Related
My Samsung Vibrant I bought on Wednesday was stolen last night out of my car. I'm slowing running out of options on tracking it and getting it back. I'm pissed.
In order to protect my other phone, HTC HD2 with Froyo, I want to invest in some security software and found PhoneLocator Pro. I've downloaded it off the market and really like how it works.
I'm concerned however if, by some other unlucky chance this phone gets stolen too, that if the burglar hard-resets the phone. Will this app become entirely useless in this case?
Or another question is what stolen phone locating app / anything do you guys recommend? I want to make sure I'll have any way of getting my property back.
Panda_Face said:
My Samsung Vibrant I bought on Wednesday was stolen last night out of my car. I'm slowing running out of options on tracking it and getting it back. I'm pissed.
In order to protect my other phone, HTC HD2 with Froyo, I want to invest in some security software and found PhoneLocator Pro. I've downloaded it off the market and really like how it works.
I'm concerned however if, by some other unlucky chance this phone gets stolen too, that if the burglar hard-resets the phone. Will this app become entirely useless in this case?
Or another question is what stolen phone locating app / anything do you guys recommend? I want to make sure I'll have any way of getting my property back.
Click to expand...
Click to collapse
If system apps persist through hard reset (apks in /system/app), and you install it as such (root) there is a possibility you should be OK. However, I think that the settings would be erased and therefore leave it useless. I will give it a test and see as I am curious as well.
---------- Post added at 12:23 PM ---------- Previous post was at 11:52 AM ----------
So I can confirm that although the app does persist through a factory reset, it is useless, lol. I know that PLLocator Pro can backup / restore settings from the SD card but before even getting to that point the app it fails the license check and does not proceed. Oh well.
On a side note, make sure you have it installed as a system app (/system/app) in order to use the "activate gps remotely" feature.
Avast! Mobile Security has hard-reset proof storage of settings and other useful security stuff. And it's free, so it's amazing value for the money .
https://market.android.com/details?id=com.avast.android.mobilesecurity
I use SeekDroid Lite. It's free also, so check it out:
https://market.android.com/details?id=org.gtmedia.seekdroid.lite
avast hands down i have tested every feature of this app on my phones and it is flawless and its free dont be fooled this is the best you can get when you install it install as direct write (you must be rooted ) any ? just inbox me i will be glad to help
if it helps please hit thanks button
Avast is epic. I only miss the photo feature and web interface from PLPro but I have my custom lockscreen back, thanks!
Sent from my SAMSUNG-SGH-I727 using XDA App
Long story short: I messed up with flashing a custom rom. But gladly, I got my phone fixed. Now, I wanna root again but I'm scared of rom flashing. I just wanna do the basic benefits of rooting like deleting stock aps and other things.
So what other 'rooting benefits' can I obtain without rom flashing? Or without having the risk of bricking my phone? The rooting process is kinda simple for me since I can use the z4root app.
Help? Anyone?
reyesryanmjaube said:
Long story short: I messed up with flashing a custom rom. But gladly, I got my phone fixed. Now, I wanna root again but I'm scared of rom flashing. I just wanna do the basic benefits of rooting like deleting stock aps and other things.
So what other 'rooting benefits' can I obtain without rom flashing? Or without having the risk of bricking my phone? The rooting process is kinda simple for me since I can use the z4root app.
Help? Anyone?
Click to expand...
Click to collapse
You can obtain lot of goodies, like install applications not coming from the market, i guess, edit system files, remove non needed system applications, do a lot of things, be sure when you flash a rom to have a fully charged battery, its really hard to brick it.
mmmmm ????
depending what phone you have?? Rooting is safe enough, you can "unroot" just as easy! I definitely recommend z4root If you flash another ROM be sure to do lots of research next time!!! If you experience any problems, dont forget google can be your best friend! You can count on the fact you wont be the only one having the same problem
I have LG p500. Basically, I'm now scared of anything that involves CMD. I can install non market apps like the ones from here. So yeah, after Z4root. what now?
These phones are great for bricking, because a lot of times they're easy to fix. Try out themes, custom roms, custom kernels, it's all available to you now.
Can you guide me a bit? Please
Sent from my LG-P500 using XDA App
Oh! I read this thread in the news section. If i understand it correctly it will allow me to uninstall preset apps without cmd?
Nalthos said:
I recently bought a Droid 2 Global and decided to get my feet wet with android development. To familiarize myself with the platform I wrote a simple utility for managing the bloat that came pre-installed on my phone. I thought there might be other people who would get some use out of this so I am posting it here. You will need to be rooted and have busybox installed to use this application. If you used z4root to root your phone then you should have everything you need.
The application is pretty simple. When you start it you are presented with a list of the Bloat that the application recognizes. Each item in the list has a checkbox that indicates whether it is enabled or not. To disable bloat you just uncheck the boxes next to what you don't want and then press the Apply button that appears at the bottom of the screen. You can save what you have disabled as a profile by pressing the options button and then choosing Save Profile. This is convenient because you are going to need to turn all of this bloat back on if you want to receive updates. If you have saved a profile and a new update becomes available you can launch Bloat Manager, press the options button, choose Enable All and then click Apply to get your phone ready for the update. After the update installs you can launch Bloat Manager, press the options button, choose Load Profile and then click Apply to turn the bloat back off.
