JAN 19 2008
There are rumors that Rapidshare.com, the German file sharing and data storage giant, has been shut down by the authorities after a court order.
German collections agency GEMA have reportedly won a temporary injunction against both RapidShare.de and RapidShare.com, according to a report.
However no court records have revealed any issued Rapidshare court order as of yet.
Currently rapidshare.com is not working but rapidshare.de is.
Users have been experiencing errors such as: "The following error was encountered: * Connection Failed The system returned: connection refused"
A Wikipedia entry was made that read: "As of 19 January 2008 16:00 GMT, Rapidshare AG’s servers were shutdown by anti-piracy authorities in Germany. More than hundreds of Rapidshare servers were seized from their offices in Berlin although no arrests were made. Sources said, authorities are contemplating pursuing legal action against users who distribute and download pirated copies of software and movies from these servers."
It was quickly removed.
Rapidshare.com, formerly Rapidshare.de, has been widely used as a vehicle for the transfer and sharing of pornography. Site such as HCMF.com commonly used the site as a means of perpetuating the illegal sharing of pornography.
A NSFW and EXTREMELY graphic example of its use (or abuse, depending on your view) can be found here. (you must be 18) As you can see, below the photo are the links to where the pieces needed to make one file exist (or existed) on Rapidshare.
Rapidshare.com, and Filefactory.com have also been abused by spammers, says Dave Marcus, security research and communications manager for McAfee's Avert Labs.
The "official" word is that the downtime is said to have been caused by a server overload.
Rapidshare technician Steven Gircham has reportedly commented on this issue - "There are rumors concerning attacks made on the Rapidshare.com servers. There are also rumors that Rapidshare has been shut down by a court order. These rumors are false. We would like to apologize to our users and inform them that no data has been lost. There have been some hardware issues as a result of high bandwidth and server overload. We are doing our very best to resolve the hardware issues."
you can still view the site via IP - 80.239.151.250
They either got DOS attacked, and are having trouble getting there DNS working or they want it to at least appear that way. At the moment, it would appear that they where NOT taken down by any "anti-piracy orginizations"
Story developing...
STILL its not working!!!! can't download anything from the site! hope it works soon
NOOOOOOOOOOOOOOOOOO. I just uploaded there as well.
Now I know why those links didnt work today.. Hope they sort it out soon because theres alot of rom hosted with rapidshare
Since a few hours, rapidshare.com is down. But is it down? No Smile Just the nameservers. So .... you can fix it.
Just download following & input the content into your windows hosts file. Fixed.
(hosts: C:\Windows\System32\drivers\etc\hosts)
Code:
http://maghia.free.fr/hosts.txt
If any problems happen, open cmd & input: ipconfig /flushdns
Enjoy!
greetz
mxantho said:
Since a few hours, rapidshare.com is down. But is it down? No Smile Just the nameservers. So .... you can fix it.
Just download following & input the content into your windows hosts file. Fixed.
(hosts: C:\Windows\System32\drivers\etc\hosts)
Code:
http://maghia.free.fr/hosts.txt
If any problems happen, open cmd & input: ipconfig /flushdns
Enjoy!
greetz
Click to expand...
Click to collapse
Works like a charm! Thanks!
Thanks for the information mxantho, you're a genius, my downloads are working again.
And remember, you can edit the hosts file on Vista but you can't save it overwiting the old one.
Just copy your C:\Windows\System32\drivers\etc\hosts file into the desktop, open with notepad, insert the rapidshare entries found here then save.
Remove the .TXT suffix and copy it back in the C:\Windows\System32\drivers\etc\ directory
RS is facing some maintenance trouble. Everything should go back to normal in couple of hours.
The main Homepage is up and running... But I can't still download... I am gonna try mxsantho method
hope it works for me
tested it works
Rapidshare is back and running!
Yep just to confirm, downloading fine off rapidshare.
Well that was a worry over nothing, site ok and no problems here now.
Hi mrvanx how are things?
boz said:
Well that was a worry over nothing, site ok and no problems here now.
Hi mrvanx how are things?
Click to expand...
Click to collapse
Hey dude, not bad. (talk on 4wm)
It's all fine now
For the people who want to know EVERYTHING about EVERYONE
I-Spy
3 Months of collarorative work between Madnish30 and myself, we've deceid to make our work public. Early tests made us realise this should be tested more thoroughly with our XDA members, so here we are.
What is it?
Well, let's say you've always wanted to know what kinky pics that hot chick in your biology class has got on her i-Phone. Now you can! With I-Spy, your Android device picks up the radiowaves from other devices nearby (approx. 15 feet) to access the users' device storage, or simply listen into their phonecall!
How does it work?
It's actually very hard to explain, but it comes down to this: I-Spy picks up the radiosignal and decrypts the GSM access codes to get access to the datastream. Then it cloakes itself to blend into the datastream and simply monitor all communication between the devices.
So can I see/hear the complete communication between two people?
No. It's limited to the device in the near vincinity. However, we're working on getting a reversed datastream decryption, so we can get the other device too.
Where can I get it?
It's being developed for Android and Windows Mobile/Phone 7. IOS will be added later. Expect a public beta in the next few days.
Download (Android ONLY)
Download the attached APK.
Do read instructions in post 2 before you run it.
We have only tested it on Gingerbread, so it should work great on that ( and other versions of android too ).
DISCLAIMER : breaking into other people's accounts can have legal consiquences, this is purely for education purposes. We are not responsible for legal consequences ( if any ).
How To Install :
1) Downlaod the attached file. ( according to your OS )
2) Just copy and paste it into your device.
3) Reboot device.
4) Click on the i-spy application in the application menu.
How to make it work:
1) Go near the victim ( victim must have his cellphone with it's radio on).
2) Turn the application on.
3) Enter the victim's cellphone number.
4) Wait till the application decrypts the signals.
5) Look at the data you want, classified under the given menus.
Enjoy !
Screenshot :
Me and Neo have worked really hard for this application, please consider donating ( donation link in the application itself ).
Feedback welcome.
WP7, WM, iOS versions coming soon.
Download Link ( for other than Android) :
---coming soon---
It is a bit slow, and hangs up while searching ! But it worked great otherwise !
Thanks for the share !
Wow, works better then expected
Accidently picked up a signal from my (male) teachers Phone..
Nasty stuff..
Just be carefull when using this!
Another question, is there a way to protect against this?!
Thanks, man !
Yes, good question. Actually a small tweak in the broadcast of radio signals from devices can sort this issue out, ( Only if network operators knew about this ). They just need to block certain type of decryption.
And yeah, please use it well. Please, don't use it to spy on other people, only for fun purposes !
Wow!
To be the 1st version is ok, sometimes it´s slow to open but it is fantastic!
Didn't think this would be possible, but I just tested it on my girlfriends phone. And it works! Creepy stuff.
Sent from my HTC Legend using XDA App
if it was any other day than today i would be so inclinded to download this.
April fool's Software?!!!!
XDA Developers would NEVER stoop so low as to provide an april fools joke. That's preposterous.
Darn, the first one to get me today was XDA -
Good Job!
April Fools!
I never wanna read my mom's texts again xDDD
Dang, I was really looking forward to this.....
Update?
I get an FC when trying to open .jpg's on my G2. Do I have to download files locally in order to open them?
cant wait for my DHD to get official gingerbread so i can test this unless the dev releases update for 2.2 sooner than that
Please, tell me this is fake...
at first I thought its april joke ... but great work guys!!
i still believe it's a great app
nice job
Mods please move this post if in the wrong place. OK, I couldn't find it ANYWHERE on XDA but, I did find it by doing extensive baidu (China's Equivalent of Google Search engine) searches and translations. So I give to you all QPST 2.7 build 402. I have the newest and latest QXDM and QCAT also. They were uploaded to the Chinese site on February 13, 2013. QXDM requires activation so I wont post it. I will post QCAT if anyone requests it though, as it does not require activation and neither does this version of QPST. I have seen numerous posts over the net where people wanted QPST 2.7 build 385 but this one surpasses that version. Annoyingly enough though, I still cant write settings to my girlfriends LGL55CV3 Straight Talk android phone with it . So if anyone here can help me out on this, please feel free to do so. So enjoy and hit thanks if I've helped you out.:good: http://www.mediafire.com/?yya85byog8kqtxn
:good:
solcam said:
Mods please move this post if in the wrong place. OK, I couldn't find it ANYWHERE on XDA but, I did find it by doing extensive baidu (China's Equivalent of Google Search engine) searches and translations. So I give to you all QPST 2.7 build 402. I have the newest and latest QXDM and QCAT also. They were uploaded to the Chinese site on February 13, 2013. QXDM requires activation so I wont post it. I will post QCAT if anyone requests it though, as it does not require activation and neither does this version of QPST. I have seen numerous posts over the net where people wanted QPST 2.7 build 385 but this one surpasses that version. Annoyingly enough though, I still cant write settings to my girlfriends LGL55CV3 Straight Talk android phone with it . So if anyone here can help me out on this, please feel free to do so. So enjoy and hit thanks if I've helped you out.:good: http://www.mediafire.com/?yya85byog8kqtxn
Click to expand...
