XDA thread with virus attached - General Topics

Hi,
I was looking for a smali to java converter and came across this thread: http://forum.xda-developers.com/showthread.php?t=2430413. I tried to use the app attached there (seems to have worked well for many other users).
Norton Anti-virus on my machine immediately blocked and deleted the .exe file - said it has WS.Reputation.1 worm.
I don't have privileges to update above thread, hence posting here if someone can help verify and remove the file.
Regards,
Anil.

hello,
I scanned the file in question and everything seems to be ok to me. Out of 51 different virus scanning tools only 1 came back with anything. It came up with a file called
Suspicious.Insight
Possibly Unwanted Application. While not necessarily malicious, the scanned file presents certain characteristics which depending on the user policies and environment may or may not represent a threat. For full details see: http://www.clamav.net/index.php?s=pua&lang=en
Click to expand...
Click to collapse
I think norton thought the file was something that it is not. You can see the scan results in the link below
https://www.virustotal.com/en/file/...c835f477dd5a7dcef5ffde62/analysis/1411291539/

Thanks Mark, much appreciated. Seems Norton is a bit over-zealous on this one.

Related

Anti-Virus for Pocket PC / PDA

Hi everybody
Ive been around thousand of threads on xda-dev and couldn't find any official one for Anti-Virus. That's the main reason why I'm starting this new thread and also because Anti-Virus on Pocket PC are growing more and more. Actually we are not safe but we don't care until we get infected and that will be too late, with most of the time the only solution a hard reset.
Let's discuss and compare in this thread the different Anti-Virus SW available on the market today, and bring out positive/negative points based on our experience. It will be benifit for everybody ...
I know everyone hates Norton/Symantec but I was on the beta testing team for Norton Smartphone Security Premier Edition since day one and it is very friendly and easy to use.
http://www.symantec.com/home_homeoffice/beta/overview.jsp?pvid=nssp1beta
Actually I was using Symanter antivirus for handheld on my QTEK 2020i WM2003SE and that's true it is user friendly and worked fine, with virus definitions updates very ofently.
I was unable to install it on my HTC Athena WM6
Do you know is there is any version coming for WM6 Pumpiron?
I checked you link and it's different from what I used to have on my old device.
Ill download this beta and try it.
I'll let you know what I think about it, if it slow down the machine etc ...
It did not on mine and when I uninstalled it, it was gone...no traces..part of the beta testing. I did uninstall from my desktop, not my PPC
I am curios, how does this effect your device speed and performance?
What is the CPU and memory usage (in reality, not what stated on the site)?
I have Symantec on my XP PC and it sucks big time (does the job for the most part, but very slow and heavy).
eTrust came pre-installed on my Jamin, but that is an even bigger atrocity!
Another question - do they have a list for PPC viruses on their site like they do for PC ones?
The only PPC virus I heard of was a harmless proof of concept that could make files display a pop-up message and did not reproduce.
If real viruses for WM systems are already out there (I know its a only matter of time) I would be interested in reading up on them to know what I am facing.
Also, anyone actually caught a virus on a WM machine and can share the experience?
Here are my first impressions:
1 - The Startup time of my Athen after a soft reset has increased by around 20 sec, this because Symantec is loading on the startup.
2 - I didn't noticed a slow down during normal utilization of the device, but it's really early before concluding on that point because I need to try different applications.
3 - When I first connected to the Internet via WiFi, even the connection were established, could not load the pages having an error "page not found"
but after 15sec everything is back to normal and connections to Internet was not a problem at all.
4 - I just suffered a Freeze but not sure it is due to Symantec, because i've been suffering frequent daily freezes on my Athena since I upgraded to WM6.
But the freeze came this time while using the Antivirus SW
5 - The package is composed by an AntiVirus, a Firewall, a Norton Secure Folders utility and a Norton Tools utility.
6 - Also note that after finish installing it, it force you to set a pin code that you will have to enter everytime you soft reset your device. I tried to disable it but it won't let you do it
I'll give more details about the package in a different post after some testing
levenum said:
I am curios, how does this effect your device Another question - do they have a list for PPC viruses on their site like they do for PC ones?
Click to expand...
Click to collapse
You can check the list from the SW installed on the PPC
Just applied live update over WiFi and basically there are 5 in the list:
EICAR-TEST-FILE
WinCE.Duts.A
Backdoor.Brador.A
Trojan.Redbrowser.A!jar
MSIL.Cxover.A
Definitions : 04/06/07 ver 2.0
As promised, here is my feedback on the tools provided in the package:
1 - Norton Antivirus
Very friendly and easy to use, from the menu u can access the options for the Antivirus, the Scans, the AntiSpam, Updates and Proxy config. You can also access the quanrantined files, the activity log and the virus definitions list. Manual scan and automatic scan can be performed.
2 - Norton Firewall
I didn't really understood how we use the Firewall function. Basically when you start it you have a tab showing the security level. It is have different security levels for World (the highest), Office, Home and Open Sapce Networks (the lowest). Also you can not modify them at all. You can access a second tab called Events by severity in last and a third tab "Event list" which show in details all the events that happened on your device, like soft reset, login success .... very weird as we can not reset this list, also we can not change any parameter in the Norton Firewall, everything is set by default
3 - Norton Secure Folders
from what I guessed, this utility allow you to choose folders on your device and set them as secure. I don't know what it does exactly but I think it should encrypt the data inside the folder so it's protected in case you have been attacked by a trojan who collects your data and send it to the pirate.
You click on menu->Add->then you choose from the list Device, Mircrodrive or Storage Card if you have one. Then you type the name of the folder you want to secure.
I did a test, I choosed Device, and kept the folder name blank and clicked on ok. It added the "secure folder" under device. if you try to remove it you will have this warning "Removing the secure folder will destroy all data in the folder. do you really want to remove it?"
4 - Norton Tools
It contains 2 utilities, GetUUID and Lock
GetUUID will display on the screen 2 series of digites
the first one don't know what it is and second one is your IMEI
I guess this info is needed when the final version is released and