The following applications can be toggled on or off using Bloat Manager:
Amazon MP3 /system/app/amazonmp3_1_8_14_signed_zipaligned_Signed_2010-09-09_15-23-51.apk
Blockbuster /system/app/Blockbuster.apk
City ID /system/app/CityID.apk
Friend Feed /system/app/FriendFeed.apk
Kindle /system/app/Kindle-1_0_2-OEM-SingleSign_Signed_2010-09-20_17-31-57.apk
My Net /system/app/Mynet.apk
My Verizon /system/app/MyVerizon.apk
News Widget /system/app/NewsWidget.apk
Performance Manager /system/app/PerformanceManager.apk
Skype /system/app/Skype_mobile.live.apk
Social Messaging /system/app/SocialMessaging.apk
Social Share /system/app/SocialShare.apk
VZNavigator /system/app/vnav_6.1.0.160_Droid2Global_rel_PROD_signed.apk
Visual Voice Mail /system/app/Vvm.apk
Weather Widget /system/app/WeatherWidget.apk
World Clock Widget /system/app/WorldClockWidget.apk
When you disable an application using Bloat Manager it simply renames it to .bak. When you re-enable an application it is renamed back to .apk.
Bloat Manager remounts your /system partition as writable in order to make changes to applications. I came up with this list based on what other people have had success with removing, but I have not personally turned off everything on the list. Changing things in your system partition is always dangerous so please be careful.
Click to expand...
Click to collapse
Sent from my LG-P500 using XDA App
Sent from my LG-P500 using XDA App
Lol, rooting is so easy a baby could do it. OneClickRoot FTW.
reyesryanmjaube said:
Long story short: I messed up with flashing a custom rom. But gladly, I got my phone fixed. Now, I wanna root again but I'm scared of rom flashing.
Click to expand...
Click to collapse
Thanks for sharing, yo.
Sent from my weak Wildfire, can't wait to trade in for HD2, also, not afraid to root.
So yeah aside from this feature, what else can I do without. Using cmd?
Sent from my LG-P500 using XDA App
Iinstead of asking and waiting for responses, search on the forum or read a sticky or something to expand your knowledge if you aren't comfortable with cmd you probably shouldn't be messing with root privileges. And bricked phones are dead phones, you can only recover from a brick by replacing hardware
xxmonsterx said:
Iinstead of asking and waiting for responses, search on the forum or read a sticky or something to expand your knowledge if you aren't comfortable with cmd you probably shouldn't be messing with root privileges. And bricked phones are dead phones, you can only recover from a brick by replacing hardware
Click to expand...
Click to collapse
Wow. Since you put it that way.
But there's just too much. You cant blame me for being like this. I bricked my phone and they replaced the mother board (for free) and I am worried to do this again. I tried learning, I failed. And I don't like to be a wannabe developer of some sort, I just want to maximize my phone to it's potential and do what most people do.
You can say that I haven't exerted too much effort. In that case, maybe you're not the person I should me asking help from. Sorry, I was hurt.
reyesryanmjaube said:
So yeah aside from this feature, what else can I do without. Using cmd?
Sent from my LG-P500 using XDA App
Click to expand...
Click to collapse
CMD (command shell in windows,mac or linux) is only used when you change ROMs or unlock the bootloader (the program that loads the ROM) apps and themes have nothing to do with it, you will read ADB a lot which is basically a way to access the whole device remotely, most of this you do on the handset itself. Root is a term the same as apples jailbreak, which gives you complete access to everything (most is protected bloatware (apps) that network providers don't want you to delete, there is also a percentage of protection stopping you messing up bits that bricking your phone! Bricking doesn't mean screen wont work, force closes or not booting...it means DEAD! If see something cool that you fancy doing, research a little first and if you don't know what it is or means...DONT DO IT! Its that simple root is what you make it, it opens a lot of options but there's no rush to get to the end, the you learn doing little bits, the quicker you'll be confident flashing ROMs and maybe even developing your own customisations
reyesryanmjaube said:
Wow. Since you put it that way.
But there's just too much. You cant blame me for being like this. I bricked my phone and they replaced the mother board (for free) and I am worried to do this again. I tried learning, I failed. And I don't like to be a wannabe developer of some sort, I just want to maximize my phone to it's potential and do what most people do.
You can say that I haven't exerted too much effort. In that case, maybe you're not the person I should me asking help from. Sorry, I was hurt.
Click to expand...
Click to collapse
If you want to maximize your phone's full potential you have to deal with thoses things, e.g.: joy 845 comes with the stock rom, which is slow and contains many things not needed, thus you have to flash another rom, better, faster etc...so yeah you have to be a wannabe in the end if you want to do what you want.
Check out Youtube how-to vids on rooting. Some are invaluable, especially the longer ones. Most of these guys take you step by step in detail.
Sent from my ADR6300 using XDA App
Edit: with new Gear Manager (Jun release), this method doesn't work anymore. The new approach is to install a "contact synchroniser killer" app on the rooted watch. More details are in this post.
==================================================================================================================================================================================
Hi all,
Ever since I started using my Gear 2 Neo with my HTC One M8 phone (using the guide in this forum), I noticed that my watch consumes battery significantly faster than most of the users have been reporting. Even more strangely, sometimes after resetting both the phone and the watch (and I've done this a lot while experimenting and trying to get more stuff working) I had streaks of stellar battery life, well in line with optimistic reports here and elsewhere, but then, after a while, it started deteriorating very quickly.