Click to collapse
---------- Post added at 04:36 PM ---------- Previous post was at 03:44 PM ----------
:good:
solcam said:
Mods please move this post if in the wrong place. OK, I couldn't find it ANYWHERE on XDA but, I did find it by doing extensive baidu (China's Equivalent of Google Search engine) searches and translations. So I give to you all QPST 2.7 build 402. I have the newest and latest QXDM and QCAT also. They were uploaded to the Chinese site on February 13, 2013. QXDM requires activation so I wont post it. I will post QCAT if anyone requests it though, as it does not require activation and neither does this version of QPST. I have seen numerous posts over the net where people wanted QPST 2.7 build 385 but this one surpasses that version. Annoyingly enough though, I still cant write settings to my girlfriends LGL55CV3 Straight Talk android phone with it . So if anyone here can help me out on this, please feel free to do so. So enjoy and hit thanks if I've helped you out.:good: http://www.mediafire.com/?yya85byog8kqtxn
Click to expand...
Click to collapse
Ummmm...Yeah. If you say so.
solcam said:
Ummmm...Yeah. If you say so.
Click to expand...
Click to collapse
Anyone managed to download this?
No. It says that it belongs to an unvalidated account. I know that 418 is now out too if anyone might have this one.
cezar1 said:
This file infected by troyan. Thanks a lot
Click to expand...
Click to collapse
I had no issues with it... and still use it. I will look into it. I did not upload it, I just posted the link.
---------- Post added at 10:56 PM ---------- Previous post was at 10:32 PM ----------
cezar1 said:
This file infected by troyan. Thanks a lot
Click to expand...
Click to collapse
I did some checking and a few people DID have issues with this. Thank you for bringing it to my attention...
If you install this via "setup.exe" it will put a backdoor on your system. It lives at "C:\Users\Admin\AppData\Roaming\Qualcomm". It will also add itself to the "HKCU/Software/Microsoft/Windows/Current Version/Run" key in the registry. There is no virus in the MSI file.
You should be able to detect it, remove it and use build 422. Again, I am using it without issue.
rekamyenom said:
I had no issues with it... and still use it. I will look into it. I did not upload it, I just posted the link.
Click to expand...
Click to collapse
Hello, fellow QPST users.
QPST 2.7 Build 4.2.2 is a fake version with keylogger.
Some a$$hole downloaded latest public QPST build (4.0.2) and decompiled MSI installer package, then edited all "4.0.2" to "4.2.2", added "fake changelog", added keylogger (qualcomm.exe), then repackaged and spread around web!
Everyone who downloaded QPST build "4.2.2" should change all his passwords.
More info about malware from fake 4.2.2 build (QPST.2.7.422.msi)
MSI package (QPST.2.7.422.msi) was embedded/tampered with qualcomm.exe which is a .NET based malware that logs your keystrokes and sends it to attacker's server.
How to delete the actual malware from your system?
Look at the startup from msconfig or CCleaner, there should be a file called qualcomm.exe thats set to start everytime system starts. Delete both registry and file.
If you wanted to see what data thief was stolen from you. Just open the .dc file (in "dclogs" folder) with Notepad and see for yourself.
In XP, dc file is located here!
C:\Documents and Settings\Administrator\Application Data\dclogs
there should be a file called "201X-XX-XX-X.dc
if you open that DC files with Notepad, you'll see all your keystrokes.
Here is mine. I've intentionally entered paypal site with fake info.
:: Run (3:01:51 AM)
Script kiddie. NET Based malware, huh?[ESC]
:: Program Manager (3:02:14 AM)
e
:: Firefox (3:02:18 AM)
www.paypal.com
[email protected][TAB]
mypaypalpass
[ENTER]
:: Documents and Settings (3:02:19 AM)
[UP]
:: Administrator (3:02:28 AM)
[DOWN][DOWN][DOWN][DOWN][DOWN][DOWN][DOWN][DOWN][DOWN][DOWN]
[DOWN][DOWN][DOWN][DOWN][DOWN][DOWN][DOWN][DOWN][DOWN][DOWN][DOWN][DOWN][DOWN]
d
:: (3:02:34 AM)
:: Administrator (3:02:34 AM)
d
:: (3:03:11 AM)
mmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmm
:: [Release] QPST 2.7 BUILD 422 - Download Here - Enjoy - Mozilla Firefox (3:03:57 AM)
crap
How to delete?d
:: Clipboard Change : size = 16 Bytes (3:03:57 AM)
QPST.2.7.422.msi
:: (3:04:23 AM)
cccccc
Click to expand...
Click to collapse
Keylogger sends the logs from keylogger to "qpst.hopto.me"
So please report about this incident where and when you encounter QPST 4.2.2 somewhere (forums, posts, sharing-sites, etc)
Copy my whole post and paste it where you see 4.2.2 mentioned.
Bonus: Fake Changelog
If you've installed this 422 build, then open the Readme.txt in C:\Program Files\Qualcomm\QPST\Documents
Scroll down and see the "6/12/13 QPST 2.7.422 changelog"
6/12/13 QPST 2.7.422
1) EFS Hello commands will not be sent unless the device is in a compatible mode. Sending this command when the
device is in download mode can cause a "server busy" message for a few seconds because of command retries.
2) Support for the Sahara device protocol (see 80-N1008-1 or equivalent) is now built in to the QPST server process.
This protocol is only supported by USB Serial ports, not TCP/IP connections. In QPST Configuration a device in
this mode will display as "Q/QCP-XXX (Sahara Download)". This mode can only be detected (1) when the QPST server
process starts or a COM port in this mode added to QPST, or (2) when a device enters Sahara mode on a port assigned
to QPST. This is because the device only sends its Hello message once, as soon as the COM port is opened.
Click to expand...
Click to collapse
Changelog above is actually cloned from QPST 2.7.394 Just scroll down and see Build 2.7.394 changelog. Its same!
So forget about Build 422. It doesn't exist.
Use QPST 2.7 Build 402. It's the latest public build
Sorry about my english
Best Regards
AnycallMongolia
can somebody give proper qpst latest version.
pl provide dropbox link
madroamer said:
can somebody give proper qpst latest version.
pl provide dropbox link
Click to expand...
Click to collapse
Okey, someone (HuaweiDevices.ru) leaked QPST v2.7.411 to the public. I've installed it myself and confirmed that its legit build.
Here is original link of the leak..
Here is my link.
http://d-h.st/qAy
Thread cleaned, potentially unsafe file and posts are gone. All members are to be reminded that whenever you flash anything, regardless of what it is, you take chances.
Thanks for the report, and thanks for not being disrespectful regarding the matter.
Now, back to development.
Thanks for your sharing this.
solcam said:
Mods please move this post if in the wrong place. OK, I couldn't find it ANYWHERE on XDA but, I did find it by doing extensive baidu (China's Equivalent of Google Search engine) searches and translations. So I give to you all QPST 2.7 build 402. I have the newest and latest QXDM and QCAT also. They were uploaded to the Chinese site on February 13, 2013. QXDM requires activation so I wont post it. I will post QCAT if anyone requests it though, as it does not require activation and neither does this version of QPST. I have seen numerous posts over the net where people wanted QPST 2.7 build 385 but this one surpasses that version. Annoyingly enough though, I still cant write settings to my girlfriends LGL55CV3 Straight Talk android phone with it . So if anyone here can help me out on this, please feel free to do so. So enjoy and hit thanks if I've helped you out.:good: http://www.mediafire.com/?yya85byog8kqtxn
Click to expand...
Click to collapse
anycallmongolia said:
Okey, someone (HuaweiDevices.ru) leaked QPST v2.7.411 to the public. I've installed it myself and confirmed that its legit build.
Here is original link of the leak..
Here is my link.
http://d-h.st/qAy
Click to expand...
Click to collapse
Link works. Thank you.
Hello guys, i have a LG G2 with 3g issue , it works just in 2g, somebody can upload his QCN file so i try to replace mine with it? Thank you so much
!!!!!!!!!!!!!!!!!! WARNING !!!!!!!!!!!!!!!!!!
!!! TROJAN AGAIN !!!
Some time ago in Feb 2014 man named anycallmongolia posted a link to QPST 2.7 build 411
Link points to the site HuaweiDevices.ru
h_t_t_p_://_huaweidevices._ru/ROMS/QPST_2.7.411.rar
Later I'd personally downloaded this version from this topic a few times in 2014 and this was normal non fake QPST which i'd installed on a few PC's. (Can't remember particular link now). Today I would like to install QPST to a new NB PC, so assumed this topic as the best source. Being a recovery/data structures expert I always inspect code (mostly by viewing in text/hex). As most of members I've very high trust level to xda (certainly it's much higher then one related to the "famous and respectable" corps like Google/MS/Apple/etc, who aren't on my side, I'm sure).
I've installed QPST got from this topic a few times, so I'd almost pressed Enter (I use FAR most of time and advice you to do the same) over the DL'd file "qpst 2 7 411.exe".... What??? - EXE??? And it's just about 500Kb long... But QPST installer occupies about 16Mb.
