mailvare, spyware, virus? - Xoom Q&A, Help & Troubleshooting

hi looking for an advice now as went on holidays and used my hotel network to connect to internet and now on the third day I got about 30 emaills saying MAIL DELIVERY FAILURE!!! Those emails were returned as not delivered but plenty were sent and got email from friend of mine asking whats going on with me as he got some adds from my address...
have three different mails and that particular one was remembered by browser the other two have set up on android gmail application but when saw these 30 failure delivery didnt go to android app...
so can some1 tell me whats that about ? is xoom really infected? i mean can android which is linux based get infected that way? what should i do? hard reset? i remember doing hard reset leaves all data like music etc so can any infected file stay here after reset?
got AVG antivir and after scanAVG says tablet is clean... installed DroidDream malvare detection and it also says tablet is clean... finally installed GuardX and it also says xoom is clean
so whats going on here virus? spyware? whats best advice u can give me ?

This happens to my Hotmail account not to long ago and was told to change password and check settings to make sure the vacation auto reply was not activated. Maybe while you were at the hotel some was monitoring and got your password. That is what I suggest. I haven't heard android getting viruses.
Hope this helps
Sent from my Xoom using XDA

Its yahoo mail...i hope its the case of password,'changing it now and will see in day or two if ay more spams out of my account ...
Thank you for reply
Good luck

Related

[Q] amazon appstore registered email address

sorry if this is posted elswhere but i have look for the past hour for this answer.
i have the amazon appstore installed on my desire hd, but im in the uk.
i made a fake email and set it up to look like im in the US.
now i want to install custom mods on my phone but i cant remember the email i used to register with amazon.
no where can i find it mentioned in the app and no where can i find any data on my unrooted DHD.
i no what password i used but just need the email i used.
is there anyway i can find out which email ive used.
i ask because i dont want to lose all the free apps of the day that i have.
thanks in advance
Same problem here... I dont think its possible to recover login email. the appstore saves an encrypted file with your device data, so if you backup and then restore in the same device, should be no problem
killerbender said:
Same problem here... I dont think its possible to recover login email. the appstore saves an encrypted file with your device data, so if you backup and then restore in the same device, should be no problem
Click to expand...
Click to collapse
will i be able to do this without root access.
i ask because i was stupid enough to believe htc when they said the latest update will fix wifi problems but instead it just unrooted my phone and left wifi broken

12346 Netbus Backdoor trojan showing up on my girlfriends phone.

So I did a search and couldn't really find any info on what this is. today I was scanning everything attached to my network with Fing and her phone came up with a TCP 12346 netbus backdoor trojan. Not sure where to go from here to find and remove it. my guess is she got it from using mp3 music downloader. any help is much appreciated.
Anyone????
What did you use to scan it with?
Sent from my ADR6400L using Tapatalk
Turd Furguson said:
What did you use to scan it with?
Sent from my ADR6400L using Tapatalk
Click to expand...
Click to collapse
look out security
Android NetBus backdoor trojan
Bump. I have seen this "12346 NetBus backdoor trojan" during a fing (overlooksoft) service scan. What does xda have to say about this?
Wikipedia gives a interesting article about theNetBus trojan horse.
The person that owns the phone claims that they clicked on a link in an email and the phone froze.
The only solution I have dug up is a factory reset. I did, ran another scan and it didnt change.
Ill be looking for feedback!
same 12346 netbus back Door trojan
Fing app tells me that my Phone has 12346 port open. Any advice? Thanks
For anyone still wondering
I also used Fing and found the same open port and it seems If you use the Rhapsody service then that is your answer if you dont then go fish, best of luck, hope this helps . . . . at least to anyone that uses Rhapsody
I also have Rhapsody/Napster and I also did a scan with the Fing app, and got the same Netbus backdoor trojan in the running services when scanning with Fing. This is totally a guess but if its Napster then it would make sense that the app keeps a port open so it can block the service if your subscription is canceled or suspended. My experience is that if you force Napster into offline mode before its cancelled or suspended it wont block the service because its not actively searching for the network. I have done this with Napster a few times.
Install TWRP and reformat the drive... then re-flash the stock firmware.

Be aware 'Scam' App : U need 2 read this ! It may cost u money if u don't!!!!