So I decided it was time to do something about it. I installed Tizen SDK, hooked the watch up and started poking around. The first thing I noticed my watch CPU was, most of the time, sitting on 40%! Well, that doesn't sound right, does it? Then I noticed the log (located under /var/log/dlog_main) was full with messages related to contact synchronisation. It turns out the damn thing synchronises all of my contacts every several seconds. The trouble is I have well over 1500 contacts (that's consolidated from different sources, the number of raw contacts should be well over 3000). So it takes significant time to do this, meaning my watch (and the phone!) are thrashed by these stupid full contact syncs all the time! What's even more striking is the fact it doesn't help when I change it to "favourites only". Apparently, this affects only the contacts displayed on the watch, however, the sync process still takes all of them.
At this point I started poking around Samsung APK files to try and understand what was going on. Apparently, the APK responsible for contact sync is called GOPROVIDERS. Indeed, if you kill it, the thrashing stops, however, other important functions cease working as well. Aside of Contacts vanishing from the Gear, "Find my phone" is gone as well, but, more importantly, notifications stop working. While I could tolerate the first two, the last one was too much to give up.
I started decompiling and analysing sources. Apparently, there is a process running every several seconds that analyses if any changes have been made to the contacts. It uses pretty bizarre logic which seems to be relying on Samsung-specific fields in the contacts. Now, this already sounds suspicious, and, apparently, leads to full sync every several seconds. Obviously, the more contacts you have, the harder you're hit.
An interesting point in all this is that I'm not 100% sure the logic is working properly even on Samsung devices, so it might well be that the same issue is affecting people with high number of contacts using Samsung phones as well. I'd be really interested to see any feedbacks regarding this.
So, long story short, instead of fixing the logic (which is quite difficult in SMALI), I made a simple change which dilutes this logic invocations, right now 1:64. Since then I'm enjoying MUCH improved battery life.
The fixed APK is attached. You're welcome to give it a try at your own risk (you need to enable installation from untrusted sources + reboot and clean dalvik cache).
mpogr said:
So, long story short, instead of fixing the logic (which is quite difficult in SMALI), I made a simple change which dilutes this logic invocations, right now 1:64. Since then I'm enjoying MUCH improved battery life.
Click to expand...
Click to collapse
Could you please explain your "logic invocations, right now 1:64" change?
JimSmith94 said:
Could you please explain your "logic invocations, right now 1:64" change?
Click to expand...
Click to collapse
In the fixed APK the logic is actually invoked 1 time out of 64 attempts. It makes its frequency about every 40 minutes instead of every 30 seconds.
mpogr said:
In the fixed APK the logic is actually invoked 1 time out of 64 attempts. It makes its frequency about every 40 minutes instead of every 30 seconds.
Click to expand...
Click to collapse
Thanks, I understand now. Congratulations on your find and fix! I'm going to try it.
mpogr said:
The fixed APK is attached. You're welcome to give it a try at your own risk (you need to enable installation from untrusted sources + reboot and clean dalvik cache).
Click to expand...
Click to collapse
Someone who knows where this should be shared and divulged to the rest of the community should do so! It sounds like this is a pretty bad bug that should be addressed officially, but BIG TIME props to you for figuring this all out!!
Thank you!!!
Im on samsung f/w (note3) yesterday ive experience on severe battery drain .. in a few hours it was completely drained.. I wasnt even wearing it.. so that logic aint the only faulty one .. thx for tgat fix.. il see if it helps
Sent from my SM-N900W8 using XDA Premium 4 mobile app
Guys, everyone with abnormal drain, it would be extremely helpful to troubleshoot your root cause if you could send me the log file from your watch that includes the affected time span. In order to do that:
Enable USB debugging on the watch (under settings->Gear Info)
Download and install Tizen SDK.
Connect your watch to the computer using its charging cradle.
Open the command line (cmd.exe), change to the folder where the SDK files are installed (the default is c:\tizen-sdk\tools) and then run the following command:
Code:
sdb pull /var/log/dlog_main
This will pull the log file to the same folder. Then send it to me via PM (ZIP first!), so I could have a look.
mpogr said:
Guys, everyone with abnormal drain, it would be extremely helpful to troubleshoot your root cause if you could send me the log file from your watch that includes the affected time span. In order to do that:
Download and install Tizen SDK.
Connect your watch to the computer using its charging cradle.
Open the command line (cmd.exe), change to the folder where the SDK files are installed (the default is c:\tizen-sdk\tools) and then run the following command:
Code:
sdb pull /var/log/dlog_main
This will pull the log file to the same folder. Then send it to me via PM (ZIP first!), so I could have a look.
Click to expand...
Click to collapse
well I decided to reformat my watch in case that woudl help but will surely grab a log next time somethign like this occurs.
Excellent work mpogr!! Will try this and report back
Sent from my GT-I9505 using Tapatalk
I think I too have this issue and I have an S5. Does the goproviders-signed.apk go onto the phone or the Gear2?
Are there some instructions on getting the goproviders-signed.apk file onto the Gear2?
apexhugger said:
I think I too have this issue and I have an S5. Does the goproviders-signed.apk go onto the phone or the Gear2?
Are there some instructions on getting the goproviders-signed.apk file onto the Gear2?
Click to expand...
Click to collapse
The APK file is installed on the phone. It is strongly advised to clear goproviders data before installing it.
I just made a new version of this APK corresponding to the new version of Gear Manager (2.1.14052101), it's attached to this post.
mpogr said:
The APK file is installed on the phone. It is strongly advised to clear goproviders data before installing it.
I just made a new version of this APK corresponding to the new version of Gear Manager (2.1.14052101), it's attached to this post.
Click to expand...