you need to register the SW
Lock utility display the following message when u click on it
Encryption may take several minutes. Pls wait for the device to power off.
If you need to soft reset, pls wait until encryption is completed and the
device powers itself off.
I clicked on yes, so the device start encrypting something .... then the screen turned off. I turned it on using the power button and it displayed to me the password screen which I entered. then it displayed the message decrypting for about 30 sec, then I had my normal today screen ...
Im wondering if it does not encrypt/decrypt the secure folders you
already chosen using the "Norton Secure Folders" utility.
Ive wrote to Symantec asking them for a manual or user guide, hopefully they will reply.
I have rated this SW 3/5 on their site, mainly because it is not clear what all utilities does and because Firewall is set by default and noting can be changed.
Hope my feedback will be usefull, and I hope other users will bring to us their experiences with the different Anti-Virus SW they have used on their Pocket PCs.
Just as I suspected, no real viruses just a nice proof of concept that asks you if you want to try it:
WinCE.Duts.A
A back door that needs to be run and does not spread:
Backdoor.Brador.A plus it would be useless if you are on GPRS/EDGE/UMTS or behind a NUT router.
This one seems like it could actually be trouble, if:
a) you leave in Russia
b) you are stupid enough to believe you can get WAP pages through SMS and that it would be cheaper than GPRS
c) you can get it to work on PPC.
Trojan.Redbrowser.A!jar
This one though, I have to admit is rather clever - using .NET to run both on PC and PPC amd is fairly destructive:
MSIL.Cxover.A
It is still unclear, however how its spreads from PC to PC (presumably you have to download and install / run it).
Of course given the fact that many people save their docs on SD and not the default My documents folder and that they do not disable security completely on their WM 5 and up devices (which are becoming majority these days) the effectiveness of this worm is more than questionable.
Well I still think it is too early to actually by this kind of apps. Also I think that as with many other programs the same "heavy" approach that works on PCs with many resources will not work well on PPC (not the way they are today). A different solution to virus protection needs to be found to be useful.
But hey - thats just my opinion...
So from what ive read its still to early to be using a resource draining av on the ppc? If this is the case, how about Spybot S&D? Is spyware more of a threat than viruses? are they really that much different? I find that spybot updates more regularly(when i connnect wifi).
as with virus's i believe that have to be made to support ppc's
in which case maybe due to spyware makers lack of innovation
that market have yet to take off
WingChan: whether to use the software or not is a personal decision - my belief is: given the list of threats it is too early. Also I believe that the method used to protect against viruses on PC is not suitable for PPC because of the resource requirement. Something more efficient needs to be invented, perhaps taking advantage of difference in architecture between WM and desktop - like the fact that system files can not be corrupted but only hidden.
Note that BigDede preformed the test on HTC Advantage which has a 600+ MHz processor if I am not mistaken. I doubt the app would be as unnoticeable on my 200MHz Prophet.
But it is only a matter of time before someone writes a real and damaging virus for this platform as it becomes more and more common. So if you really value the info you have on there you might want to get protection already - although a good and frequent backup would be much better.
I haven't heard of spyware for Windows Mobile, only major one for BB - any one got any news on this?
There is a major difference between spyware and viruses:
Viruses try to cause as much damage as possible and their effects always become visible sooner or later, in many cases almost immediately after infection.
Spyware on the other hand, needs to hide and tries not to interfere in device operation as much as possible and show no sign of activity.
levenum said:
WingChan:
There is a major difference between spyware and viruses:
Viruses try to cause as much damage as possible and their effects always become visible sooner or later, in many cases almost immediately after infection.
Spyware on the other hand, needs to hide and tries not to interfere in device operation as much as possible and show no sign of activity.
Click to expand...
Click to collapse
Very good explanation of the differences between Viruses and Spywares.
I agree also that it is too early today to really worry about having protection, but I prefer to be ready instead of regretting and wishing I had some protection.
Very good remark as well regarding the frequent backup ...
Need Help
Hello Everyone,
I'm not a developer, but I found your thread on this subject via Google and was hoping I could ask a question...
I'm able to download the Norton Smartphone Security Premier Edition Beta version, but when I try to install it (which I assume must be done first to my laptop, followed by sync'ing my laptop with my 8525) a "Self-Extracting Archive" window comes up that says: "Warning, one or more files skipped". This occurs when the installation process reaches "Extracting: SUPPORT\START.ICO 100%".
Does anyone know what I'm doing wrong?
Many thanks for your time!
A. J.
ajbt said:
Hello Everyone,
I'm not a developer, but I found your thread on this subject via Google and was hoping I could ask a question...
I'm able to download the Norton Smartphone Security Premier Edition Beta version, but when I try to install it (which I assume must be done first to my laptop, followed by sync'ing my laptop with my 8525) a "Self-Extracting Archive" window comes up that says: "Warning, one or more files skipped". This occurs when the installation process reaches "Extracting: SUPPORT\START.ICO 100%".
Does anyone know what I'm doing wrong?
Many thanks for your time!
A. J.
Click to expand...
Click to collapse
Hi
Maybe this warning is not a big deal, have you tried to install it by double clicking on the start.exe file ???
G.S./BigDede,
Thanks for the reply. I really appreciate it.
If I understand your recommendation, I don't think that gets me where I need to be. However, it could always be user error on my part.
When I try to "Setup" the file I downloaded (called "NSSPB.exe") from Symantec, a window comes up that contains a button that says "Install". However, after I click on it, it gets to a point in the installation process that shows "Extracting: SUPPORT\START.ICO 100%", and the process simply stops and a small window comes up that says: "Warning, one or more files skipped".
In essence, it appears I have recieved the entire 4.04 MB of program files I downloaded, but something goes askew when I try to extract/install them.
I'm stumped...
Thanks again, A.J.
I'll extract the files and will zip them for you.
Send me via PM your email adress so I can send you the zip file
Cheers

