[Q] Perhaps A New Android Virus Discovered? Anyone Else Seen "Plåÿ Störé One Two"?
No idea how it could have installed itself on my phone (the last app I installed was WO Mic, from the Google Play Store. I have this on another phone but it didn't get this virus from it). Just woke up today, and found it on here. It seems to have replaced the actual legit Google Play Store. I looked in the /system/app directory, the app is called Phonesky.apk. I looked this up online, one other person has/had my problem. He said even the Verify and Install option is infected, showing "Verify and Install one two three", but I can't confirm if that is on my phone because my phone never had Verify and Install to begin with, and even when I select to install an APK it does not appear.
Besides factory reset, is there anything I can do? I will try to put some sort of antivirus on the phone, but the other guy I saw who had this problem said his Norton Mobile Security didn't pick anything up.
I will soon be uploading both the Phonesky.apk as well as the Phonesky.odex file, just in case any of you devs want to tear down the package and look at it or analyze it or whatever. In the meantime, here's some pictures I took of it. Please refer to attachments to see them.
Sent from my MB855 using XDA Free mobile app
------------------------------------------------------------------------------------
EDIT: Here is the download link for Phonesky.apk:
http://s000.tinyupload.com/index.php?file_id=10545304012778252420
And for Phonesky.odex:
http://s000.tinyupload.com/index.php?file_id=82284699703301985381
I probably don't have to say this, but just as a warning, UNLESS YOU KNOW WHAT YOU'RE DOING, I'D SUGGEST THAT YOU DO NOT INSTALL ANY OF THESE FILES ON YOUR PHONE SINCE IT PROBABLY WILL INFECT YOUR PHONE IF YOU DO IT.
Also, I've noticed that this virus imitates Google Talk as well. No, not Hangouts, the old Google Talk. I did not have Talk installed on that phone before this virus came around. I don't see a Talk-like app in the app drawer, however I do get notifications of messages in the notification bar. The messages it notifies me for are actually legitimate messages I've received. I'm having a Hangouts conversation on my primary phone, and every time I get an incoming message from my friend, it shows up on the infected phone as well. When I try to actually press the Talk notification to see if it opens a fake Talk app or anything, it doesn't actually open anything.
EDIT 2: I uploaded a picture of fake Gtalk. Also, Zoner Antivirus did not detect anything wrong, even though I saw that it scanned over something called "Google Play Store one two three".
It's been a while, but I just wanted to say that factory reset did get rid of it for me. Others have said that the system language switched to Deutsch, and they switched it back to English and everything was fine. However for me, my phone remained in English the whole time. It also seems weird that this only happened on phones running Gingerbread...
Sent from my LG-D415 using XDA Free mobile app
Related
Hi, im new to the htc one s crowd as i got one at the weekend
im now getting games and apps appearing i never installed, bejeweled 2 being one, i have had 4 different games show up so far
when i open the games i get a message saying "This phone needs to make a connection to check your licence. This is always FREE in the UK. Please ensure you are using your 3 mobile connection and not wifi" i uninstalled them and they all show 0.00kb in size and 4.00kb in size if i have opened them.
this is annoying me as i have had various android phones and this is the first time i have had a problem (dont worry im not blaming the htc i know its just bad timing)
cheers in advance
Have you tried to install an anti-virus app like avast or avg?
If I helped in any way please hit thanks
i have 4 different antivirus/malware, avg, avast, norton and some security one i cant remember the name of, all scans come back as OK
avast was the second thing i installed on my phone and it has been running since
I recommend you to install DR.WEB or avast anti virus
In play store find bejeweled 2 and see if it says "installed" or not... See if the new apps are real or not but id guess not.