Click to collapse
Thanks for that. Is there a guide for getting this file onto the Gear2 (and clearing goproviders data)?
I'm quite new to this but good at following instructions
apexhugger said:
Thanks for that. Is there a guide for getting this file onto the Gear2 (and clearing goproviders data)?
I'm quite new to this but good at following instructions
Click to expand...
Click to collapse
Clearing data is usually available under "Settings->Apps" and then find the app (goproviders) and find "Clear Data" buton.
In terms of installing, you need to enable installation from untrusted sources first of all. Then, you can use any file manager software (e.g. "Root Explorer" or "Super Manager"), when you tap on an APK file, it will ask if you want to install it.
mpogr said:
Clearing data is usually available under "Settings->Apps" and then find the app (goproviders) and find "Clear Data" buton.
In terms of installing, you need to enable installation from untrusted sources first of all. Then, you can use any file manager software (e.g. "Root Explorer" or "Super Manager"), when you tap on an APK file, it will ask if you want to install it.
Click to expand...
Click to collapse
I'm having trouble getting this file to install, it doesn't let let me tap install (tapping Install does nothing). Does the phone need to be rooted?
Won't let me install, keeps failing.
Any ideas? I uninstalled with root uninstaller, still fails.
Do you think disabling Super User would temp fix the drain?
Sent from my SM-G900T using XDA Free mobile app
bubblebuddyi said:
Won't let me install, keeps failing.
Any ideas? I uninstalled with root uninstaller, still fails.
Do you think disabling Super User would temp fix the drain?
Sent from my SM-G900T using XDA Free mobile app
Click to expand...
Click to collapse
Please, check if installation from untrusted sources is enabled.
mpogr said:
Please, check if installation from untrusted sources is enabled.
Click to expand...
Click to collapse
It is.
Sent from my SM-G900T using XDA Free mobile app
bubblebuddyi said:
It is.
Sent from my SM-G900T using XDA Free mobile app
Click to expand...
Click to collapse
Actually, I think I faced it before. Gear Manager apparently checks if all of its components are installed and sometimes silently reinstalls them again.
Please, uninstall goproviders and install the alternative APK quickly afterwards.
I use Super Manager, one advantage of it is that you can see if the app is already installed (it show uninstall option when you tap on the APK in such case). I saw once, when I uninstalled the original app and then tried installing the new APK, it failed, but then, after tapping on it again, Super Manager showed that it was already installed. What I think happened was Gear Manager silently reinstalled the original app while I was trying to install the new one. Uninstalling (from Super Manager) and quickly installing again fixed it.
mpogr said:
Actually, I think I faced it before. Gear Manager apparently checks if all of its components are installed and sometimes silently reinstalls them again.
Please, uninstall goproviders and install the alternative APK quickly afterwards.
I use Super Manager, one advantage of it is that you can see if the app is already installed (it show uninstall option when you tap on the APK in such case). I saw once, when I uninstalled the original app and then tried installing the new APK, it failed, but then, after tapping on it again, Super Manager showed that it was already installed. What I think happened was Gear Manager silently reinstalled the original app while I was trying to install the new one. Uninstalling (from Super Manager) and quickly installing again fixed it.
Click to expand...
Click to collapse
I tried that with Root Uninstaller, it definitely silently installs it. Faster then I could install it. And apparently disabling Root in SU uninstalled it, because now I can't re-enable it. As long as I'm not rooted, I shouldn't have an issue right?
Sent from my SM-G900T using XDA Free mobile app
bubblebuddyi said:
I tried that with Root Uninstaller, it definitely silently installs it. Faster then I could install it. And apparently disabling Root in SU uninstalled it, because now I can't re-enable it. As long as I'm not rooted, I shouldn't have an issue right?
Sent from my SM-G900T using XDA Free mobile app
Click to expand...
Click to collapse
No idea mate. Just make sure you've got the right "goproviders" installed at the end of the process. The final APK will reside under /data/app and will be named "com.samsung.accessory.goproviders-N.apk" (where N is a number like 1, 2 etc.). Just grab it (e.g. by "adb pull") and do binary comparison with the file you installed ("diff" on Andoid/Linux or "fc /b" on Windows).
Hi
A friend bought a UMI diamond X a month ago.
From yesterday he stars to have some commercials each time that he takes his phone.
Did the put something in the stock rom that activate after a little time of use ?
Someone knows something?
thanks
I don't know if there is a delay or not before adds start but Chinese phones are known to have quite aggressive ad network even with stock apps & they have weak privacy often, so it could be a stock app. Some Chinese phones have also been shown to do silent upgrades, so you don't know when they update something (can't recall if Umi is one) which is why is may only start a month later.
However it could be due to malware/adware downloaded from a website or if he has used one of the Chinese app stores to get an app or any store that is not Google you are increasing your risks, those stores are not well regulated and many apps have had adware/malware inserted into legitimate looking apps like youtube etc. Did he recently download some apps from an app store that was NOT Google?
see eg
http://blog.teamleadnet.com/2015/06/how-to-remove-adware-browser-hijack-or.html
or
https://www.youtube.com/watch?v=zfi6N10ARFA
(also lookout for Chinese apps (or any other unusual apps) with western alphabet like Baidu, which this guy seems to ignore)
IronRoo said:
I don't know if there is a delay or not before adds start but Chinese phones are known to have quite aggressive ad network even with stock apps & they have weak privacy often, so it could be a stock app. Some Chinese phones have also been shown to do silent upgrades, so you don't know when they update something (can't recall if Umi is one) which is why is may only start a month later.