Still can't side load on my Captivate even with rooting it.

hey guys, still new to the Android game. Had a friend at work root it for me. I got rid of all the ATT junk but still can't side load. Does anyone have any ideas on how to overcome that issue.
go to general, read wiki
shuratilt said:
hey guys, still new to the Android game. Had a friend at work root it for me. I got rid of all the ATT junk but still can't side load. Does anyone have any ideas on how to overcome that issue.
Click to expand...
Click to collapse
Specifics would be helpful but my guess is that all the issues you are having have already been mentioned in other threads.
Checkout the wiki in the general section, and the other Non-Market Apps threads in this section.
Read non market apps solved this will fix your issue.
Sent from my Samsung Captivate using Tapatalk Pro
actually, read the SECOND thread on the issue. It's not 16+ pages to read.
http://forum.xda-developers.com/showthread.php?t=738376
If you don't mind using your PC to sideload, do a Google search for "Sideload Wonder Machine."
It's the easiest way to do it and you don't even have to be rooted.
Double-post / Please disregard...
Everyone is telling you what to read but not why.
You still need to enable the ability to install non-market apps. You can read the above posts on how to do it!
max_warheads said:
actually, read the SECOND thread on the issue. It's not 16+ pages to read.
http://forum.xda-developers.com/showthread.php?t=738376
Click to expand...
Click to collapse
I agree you post is a lot more organized and detail. Going to stick your thread and replace the other one.
I rooted my Captivate and then followed a guide that I located via Google. Since I am a "noobie", I am not allowed to post the link due to anti-spam rules... So, here is how to locate the link:
1) go to Google, enter the keywords "sideload at&t captivate" without the quote marks.
2) when the search results appear, look down the page for one titled "How to Enable Sideloading of Apps on Captivate" on androidforums dot com. For me it was about the eighth result down on first page.
3) when you go to the link, you might wind up on the second or third page of comments, so click back to the first page to locate the solution...
The "big idea" behind the solution is that there is a SQLlite database containing settings which the Android OS uses to determine, among other things, if sideloading of apps is allowed. AT&T, being the kind-hearted benevolent protectors of us children to keep us from harming ourselves, has shipped their Android phones with this setting toggled to prevent sideloading. The guide above describes how to copy the database to your computer, toggle the setting "on" to allow sideloading and copy the modified settings database back to your phone.
Or at a bit more granular level, the guide describes how to:
1) at the location "/dbdata/databases/com.android.providers.settings/settings.db" on the phone is a SQLite database containing configuration settings for the android OS
2) you are copying that database to first your SD card and from there to your computer
3) on you computer you are using a tool to modify a particular setting within the database, the setting which AT&T toggles off to prevent sideloading. NOTE: The tool utilized by the guide is the Firefox browser with an add-on plugin which allows viewing / modification of SQLite databases, any tool that gives you access to view/modify a SQLite database will work fine.
4) finally, you copy the modified database back to the SD card on the phone and from there back to its "real" location where the Android OS will read it.
5) When you reboot the phone, Android reads in the modified setting and sideloading should "just work"
This is my first post, hope it is helpful...
BTW, I am a user of Linux, these days mostly Ubuntu and its derivatives. I was able to perform the entire rooting and enable sideloading operation from my Linux machine without having to use Windows!! Yippeeeee!!!