I've explored body - I's typical malware with slightly "encoded" (to prevent direct reading) data inside. QXDM offered on the neighbor page is the same malware of the same size.
If you'll try to dl QPST from above link you'll got 404 error in the center of normal html page with site menu etc... What normal man would think in this case? He'll think page/product have moved (e.g. due to overload protection) and what he'll do next? He'll try to find where page have moved and... will got link in menu just at the bottom of 404 page. It's just trivial (but very good working!) "social engineering" - publish real app in trusted place and when it will pass checks replace it with malware. (Or may be domain was sold to the criminals as it often occures in Russia for a few latest years). Even if you will check DL url in the status bar it will show link to the .RAR archive, but ASAY click the link it will be redirected to .exe!
PLEASE PUBLISH BIG WARNING on TOPIC START and remove links to HUAWEIDEVICES.RU!!!
Furthermore. Situation is much worse because huaweidevices shows 1ST position in search request "QPST 2.7.411" by Yandex.ru (#1 search engine in Russia) and 2ND position in Google results with the same request!!! It's VERY DANGEROUS situation! Thousands if not millions of peoples are at risk of infection.
I'm going to write abuses to Google and Yandex NOW!
Please spread info on such a new attack manner/technique around your friends, collegues and internet.!
Always check what you run!!!
QPST 2.7 build 425 (The REAL Thing!)
It is so irritating to see all of the jerks who are trying to spread viruses and malware nowadays.
Here is the REAL build 425:
http://www.mediafire.com/download/neeapht51ub2333/QPST.WIN.2.7_Installer-00425.1.zip
drkcobra said:
It is so irritating to see all of the jerks who are trying to spread viruses and malware nowadays.
Here is the REAL build 425:
h_t_t_p_://_w_w_w.mediafire.com/download/neeapht51ub2333/QPST.WIN.2.7_Installer-00425.1.zip
Click to expand...
Click to collapse
Very very very BIG Thank you!!!
That's really new one and it contains new very promising QFIL util. Didn't explored much yet!
God bless on you man!
BTW does anybody know how to descramble (decrypt)/scramble (encrypt) back EFS/NVRAM partitions (in most cases modemst*). I'd like to be able to patch/change every byte in EFS (not just locks etc bull****, my phones are always free of any contracts). Full modem FW reversing seems too difficult to me (i'm 'not so strong' in ARM assembly and there is too much code in modem FW). I'm sure for a such long period (over decade) of EFS life there should be methods around to manipulate it independently of mfr/commercial products, but I can't find them for a long time. Trust me, it's fully idiotic situation I'm (you're) not able to do with my (yours) computer (PDA is computer, not the "phone") all I want to do being "restricted" to access only data some f...n mfr "allowed" me to access. It's my device, I'd paid for it and I will decide what me to do with it.
Furthermore, modern public licenses don't allow to hide parts of object (device) code, where GNU/GPL code is the main part. Is anybody here who think that Linux/Unix value in ALL there f...n "modern" Android devices less than 90%? Most router mfrs have already forced by requirements GNU/GPL to publish full compilable code of their firmware. I shouldn't have clue what all they want to hide related to their "commercial" and manipulating interests. Using 30years of thousands people's free labor in their commercial products , they're obligated to publish full sources and should DO IT.
Apple is today wealthiest corp on this planet, but If you'll look into the Apple's internals you'll find tons of MODERN Linux code (protected by modern GNU/GPL) simply stolen from open source depositories, then adopted to MacOS/iOS then closed and sold as commercial product . Is it fair game?
TheDrive said:
Very very very BIG Thank you!!!
That's really new one and it contains new very promising QFIL util. Didn't explored much yet!
God bless on you man!
BTW does anybody know how to descramble (decrypt)/scramble (encrypt) back EFS/NVRAM partitions (in most cases modemst*). I'd like to be able to patch/change every byte in EFS (not just locks etc ...................
Click to expand...
Click to collapse
I use EFS Pro for BackUp and Restore.... Sadly its windows only, but works great with VirtualBox on Linux Mint Cinnamon/MATE 17.1 x64.
Hosted on the wonderful XDA:
http://forum.xda-developers.com/gal...ol-updated-09-06-14-efs-professional-t1308546
FWIW
I hear you about Apple, used to be a hardcore fan, when they were nearly bankrupt. I still swear by OS X, but not the iTard line of devices. I tell my nieces and nephews to get an Android cause they are not ignorant! lol There should be more of an effort to make people understand that Apple is using allot of *BSD (Linux) source. The GUI is closed, but some of the other source is available in the dev program site they host.
unimatrix725 said:
I use EFS Pro for BackUp and Restore.... Sadly its windows only, but works great with VirtualBox on Linux Mint Cinnamon/MATE 17.1 x64.
Hosted on the wonderful XDA:
http://forum.xda-developers.com/gal...ol-updated-09-06-14-efs-professional-t1308546
Click to expand...
Click to collapse
Thank you! Certainly I know this good product. It can manipulate NVRAM through COM-port, just the way QPST does it communicating w/modem FW. Is has many advanced options but seems not to be reliable enough (too many OEM customizations around, it's difficult to reverse all) As you stated it can also backup some partitions (like EFS). but you can do this yourself just by simple ADB/Unix shell commands (e.g. "dd if=/dev/block/mmcblk0p?? of=/sdcard/mmcblk0p??.img")
You can write simple scripts and perform such backups directly from device (to SD). Furthermore, you can customize CWM/TWRP for your device to perform such backups from recovery.
To do it you should know which partition numbers to backup/restore (to backup/restore what data you want).
There are methods/commands available to get needed info to build full device partition map (e.g. some devices contains "folders" named "by-names" deeper in /dev/block/... (where partitions are named), but in some cases (e.g. some 2013 MSM7227 based Samsung phones like GT-S756x) there is no names associated with particular proprietary partitions in the device, (at all) so the only way to find what data reside there is to backup and look (hex) with your own "experienced" eyes what these data seems to be (or search what others found on the theme). EFSPro "from the box" also knows only a few device's partition maps so, in most cases you should build configuration for your device manually with full knowledge of it.
There is no problem to locate and backup encrypted modem data partitions (modemst*/efs/etc...) if your device is rooted. Moreover, if your device has standard Qualcomm bootloader (not OEM's cut) you can switch device to the standard Qualcom DM (download mode) when all your eMMC contents will be exposed to USB bus as mass storage device (just like UFD or SDCard) and you can backup/restore whole drive contents or particular partitions just like PC's own partitions (try some "chnese" stuff (made of quality parts) instead of "branded" ones and you'll see superiority of the "open world".
But main question is how to decrypt modem data to explore and change them as I want at any time. Mfrs (i.e. Qualcomm and OEMs hide serials, locks etc BS there, but there is a lot of other interesting stuff related to modem configuration which is also closed and encrypted. This drives me wild because it's my device and my serials/locks and other stuff too, so it's my option to do with is what I want and no one else. I'm definitely know and sure modem FW/config and even mask ROM (which we most probably never will be able to explore) contains many hidden features that may lead to remotely force device to collect info about user and perform actions without his knowledge and consent. I have no matter what all these sec... services planned to do with all these exploits they forced OEMs/chipmakers to implement., but (sic!) they allowed information about these exploits to leak wild! So some "generic" engineers who simply have job and low level access to cellular provider's equipment (which able to broadcast custom service packets) to make "what they want with user's phones (e.g. switch it on or request GPS data) just "for fun". F them all, but most idiotic is fact that being an 25y experienced "lowest level" service engineer I can't get access and control over my own devices (i.e. computers). It's incorrect. It would be difficult but we should pay more attention to explore internals and get clue what goes on.
unimatrix725 said:
FWIW
I hear you about Apple, used to be a hardcore fan, when they were nearly bankrupt. I still swear by OS X, but not the iTard line of devices. I tell my nieces and nephews to get an Android cause they are not ignorant! lol There should be more of an effort to make people understand that Apple is using allot of *BSD (Linux) source. The GUI is closed, but some of the other source is available in the dev program site they host.
Click to expand...
Click to collapse
I've personally explored OSX files and partitions and seen much modern Linux code inside. They even don't hide "copyrights". Nobody will explore anyway and nobody cares. Old 80x-90x versions of public licenses allowed to do "anything" with free open sources (including to make changes, then close sources and sell product). After some smartasses like Apple used this hole to sell free labor of thousands of peoples, public license had changed. Modern licenses allows you to sell derived product, but obligate you to open sources (with same license) so anyone else can use them to and sell too. You can't close your part of sources if free code is most valuable part of your product. E.g. router mfr can't close part his own sources to make firmware sources "uncompilable" because Linux definitely is most valuable part of router FW. This warrant later development of free open source programs and free community n whole. Apple stated that they used only old 80x code in their OS'es and then developed it separately and thus they are not obligated to open sources to everyone. They would be right unless they didn''t used a lot of modern code protected by modern public license's requirements. I didn't explored deeply. May be they publish all derived code for free. Today we can't say accurately if some modern Linux components they adopt for Mac/iOS are most valuable part of their systems or not. We should explore all the code to make decision. but anyway it's not fair to use a lot of thousand's people's free labor just to make money. Google's position here is not ideal but much more fair. They publish most of sources and support open source community. They don't try to make system "unbreakable" and they don't force you to use their accounts too much. I've NO Google "phone" account AT ALL. I've no need in any "markets", "clouds" ect BS., which lead absolutely no problem to me to effectively use Android devices. There are lots of free APK's around
It practice, I have 2-3 old iPhones just for experiments. Yes we have Jailbreaks and some other stuff, but even if you break and get access to your device it's very uncomfortable to work with it at low level. On my sight just one ADB interface costs more then all "jingles and bells" of iOS's GUI. All these "tethered-untethered", "unbreakable" bootloaders in Mask ROM, lack of normal tools to explore and manage data on any level, total control and extraction of my data by mfr via strongly encrypted obfuscated protocols and hidden services make these devices useless for me in practice.