However it could be due to malware/adware downloaded from a website or if he has used one of the Chinese app stores to get an app or any store that is not Google you are increasing your risks, those stores are not well regulated and many apps have had adware/malware inserted into legitimate looking apps like youtube etc. Did he recently download some apps from an app store that was NOT Google?
see eg
http://blog.teamleadnet.com/2015/06/how-to-remove-adware-browser-hijack-or.html
or
https://www.youtube.com/watch?v=zfi6N10ARFA
(also lookout for Chinese apps (or any other unusual apps) with western alphabet like Baidu, which this guy seems to ignore)
Click to expand...
Click to collapse
Thanks.
As far as I know he didn't install something for a while and on the umi diamond X there is no parallel app store.
He did a factory reset but if there are new commercial pop up i'll try your links , thank you again
Android 5.0 and above, just download, install DNS66 from Fdroid. Update all hosts file.
Cedric1127 said:
Hi
A friend bought a UMI diamond X a month ago.
From yesterday he stars to have some commercials each time that he takes his phone.
Did the put something in the stock rom that activate after a little time of use ?
Someone knows something?
thanks
Click to expand...
Click to collapse
I have the same problem, couple days ago commercials started shows all time, i tried use DNS66 and it doesn't help.
Do anybody know how to root this phone?
I can tell that on UMI Super apart from the battery additions and MediaTek apps there is no of that, very little bloat.. alost AOSP.
This also should help you identify some MTK apps http://bitlog.it/re/dissecting-an-android-chinaphone/
Bringing this up .
I have exactly the same problem. Ad starts showing up on lock screen and every few day some fake app installs out of nowhere. What can I do?
Wrote about it here on xda
The only thing I haven't tried yet is going to stock but now I found this topic and not sure if even that would help. Did OP had any luck with this?
Cedric1127 said:
Thanks.
As far as I know he didn't install something for a while and on the umi diamond X there is no parallel app store.
He did a factory reset but if there are new commercial pop up i'll try your links , thank you again
Click to expand...
Click to collapse
cyryl85 said:
I have the same problem, couple days ago commercials started shows all time, i tried use DNS66 and it doesn't help.
Do anybody know how to root this phone?
Click to expand...
Click to collapse
AbelardM said:
I can tell that on UMI Super apart from the battery additions and MediaTek apps there is no of that, very little bloat.. alost AOSP.
This also should help you identify some MTK apps http://bitlog.it/re/dissecting-an-android-chinaphone/
Click to expand...
Click to collapse
the_bulk said:
Bringing this up .
I have exactly the same problem. Ad starts showing up on lock screen and every few day some fake app installs out of nowhere. What can I do?
Wrote about it here on xda
The only thing I haven't tried yet is going to stock but now I found this topic and not sure if even that would help. Did OP had any luck with this?
Click to expand...
Click to collapse
I saw another forum where someone says you need to freeze the "super cleaner" app (can't be uninstalled) that comes with the phone to stop this & maybe any of the DU branded apps also if they
(edit: on other phone eg Zuji they have another app "battery saver " that seems to work similarly and serve ads or/or push apps to your phone in the same way that needed to be frozen)
I am having lots of problems with my umi diamond x screen keeps jumping and goes into the black screen with all your settings on like wifi aeroplane mode screen brightness etc it locks up the phone, I am also getting lots of adds and the phone is getting hot and using up the battery too, I have taken the sim out and sd card and it still does this so the issues are not sd or sim so it must be the operating system on the phone or something, I have tried everything but cant fix can anyone help or should I just buy a new phone
you can try a factory reset or you can flash the phone with an original room or a custom room but as far as I remember there are very few custom ROMs for this phone
Hi,
I'm new to XDA. I think I'm in the right forum for my issue. My phone was infected with what I think is a type of auto rooting trojan. I was looking for info on an app I'm using called Duraspeed. I came across this website that started throwing popups at me saying my phone had tons of viruses, which was a lie. By the time I could break free from the drive by attacks, it was too late. I started getting sluggish performance on my phone and popup ads randomly. Even though it somehow gained root access, my phone is not rooted. Never was. Its still not! Because I checked with several apps off the playstore to confirm this. Long story short:
It put a file called "ads_popup-release.apk"
in my root folder /system/priv-app/
And modified a file called "8e710bb7.0"
in root folder /system/etc/security/cacerts/
or put (installed) the file there I'm not sure.
The file running on the phone as a system app is called "ad_surface"
I can only force stop and disable ad_surface without the ability to uninstall. I have to repeat this process every time I reboot. This stops the ads from popping up. Funny thing is, even though the force stop button in app settings is greyed meaning it was stopped and disabled, my OS Monitor app that shows running processes shows ad_surface is still running. Yet, it does stop the random popup ads by doing it this way. I've tried 360 AV, Avast, AVG, Malwarebytea, Kaspers, stubborn rootkit remover, a lot of antivirus programs but nothing detects it. I'm using Total Commander File Manager to view the device system partitions. I even copied the two trojan files to a folder on the user partition to see if any of the antivirus programs could check them there away from the root areas. But nothing. My guess is that I need to root my phone so I can gain access to the apk file and delete it. I haven't done a factory reset because I realize that apk file is in the recovery partition in order to reinstall itself. I've never rooted a phone before, but I have Kingroot installed. I downloaded it from XDA. I just don't have the guts to use it in fear of bricking. Do you think it would work with my phone? Does it abort the root procedure if it can't do it? Here are my phone specs:
Vortex Beat 8
Software build: 8_V1.5_20171011
Chipset: MT6580M Cortex-A7
CPU Architecture: ARMv7 Processor Rev 3(V71)
Cores: 4 1300MHz
Kernal Version: 3.18.19
Total Ram: 459MB
Internal ROM: 8GB (4GB for user)
That's about it. If there's anything anybody who could recommend how to go about this I would greatly appreciate the help. Thank you...