Save WhatsApp Conversation

Hello!
I have a question regarding WhatsApp. Is there a possibility to save WhatsApp conversations/history? Through any homebrew-App?
I searched through Google and XDA, didn't find anything useful, unfortunately.
Thanks in advance.
Greetings,
Crash1k
You need to copy out the Isolated Storage for the app. There are a few tools that can do this, including any filesystem browser (such as WP7 Root Tools). An easy way to get the file(s) from your phone to the PC would be my Root Webserver app; find the App GUID of WhatsApp and go to http://<PHONE_IP>/FileSystem/Applications/Data/<APP_GUID>/Data on the PC while the phone runs the webserver app.
Thanks for your fast answer.
Since I'm pretty new to this homebrew-and-phoneHacking thing I don't have much of a clue how to work with those programs. I have downloaded "HtcRootWebServer_231.zip" and the ".xap" file, but I don't know how to get started. Are there any instructions online, perhaps on your homepage, if you have one?
Thanks again.
Oh boy... okay, I assumed you'd already be familiar with dev-unlock at least, so this is going to be a bit complicated. First of all, what phone do you have? On some phones, you won't even be able to run the app because of restrictions that we don't know how to get past.
The summary:
To install an app to the phone from a XAP file, your phone needs to be developer-unlocked. There are a few ways to do this, including an official one from Microsoft (though that costs money unless you're a student). To deploy the apps, you'll probably want to download the Windows Phone SDK from Microsoft as it has all the tools.
To use high-privilege apps, you'll need your phone to be "interop-unlocked" which you can read about on XDA-Devs. Not all phones can currently be interop-unlocked, though many can.
Once your phone is IUed, install the webserver and also WP7 Root Tools v0.9. Use the Root Tools to mark the Webserver app as "Trusted"; this will give it the permissions it needs (it has its own permission elevation code, but I'm almost sure your phone isn't compatible).
if your phone is unlocked:
install wmdc by ultrashot, then, connect it to wmdc, then browse <YOUR WP NAME>\\Applications\Data\218A0EBB-1585-4C7E-A9EC-054CF4569A79 then copy everything from it
GoodDayToDie said:
Oh boy... okay, I assumed you'd already be familiar with dev-unlock at least, so this is going to be a bit complicated. First of all, what phone do you have? On some phones, you won't even be able to run the app because of restrictions that we don't know how to get past.
The summary:
To install an app to the phone from a XAP file, your phone needs to be developer-unlocked. There are a few ways to do this, including an official one from Microsoft (though that costs money unless you're a student). To deploy the apps, you'll probably want to download the Windows Phone SDK from Microsoft as it has all the tools.
To use high-privilege apps, you'll need your phone to be "interop-unlocked" which you can read about on XDA-Devs. Not all phones can currently be interop-unlocked, though many can.
Once your phone is IUed, install the webserver and also WP7 Root Tools v0.9. Use the Root Tools to mark the Webserver app as "Trusted"; this will give it the permissions it needs (it has its own permission elevation code, but I'm almost sure your phone isn't compatible).
Click to expand...
Click to collapse
Thanks a lot for your help, and I'm sorry you had to write this much. I already know how to deploy .xap's and these things, but I have no clue when it comes to the Webserver and how to find the conversations with that. I'll try this for now. I appreciate your help and effort.
aramadsanar said:
if your phone is unlocked:
install wmdc by ultrashot, then, connect it to wmdc, then browse <YOUR WP NAME>\\Applications\Data\218A0EBB-1585-4C7E-A9EC-054CF4569A79 then copy everything from it
Click to expand...
Click to collapse
Is this the same method as the one GoodDayToDie explained?
Thanks for your answer!
//Edit:
I tried it like you, GoodDayToDie, told me. I downloaded your HtcRootWebServer_231.xap and HtcRootWebServer_231.zip. (even though I have a Samsung Omnia 7 with windowbreak unlock (I think that's interop unlock, don't know for sure though)). Then I deployed the .xap, opened the App in the phone but didn't know what to do with the numbers and text fields (like what kind of Admin name and password I should fill in...). After I gave up on the phone-part, I tried to work with the .zip file, but I don't know what to do next. There are 2 folders, one is called "Homebrew" the other "WebServer", I tried to open the programs which are placed in the subfolders (I opened both with Microsoft Visual Studio Solution) but I only get an error and it won't show anything.
Do you know where the problem is? (aside from my lack of knowledge of course :/ )
Thanks for your help.
Crash1k said:
Thanks a lot for your help, and I'm sorry you had to write this much. I already know how to deploy .xap's and these things, but I have no clue when it comes to the Webserver and how to find the conversations with that. I'll try this for now. I appreciate your help and effort.
Is this the same method as the one GoodDayToDie explained?
Thanks for your answer!
//Edit:
I tried it like you, GoodDayToDie, told me. I downloaded your HtcRootWebServer_231.xap and HtcRootWebServer_231.zip. (even though I have a Samsung Omnia 7 with windowbreak unlock (I think that's interop unlock, don't know for sure though)). Then I deployed the .xap, opened the App in the phone but didn't know what to do with the numbers and text fields (like what kind of Admin name and password I should fill in...). After I gave up on the phone-part, I tried to work with the .zip file, but I don't know what to do next. There are 2 folders, one is called "Homebrew" the other "WebServer", I tried to open the programs which are placed in the subfolders (I opened both with Microsoft Visual Studio Solution) but I only get an error and it won't show anything.
Do you know where the problem is? (aside from my lack of knowledge of course :/ )
Thanks for your help.
Click to expand...
Click to collapse
yes, it goes to one objective, but in a simpler method
Eh, WebServer doesn't require installing anything on the PC, WPDM doesn't (directly) require installing anything on the phone. In both cases, you'll need to have WP7 Root Tools installed.
For WPDM + TouchXperience:
Install Windows Phone Device Manager from TouchXperience.com.
Start Zune and connect your phone.
Start WPDM and wait for it to install the TouchXperience app on the phone.
Open WP7 Root Tools v0.9 and go to the Policy pivot.
Mark TouchXperience as "Trusted" and exit Root Tools.
Open TouchXperience (and WPDM on the PC, if you closed it) and connect them.
Either do what @aramadsanar suggested, or use the Installed Apps feature of WPDM to make a backup.
For Root Webserver:
Install Root Webserver (the XAP; the ZIP file is the source code); you already did this.
Open WP7 Root Tools v0.9 and go to the Policy pivot.
Mark "Webserver (HtcRoot)" as Trusted and close Root Tools.
Connect the phone to WiFi (on the same network as your PC) and launch the webserver app.
Set a username and password you can remember ("admin" and "root" for example, though that's insecure).
On the PC, open a web browser and go to the phone's IP address, then drill down into the FileSystem like I said (aramadsanar gave you the app's GUID).
Download the files from the Isolated Storage to your PC, and save them somewhere.
Thanks a LOT for those great instructions, GoodDayToDie! That's really nice, thanks for your effort.
I tried the WebServer method since I didn't want to install Windows Phone SDK 7.1, but I didn't manage to get into my phone through the browser (by typing the I.P. of the phone, which is listed on the Webserver App, just as you said), that's why I was forced to use the other way. Well, who cares, it worked! I have my messages file, but the next problem shows up. I can open the file with the Editor, but it shows weird symbols and you can't read the messages actually. I tried many other programs but none work. Do you guys know how to open those files? The ending is ".sdf". I google'd it for nearly two hours, couldn't find anything useful.
Thanks for the help so far.
You used the WiFi address of the phone, right? The WWAN (cellular) connection is almost certainly firewalled. For example, on my home network the router usually gives my phone IP address 192.168.0.73 on WiFi, so I type in "http://192.168.0.73" into the browser on my PC. It'll ask for username and password; give it what you put on the phone.
As for the file contents, I can't help there. They might be encrypted, in which case the crypto key is somewhere but might be hard to find. Or they might be compressed, in which case you need to find a decoder for that compression. Either one would produce files that appear to be meaningless binary to a casual glance.
One thing you could try for the compressed file possibility is tell 7-Zip to open the file. It's usually very good at recognizing compressed formats. If it's encrypted, you'll probably need to decompile WhatsApp to figure out how. If WhatsApp is obfuscated, you're going to be in a tough spot.
By the way, I assume you downloaded the messages file directly, rather than using the data backup function of WPDM, right?
Hmm... what do you need these files for? If it's just for backup, what you have is *probably* sufficient, so long as you grabbed *all* the files from the IsolatedStorage.
Yeah, I used the WiFi address which is listed on the WebServer App, and I typed that IP Address just like you said into my browser, with "http://" etc., but it still didn't work. It doesn't even ask me for any password or username.
I don't think they are compressed, because I already tried to open/extract them with 7zip, all I got was an error because of the incompatibility. The other thing is, that when I open the files with the "Editor", I can see my messages there, but there are many many other symbols there, which makes it impossible to read the messages. They are too wide spread and you can't tell which messages belong together etc.
Even though I have no idea how to "decompile" WhatsApp, I won't ask you to tell me, since it sounds pretty complicated. I hope there is another way to solve this problem.
Yes, I simply saved the file on my Desktop, didn't use the BackUp function.
That's right, they're "just" for backup, and I didn't grab just the IsolatedStorage folder, I took the whole "Data" folder, just like aramadsanar told me to.
Thanks again for your fast and detailed answer.
If the wifi address didn't work, either your phone was not on WiFi (did the address start with 169.254.?) or your PC was not on WiFi or even connected to the same WiFi network. You can (in theory; I've never tried) also connect to the phone over wired Ethernet by plugging in the phone to the PC with its USB cable, and running Zune on the PC. That will add an ethernet entry to the phone IP list, but I don't know if it can be used for server ports from the PC.
There are a number of free apps for decompiling managed (.NET) code. The latest version of .NET RAIN, distributed right here on XDA-Devs, can do it, for example. Decompiling turns the intermediate-language binary code in a managed DLL or EXE file into C# or VB.NET or whatever. It's not a perfect reversal; the decompiler has to guess what the original source code looked like, and of course comments are missing. It's good enough to read pretty easily, though.
It sounds like what you have is probably a database file of some kind. There are only a few database formats available for WP7 apps (a few more can be accessed using native code).

[TOOL] ApkSpy v1.8 - Resurrected (APK: view manifest on PC and/or Install APK via PC)