Windows Phone is even far more closed OS then iOS. You have no control over your data at all. You can't do a thing with WP device unless you sign up with MS account. You can't get access to your own data (except MM files) unless you sync it with MS cloud, i.e. you will be forced to send all your private data to MS and MS will decide whether to give piece of it back to you or not. Matrix in action. I've absolutely no clue what thought MS bosses when they decided to close ALL in OS that have had less than 1% of market. Their 1st goal was to attract developers to write apps for their OS and there was no better way to kick them than "close All". There is no matter does it perform GUI actions good or not when devs and users have no effective way to collect and use "useful" results of device's work.
drkcobra said:
It is so irritating to see all of the jerks who are trying to spread viruses and malware nowadays.
Here is the REAL build 425:
http://www.mediafire.com/download/neeapht51ub2333/QPST.WIN.2.7_Installer-00425.1.zip
Click to expand...
Click to collapse
The new versions got rid of QXDM and RF NV Manager.
Build 415
etirkca said:
The new versions got rid of QXDM and RF NV Manager.
Click to expand...
Click to collapse
I have not used this version, so do not know if it has been removed from this one or not, but here is a legitimate copy of build 415:
http://www.mediafire.com/download/ac6yh57yye363mx/QPSTWIN2700415.rar
Hello,
Thanks for taking some time to read this. Let me start off by mentioning that this all originated on my PC I believe and an unauthorized user obtained access to my network and therefore all my devices.
My OnePlus 7 Pro was what seriously concerned me as not only was it infected, the attacker actually pushed a firmware update to my phone and it randomly reset as I was using it into a completely different/custom rom that he of course had complete control over.
I upgraded to a OnePlus 8T and after walking out of the T-Mobile store I found out my new phone was already infected.... How? Well, the escalated priviliges this attacker had allowed him to auto connect to my OnePlus device using the OnePlus SmartSwitch app. Yeah, I thought it was crazy too.
So I've tried to hard reset my devices, which actually turned out to be a bad idea as this infection actually hijacked the the process by (I'm not super familiar with reading all the log data) but it was clear that multiple main processes were killed and it took control and a warning popped up saying (WARNING! This is a Debug Kernel and is not fit for a standard ROM. If you did not authorize this then your privacy may be at risk as this could potentially allow an unauthorized user complete control of your device" it was something along these lines, may not be the exsct wording but you get my point. (This was on my Samsung Galaxy Tab S7+)
More or less the same thing with my OnePlus 8T and it has complete control over all of my apps. The permissions my apps have are literally insane. I've attached screenshiots.
How can I mitigate this? What should I do? It has infected my 2017 MacBook Air, PC, OnePlus 8T, Samsung Galaxy Tab S7+, Asus ROG Rapture GT-AX11000 Router, Netgear Nighthawk Router and possibly more. This thing is crazy advanced to the point I didn't even know malware like this existed.
ALSO: I found out that Busy Box is installed on my devices without my authorization BUT my device isn't rooted.
[Samsung Galaxy Tab S7+]
|One UI Version|
2.5
|Android Version|
10
|Baseband Version|
T978USQS1ATJ5
|Kernel Version|
4.19.81-19543082
#2 Sun Oct 11 17:18:26 KST 2020
|Build Number|
QP1A.190711.020.T978USQS1ATJ5
|SE for Android Status|
Enforcing
SEPF_SM-T978U_10_0020
Sun Oct 11 16:58:25 2020
|Knox Version|
Knox 3.6
Knox API level 32
TIMA 4.1.0
DualDAR 1.2.0
HDM 2.0 - F
|Service Provider SW ver.|
SAOMC_SM-T978U_OYN_TMB_QQ_0026
R52N810TWJM
TMB/TMB/TMB
|Carrier Configuration Version|
2.340001
|Security Software Version|
MDF v3.1 Release 5
WLAN v1.0 Release 2
VPN PP-MOD v2.1 Release 3.0.1
ASKS v3.1 Release 20200806
ADP v3.0 Release 20191001
FIPS BoringSSL v1.4
FIPS SKC v2.1
FIPS SCrypto v2.5
SMR Oct-2020 Release 1
|Android Security Patch Level|
October 1, 2020
[T-Mobile | OnePlus 8T]
|Model|
KB2007
|Android Version|
11
|Carrier Configuartion Version|
2.360001
|Baseband Version|
MPSS.HI.2.0.c4-00028-SDX55_RMTEFS_PACK-1.327103.53
|Kernel Version|
4.19.110-perf+
#1 Wed Dec 16 22:01:42 CST 2020
|Software Version|
11.0.6.8.KB09CB
|Android Security Update|
November 1, 2020
{
"lightbox_close": "Close",
"lightbox_next": "Next",
"lightbox_previous": "Previous",
"lightbox_error": "The requested content cannot be loaded. Please try again later.",
"lightbox_start_slideshow": "Start slideshow",
"lightbox_stop_slideshow": "Stop slideshow",
"lightbox_full_screen": "Full screen",
"lightbox_thumbnails": "Thumbnails",
"lightbox_download": "Download",
"lightbox_share": "Share",
"lightbox_zoom": "Zoom",
"lightbox_new_window": "New window",
"lightbox_toggle_sidebar": "Toggle sidebar"
}
I have the same malware on my device! It's a spyware-type malware, and I'm not sure how my device contracted it, to be honest. I'll type my software information below so that others can find this post, too, and not feel left out.
Model:
Samsung S9+
Model number:
SM-G956U
One UI version:
2.5
Android version:
10
Baseband version:
G965USQU9FVB2
Kernel version:
4.9.186-22990479
#1 Thu Feb 24 18:22:06 KST 2022
Build number:
QP1A.190711.020.G965USQU9FVB2
SE for Android status:
Enforcing
SEPF_SM-G965U_10_0030
Thu Feb 24 18:33:14 2022
Knox version:
Knox 3.4.1
Knox API level 30
TIMA 4.0.0
Service provider SW ver.:
SAOMC_SM-G965U_OYN_TMB_QQ_0026
32564c5336363098
TMB/XAA/VZW
Carrier configuration version:
2.450001
[Update]
(P.S. After factory resetting my device, it changed to "0.0.0")
Security software version:
MDF v3.1 Release 5
WLAN v1.0 Release 2
VPN PP-MOD v2.1 Release 3.0.1
ASKS v3.1 Release 20200806
ADP v3.0 Release 20191001
FIPS BoringSSL v1.4
FIPS SKC v1.9
FIPS SCrypto v2.2
SMR Mar-2022 Release 1
Android security patch level:
March 1, 2022
When I tried to mess around with my Developer's options, it showed that I am not the administrator. It doesn't allow me to turn on "Restrict my SMS and call log access" under Apps, and a bug report I opened and had looked at gave me these additional specifications I had never seen before:
Build fingerprint:
'samsung/star2qltesq...'
Bootloader:
G965USQU9FVB2
Radio:
G965USQU9FVB2
Network:
(unknown)
Module Metadata version:
330477090
Kernel:
Linux version 4.9.186-22990479...
Besides this, all of my applications have been compromised; they all have odd versions, permissions I cannot control (such the system app, Tips, being able download files without notifying me), can change system settings, install unknown apps, have "Open source licenses," and so on. Some of the capabilities that my app, Messages, has is the ability to modify my call logs, send out messages without my knowledge (then delete them), use my microphone to record at any given time, and connect or disconnect from Wi-Fi. It's quite difficult for me to find authentic information online, because my Google Chrome app constantly gives me false redirections to fake/modified links that appear legitimate.
Everything on my phone will tell me that the apps, the websites, and the operating system are safe and authentic, but they're all infected. I have been under the false impression that nothing was wrong with my device for months now, because judging from my Wi-Fi usage history, it had spiked up between June-July.
I'll also go ahead and attach a sh*tload of screenshots on what the malicious, system applications look like.
Rotting Brain said:
I have the same malware on my device! It's a spyware-type malware, and I'm not sure how my device contracted it, to be honest. I'll type my software information below so that others can find this post, too, and not feel left out.