Go try factory resetting it, doesn't hurt to try.
If the "virus" is still there you can always re-flash the phones os. Here is the link to the stock ROM ---> http://www.needrom.com/wp-content/uploads/2017/04/BEAT-8_V1.06_20170413.rar
The below link is a tutorial on how to flash the phones ROM.
https://www.getdroidtips.com/stock-rom-vortex-beat-8/#How_to_Download_Stock_ROM_on_VORTEX_Beat_8
In mtkdroid tools, Have all the boxes unchecked, and make sure you only have "ANDRIOD" and "RECOVERY" checked marked. The other boxes are just about the phones information and properties. Theses shouldn't be checked because it might erase your imei/drivers or other stuff. After flashing the rom make sure you do a complete factory rest + cache. Erase whatever you have on ur sd cards or micro sd cards.
Just do this and call it a day
Good luck
Cool
Hi, thank you! I will try this. I will have to borrow someone's computer like my nephews. I did try Kingroot and OneClickRoot but they both failed. Perhaps due to a locked bootloader. Or the evil trojan that made itself super user blocking them. I did do a factory reset, but the trojan persist. My mistake was forgetting to turn off unknown sources in security settings. I think that's how it got in... I'll keep checking back on this thread in the meantime to see if someone knows a tool that can kill the trojan, but I doubt it. Cheers!
SecretSociety68 said:
Hi, thank you! I will try this. I will have to borrow someone's computer like my nephews. I did try Kingroot and OneClickRoot but they both failed. Perhaps due to a locked bootloader. Or the evil trojan that made itself super user blocking them. I did do a factory reset, but the trojan persist. My mistake was forgetting to turn off unknown sources in security settings. I think that's how it got in... I'll keep checking back on this thread in the meantime to see if someone knows a tool that can kill the trojan, but I doubt it. Cheers!
Click to expand...
Click to collapse
I'm having similar troubles I somehow believe I have an entire infected Network from Windows 10 to iOS and all the cell phones even two 3-g flip even the Smart car has been recognized I communicated with the virus / hacker Network I have no idea how to get rid of it I give his self super user privileges without quite rooting the phone and hides itself in system apps so it's virtually impossible to get rid of at least for me it is I have post here called wading deep Waters please do check it out
sassyfrassy said:
I'm having similar troubles I somehow believe I have an entire infected Network from Windows 10 to iOS and all the cell phones even two 3-g flip even the Smart car has been recognized I communicated with the virus / hacker Network I have no idea how to get rid of it I give his self super user privileges without quite rooting the phone and hides itself in system apps so it's virtually impossible to get rid of at least for me it is I have post here called wading deep Waters please do check it out
Click to expand...
Click to collapse
It isn't unheard of for a router to get infected with a virus/malware, rare, but not exactly impossible. I've run across others here over the years that have discussed this issue. I don't remember any specifics, tools or methods to fix the issue though, but you can probably find info on removing malware from a router.
Sent from my LGL84VL using Tapatalk
Droidriven said:
It isn't unheard of for a router to get infected with a virus/malware, rare, but not exactly impossible. I've run across others here over the years that have discussed this issue. I don't remember any specifics, tools or methods to fix the issue though, but you can probably find info on removing malware from a router.
Click to expand...
Click to collapse
Thank you for your prompt response I'm not positive that the router and modem are infected more or less they are overloaded from the amount of leeches in hitchhiker's I have from this awful network of hackers and code running through my TV's my cars for god sakes I read one of their lauder's I got in somehow and I could see that they were logging how many seconds it took me from getting out of the car to getting in my home that was just one scary example they could tell when my phone was in my pocket and if I was walking and how many people were with me this is just my cell phone not to mention my TV's the laptops I have no idea what to do
sassyfrassy said:
Thank you for your prompt response I'm not positive that the router and modem are infected more or less they are overloaded from the amount of leeches in hitchhiker's I have from this awful network of hackers and code running through my TV's my cars for god sakes I read one of their lauder's I got in somehow and I could see that they were logging how many seconds it took me from getting out of the car to getting in my home that was just one scary example they could tell when my phone was in my pocket and if I was walking and how many people were with me this is just my cell phone not to mention my TV's the laptops I have no idea what to do
Click to expand...
Click to collapse
It sounds to me like their hold over you has more to do with your personal information than with your devices. With certain pieces of your info, they can gain access to any device that you sign into, login to or even just enter information in while using, even if it isn't yours.
If your network provider randomly cycles IP addresses among its users, it could be that the hacker has previously hijacked that IP address while another user was using it and his access carried over to you when the IP was assigned to you. If this is so, a new IP and changing all of your account info among all of the various accounts you have would cut him off, maybe?
I'm not the best at network security issues that go that deep. My network management/LAN Admin days were a very long time ago, too many things have changed.
Sent from my LGL84VL using Tapatalk
Droidriven said:
It sounds to me like their hold over you has more to do with your personal information than with your devices. With certain pieces of your info, they can gain access to any device that you sign into, login to or even just enter information in while using, even if it isn't yours.
