmful, usually because its code or behavior resembles known harmful programs. A False Positive will usually be fixed in a subsequent database update without any action needed on your part. If you wish, you may also:
-
Check for the latest database updates
First check if your F-Secure security program is using the latest updates, then try scanning the file again.
-
Submit a sample
After checking, if you still believe the file is incorrectly detected, you can submit a sample of it for re-analysis.
Note: If the file was moved to quarantine, you need to collect the file from quarantine before you can submit it.
-
Exclude a file from further scanning
If you are certain that the file is safe and want to continue using it, you can exclude it from further scanning by the F-Secure security product.
Note: You need administrative rights to change the settings.
Technical Details
Installation
Flexispy.B is installed from a standard SIS package. During installation Flexispy.B shows the dialog seen above. After installation the application will immediately go into hiding and does not show any indication to the phone user of its activity. Being very similar to Flexispy.A, Flexispy.B does not have an application icon in the phone user interface. The Flexispy.B variant differs fromFlexispy.A by not showing anything in theapplication manager where installed software can usually be removed from the phone.
After Flexispy.B has been installed on the phone, the only way for the phone user to see Flexispy.B is to browse into the Flexispy.B directory or to seek for the process of Flexispy.B with some utility software.
User Interface
The user interface of Flexispy.B is similar to Flexispy.A and is only accessible by entering a special code in the phone number field.In the user interface the attacker can control when the spying application reports and what information is recorded.
Recording the Victim's Communication
Flexispy.B records both voice call and SMS information and sends the details to the FlexiSpy server. From there the information can be accessed through a web browser. For more information please see the description of Flexispy.A.
F-Secure Mobile Anti-Virus for Symbian detects this spyware starting from the update build number 87.