Model:
Samsung S9+
Model number:
SM-G956U
One UI version:
2.5
Android version:
10
Baseband version:
G965USQU9FVB2
Kernel version:
4.9.186-22990479
#1 Thu Feb 24 18:22:06 KST 2022
Build number:
QP1A.190711.020.G965USQU9FVB2
SE for Android status:
Enforcing
SEPF_SM-G965U_10_0030
Thu Feb 24 18:33:14 2022
Knox version:
Knox 3.4.1
Knox API level 30
TIMA 4.0.0
Service provider SW ver.:
SAOMC_SM-G965U_OYN_TMB_QQ_0026
32564c5336363098
TMB/XAA/VZW
Carrier configuration version:
2.450001
[Update]
(P.S. After factory resetting my device, it changed to "0.0.0")
Security software version:
MDF v3.1 Release 5
WLAN v1.0 Release 2
VPN PP-MOD v2.1 Release 3.0.1
ASKS v3.1 Release 20200806
ADP v3.0 Release 20191001
FIPS BoringSSL v1.4
FIPS SKC v1.9
FIPS SCrypto v2.2
SMR Mar-2022 Release 1
Android security patch level:
March 1, 2022
When I tried to mess around with my Developer's options, it showed that I am not the administrator. It doesn't allow me to turn on "Restrict my SMS and call log access" under Apps, and a bug report I opened and had looked at gave me these additional specifications I had never seen before:
Build fingerprint:
'samsung/star2qltesq...'
Bootloader:
G965USQU9FVB2
Radio:
G965USQU9FVB2
Network:
(unknown)
Module Metadata version:
330477090
Kernel:
Linux version 4.9.186-22990479...
Besides this, all of my applications have been compromised; they all have odd versions, permissions I cannot control (such the system app, Tips, being able download files without notifying me), can change system settings, install unknown apps, have "Open source licenses," and so on. Some of the capabilities that my app, Messages, has is the ability to modify my call logs, send out messages without my knowledge (then delete them), use my microphone to record at any given time, and connect or disconnect from Wi-Fi. It's quite difficult for me to find authentic information online, because my Google Chrome app constantly gives me false redirections to fake/modified links that appear legitimate.
Everything on my phone will tell me that the apps, the websites, and the operating system are safe and authentic, but they're all infected. I have been under the false impression that nothing was wrong with my device for months now, because judging from my Wi-Fi usage history, it had spiked up between June-July.
I'll also go ahead and attach a sh*tload of screenshots on what the malicious, system applications look like.
Click to expand...
Click to collapse
to fix this you need to reinstall te full firmare in odin, and format the sd card o the device ( a back up is not recommended due the malware can be copy too
tutibreaker said:
to fix this you need to reinstall te full firmare in odin, and format the sd card o the device ( a back up is not recommended due the malware can be copy too
Click to expand...
Click to collapse
Thank you, I was planning on doing so, anyway. I'm just learning as much as I can before I reinstall the stock firmware, such as if there's a method I could use that wouldn't trip Knox because I like using some of the Samsung applications.
I have 2 other phones that have been compromised, as well, and the hacker knows, essentially, all my passwords now to all of my accounts, and has access to my SIM card/number. It's frustrating that when an application requests a verification code, I get messages like these:
<#> Account: [redacted] is your Samsung account verification code.
bP2ROrn3fZQ
Click to expand...
Click to collapse
<#> Your WhatsApp code: [redacted]
You can also tap on this link to verify your phone: v.whatsapp.com/[redacted]
Don't share this code with others
4sgLq1p5sV6
Click to expand...
Click to collapse
And it also gets onto my WhatsApp account. I really have to flash my mobile devices, I'm just afraid I'll f*ck up really badly.
Rotting Brain said:
Thank you, I was planning on doing so, anyway. I'm just learning as much as I can before I reinstall the stock firmware, such as if there's a method I could use that wouldn't trip Knox because I like using some of the Samsung applications.
I have 2 other phones that have been compromised, as well, and the hacker knows, essentially, all my passwords now to all of my accounts, and has access to my SIM card/number. It's frustrating that when an application requests a verification code, I get messages like these:
And it also gets onto my WhatsApp account. I really have to flash my mobile devices, I'm just afraid I'll f*ck up really badly.
Click to expand...
Click to collapse
usind odin wont trip knox
tutibreaker said:
usind odin wont trip knox
Click to expand...
Click to collapse
That's relieving to know, thank you!
I have the same issue now going on for 2 years.
I have changed everything from emails devices wifi and cel companies. I've been super careful to not access any infected data from previous devices. On my new note 20 5g ultra out of box disabled blue tooth and dis not connect to any wifi so far. I di not transfer data from any device..
I've lost so much time and money trying to get rid of this. I've lost all 99 of all my Pic videos for over the past decade emails and social media accounts.
Knox has been activated I tried to access the account but I've been unsuccessful.
Has flashing it work for anyone else. I have on previous devices galaxy 8plus just to reverse back to the compromised state.
Glow1717 said:
I have the same issue now going on for 2 years.
I have changed everything from emails devices wifi and cel companies. I've been super careful to not access any infected data from previous devices. On my new note 20 5g ultra out of box disabled blue tooth and dis not connect to any wifi so far. I di not transfer data from any device..
I've lost so much time and money trying to get rid of this. I've lost all 99 of all my Pic videos for over the past decade emails and social media accounts.
Knox has been activated I tried to access the account but I've been unsuccessful.
Has flashing it work for anyone else. I have on previous devices galaxy 8plus just to reverse back to the compromised state.
Click to expand...
Click to collapse
To be honest, I eventually gave up on it because whoever it is that wants access to my devices clearly has the resources to do so.
On top of that, no one would believe me when I tried to explain to them how serious it is and all the information I've gathered to prove my point.
Unfortunately, I'm not fluent enough in coding or low level system management to professionally explain my concern for anyone to listen to.
I came to the realization that in the bigger picture, I'm a nobody in the cybersecurity field and what that means is no one will take me, and most likely you, seriously nor do others want to spend their time assisting us for anything short of a fortune.
If you are experiencing something similar to what I've posted here then chances are high you are being targeted specifically and without the relevant cybersecurity knowledge to protect yourself, you will never get away from it.
Hate to be negative here but I can assure you that I spent countless days, weeks, months trying to figure it out by researching, contacting cybersecurity specialists, forums etc. all to no avail.
I genuinely wish you luck and if you happen to find some information you could share with me, I'd appreciate it.
Outside spending a small fortune to hire an expert to come to my house and dig deep into my network, I don't see a way to resolve it, personally.
Good luck
Sentimental Sugarcube said:
I have the same malware on my device! It's a spyware-type malware, and I'm not sure how my device contracted it, to be honest. I'll type my software information below so that others can find this post, too, and not feel left out.
Model:
Samsung S9+
Model number:
SM-G956U
One UI version:
2.5
Android version:
10
Baseband version:
G965USQU9FVB2
Kernel version:
4.9.186-22990479
#1 Thu Feb 24 18:22:06 KST 2022
Build number:
QP1A.190711.020.G965USQU9FVB2
SE for Android status:
Enforcing
SEPF_SM-G965U_10_0030
Thu Feb 24 18:33:14 2022
Knox version:
Knox 3.4.1
Knox API level 30
TIMA 4.0.0
Service provider SW ver.:
SAOMC_SM-G965U_OYN_TMB_QQ_0026
32564c5336363098
TMB/XAA/VZW
Carrier configuration version:
2.450001
[Update]
(P.S. After factory resetting my device, it changed to "0.0.0")
Security software version:
MDF v3.1 Release 5
WLAN v1.0 Release 2
VPN PP-MOD v2.1 Release 3.0.1
ASKS v3.1 Release 20200806
ADP v3.0 Release 20191001
FIPS BoringSSL v1.4
FIPS SKC v1.9
FIPS SCrypto v2.2
SMR Mar-2022 Release 1
Android security patch level:
March 1, 2022
When I tried to mess around with my Developer's options, it showed that I am not the administrator. It doesn't allow me to turn on "Restrict my SMS and call log access" under Apps, and a bug report I opened and had looked at gave me these additional specifications I had never seen before:
Build fingerprint:
'samsung/star2qltesq...'
Bootloader:
G965USQU9FVB2
Radio:
G965USQU9FVB2
Network:
(unknown)
Module Metadata version:
330477090
Kernel:
Linux version 4.9.186-22990479...
Besides this, all of my applications have been compromised; they all have odd versions, permissions I cannot control (such the system app, Tips, being able download files without notifying me), can change system settings, install unknown apps, have "Open source licenses," and so on. Some of the capabilities that my app, Messages, has is the ability to modify my call logs, send out messages without my knowledge (then delete them), use my microphone to record at any given time, and connect or disconnect from Wi-Fi. It's quite difficult for me to find authentic information online, because my Google Chrome app constantly gives me false redirections to fake/modified links that appear legitimate.
Everything on my phone will tell me that the apps, the websites, and the operating system are safe and authentic, but they're all infected. I have been under the false impression that nothing was wrong with my device for months now, because judging from my Wi-Fi usage history, it had spiked up between June-July.
I'll also go ahead and attach a sh*tload of screenshots on what the malicious, system applications look like.
Click to expand...
Click to collapse
I'm glad that at least someone believes me.
My God, seriously.