APKSPY - RESURRECTED​
First:
I want to thank @ido for the original application -- It was his idea (and his code I've hacked :cyclops and modified.
Second:
Since Ido seems not to be active anymore I'll re-publish the application here.
Unless for some reason Ido will specifically ask me to remove it.
The original post
ido said:
ApkSpy is a simple tool I hacked up tonight which allows you to easily view the manifest of an APK (screenshots attached - not up to date though) just by double clicking it. (It can even associate with the .apk filetype, yay!)
ApkSpy relies on the aapt.exe tool from the android SDK, so you must have that installed (or just copy aapt.exe from somewhere, that's the only file needed to run ApkSpy).
Click to expand...
Click to collapse
Third:
Requires Microsoft©® .Net Framework v4
(Kind of since I've done it some time ago and waited for Ido [the orignal developer] to respond and allow or disallow me to re-publish... So, I don't remember all the changes I've already done...)
v1.8.19 CHANGELOG:
Fixed some Date parsing function (zipped file with no time stamp) in ZipStorer (by @Jaime Olivares) maybe causing some of the error reported here...
v1.8 CHANGELOG:
Changed Icon - CONTRIBUTED BY @Jarmezrocks
Removed unneeded tabs (System, Batch Rename, Log)
Minimize / Maximized restored back
v1.7 CHANGELOG:
(Actually 4.1.7.870, but the first and the last parts are internally used :fingers-crossed:)
Try to automatically find adb.exe and aapt.exe in ApkSPY directory or in PATH variable: If failed finding any of the executables, the user is asked to manually locate them
(★ Currently the location is not saved... ★).
Check if the ADB server is running and Start or ask if to Restart ADB server
Tidy up the code
Refining the original libraries written by Ido related to ADB and AAPT
Some more minor code updates
Revised most of the "General" tab (other tabs ware not touched) of the UI:
Grouped and ordered controls on form
Added DropDown of devices attached (★ Not automatically updating upon plugging... ★)
Added some control over ADB actions
Added status bar that some other details are shown, e.g. device type (Nexus, I9100...), OS version (4.1.2, 4.4.2...) and OS build (KOT49H, KVT49L...)
Added (nice looking) information panel with clickable links (for actions on the form) and coloring
Other changes (I can't recall right now, since I've done it some time ago and waited for a response from Ido for permission to republish)
(★ Maybe I'll add an option for this later, depending on my -- not to much -- free time and requested by users .... ★)
Known bugs:
Sometimes ADB fails to return build.prop property for the status bar (however it has not caused any critical problem, so (I think) it can be safely ignored) -- haven't been able (yet) to find the exact state it is happening
Please take the time to look at the application ABOUT tab
Any Other ideas are welcome!
If you like it, Don't forget to Thank me
If you enjoy using this application as much as I have enjoyed re-writing it
please donate to show your appreciation​
RESERVED
Nice
Sent from my SM-N900T using Tapatalk
Good news
Bug report, every time I open this program, this dialog pops up, after click OK, this program works well.
PS, aapt.exe is in the same dir with ApkSpy
I got this errors:
1:
2:
Error in property: [email protected]@usrdata
cmlx said:
Good news
Bug report, every time I open this program, this dialog pops up, after click OK, this program works well.
PS, aapt.exe is in the same dir with ApkSpy
Click to expand...
Click to collapse
Hey dude,
I am not sure what you are doing wrong on your PC but it's certainly not the app as it works perfectly fine on my computer? Out of interest and for the sake or helping the new dev I thought I would raise a few points just to eliminate any finger pointing. There's a wishy-washy area when it comes to building/hacking things that were originally someone elses work...so yeah one can easily make great improvements yet open the door to bugs at the same time too. Anyway...thought I'd ask this:
Does aapt sit on your path? I know you said it is in the same directory, however just like a batch script in Windows it needs to "CD" or change directories to the %~dp0 if it is to understand what an executable is that happens to be sitting in the same directory as it's self. So this is is kinda directed at the new dev now. What I think is happening is that aapt is assumed to be in the system path when quite often it is not (i.e. those on XDA who have not yet played with the Android SDK properly). Put simply unless the application knows it is in the same directory as your executable it won't at all understand what aapt is. Does that make sense?
@dmagician , I would make sure that the apkspy app can do a check (even if it is a string search for the first few lines returned from aapt.exe), a simple if statement before throwing that error ....actually it would likely be an 'if not' statement. I don't have any of the code in front of me atm but I can help you out if you like? I was hacking this app myself sometime ago when ido first released it just using reshacker.
Note: If you are stuck and don't have source code you technically could write a full AutoIT wrapper for this app that could do all the checks and more and then bundle everything up into the one exe still. Check out the newer WinAPI stuff for AutoIT and in particular "Run binary" (yes that's correct you can just about run anything repackaged now and not need to deploy the original exe's or even libraries....they can all be stream fed to AutoIT @Compile time and need not be typically "installed" like you used to have to do. Anyway...I am waffling on shoot me a PM man.
@cmlx, to overcome your ApkSpy woes, and until dmagician can put his finger on what the cause is or what ido did when building it ages ago.....then you will firstly need to be patient (props to dmagician to figuring sh!t out so far) but till then where ever you have dumped the ApkSpy and aapt.exe on your system; just copy the address and put it on your system path. To do this 1) right click on My Computer or Computer if you are on Win 7 or 8. 2) Choose properties. 3) Advanced System settings and then at the bottom of tab you will see 'Environment Variables', click it and you will see some "User" and "System" options. Depending on your User access rights on the system you are running on (hopefully you are running as Admin surely?) then you can choose to edit your main system path or create a new variable in your user settings called 'path' Note User variables are always postfix to system variables but should always work anyhow.
Disclaimer: cmlx, if however you have already got an aapt.exe already existing on your system path but it is dodgy then you have to ensure that the good aapt.exe in your app directory is placed on path BEFORE the dodgy one....just sayin. Cause your system searches till it finds what it wants and then doesn't search anymore. Simple but can stuff people up quite often....and likely your case. Nowdays we tend to work from the known application location and not from a "Global environment path" when we know that there are going to be conflicts...and I can assure you that aapt is possibly the worst and most modified binary out there LOL. Hence this is also a note to the dev to ensure that ApkSpy reads from the current directory.....or like I am suggesting, wrap aapt up in the main application as well and that way there is no confusion EVER.
And I am done.....
Oh wait no I am not....sorry bug reports LOL :good: you thought I was all praise eh? Got another thing coming man
OK....so um the red boxes should explain everything. A picture says a thousand words (and yeah I needed at least 1 picture for this god damned long arsed post - sry). Um why in gods name would you remove the minimise and expand buttons? WTF? Anyway...it works but errrm yeah it doesn't wrap the text anymore? and it cuts the words off lol.
Other than that....I only really have one suggestion and it isn't even really a suggestion as I have kind of already made it so I can just give it to you if you want it? And that is that most people (well I can't say most as I am not speaking for everyone) tend not to like how apps take over their system. This isn't your fault at all in anyway as the first dev thought it was a good idea back then.....and back then hardly anything in Windows knew what a freakin apk was so it was a GOOD thing.....However now, every man and his dog wants to steel .apk extension for himself. I myself tend to be all over the shop with apks so I tend not to want to have any particular Windows app take it away from my control. I use WinZip as the main app for simple double click open as I want to see the contents of apks without needing to decompile them (great for theming) however I have apk shell extensions displaying the apks main icon to explorer, so if I set WinZip as default I get a nice lumping hunk of gold turd/box running rampet all over my Windoze bro ......so if you like I can show you my code that allows me to have default apps for specific tasks without interfering with anyones existing sh!t It looks neat too as you can right click any apk and just choose from a dropdown list what particular app you want at the time. If one has the need to use more apps then they need only put those apps in a list. There is nothing worse than double clicking an apk to find that Bluestacks or some other rubbish Windoze crApp has taken offf with your apk.
Lastly I thought I'd ask, Why no config file? Why store everything in memory? I know it's only small....but seeking for things everytime it is executed is a pain in the arse and not good practice. At the very least if you have no idea how to make an exe totally portable then you could reference a config file in the same directory....Or do as most do and write entries to the registry all neat and tucked away. If we get paranoid about "portable-ness" then we write to temporary space in the registry and make sure we clean up upon closing and/or inspect at runtime. simple!