If your network provider randomly cycles IP addresses among its users, it could be that the hacker has previously hijacked that IP address while another user was using it and his access carried over to you when the IP was assigned to you. If this is so, a new IP and changing all of your account info among all of the various accounts you have would cut him off, maybe?
I'm not the best at network security issues that go that deep. My network management/LAN Admin days were a very long time ago, too many things have changed.
Click to expand...
Click to collapse
Thank you I really appreciate you taking the time to think about my situation I have had no one to talk to about this for 2 months
sassyfrassy said:
Thank you I really appreciate you taking the time to think about my situation I have had no one to talk to about this for 2 months
Click to expand...
Click to collapse
Not sure how much help I'll be to you. I'm no expert in what you're dealing with. I'm just telling you some possibilities that I've seen others dealing with over the years.
Sent from my LGL84VL using Tapatalk
Droidriven said:
It sounds to me like their hold over you has more to do with your personal information than with your devices. With certain pieces of your info, they can gain access to any device that you sign into, login to or even just enter information in while using, even if it isn't yours.
If your network provider randomly cycles IP addresses among its users, it could be that the hacker has previously hijacked that IP address while another user was using it and his access carried over to you when the IP was assigned to you. If this is so, a new IP and changing all of your account info among all of the various accounts you have would cut him off, maybe?
I'm not the best at network security issues that go that deep. My network management/LAN Admin days were a very long time ago, too many things have changed.
Click to expand...
Click to collapse
You hit the nail on the head! Told me "unfortunately we have met"
Sent from my LGE LGL158VL using XDA Labs
SecretSociety68 said:
It put a file called "ads_popup-release.apk"
in my root folder /system/priv-app/
Click to expand...
Click to collapse
translation it installed itself to the privilege app section on your phone which does not delete with a reset (new rom does) this also gives the app more power
it can only be done with root so the app rooted your phone (at least temp) here is a app that removes it but it needs root
https://f-droid.org/en/packages/de.j4velin.systemappmover/
And a system priv app has AFAIK full power however as of Oreo thier is another file to give it permisions so says google https://source.android.com/devices/tech/config/perms-whitelist namely
/etc/permissions/privapp-permissions-OEM_NAME.xml
/etc/permissions/privapp-permissions-DEVICE_NAME.xml
check these files and see what you find
SecretSociety68 said:
And modified a file called "8e710bb7.0"
in root folder /system/etc/security/cacerts/
or put (installed) the file there I'm not sure.
Click to expand...
Click to collapse
translation installed a CA certificate that enables them to have a SSL connection or with this certificate can spoof websites
of course this should be deleted but again you will need root (or new Rom)
SecretSociety68 said:
The file running on the phone as a system app is called "ad_surface"
Click to expand...
Click to collapse
The app has to be running with a linux GUID so you can check with that
the apps can not find root this can be because the program used root once to get a elevated status (temporary root) and then does not need it anymore
so you cannot find it. The question still remains how they did that but right now you need to get out.
Waiting for other response. Hehe.
I had this take control of multiple devices and 2 computers. 3 android phones and an apple iphone and 2 windows computers. I countless hours going through logs and data. On my android devices it even made a cloned version of TWRP so it would reinstall itself through recovery. I spent hours on the phone with samsung and apple senior advisors. I viewed the analytic data on the apple device over and over. Extremely werid things were running. Constantly writting system wwrites on a stock apple phone. It was able to transfer from device to device over wifi hotspot. It went on for over two months. I had a roku tv also become monitored. It was the craziest **** ive ever had happen to me. It litterally almost drove me insane and I thought I was going crazy. Ive never seen anything like it. Even google reaults were completely false and fake sites. I disnt know this happened to anyone else. Ive got countless logs and screenshots saved in case I ever needed to share the info. It even remotely sipped my desktop hard drives and had me connecring to a remote server on boot.
---------- Post added at 07:48 PM ---------- Previous post was at 07:37 PM ----------
I could make a phone call and hear breathing in the background. Id make a call and touch tone sounds would go off after the first ring. I was getting constant interference through my phone. It connected all my devices to a home group I never created. I literally had to destroy the devices
---------- Post added at 08:15 PM ---------- Previous post was at 07:48 PM ----------
Applied protocal - makes sense man, in juat glad I got it off my back. On the iphone, when yyou would install a new app from the "app store" it would run a wake up over 4000 times a second to wake up an unknown app in system files . im assuming this was to clone the app or change some code in it when it was installed. The app name was ??? In the analytic logs and it was an "event write system". This was some dirty stuff man. Is this something that is common right now? This exploit across so many devices? Id love to share some of these logs and screenshots if anyone is interested.
SecretSociety68 said:
Hi,
I'm new to XDA. I think I'm in the right forum for my issue. My phone was infected with what I think is a type of auto rooting trojan. I was looking for info on an app I'm using called Duraspeed. I came across this website that started throwing popups at me saying my phone had tons of viruses, which was a lie. By the time I could break free from the drive by attacks, it was too late. I started getting sluggish performance on my phone and popup ads randomly. Even though it somehow gained root access, my phone is not rooted. Never was. Its still not! Because I checked with several apps off the playstore to confirm this. Long story short:
It put a file called "ads_popup-release.apk"
in my root folder /system/priv-app/
And modified a file called "8e710bb7.0"
in root folder /system/etc/security/cacerts/
or put (installed) the file there I'm not sure.