I really hope you were able to get this fixed. I haven't been able to since my entire network has been infected. It's a really long story but the bottom line is that I've never seen malware with these capabilities. They are incredible and not one you would ever want to be infected with.
Glow1717 said:
I have the same issue now going on for 2 years.
I have changed everything from emails devices wifi and cel companies. I've been super careful to not access any infected data from previous devices. On my new note 20 5g ultra out of box disabled blue tooth and dis not connect to any wifi so far. I di not transfer data from any device..
I've lost so much time and money trying to get rid of this. I've lost all 99 of all my Pic videos for over the past decade emails and social media accounts.
Knox has been activated I tried to access the account but I've been unsuccessful.
Has flashing it work for anyone else. I have on previous devices galaxy 8plus just to reverse back to the compromised state.
Click to expand...
Click to collapse
I'm very sorry to hear that, I can't imagine what it's like to have to deal with this for such a long time. I slowly started losing my sanity when my devices were infected, especially my primary device (the Samsung Galaxy S9+), and had started becoming irrational at times due to the paranoia and lack of understanding about what had been going on the entire time.
I have yet to flash any of my devices, so I don't know just how well it'll work out doing so. What Android version is your Samsung Galaxy S8+, though? Because devices running on Android 9 (Pie) and up are pretty unique in the sense that the security rids the device of malware & spyware once a factory reset takes place, so if you have a newer operating system like you do on your Samsung Galaxy Note 20 Ultra 5G, then you may be able to fix that issue. Although, it would only clear up issues you have on your firmware/software & not be able to help issues you'd occur with a compromised hardware & network connection.
When I factory reset my Samsung Galaxy S9+ (which runs on Android 10), the oddity disappeared! I wish I had done it sooner or routinely, at least, because it would've saved me from so much stress & anxiety.
Although, as @JesseJamez55 mentioned, you may be directly targeted, and that makes a huge difference in the matter. I, for one, am not specifically in the center of attention — my best friend is, and I suppose I somehow got involved in this awfulness just for knowing about so many of the concerning experiences he's had in the last several years.
JesseJamez55 said:
To be honest, I eventually gave up on it because whoever it is that wants access to my devices clearly has the resources to do so.
On top of that, no one would believe me when I tried to explain to them how serious it is and all the information I've gathered to prove my point.
Unfortunately, I'm not fluent enough in coding or low level system management to professionally explain my concern for anyone to listen to.
I came to the realization that in the bigger picture, I'm a nobody in the cybersecurity field and what that means is no one will take me, and most likely you, seriously nor do others want to spend their time assisting us for anything short of a fortune.
If you are experiencing something similar to what I've posted here then chances are high you are being targeted specifically and without the relevant cybersecurity knowledge to protect yourself, you will never get away from it.
Hate to be negative here but I can assure you that I spent countless days, weeks, months trying to figure it out by researching, contacting cybersecurity specialists, forums etc. all to no avail.
I genuinely wish you luck and if you happen to find some information you could share with me, I'd appreciate it.
Outside spending a small fortune to hire an expert to come to my house and dig deep into my network, I don't see a way to resolve it, personally.
Good luck
Click to expand...
Click to collapse
I was planning on doing the same thing when I had gotten tired of it; I was just going to accept that my life will always be this way and there's nothing I can do to try to stop it from happening because I wasn't educated enough about the problems I was facing, and couldn't find any real information due to the DSN spoofing.
It's best to not share this with too many people — we'll end up looking like nutjobs, which we probably are a little of, due to apophenia & the heightened stress/anxiety (causing paranoia), haha. But in all seriousness, the people of people won't understand or believe is — especially when we're more suspectable to being discredited.
I think that's what the hackers/stalkers do — pick out & mess with those that have disadvantages (such as if one uses illegal substances known to distort our thinking or if one is diagnosed with a serious mental illness) because we're easily discredited.
How long has this been happening to you, if you don't mind me asking?
JesseJamez55 said:
I'm glad that at least someone believes me.
My God, seriously.
I really hope you were able to get this fixed. I haven't been able to since my entire network has been infected. It's a really long story but the bottom line is that I've never seen malware with these capabilities. They are incredible and not one you would ever want to be infected with.
Click to expand...
Click to collapse
I was extremely relieved when I found out there are others that believed me too & who were suffering from the same issues & malware.
I was able to get it fixed, thankfully, but I've also changed my way of thinking about this whole thing. I've started taking my medications, too (or I'm starting to again). And I agree, it's definitely a considerably severe form of electronic harassment. But I suppose it's inevitable, and there's no point in stressing out so much over it anymore — for me, at least.
JesseJamez55 said:
To be honest, I eventually gave up on it because whoever it is that wants access to my devices clearly has the resources to do so.
On top of that, no one would believe me when I tried to explain to them how serious it is and all the information I've gathered to prove my point.
Unfortunately, I'm not fluent enough in coding or low level system management to professionally explain my concern for anyone to listen to.
I came to the realization that in the bigger picture, I'm a nobody in the cybersecurity field and what that means is no one will take me, and most likely you, seriously nor do others want to spend their time assisting us for anything short of a fortune.
If you are experiencing something similar to what I've posted here then chances are high you are being targeted specifically and without the relevant cybersecurity knowledge to protect yourself, you will never get away from it.
Hate to be negative here but I can assure you that I spent countless days, weeks, months trying to figure it out by researching, contacting cybersecurity specialists, forums etc. all to no avail.
I genuinely wish you luck and if you happen to find some information you could share with me, I'd appreciate it.
Outside spending a small fortune to hire an expert to come to my house and dig deep into my network, I don't see a way to resolve it, personally.
Good luck
Click to expand...
Click to collapse
Your completely right. I thank you for your feedback and I greatly appreciate it. I usually get laughed at or from IT support at cox or other companies that will explain how to what is happening to my digital life is none existent and has not been developed yet and send me on my way after a virus scan resulting in 0 threats.
Your also think your right been someone targeting me. At this point I need to get my foil hat.. I really don't share that thought because even my bf has advised me to get a mental health evaluation... I understand after hearing me try to figure it out for mths 24/7..
This is the reason why I believe that it is a possibility. When all this came about I lived in North Las Vegas it's pretty bad unfortunately I didn't know when I bought and moved in from California. I felt safe it's a gated community!
I'm just gonna lay it out and I know what I sound like and I did end up going to get checked out clean menta aside from some anxiety from all of this.
After moving in a mth later I had some tampering with my truck but wasn't sure maybe by accident I did it .. I was always on the run.. but a few wks later I heard the back door open and I asked who was there and I caught someone's backside running out. I figured some stupid curious teen .. so concerned me living alone employed running a company and also a side business flipping cars and a truck a sports car and a classic that I was rebuilding.. maybe was drawing attention of the wrong kind. I got me a dog! Problem fixed um no still night noises outside and once on the roof that my BF was there that night and we would call the Police dept.. over and over again. So time to get cameras. Started with the ring system I had cameras in every direction including a couple inside. It was amazing! For a day that night someone tripped by breaker lost power again we ran out it was the BF of the person that managed the community... another police report for the pile. To make it short unless I was looking at it live what ever that was recorded I would get to see it original video maybe once and when I would try to show someone video would be gone or edited (at the time I did not know that video could be edited or set privacy guards filters from amazon etc) also I would started to see at night someone with lazer pointers. Later I was told it would disable the camera. True or not after looking like a mad woman with claiming to have proof to call the police.. and I no longer had the evidence no matter where I would back It up to.. I was mad all that money on the ring for this BS.. so I got Canary then I got Alfred and a long list of cameras apps and all the same. Luckily I was giving some credit when on a motion in an inside my home you could see a hand reaching to move the camera a I was able to show my BF and a friend but by the time pd showed up the video had been edited and the beginning with the dogs barking and the hand over my bed reaching for the camera was missing.. yes someone was in my bedroom while I was asleep and my BF was in bed asleep with me. The other hard evidence was not digital.. I was in the bathroom and heard noise coming from under my home.. I screamed out for help to the people that had come over for a get together. They saw the guy run from under the house and they chased him about a block and jumped into a waiting minivan. The rest of evidence I had in video that I once could see actual break ins in process and video with excellent quality would with in a min turn to a smear of colors exta zoomed imaged glared lights .. that nobody believed that I saw the person committing the crime. I had kept the videos and images of my smeared proof with hopes that one day I could get help and reverse the editing that destroyed my proof. I don't have many left..
After living in fear with most of my belongings and valuable stolen a walked away from my purchased home to rent in a safer neighborhood. Un the process I lost my job my side business..the classic dismantle my truck crashed into while parked at night hit and run ofcourse and turbo taken out of sports car .. and almost losing my mental.. having to deal with "hacking" constantly having to change passwords removing my device form child restrictions or fighting with my own virus protection software that would be program to restrict me accessing help and getting error codes when accessing government agencies google cox and tmobile.. it was the worst I believe. I'm glad I'm safe but still with this issue issue.. I've been trying to learn on my own and I Google everything.. I mean every word I come across and YouTube if I need further clarification and I started taking some classes to understand and remove and prevent what is happening to me one day.