Hiya,
I'm bagofbits and new to these forum's and was not sure how to contact anyone at XDA so after some after advice from LUFC (forum moderator) here is my situation.
I have a wildfire s and been viewing those forums, during the last couple of days since the change over from android market to google playground or whatever it's called these days, I've been getting a popup app in my status bar saying please download 'battery supercharger' . I've been just clearing my status bar but it just kept coming back.
Today by mistake i downloaded it and got loads of texts within minutes and ended up with a charge of £4.99, I text 'STOP' to the number given. My network provider(3) can't help and I've mailed google help about it and they have logged it and are getting back to me.
Also a number of post's on the web about it...
Anyway enough rambling, I've searched the wildfire s forum and can't see any mention of it, just thought that it would be useful to post something about it so nobody else falls victim to this.
Give me a thanks if u could please.
Cheers
Oh might be an idea to check recent downloads you have made that contain ad's that may harbor this scam.
bagofbits said:
Hiya,
I'm bagofbits and new to these forum's and was not sure how to contact anyone at XDA so after some after advice from LUFC (forum moderator) here is my situation.
I have a wildfire s and been viewing those forums, during the last couple of days since the change over from android market to google playground or whatever it's called these days, I've been getting a popup app in my status bar saying please download 'battery supercharger' . I've been just clearing my status bar but it just kept coming back.
Today by mistake i downloaded it and got loads of texts within minutes and ended up with a charge of £4.99, I text 'STOP' to the number given. My network provider(3) can't help and I've mailed google help about it and they have logged it and are getting back to me.
Also a number of post's on the web about it...
Anyway enough rambling, I've searched the wildfire s forum and can't see any mention of it, just thought that it would be useful to post something about it so nobody else falls victim to this.
Give me a thanks if u could please.
Cheers
Oh might be an idea to check recent downloads you have made that contain ad's that may harbor this scam.
Click to expand...
Click to collapse
The ad you saw in your status bar used ad over the air function.
There are some apps which will detect apps using the add. Method. And will give you the ability to uninstall it.
Sent from my HTC HD2 using xda premium
Thanks
Thanks for the advice, I have installed firewall and virus protection now, can u advise on an app for trapping these OTA updates ?
WOW, thanks for posting this up. I'll keep an eye out for this one!
bagofbits said:
Thanks for the advice, I have installed firewall and virus protection now, can u advise on an app for trapping these OTA updates ?
Click to expand...
Click to collapse
The best one and most trusted one is from lookout.
https://play.google.com/store/apps/details?id=com.lookout.addetector
Press the thanks button
Sent from my HTC HD2 using xda premium
Try airpush detector from the market to find out what the offending app is.
Never txt stop to a random number that's how they get ya, school boy error
THISIS50 if its hot its here
School boy error
Just to set the record straight this 'thing' auto en-roles u 'before' u text stop and it applies the charge!
If I'm guilty of anything it's downloading by mistake !
Google it and see what others are saying bout it, I was just trying to help and your criticism ain't justified.
jamieunit said:
Never txt stop to a random number that's how they get ya, school boy error
THISIS50 if its hot its here
Click to expand...
Click to collapse
Unfortunately this is true, you have not stopped the messages - just confirmed to the spammers that the number is live and real. 3 may be able to help you by blacklisting the numbers you are getting messages from - also have a look here if the messages persist.
This is a problem that is by no means limited to the Wildfire S - recently I recognised an app on my friend's Samsung Galaxy Ace as being malware - it was also generating notifications about some kind of battery optimizer. I managed to remove it before she accidentally signed up to anything.
Regarding the app, try some apps like Lookout Mobile Security and BitDefender . If you run a scan with these, they may find the offending app and help you to remove it. Good luck!
solution to battery supercharger text costs
saw the two text messages yesterday, spoke to Vodafone told them to block any charges today, up to which time charges hadn't gone through. So hopefully this will cost me nothing.
even if they had placed the charge, I would have asked Vodafone not to pay it, and kicked up a fuss until the agreed not to do so, or carry the cost themselves. Anybody with a mobile phone contract is in a very strong position at the moment I have noticed, getting lots of freebies off them.
thanx for ur advice
but i think it is not harmful

Android Rom and Banking Fraud?