I have plenty of AutoIT scripts that do exactly that too, so if you are stuck for ideas let me know. Anyway I have rambled enough, good luck and I will keep reporting bugs haha
Edit: That's waaaay too many emoticons. Oooops someone is a little high aren't they?
PS: I have attached my PNG of the icon I used for this bugger waaaaaay back....it's less generic and feel free to take it and abuse it and do as you please.
cmlx said:
Good news
Bug report, every time I open this program, this dialog pops up, after click OK, this program works well.
PS, aapt.exe is in the same dir with ApkSpy
Click to expand...
Click to collapse
Yes, I know of this one (and I've specifically wrote about it in the OP), it is NOT related to AAPT executable but to the way ADB is acting (sorry, out of my hands... :angel:
Explanation
The error comes from the application when trying to query the "ro.build.id" property via adb ('ADB shell getprop "ro.build.id" ') command.
I've came across this one but cannot determine the exact situation it is happening (as it can occur when first launching of the app, but after the app is loaded, clicking on refresh does not show this error)...
[ I've tried it on with the (only) two devices I own (1st dev. is stock (only the kernel is changed) 4.4.2 Nexus 4, 2nd dev. is S2-i9100 with customized RR ROM)and it seems to happen ONLY on the S2...]
It looks that in times, the getprop is being executed before the whole "build.prop" is being processed by ADB (This one I cannot control since it is happening on the ADB shell side [running on the device] -- unless MAYBE doing some [UGLY] delay after first initialization of ADB, which is, by far NOT best practice of process handling according to the literature)...
CyberianIce said:
I got this errors:
1:
2:
Error in property: [email protected]@usrdata
Click to expand...
Click to collapse
Which came first, the "SpkSpy spy stopped working" or the "Error in property" (if anyways related)?
Was it on the same run or two different runs?
As of the 1st one:
I do not have enough information from your post to check it up...
I'll post a new version which shows the exception details
As of the 2nd one:
Can you send me a copy of your /system/build.prop (so i'll be able to dig trough it and check it)?
It looks like my name-value splitter character exist as part of a given value in your build.prop .
Wooow, Long one! But it is nice to know people are using (trying) it!
Jarmezrocks said:
Hey dude,
I am not sure what you are doing wrong on your PC but it's certainly not the app as it works perfectly fine on my computer? Out of interest and for the sake or helping the new dev I thought I would raise a few points just to eliminate any finger pointing. There's a wishy-washy area when it comes to building/hacking things that were originally someone elses work...so yeah one can easily make great improvements yet open the door to bugs at the same time too. Anyway...thought I'd ask this:
Does aapt sit on your path? I know you said it is in the same directory, however just like a batch script in Windows it needs to "CD" or change directories to the %~dp0 if it is to understand what an executable is that happens to be sitting in the same directory as it's self. So this is is kinda directed at the new dev now. What I think is happening is that aapt is assumed to be in the system path when quite often it is not (i.e. those on XDA who have not yet played with the Android SDK properly). Put simply unless the application knows it is in the same directory as your executable it won't at all understand what aapt is. Does that make sense?
Click to expand...
Click to collapse
Hi
As I've replied to @clmx, This error is not related to AAPT (either executable [location or whatever] or results), but to the ADB command being used...
Jarmezrocks said:
@dmagician , I would make sure that the apkspy app can do a check (even if it is a string search for the first few lines returned from aapt.exe), a simple if statement before throwing that error ....actually it would likely be an 'if not' statement. I don't have any of the code in front of me atm but I can help you out if you like? I was hacking this app myself sometime ago when ido first released it just using reshacker.
Click to expand...
Click to collapse
Sorry I did not understand... Check for what?
Jarmezrocks said:
Note: If you are stuck and don't have source code you technically could write a full AutoIT wrapper for this app that could do all the checks and more and then bundle everything up into the one exe still. Check out the newer WinAPI stuff for AutoIT and in particular "Run binary" (yes that's correct you can just about run anything repackaged now and not need to deploy the original exe's or even libraries....they can all be stream fed to AutoIT @Compile time and need not be typically "installed" like you used to have to do. Anyway...I am waffling on shoot me a PM man.
Click to expand...
Click to collapse
I do not need the Auto-IT to wrap these files (although I am using it for other automation in windows), as I can do it right in the C# code (on one of my early versions these files was embedded...)
BTW, I know there are some antiviruses out in the wild that do not like the embedded executables -- but it can be done -- and probably will save some time to anyone using this app...
If it will be required / asked, I'll embed the 4 binaries (AAPT.EXE, ADB.EXE, and two DLL's AdbWinApi.dll and AdbWinUsbApi.dll [I'm not sure both are required]) needed by the application.
Jarmezrocks said:
@cmlx, to overcome your ApkSpy woes, and until dmagician can put his finger on what the cause is or what ido did when building it ages ago.....then you will firstly need to be patient (props to dmagician to figuring sh!t out so far) but till then where ever you have dumped the ApkSpy and aapt.exe on your system; just copy the address and put it on your system path. To do this 1) right click on My Computer or Computer if you are on Win 7 or 8. 2) Choose properties. 3) Advanced System settings and then at the bottom of tab you will see 'Environment Variables', click it and you will see some "User" and "System" options. Depending on your User access rights on the system you are running on (hopefully you are running as Admin surely?) then you can choose to edit your main system path or create a new variable in your user settings called 'path' Note User variables are always postfix to system variables but should always work anyhow.
Disclaimer: cmlx, if however you have already got an aapt.exe already existing on your system path but it is dodgy then you have to ensure that the good aapt.exe in your app directory is placed on path BEFORE the dodgy one....just sayin. Cause your system searches till it finds what it wants and then doesn't search anymore. Simple but can stuff people up quite often....and likely your case. Nowdays we tend to work from the known application location and not from a "Global environment path" when we know that there are going to be conflicts...and I can assure you that aapt is possibly the worst and most modified binary out there LOL. Hence this is also a note to the dev to ensure that ApkSpy reads from the current directory.....or like I am suggesting, wrap aapt up in the main application as well and that way there is no confusion EVER.
Click to expand...
Click to collapse
The application IS searching for AAPT and ADB executables; The order is
Application directory (where ApkSpy.exe resides)
PATH environment variable
Jarmezrocks said:
OK....so um the red boxes should explain everything. A picture says a thousand words (and yeah I needed at least 1 picture for this god damned long arsed post - sry). Um why in gods name would you remove the minimise and expand buttons? WTF?
Click to expand...
Click to collapse
Mostly I like it this way, otherwise - No specific reason...
It will be back in the next version...
Jarmezrocks said:
Anyway... it works but errrm yeah it doesn't wrap the text anymore? and it cuts the words off lol.
Click to expand...
Click to collapse
This Tab was NOT changed by me in any way... To be honest, I've thought of removing it completely -- But -- out of respect to Ido's work -- I've left it in.
I assume it is not wrapping due to Font size changed by me globally...
I'm seriously giving it second thoughts -- if it should stay at all (It was originally meant for batch rename of multiple APK's... I haven't used it even once...)...
I'm Really, REALLY, think of removing it completely (unless someone is / will be using it -- then I'll fix it all)...
Jarmezrocks said:
Other than that....I only really have one suggestion and it isn't even really a suggestion as I have kind of already made it so I can just give it to you if you want it? And that is that most people (well I can't say most as I am not speaking for everyone) tend not to like how apps take over their system. This isn't your fault at all in anyway as the first dev thought it was a good idea back then.....and back then hardly anything in Windows knew what a freakin apk was so it was a GOOD thing.....However now, every man and his dog wants to steel .apk extension for himself. I myself tend to be all over the shop with apks so I tend not to want to have any particular Windows app take it away from my control. I use WinZip as the main app for simple double click open as I want to see the contents of apks without needing to decompile them (great for theming) however I have apk shell extensions displaying the apks main icon to explorer, so if I set WinZip as default I get a nice lumping hunk of gold turd/box running rampet all over my Windoze bro ......so if you like I can show you my code that allows me to have default apps for specific tasks without interfering with anyones existing sh!t It looks neat too as you can right click any apk and just choose from a dropdown list what particular app you want at the time. If one has the need to use more apps then they need only put those apps in a list. There is nothing worse than double clicking an apk to find that Bluestacks or some other rubbish Windoze crApp has taken offf with your apk.