Sorry about the novel.. lol
I'm going to attach a sample of my smeared images and some images of the modification that I have currently maybe someone understand all of this
Where I'm at .. I bought this phone and did not connect to wifi disabled blue tooth and disabled automatic downloads and I had not even turned on my data .. so I looked into OTA .. over the air programing and issues with samsung the data breaches etc.. I talk to samsung they said the modifications was not via OTA .. the IT rep could have been right ?? Not sure yet .. how else could possibly else be .. (about 2 years ago I found in my google shared doc that I was sharing to other my experiments results with radio data communication.. and was very common for me to see the verbiage spectrum radio, RTU, Scada, unlicensed radio, IoT, Ericson, transmitting data over radio as a wifi alternative. Alot of the apps I had then had something to do with that technology and companies) My ignorance at the time told me it had something to do with the huge radio antena that came with the home.
So I revisited that idea as a possible entrance point of infection??
I found libav64 with over 1060 system files saved on my device
Also in the framework files I found several of Verizon files.. I have t mobile never had Verizon. Because I have a Verizon build enforcing t mobile .. tmobile support accused me of inserting a Verizon chip .. I explained that I don't have one and never did .. she asked me to return it manufactur and exchange for new one.
I'm having an issue with upload speed for the images so I will repost with just the images
Sentimental Sugarcube said:
I'm very sorry to hear that, I can't imagine what it's like to have to deal with this for such a long time. I slowly started losing my sanity when my devices were infected, especially my primary device (the Samsung Galaxy S9+), and had started becoming irrational at times due to the paranoia and lack of understanding about what had been going on the entire time.
I have yet to flash any of my devices, so I don't know just how well it'll work out doing so. What Android version is your Samsung Galaxy S8+, though? Because devices running on Android 9 (Pie) and up are pretty unique in the sense that the security rids the device of malware & spyware once a factory reset takes place, so if you have a newer operating system like you do on your Samsung Galaxy Note 20 Ultra 5G, then you may be able to fix that issue. Although, it would only clear up issues you have on your firmware/software & not be able to help issues you'd occur with a compromised hardware & network connection.
When I factory reset my Samsung Galaxy S9+ (which runs on Android 10), the oddity disappeared! I wish I had done it sooner or routinely, at least, because it would've saved me from so much stress & anxiety.
Although, as @JesseJamez55 mentioned, you may be directly targeted, and that makes a huge difference in the matter. I, for one, am not specifically in the center of attention — my best friend is, and I suppose I somehow got involved in this awfulness just for knowing about so many of the concerning experiences he's had in the last several years.
Click to expand...
Click to collapse
My situation isn't on Android only, it's my entire network which includes the following;
PC's
Android Phones
Android Tablets (No longer own)
Macbook Pro (No longer own)
MacBook Air (No longer own)
Chromebook (After allowing Linux via Developer Settings)
Router
Samsung Smart TV (No longer own)
Sony AV Receiver
My CCTV DVR System (No longer own)
Any other device that either connects to my network or can be accessed via the Nearby Devices pervasive permission within Android (This is my best guess for how devices are being infected when I haven't in any way accessed my network)
After all my research and some helpful clues/texts/emails sent to me, i found out that I am being specifically targeted by my upstairs neighbor that strongly dislikes me and finds me extremely amusing.
I won't go into further details but this is why I gave up. They are exponentially more fluent in cybersecurity than I could ever hope to be and since they have local access to my devices, I could never hope to win. I need to move which I will be doing very soon.
This is why I say if you are going through anything close to what I am then it's almost certainly a targeted attack. I'm sure there are other possibilities but this is what my experience is.
Do you ever use the Tor network? Depending on where you decided to browse or what you may have downloaded, you can get some especially nasty malware from there, too. Even just browsing some sites can deliver drive-by malware or not having your browser/firewall set up correctly is enough to lose your anonymity. Something to think about since it could be a government agency keeping tabs on you for a reason only you would know. Just a thought.I'll leave you with one final thought; would you honestly consider yourself a very interesting person? Do you have hobbies others would be interested in learning more about it they had the relevant skills to do so?After thinking about it, I do. I have my hobbies that I would find different or weird if I were someone else. So that mixed with some neighbors that have networking skills, are always home and way to damn nosy is how I got where I'm at.That's my real situation so just something to consider.
I am so glad I came across this thread. Honestly. Had the exact same issue Dec last year. Although I suspect they were in the network for a couple of years before I realised. Tried to solve it for 6 weeks. Gave up, threw all network devices out and started over. All good. For three months. Even with the most strictest routines in watching what I was clicking online, not downloading anything, updates ran regularly, new vpn and more costly antivirus and equipment. It returned.
I honestly don't think its a personal attack, but it's insane how it spreads. I've worked constantly on it since June. Contacted so many people. I can't afford to throw this new stuff out, don't have money to replace it all again. My doc sent me to see a psychiatrist. Said I'm delusional. I told them I was feeling stressed and exhausted just trying to boot whoever this was out of my network and life. Psychiatrist says I'm sane, just needing to relax and have someone actually listen to me.
I have 2 pcs, laptop, 3 mobile phones, xboxes and TV being controlled by whatever this is. Root trust certs are all wrong. Traffic being directed to http although looks legit as if its https. All have been flashed with wrong ota updates. I am considering flashing my phone but don't think it will help as will be doing it with infected pc... seems pointless.
I am starting to realise I have to live with it and just get on with stuff. I've been seriously slacking in work and been so focused on this malware/spyware/rootkit whatever it is.
Honestly it's a massive relief to know I am not alone.
I am having the same issue. What I have learned so far:
> The malware is a RAT
> It can infect and embed itself in most IoT capable devices and most anything that has RF capability, including BT, NFC, Zigbee, etc.
>It enumerates all devices in your local network. After this step it appears to inject malicious code into device drivers, specifically network interfaces. It then creates virtual network interfaces, swaps and/or spoofs MAC addresses on the devices in your network. For example, what appears to be your router on first glance, is actually your xbox or laptop which is now hosting all your devices while your router is throwing out hidden wifi networks that connect other devices.
>It creates virtual BT interfaces and is capable of discreetly connecting with other BT capable devices in the background.
>It appears to be sending a continous video/audio stream to servers located in New York and Ashburn, VA.
>It changes VPN settings for your carrier.
>It routes browser traffic to a CDN server so you get preloaded versions of certain webpages and apps.
>Some of the code I discovered in app manifests include instructions for the phone to access a created hidden camera interface called "hiddencamera0", while specifying that the led indicator for the camera remains turned off.
>It prevents me from doing a hard reset and won't allow usb or wireless debugging, making it impossible (for me at least) to flash a new OS to my device.
>When I removed certain DNS entries from the registry or updated my AD on any of my 4 Windows based computers, the OS was wiped. When it was reinstalled, the same activity resumed.
>Using simple network command prompts, I discovered early on that my computers had established connections with various servers, even with all of the network capable devices turned off. I was able to stop these by disabling each device.
>Each time the device is restarted, the malware seems to gain more control over the system.
>Antivirus software does not detect it and the only way I was able to see what was going on was to uninstall my antivirus and go into Windows Defender Firewall as an admin. There I was able to see over a hundred rules enabling communication between my device and the remote server. I immediately deleted the inbound and outbound rules, but they repopulated until I manually disabled each interface. The first time I did this on my laptop, my phone and my son's phone actually switched back to the appropiate mobile network for about 15 minutes. Then my computer reset itself and it went back to it's malware version of operation.
I will attach screenshots a bit later.
Oh y
sudo_null said:
I am having the same issue. What I have learned so far:
> The malware is a RAT
> It can infect and embed itself in most IoT capable devices and most anything that has RF capability, including BT, NFC, Zigbee, etc.
>It enumerates all devices in your local network. After this step it appears to inject malicious code into device drivers, specifically network interfaces. It then creates virtual network interfaces, swaps and/or spoofs MAC addresses on the devices in your network. For example, what appears to be your router on first glance, is actually your xbox or laptop which is now hosting all your devices while your router is throwing out hidden wifi networks that connect other devices.
>It creates virtual BT interfaces and is capable of discreetly connecting with other BT capable devices in the background.
>It appears to be sending a continous video/audio stream to servers located in New York and Ashburn, VA.
>It changes VPN settings for your carrier.
>It routes browser traffic to a CDN server so you get preloaded versions of certain webpages and apps.
>Some of the code I discovered in app manifests include instructions for the phone to access a created hidden camera interface called "hiddencamera0", while specifying that the led indicator for the camera remains turned off.
>It prevents me from doing a hard reset and won't allow usb or wireless debugging, making it impossible (for me at least) to flash a new OS to my device.
>When I removed certain DNS entries from the registry or updated my AD on any of my 4 Windows based computers, the OS was wiped. When it was reinstalled, the same activity resumed.
>Using simple network command prompts, I discovered early on that my computers had established connections with various servers, even with all of the network capable devices turned off. I was able to stop these by disabling each device.
>Each time the device is restarted, the malware seems to gain more control over the system.