Also you should change your Google account password from a known safe computer, someone could have installed stuff via play store website. Good stuff here: http://arstechnica.com/security/201...-smartphone-against-stalkers-android-edition/
Delete the apps from your phone system I use system tuner to do it. That's if it isn't on your sd card
Sent from my HTC One S using xda premium
gtanny said:
Hi, im new to the htc one s crowd as i got one at the weekend
im now getting games and apps appearing i never installed, bejeweled 2 being one, i have had 4 different games show up so far
when i open the games i get a message saying "This phone needs to make a connection to check your licence. This is always FREE in the UK. Please ensure you are using your 3 mobile connection and not wifi" i uninstalled them and they all show 0.00kb in size and 4.00kb in size if i have opened them.
this is annoying me as i have had various android phones and this is the first time i have had a problem (dont worry im not blaming the htc i know its just bad timing)
cheers in advance
Click to expand...
Click to collapse
Do you have the google backup service enabled? Sounds like its trying to restore games you might have previously had, perhaps on another phone.
It could also be depending on where he bought it if they didn't factory reset then it could transfer or so I'm told so I'd factory reset and see
Sent from my HTC VLE_U using xda app-developers app
If you use apks, I suggest removing them.
Sent from my locked, tampered ville
I downloaded a "fake" app from the play store. It was a fake version of Adaway, I didn't know it was no longer on the Play Store and I forgot to back it up. The one I downloaded was just a bunch of ads for crappy apps/games. Should I be worried or anything? I gave it the regular app permissions (view contacts, messages, blah blah). I did a scan with AVG mobile and got the real Adaway and I don't notice anything wrong atm.
I feel really dumb for falling for such a obvious trick. The app on the Play Store was removed literally within 20 minutes of me installing then uninstalling it. that is what has me most worried.
I'd still be worried. Fake app might have just been a vehicle for the ads. But may have also contain other exploits that AVG might not know about or be able to detect yet.
Factory reset and start from scratch, if you want to remove all doubt.
Sent from my HTC One XL using xda app-developers app
I wiped, reflashed, and changed my passwords. Hope I'll be smart enough not to do this again .
I just got a popup, supposedly from Google, asking for permission to protect my phone in some way. I should have taken a screen shot. My back button would not work, and I had to choose between "accept" or "deny". I chose deny, and immediately an app started to automatically download and install. The popup came up again four more time, and I chose deny each time. And each time, a new app downloaded and installed. In order, the apps were S Note, SNS Provider, Flipboard Briefing, Hancom Office 2014, and Evernote. Shortly after that, I got a text message from 6583 stating: "FREE MSG Your Mobile Locate app is configured to record your Location History; info may be viewed at http://mymobilelocate.com Open app Settings to change."
What the hell just happened to my phone?
wel.. the site leads to at&t and the apps you installed are official apps (the names atleast). As far as I can tell you are just fine, wonder what the popups looked like though.
It's no big deal. A while back, Google started offering to periodically search your phone's installed apps to make sure there were no malicious apps you might not know are bad news. This started after they had a few apps in the Play Store that were malware, and Google went and forceably uninstalled those apps from people's devices. Since some people probably complained about it as some sort of privacy violation, now they offer you a choice (i.e. be stupid, or let them save your ass from malware). I always click "accept". It only asks once per set up, so either on a brand new phone or a factory reset.
Google already knows everything I do with my device(s) anyway, so why wouldn't I want them to monitor my apps for Malware? It is especially helpful if you install apps from other sources outside the Play Store, since you never know what you're really getting.
Hi, I am running Cyanogenmod 11.0-InstallerXNPQ32P on Android version 4.4.4 on a Samsung Galaxy S4.
I stupidly removed the dialer app and various others that I didn't think I needed (calendar etc) using the System Uninstaller (Root) app which I got from the Google Play Store. I didn't think I needed the stock dialer app as I use another dialer version which I downloaded from Google Play Store. I now know this was wrong!
Now, whenever someone calls me, the screen illuminates (showing my home page) and the phone vibrates as if it is notifying me of the call. However, I am not informed who is actually calling me and I am not given the option to answer or reject the call etc.