Click to expand...
Click to collapse
The application is NOT taking over anything, Unless you've clicked the asterisk ("*") button on the System Tab...
Was it registered for you without clicking this button?
If so, I'll recheck the code (may be it's some residue from the original code).
BTW
As the previous part of the answer I've wrote -- this one was left in as of respect to @ido's work...
2nd BTW
I'd like to see that explorer extension (and [preferable] the code of it - if you are willing to share it) you ware writing about...
Jarmezrocks said:
Lastly I thought I'd ask, Why no config file? Why store everything in memory? I know it's only small....but seeking for things everytime it is executed is a pain in the arse and not good practice. At the very least if you have no idea how to make an exe totally portable then you could reference a config file in the same directory....Or do as most do and write entries to the registry all neat and tucked away. If we get paranoid about "portable-ness" then we write to temporary space in the registry and make sure we clean up upon closing and/or inspect at runtime. simple!
Click to expand...
Click to collapse
Yep, I've thought of it... But... I was thinking, that (at least) everyone is as geeky as me dauuh , and the most are setting the path correctly...
It'll be added in next version (I hope... TIME, TIME!!!! :cyclops...
Jarmezrocks said:
I have plenty of AutoIT scripts that do exactly that too, so if you are stuck for ideas let me know. Anyway I have rambled enough, good luck and I will keep reporting bugs haha
Click to expand...
Click to collapse
I prefer writing my own code (sorry, I'm a developer in heart and soul...) then using automation like Auto-IT...
Jarmezrocks said:
Edit: That's waaaay too many emoticons. Oooops someone is a little high aren't they?
Click to expand...
Click to collapse
Jarmezrocks said:
PS: I have attached my PNG of the icon I used for this bugger waaaaaay back....it's less generic and feel free to take it and abuse it and do as you please.
Click to expand...
Click to collapse
(@Jarmezrocks please see my PM to you.)
PHEW...
Long Answer, BUT HEY, I'm not the only one writing longies... :angel: (and i like referencing each and every part separately)...
dmagician said:
PHEW...
Long Answer, BUT HEY, I'm not the only one writing longies... :angel: (and i like referencing each and every part separately)...
Click to expand...
Click to collapse
Ahh yes. I write long messages sometimes when my medication has kicked in and I am high....not my fault I kinda need to get all the info out of my head in one go while I am awake.....or else there would just be zeds on the response zzzzzzzzzzzzzzzzzzzzzz lol :laugh: (ref narcolepsy).
I commend you on your efforts at responding to such gibberish and making good sense of it! :highfive:
I have responded to your PM accordingly, and hopefully covered all you need? I have attached all info and sources etc.....well most of it...actually a fair bit of it you will have to workout your self but that is part the fun. Shoot me any questions if you need to...although I have a feeling that you will have mostly all of it covered as you are streets ahead of my knowledge already. I may have misjudged a little in my previous post (although hopefully not to make you feel any less than you actually are? please excuse me if I had said anything that may offended - being naive or what ever....you ARE definitely on the right track). As for the middle menu....I think you could easily remove it and not offend the original dev. It wasn't being used as you mention...and I think it could make way for more/better functionality don't you think? (discuss). However I would ensure all the things I mentioned in my PM first before going too deep and releasing on here.
Good move on bringing the buttons back. They were functional. But I DO like the single button close GUI myself on just about everything else....It looks clean. We have similar taste in that regard. It just isn't functional for me to pressing the task notification desktop link everytime I want to minimise the app LOL.
The rest I we can discuss via PM, this is pretty much only posted here as an open area for other forum members to provide input and opinion (or complaint....like how often it usually is, eh?).
CyberianIce said:
I got this errors:
1:
2:
Error in property: [email protected]@usrdata
Click to expand...
Click to collapse
I'd got the same error!
For me it helped to copy two files to the install dir
"adb.exe" and "AdbWinApi.dll"
Both are installed with the well known MyPhoneExplorer into "Program Files\MyPhoneExplorer\DLL"
Hope it helps!
Feature Request
I use this tool for testing new APK builds on a project I am working on it. It allows me to quickly verify the version number and push to the device. However, since I am usually installing another version of an existing installed APK, I must manually uninstall before using APKSPY. Would it be possible to add a check box that would uninstall any previous versions? It would be really helpful.
Nevermind - I didn't fully read the message presented when it fail. It say uninstall/update and it allows the installation. HOWEVER, that brings up a question... Does it uninstall or does it update? There is a difference as you know.
Thanks,
Jonathan
Hi, I try to run this on Mac via Wineskin Winery, but no luck. Do I need something like .Net, or something else to run ApkSpy?
Thank you.
Ja_som said:
Hi, I try to run this on Mac via Wineskin Winery, but no luck. Do I need something like .Net, or something else to run ApkSpy?
Thank you.
Click to expand...
Click to collapse
The only requirement is the Microsoft .Net 4.
(I'll add this to OP)
jmo said:
I use this tool for testing new APK builds on a project I am working on it. It allows me to quickly verify the version number and push to the device. However, since I am usually installing another version of an existing installed APK, I must manually uninstall before using APKSPY. Would it be possible to add a check box that would uninstall any previous versions? It would be really helpful.
Nevermind - I didn't fully read the message presented when it fail. It say uninstall/update and it allows the installation. HOWEVER, that brings up a question... Does it uninstall or does it update? There is a difference as you know.
Thanks,
Jonathan
Click to expand...
Click to collapse
Yes I know there is difference between the two (update vs uninstall and install again).
It is updating the application (like using "adb install -r apk_file_name.apk"), not doing remove and install
Removed unneeded tabs (System, Batch Rename, Log)
Click to expand...
Click to collapse
The unneeded Batch Rename tab was the only tab I needed really. :laugh: Luckily I found Ido's original version. It's ideal for renaming all those apk's I downloaded and still have the package name when I back them up to my PC.
I have an Asus Memo Pad 10 and an Asus Memo Pad 7 and neither are recognised by APKSpy. Not that it's a problem as I have no problem copying to and from them with Windows Exploder or Total Commander.
Other than that, it's been a handy little app for this tablet/smartphone virgin newbie.
Martin.
wolrik said:
The unneeded Batch Rename tab was the only tab I needed really. :laugh: Luckily I found Ido's original version. It's ideal for renaming all those apk's I downloaded and still have the package name when I back them up to my PC.
I have an Asus Memo Pad 10 and an Asus Memo Pad 7 and neither are recognised by APKSpy. Not that it's a problem as I have no problem copying to and from them with Windows Exploder or Total Commander.
Other than that, it's been a handy little app for this tablet/smartphone virgin newbie.
Martin.
Click to expand...
Click to collapse
Hello.
1st:
I can -- if requested - re-add the Batch rename.
2nd:
I don't know why these two devices are not being recognized -- unless not being recognized by ADB itself -- since I'm spawning devices by parsing the resulting text of "ADB devices" command, So unless being unrecognized by ADB, there should be NO PROBLEM detecting ANY android device with ADB on...
if you have any exception messages thrown by the application, please post them here.
dmagician said:
Hello.
1st:
I can -- if requested - re-add the Batch rename.
2nd:
I don't know why these two devices are not being recognized -- unless not being recognized by ADB itself -- since I'm spawning devices by parsing the resulting text of "ADB devices" command, So unless being unrecognized by ADB, there should be NO PROBLEM detecting ANY android device with ADB on...
if you have any exception messages thrown by the application, please post them here.
Click to expand...
Click to collapse
No need to re-add the tab just for me, but thanks for the offer. As I get to know my way around Android I'll probably need such things less and less.
Sorry, but I know nothing about ADB other than APKSpy needing it. As you can see from the attached pic, the Asus is recognised by Total Commander
Martin.
Hi dmagician,
Nice work, and a shout-out to Ido who originally created it.
I have a feature request:
Could you add the option to remove certain permission(s) and save the modified APK file?
There are many apps which I feel allow themselves way too much permissions, and this option could be very useful to tame them apps.
One more thing:
I noticed that APKSpy v1.8.2 doesn't work with the latest version of AAPT.exe (1432KB), from the Android SDK r24.
So I had to use a previous version of AAPT.exe (833KB), which worked.
Thanks,
Eric
Hey does anybody know where the name of the apk is in the XML files inside the apk?