>Antivirus software does not detect it and the only way I was able to see what was going on was to uninstall my antivirus and go into Windows Defender Firewall as an admin. There I was able to see over a hundred rules enabling communication between my device and the remote server. I immediately deleted the inbound and outbound rules, but they repopulated until I manually disabled each interface. The first time I did this on my laptop, my phone and my son's phone actually switched back to the appropiate mobile network for about 15 minutes. Then my computer reset itself and it went back to it's malware version of operation.
I will attach screenshots a bit later.
Click to expand...
Click to collapse
One more thing that is particularly disturbing: It appears to be connected to my vehicle BT and Uconnect interface. There is more, but I will inckude that later as well.
This is exactly what I am facing.
It seems like it has been a couple of years.
Yes the LED of the camera is off too.
Did you manage to solve it ?
Anyone with a solution?
To be honest I'm not into the cybersecurity field but it sounds like the ultimate type of malware - one that hacks everything conveniently. I hate to say it, but you might have to replace literally everything. You could try to at least backup some stuff that's important but you're going to have to look at the local technician to see what you need. I could provide some help for those who need it in this forum.
Glow1717 said:
Your completely right. I thank you for your feedback and I greatly appreciate it. I usually get laughed at or from IT support at cox or other companies that will explain how to what is happening to my digital life is none existent and has not been developed yet and send me on my way after a virus scan resulting in 0 threats.
Your also think your right been someone targeting me. At this point I need to get my foil hat.. I really don't share that thought because even my bf has advised me to get a mental health evaluation... I understand after hearing me try to figure it out for mths 24/7..
This is the reason why I believe that it is a possibility. When all this came about I lived in North Las Vegas it's pretty bad unfortunately I didn't know when I bought and moved in from California. I felt safe it's a gated community!
I'm just gonna lay it out and I know what I sound like and I did end up going to get checked out clean menta aside from some anxiety from all of this.
After moving in a mth later I had some tampering with my truck but wasn't sure maybe by accident I did it .. I was always on the run.. but a few wks later I heard the back door open and I asked who was there and I caught someone's backside running out. I figured some stupid curious teen .. so concerned me living alone employed running a company and also a side business flipping cars and a truck a sports car and a classic that I was rebuilding.. maybe was drawing attention of the wrong kind. I got me a dog! Problem fixed um no still night noises outside and once on the roof that my BF was there that night and we would call the Police dept.. over and over again. So time to get cameras. Started with the ring system I had cameras in every direction including a couple inside. It was amazing! For a day that night someone tripped by breaker lost power again we ran out it was the BF of the person that managed the community... another police report for the pile. To make it short unless I was looking at it live what ever that was recorded I would get to see it original video maybe once and when I would try to show someone video would be gone or edited (at the time I did not know that video could be edited or set privacy guards filters from amazon etc) also I would started to see at night someone with lazer pointers. Later I was told it would disable the camera. True or not after looking like a mad woman with claiming to have proof to call the police.. and I no longer had the evidence no matter where I would back It up to.. I was mad all that money on the ring for this BS.. so I got Canary then I got Alfred and a long list of cameras apps and all the same. Luckily I was giving some credit when on a motion in an inside my home you could see a hand reaching to move the camera a I was able to show my BF and a friend but by the time pd showed up the video had been edited and the beginning with the dogs barking and the hand over my bed reaching for the camera was missing.. yes someone was in my bedroom while I was asleep and my BF was in bed asleep with me. The other hard evidence was not digital.. I was in the bathroom and heard noise coming from under my home.. I screamed out for help to the people that had come over for a get together. They saw the guy run from under the house and they chased him about a block and jumped into a waiting minivan. The rest of evidence I had in video that I once could see actual break ins in process and video with excellent quality would with in a min turn to a smear of colors exta zoomed imaged glared lights .. that nobody believed that I saw the person committing the crime. I had kept the videos and images of my smeared proof with hopes that one day I could get help and reverse the editing that destroyed my proof. I don't have many left..
After living in fear with most of my belongings and valuable stolen a walked away from my purchased home to rent in a safer neighborhood. Un the process I lost my job my side business..the classic dismantle my truck crashed into while parked at night hit and run ofcourse and turbo taken out of sports car .. and almost losing my mental.. having to deal with "hacking" constantly having to change passwords removing my device form child restrictions or fighting with my own virus protection software that would be program to restrict me accessing help and getting error codes when accessing government agencies google cox and tmobile.. it was the worst I believe. I'm glad I'm safe but still with this issue issue.. I've been trying to learn on my own and I Google everything.. I mean every word I come across and YouTube if I need further clarification and I started taking some classes to understand and remove and prevent what is happening to me one day.
Sorry about the novel.. lol
I'm going to attach a sample of my smeared images and some images of the modification that I have currently maybe someone understand all of this
Where I'm at .. I bought this phone and did not connect to wifi disabled blue tooth and disabled automatic downloads and I had not even turned on my data .. so I looked into OTA .. over the air programing and issues with samsung the data breaches etc.. I talk to samsung they said the modifications was not via OTA .. the IT rep could have been right ?? Not sure yet .. how else could possibly else be .. (about 2 years ago I found in my google shared doc that I was sharing to other my experiments results with radio data communication.. and was very common for me to see the verbiage spectrum radio, RTU, Scada, unlicensed radio, IoT, Ericson, transmitting data over radio as a wifi alternative. Alot of the apps I had then had something to do with that technology and companies) My ignorance at the time told me it had something to do with the huge radio antena that came with the home.
So I revisited that idea as a possible entrance point of infection??
I found libav64 with over 1060 system files saved on my device
Also in the framework files I found several of Verizon files.. I have t mobile never had Verizon. Because I have a Verizon build enforcing t mobile .. tmobile support accused me of inserting a Verizon chip .. I explained that I don't have one and never did .. she asked me to return it manufactur and exchange for new one.
I'm having an issue with upload speed for the images so I will repost with just the images
Click to expand...
Click to collapse
You need to right now remove the malware, as that's the problem. The symptoms of this malware seems to be that people randomly attack you because they know your location and are listening to you 24x7. You remove that malware first and then fix the home security later. Good luck
This seems a bit over-exaggerated, the "dangerous" processes you're talking about actually look like normal services on a samsung device lol, it's not uncommon for some frameworks and stuff to have a lot of privileges, the message you're saying you see on boot could maybe be the:
Code:
The phone is not running Samsung's official software. You may have problems with features or security. and you won't be able to install software updates.
This is typical for a bootloader unlocked/modified device, feel free to send photos of the messages you're describing, and it can help point into the correct direction.
The "traced" app you're using seems very misinforming though. The Call app having permissions to call and read storage/contacts is normal.
If you're really that paranoid about random services (which look fairly normal) - feel free to format everything, debloat down to the core OS, wrap your walls in tin-foil, throw out your phone and hide under your bed lol (sarcasm)
rainyskye said:
This seems a bit over-exaggerated, the "dangerous" processes you're talking about actually look like normal services on a samsung device lol, it's not uncommon for some frameworks and stuff to have a lot of privileges, the message you're saying you see on boot could maybe be the:
Code:
The phone is not running Samsung's official software. You may have problems with features or security. and you won't be able to install software updates.
This is typical for a bootloader unlocked/modified device, feel free to send photos of the messages you're describing, and it can help point into the correct direction.
The "traced" app you're using seems very misinforming though. The Call app having permissions to call and read storage/contacts is normal.
If you're really that paranoid about random services (which look fairly normal) - feel free to format everything, debloat down to the core OS, wrap your walls in tin-foil, throw out your phone and hide under your bed lol (sarcasm)
Click to expand...
Click to collapse
And remember kids, if someone tells you "the government wouldn't do that!", Oh yes they would.
rainyskye said:
This seems a bit over-exaggerated, the "dangerous" processes you're talking about actually look like normal services on a samsung device lol, it's not uncommon for some frameworks and stuff to have a lot of privileges, the message you're saying you see on boot could maybe be the:
Code:
The phone is not running Samsung's official software. You may have problems with features or security. and you won't be able to install software updates.
This is typical for a bootloader unlocked/modified device, feel free to send photos of the messages you're describing, and it can help point into the correct direction.
The "traced" app you're using seems very misinforming though. The Call app having permissions to call and read storage/contacts is normal.
If you're really that paranoid about random services (which look fairly normal) - feel free to format everything, debloat down to the core OS, wrap your walls in tin-foil, throw out your phone and hide under your bed lol (sarcasm)
Click to expand...
Click to collapse
I love how we are calling them schizophrenias, when they clearly need help with cleaning a serious infection on their devices
fillwithjoy1 said:
I love how we are calling them schizophrenias, when they clearly need help with cleaning a serious infection on their devices
Click to expand...
Click to collapse
could that infection be called "blink" by any chance? it's a serious piece of software that makes its way onto every windows and android device without user discretion. that sounds a lot like what's happening, and blink has the ability to utilize any active internet connections when activated.
pmnlla said:
could that infection be called "blink" by any chance? it's a serious piece of software that makes its way onto every windows and android device without user discretion. that sounds a lot like what's happening, and blink has the ability to utilize any active internet connections when activated.
Click to expand...
Click to collapse
Possibly could be, but it does seem like the OP would need to completely reset their devices which won't be easy