Hello to all,
first of all forgive me if i am in the wrong forum. Second I am not an authority with ROMs and developing. I can flash a new ROM and follow guidance easily but that's it. Up to that.
I will tell you my scary experience with a specific rom which i installed a couple of days ago on my S3. First off all this post is not suppose to be rude to anyone or anything. I am telling you my story and I would appreciate your input as you are the experts.
3 days ago I installed the MIUI (http://miuiandroid.com/community) ROM on my S3.
As soon as I turned the phone on to run it for the first time I went to the typical set ups but then I noticed something.
On he top right corner of the status bar the a green phone icon appeared meaning that the phone was automatically set on "Call-diverting" .I dint pay any attention for about 30 mins as I was setting up the phone.
When I decided to see what the icon does to my sock and horror I realised that my phone was pre setted to call diverting automatically to a specific mobile number in the UK.
I quickly disabled the call diverting and dint think anything more. All of that happened around 12:30 in the afternoon (pay real attention to the times here).
about 10 minutes later I was at the office. around 2 hours after that I got a text message from my Bank to call them about a suspicious money transfer.
I called the bank and the told me that a few minutes earlier someone attempted to transfer 2000 pounds from my account. Of course my on-line banking was frozen and I was lucky not to loose the money.
Now, during these two hours my phone never rang just the text message from my bank. The bank security employee told me that it looked suspicious to them because whoever was trying to transfer the money asked for the 4 digit number via the automated bank security system to be diverted to another mobile number. The bank advised me to call my mobile carrier as I did.
The mobile carrier , when i talked to him, confirmed that someone called them and accessed my account by giving them all the right info, and requested that every time my phone was out of coverage all calls to be directed to another mobile!
have you guess what was the other mobile?? It was exactly the same mobile number as the pre-set on the ROM which I had installed 3 hours earlier!
And my bank confirmed that the same mobile was used in order to get the 4 digit pin.
I was shocked to say the least!!
When after a few minutes I managed to talk to my girlfriend , she told me that she was calling me earlier for about an hour. These phone calls never made it to my phone. As the phone was pre-setted to call diverting it was ringing to the diverted phone and not mine.
It is obvious that as I do mobile on-line banking and I access my accounts from my mobile (as many do), somehow they managed to get all the information about me and I am suspecting dodgy applications on my phone. I hope I am wrong but this experience has really shocked me.
I love android phones I love what you developers do but I am after you opinion in this one.
I am not here to offend any developers but to have a genuine answer and a sensible discussion about this issue. I am not a kid I am professional and this experience has really made me think twice about smart phones.
nice.! install only trusted ROMs with a lot of feed back
Sent from my GT-I9100 using Tapatalk 2
jowett69 said:
nice.! install only trusted ROMs with a lot of feed back
Click to expand...
Click to collapse
the miui-rom made by miuiandroid.com is a "trusted rom with a lot of feedback" and has a long history and a community with over 50.000 members.
mtdgr said:
I am suspecting dodgy applications on my phone.
Click to expand...
Click to collapse
i think you're right, it wasn't the rom but some malware-/spyware-app.
assuming your phone was rooted, it would be easy for an app to do all kind of bad stuff once it got root-privileges, eg hiding on your sdcard and spying your data and after that establishing the call-divert to catch the 4digit-pin and the rest would be history.
only thing you could do is think what questionable apps with root privileges you installed in the last days before this happened, try to get a copy of it and have a closer look on it, maybe installing it without a simcard inserted or with a simcard without charge on it, to see what happens...
a big piece of luck would be some kind of log from about 1230h to see what established the call-divert, but if i would do such app i would ensure to delete all logs with traces afterwards, but who knows?
though, all of that are just the ideas that came to my mind as i read your post...
good luck for the investigation, would be interesting to know if you could get any information about what happened, so keep us updated, ok?
greetz,
sUsH