Deadly Downloads

I've noticed on several occasions that download sites recommended by a small percentage of folks here are literally "crawling with viral fecal matter disguised by the download file in most sinister fashions, the most popular is to catch a user who is not paying close and I mean very close attention to what is happening not only when you install the program but also when you un-install it. Case in point[still cleaning up from it]: Yesterday my partner used my laptop to get Odin for a rooting project. I found what I thought was the latest version, said to be the latest from this site:
odindownload.com/downloads/Odin-V3.10.6.exe
This file installs nearly a dozen bogus files on your computer and never installs Odin. I have included a partial list of the companies participating in this bit of ugliness below:
Guardian
Vuuc
Doctor PC
Cinema Plus
trovi.com
AND the EVER notorious PC CLEANER!!! These programs resist the uninstall, hide files in the prefetch folder and in the local appdata folder to reinstall themselves. I hope this FYI helps you avoid an hours long cleanup. My antivirus software caught 20 win32 viruses in the space of an hour while we were trying to install the Odin software. Be advised!!!!
thanks buddy.
Sent from my SM-N7507
---------- Post added at 03:29 PM ---------- Previous post was at 03:29 PM ----------
btw sent to fcebook
Sent from my SM-N7507
Once you've been infected there is no reliable way to fully remove everything even if your AV says your system is clean, they obviously hide some backdoors enabling it to come back later. I mean 20 infections, damn, consider that install toast. Wipe the disk and install fresh. Really have to be careful with what you're installing...
you might not be aware of windows software & network firewall called comodo, which probably would've caught a lot of these if you use it in 'paranoid' mode
basically it will ask you before something is allowed to happen with unknown/ unprofiled exe', once vetted you can put the exe into a class (for behaviour rules applicable to a group of apps), or define behaviour specific to the app in question- comodo would follow these rules automatically - not dissimilar to iptables for network apps
the rules are 'ask always', 'allow' and 'block', while you can remember any specific choices, or have them apply for this exe run only - the actions to which rules can apply are in my attached screenshots
when i run the file at that link, it catches it as unknown, then allows me to run it in an isolated 'sandbox' - doing so results in a crash of the app, which is never a good sign; if i remember next time i'm on my other machine i'll let it get a bit further on in a vm and see what methods it uses to attempt to persist itself
i pretty much dont use on-access virus scanners anymore, rather, i use comodo in paranoid mode - i still use standalone sophos and avg instances occasionally, that i run before i do a backup

Categories

Resources