When I open the dialer that I use (True Phone) I can dial a number or call a contact etc as I normally would. However, instead of taking me to the screen to hang up, access the dial pad etc it stays on the True Phone page. I therefore cannot hang up the call. So if the person I am trying to call doesn't answer or the call goes to their answer machine I cannot hang up without selecting airplane mode or restarting the phone.
When removing the apps I thought I would be reasonably safe as the app I used to remove them (System Uninstaller (Root)) from the Google play store states that the 'deleted' apps would remain in its recycle bin and could be restored at any time. Maybe I should have known better. When I press on the recycle bin button within the app it says there are no removed apps - even though there are. If I navigate to the recycle bin folder using ES File Explorer I can see all of the backups of the apps that have been removed. But, annoyingly, the app will not recognise the backups - even though it made them itself! The backups are .conf.backup format.
I have emailed the app developer numerous times asking for help but he/she is ignoring me.
I have been researching how to get the dialer app back etc but have now discovered there is also a problem with part of my system. While I can install apps from the Google Play Store, trying to install any other apk file leaves me with the message, "Unfortunately, Package Installer has stopped."
If I go to Settings/Apps/All and select Package Installer I get, "Unfortunately, Settings has stopped" and it kicks me back out to the main Settings page.
I would be extremely grateful if someone would be kind enough to point me in the right direction as to how to fix these problems and get my phone back working as it was. I know I have been stupid in removing the dialer in the first place.
Unfortunately I am not really that great when it comes to the various mods and will require layman's terms if possible... Sorry
Sent from my GT-I9505 using XDA Forums
dont worry! the same happened to me. just download the stock rom, extract the apk from system.img its named as like phone.apk or dialer.apk , and install it. this should solve your issue
Thanks very much for replying my post. The post is quite old now and I have sorted it. I had to flash the stock rom back on (i had cyanogenmod installed). It was a pain and took a while but I got there in the end. Thanks again though. I don't know how to close this thread
Sent from my LG-H815 using Tapatalk
OK fine
The other night I went to the Google Playstore to find an app' I wanted to try.
I found it but the phone was acting weird.
I did some checking and in Security/admin privileges I found something I'd never seen before.
It was called "Android Digital Management".
I searched around with my file explorer and found nothing.
Hmm?
I then removed the Playstore updates and disabled Play store and it's account manager ...... I always do to save power.
I went back and checked on ADM and it was gone.
My SD Maid app' was complaining about only a partial root as well as some of my other root apps' not working correctly.
Thank God for TWRP recovery.
I had a two week old backup that I installed from recovery and everything is great now.
Has anyone else ran into this?
I am rooted aswell, and when checking the area u stated, i dont have a Android Digital Management, but its called Android Device Manager, same initials, that is checked and Greenify, quick reboot and Wheres my droid are unchecked. What app is your device administrator after what you did??
I believe they are (just my opinion).
It really seems that the once touted "open source" OS is going the way of IOS for "security" reasons. I know this is a supposed to be for my protection but it is a serious curtailing of our ability to do as we please with our device.
Google took the first major step down the slippery slope of a locked OS when THEY decided we don't need an external sd card.
I know they're locking up security exploits but it really seems that soon what we loved about Android will be gone and it willl just be another OIS or Windows phone....
urirx98 said:
I am rooted aswell, and when checking the area u stated, i dont have a Android Digital Management, but its called Android Device Manager, same initials, that is checked and Greenify, quick reboot and Wheres my droid are unchecked. What app is your device administrator after what you did??
Click to expand...
Click to collapse
Ah,that sounds like it.
My bad.
I was so pissed after it happened,I guess I screwed up the name......you got the idea though.
If you uninstall the updates to the Google Play apps',that thing goes away.
I notice when I go to the Playstore that they like to update my app' resulting in phone restarts.
This time the last restart presented a PlayStore screen in a format I hadn't seen before.
That"s when everything went downhill.
Some games are, remember mine rooted note 3 can't even detect the game marvel future fight