It would be difficult for me to know which custom ROM is safe and which one is not! I am not an expert you see. And the same goes with apps. I don't think anyone can state with certainty that any are safe.
It is just shocking to know how easy it is for your details to "escape" !
I will keep you informed about how this goes.
jowett69 If you can tell me how to get that log you are talking about, that would be great.
In the meantime can anyone advise on a descent mobile data protection application? something which will prevent any sensitive data from leaking from my phone? Payware or freeware I don't mind.
some ideas
mtdgr said:
It would be difficult for me to know which custom ROM is safe and which one is not! I am not an expert you see. And the same goes with apps. I don't think anyone can state with certainty that any are safe.
It is just shocking to know how easy it is for your details to "escape" !
I will keep you informed about how this goes.
jowett69 If you can tell me how to get that log you are talking about, that would be great.
In the meantime can anyone advise on a descent mobile data protection application? something which will prevent any sensitive data from leaking from my phone? Payware or freeware I don't mind.
Click to expand...
Click to collapse
A start might be to check the Superuser app and click on Log and see what apps received su permissions.
Also, from a cmd prompt you can enumerate all the running processes by running:
Code:
adb shell "busybox ps -A > /mnt/sdcard/process.log"
adb pull /mnt/sdcard/process.log
View process.log for anything suspicious, or post it up and I'll have a look.
fluxist
fluxist said:
A start might be to check the Superuser app and click on Log and see what apps received su permissions.
Also, from a cmd prompt you can enumerate all the running processes by running:
Code:
adb shell "busybox ps -A > /mnt/sdcard/process.log"
adb pull /mnt/sdcard/process.log
View process.log for anything suspicious, or post it up and I'll have a look.
fluxist
Click to expand...
Click to collapse
I don't think I could do that my friend. As soon as I suspected that something with that ROM was wrong I performed a full wipe and installed omega 9.1 rom.
My question is this. By performing a full wipe should really erase any malware from the previous installation right? Can anyone advise on a descent antivirus/firewall application which will help me (and others like me) monitor and "block" unusual application behavior?
oh and one more question for my information...sensitive personal data can only be leaked when the device is rooted ? if it is not rooted am I safe?
mtdgr said:
I don't think I could do that my friend. As soon as I suspected that something with that ROM was wrong I performed a full wipe and installed omega 9.1 rom.
My question is this. By performing a full wipe should really erase any malware from the previous installation right? Can anyone advise on a descent antivirus/firewall application which will help me (and others like me) monitor and "block" unusual application behavior?
Click to expand...
Click to collapse
did you wipe your internal and external sdcards too? how did you wipe? cause it depends where the malware was hiding, if it is erased now or not.
a simple, yet powerful firewall is droidwall. you can find it in the market. put it in whitelist-mode and allow only the stuff you know. but droidwall controlls "only" internet-connections (wifi and 3g or such). for full controll over every permission of every app and connection of your phone you sohuld use pdroid, but i don't know if that's really necessary, though i understand your fear. but if someone really wants to harm you and has some knowledge, there are always ways, i think...
mtdgr said:
oh and one more question for my information...sensitive personal data can only be leaked when the device is rooted ? if it is not rooted am I safe?
Click to expand...
Click to collapse
not really, think of those apps you can use to root your device. think a bit further and one could make an app that roots your device and afterwards does the stuff it wants. but seriously, though it is possible, who would do that to you? that's what you should think about...
greetz,
sUsH
ps: cause you did a wipe, there's no possibilty of going through some logs, sry. (though this too depends on the way you wiped and what exactly you wiped...)
I did a full wipe to install the new rom...wipe cache data ...devlink and one more but cant remember it
Sent from my GT-I9300 using xda app-developers app
mtdgr said:
I did a full wipe to install the new rom...wipe cache data ...devlink and one more but cant remember it
Sent from my GT-I9300 using xda app-developers app
Click to expand...
Click to collapse
sry, then your try to get rid of the problem also got rid of possible evidence. just try to forget it and be more careful in future with suspicious apps from questionable sources and similar.
greetz,
sUsH