The file running on the phone as a system app is called "ad_surface"
I can only force stop and disable ad_surface without the ability to uninstall. I have to repeat this process every time I reboot. This stops the ads from popping up. Funny thing is, even though the force stop button in app settings is greyed meaning it was stopped and disabled, my OS Monitor app that shows running processes shows ad_surface is still running. Yet, it does stop the random popup ads by doing it this way. I've tried 360 AV, Avast, AVG, Malwarebytea, Kaspers, stubborn rootkit remover, a lot of antivirus programs but nothing detects it. I'm using Total Commander File Manager to view the device system partitions. I even copied the two trojan files to a folder on the user partition to see if any of the antivirus programs could check them there away from the root areas. But nothing. My guess is that I need to root my phone so I can gain access to the apk file and delete it. I haven't done a factory reset because I realize that apk file is in the recovery partition in order to reinstall itself. I've never rooted a phone before, but I have Kingroot installed. I downloaded it from XDA. I just don't have the guts to use it in fear of bricking. Do you think it would work with my phone? Does it abort the root procedure if it can't do it? Here are my phone specs:
Vortex Beat 8
Software build: 8_V1.5_20171011
Chipset: MT6580M Cortex-A7
CPU Architecture: ARMv7 Processor Rev 3(V71)
Cores: 4 1300MHz
Kernal Version: 3.18.19
Total Ram: 459MB
Internal ROM: 8GB (4GB for user)
That's about it. If there's anything anybody who could recommend how to go about this I would greatly appreciate the help. Thank you...
Click to expand...
Click to collapse
Definitely malmare! Mine was called "Ad-Time", like a kid's show or something, but either way, very persistent and pervasive! I have 2 roms, (v 1.5 & 1.6), in img format, easy fastboot flash. Look at this phone wrong and it's rooted. Anybody interested, hit me up, I even got the couple-line script to install SuperSU /system (beat 8 doesn't like Magisk). A simple su.d script to enable permissive selinux, build.prop changes, and you have a $30 Nexus via MTK. I also ported TWRP 3.2.1(no bugs) & Philz, but TWRP is my comfort-zone.
Sent from my ZTE Sapphire 3G using XDA Labs
---------- Post added at 02:03 AM ---------- Previous post was at 01:48 AM ----------
sameboat said:
I had this take control of multiple devices and 2 computers. 3 android phones and an apple iphone and 2 windows computers. I countless hours going through logs and data. On my android devices it even made a cloned version of TWRP so it would reinstall itself through recovery. I spent hours on the phone with samsung and apple senior advisors. I viewed the analytic data on the apple device over and over. Extremely werid things were running. Constantly writting system wwrites on a stock apple phone. It was able to transfer from device to device over wifi hotspot. It went on for over two months. I had a roku tv also become monitored. It was the craziest **** ive ever had happen to me. It litterally almost drove me insane and I thought I was going crazy. Ive never seen anything like it. Even google reaults were completely false and fake sites. I disnt know this happened to anyone else. Ive got countless logs and screenshots saved in case I ever needed to share the info. It even remotely sipped my desktop hard drives and had me connecring to a remote server on boot.
---------- Post added at 07:48 PM ---------- Previous post was at 07:37 PM ----------
I could make a phone call and hear breathing in the background. Id make a call and touch tone sounds would go off after the first ring. I was getting constant interference through my phone. It connected all my devices to a home group I never created. I literally had to destroy the devices
---------- Post added at 08:15 PM ---------- Previous post was at 07:48 PM ----------
Applied protocal - makes sense man, in juat glad I got it off my back. On the iphone, when yyou would install a new app from the "app store" it would run a wake up over 4000 times a second to wake up an unknown app in system files . im assuming this was to clone the app or change some code in it when it was installed. The app name was ??? In the analytic logs and it was an "event write system". This was some dirty stuff man. Is this something that is common right now? This exploit across so many devices? Id love to share some of these logs and screenshots if anyone is interested.
Click to expand...
Click to collapse
Typical Chinese ad/malware/surveillance. If you visit china, you turn over your devices for "inspection", so they can sideload some state-sponsored goodies. A lot of these Chinese roms have the ads baked-in, like mine. Whoever's listening and seeing my pics is gonna need therapy, because I filled the phone up with some STRANGE s*** Remove the apk, but there's several .xml's and .jar's that gotta go, too.
Sent from my ZTE Sapphire 3G using XDA Labs
What is the best way to counter this problem?
Dassote said:
What is the best way to counter this problem?
Click to expand...
Click to collapse
Root, and remove all traces of the " ad_* " app and even the duraspeed app if you want, but I didn't see anything untrustworthy about that. Duraspeed is in the default.prop (running booster), so it's in the kernel. Root uninstall just leaves you no way to control, kuz the PROCESS will go and go, unless you're willing to play with the kernel. Not for amateurs like myself My Beat 8 has been flashed or fastboot-booted more times than I can count. Good times.
Once your Chinese spyware is uninstalled, delete build.prop lines with "running booster", /system/lib's with it, and I think it was in the /system/bin, and /vendor/app had one. Clear them all, and you'll need to tweak the build.prop some more. debug.qemu.kernel=1, ro.secure_storage.support=0, ro.debuggable=1, then reboot AFTER you chmod 644 the build.prop! The "debug.qemu.kernel=1" was what made the rest stick. ADD those props, but don't change the existing ones (kernel). I just deleted the default values, replaced with "" . Fits the whole debug vibe. I should upload a copy of my final build.prop, cheap-a** phone runs like a champ.
Sent from my LG G Stylo using XDA Labs