Every time I install a new rom or do a factory reset it looks like I've been hacked

As the title say time I install a new rom or do a factory reset it looks like I've been hacked. As soon as I register and connect my phone to the internet google security activity shows that my phone has been connected from Irland or Germany although I'm connecting from Sweden. How can this be explained if I'm not being hacked? I take all the security measures, changing password etc... But yet this problem doesn't go away. Does this happen to anyone else?
give us more detail
did happen only with one device or more? what do u use for root, wich rom, custom recovery do u install? wich kind of gapps do u use? it happen just when u install the rom/recovery, or when u set up the gapps?
the foreign connection message is inside the gmail account? do u see foreign ip address logged when u are not logged or just foreign ip when u are logged? (this question is because maybe something use a vpn)
I use Viperone rom, but it does't matter what rom I use. As soon as i logg in to my google account it happens, on the google security activity where I can see my devices, it shows that I logged in from Irland or Germany, and after that it goes back to show that I logged in from Sweden. So far I noticed that it only happens on my phone, but in the past it use to happen on my PC too, and it does not show the ip address, it only shows the name of the country. This is how it looks like: http://imgur.com/2A9ZBJy Tyskland is Germany in Swedish and it's not supposed to be there with Irland.
Keomas said:
I use Viperone rom, but it does't matter what rom I use. As soon as i logg in to my google account it happens, on the google security activity where I can see my devices, it shows that I logged in from Irland or Germany, and after that it goes back to show that I logged in from Sweden. So far I noticed that it only happens on my phone, but in the past it use to happen on my PC too, and it does not show the ip address, it only shows the name of the country. This is how it looks like: http://imgur.com/2A9ZBJy Tyskland is Germany in Swedish and it's not supposed to be there with Irland.
Click to expand...
Click to collapse
when u install rom and configure gapps r u using your wifi? because is strange it happens also with your pc, maybe the problem is in your LAN, it happens just after the gapps setup after a fresh install or also later?
do u ose official gapps (and where is the source) or do u use other kind of gapps?
The roms that I use has allready Google apps installed. This time it happened right after I logged in to my phone. In the past it happened a day later.
It's possible that the new rom had it's location history set to those locations.. And Google apps like a good little app is telling where your are...
But it's wrong until it gets a proper location update.
nutpants said:
It's possible that the new rom had it's location history set to those locations.. And Google apps like a good little app is telling where your are...
But it's wrong until it gets a proper location update.
Click to expand...
Click to collapse
No. This happens when i change the password. I changed the password before i installed the new rom.
Google
Yeah sure.google needs update location.
sichuv11 said:
Yeah sure.google needs update location.
Click to expand...
Click to collapse
Nope. I'm definitely being hacked. Everything points towards it. I change my password I format my PC I install the original android to my phone, same **** happens. It was not like this before.
There is a trojan that can not be found by virus, malware and trojan software. This bastard got me. I think it could be the government.
Now it looks like this,I got USA instead of Germay http://imgur.com/uYDxZ1j Am i being hacked or not? 6th februari is the day i changed my password, compare it with the first picture i posted.
make 2 new google account with your pc
wipe your phone and install a rom, than configure it with one new account
use it for a day
than with your pc go in both account and see if are both comprimised or not
Let's assume the worst thing, that I am being hacked. How can I stop this from happening? I already changed password (I'm doing that from time to time), I use 2 step verification and sms verification when I login to my Gmail and I got virus, malware and firewall softwares, what else can I do? How am I being hacked?
Keomas said:
Let's assume the worst thing, that I am being hacked. How can I stop this from happening? I already changed password (I'm doing that from time to time), I use 2 step verification and sms verification when I login to my Gmail and I got virus, malware and firewall softwares, what else can I do? How am I being hacked?
Click to expand...
Click to collapse
if u want help you should try to do what we say and report it
niubboxp said:
if u want help you should try to do what we say and report it
Click to expand...
Click to collapse
Your just asking questions, I don't think you have answers.
Keomas said:
Your just asking questions, I don't think you have answers.
Click to expand...
Click to collapse
and you will never know
niubboxp said:
and you will never know
Click to expand...
Click to collapse
Maybe not on this forum, but there are other forums.
What rom are you using? Where did you get it?
What email app are you using?
Who is your internet provider for your device?
All of these can be factors in you being hacked...
Your rom could have a Trojan on it.
Your email could be not properly storing your password.
(Your not using the factory email app that uses the account your signed info your phone with are you? Please say no)
Is your internet provider known for making a federal case out of every request for information or do they give it out to anyone with a badge?
More information is needed before you can be helped.
First off change roms...
If you are using a oem rom get a custom rom from a popular developer.
Then change email providers
(Unless you are taking Google)
Then dump the two factor crap
Get a third party open source email app or use tor to sign in by web mail.
Change and set your password from a cafe or hotel Wi-Fi that is nowhere where you usually go.
Then see if you think you are being hacked..
If so trash the phone
Get a new one with cash..
Root it secure it
Try again
And if that still looks bad..
User paper and one time pads for encryption and safe drop points.

Categories

Resources