My Samsung Galaxy S4 is infected by virus.
The virus loads a application that locks any inputs to the touch screen immediately after start up (brown section in the attached image).
It disable any input to the screen - meaning, you can't open any application as if the installed apps are protected by another transparent layer of application.
In the attached image, if displays "<app name> is Ready now!", and "Open" next to it. when you tap "Open", it will load the application, but you won't be able to do anything because input to the touch screen are all locked. Meaning the tap input is just not working.
It also disable the commands to the phone "Menu" and "Back" option that Samsung Galaxy S4 has. So, tapping any of these gives not activity.
The attached zip file have the folders (some with subdirectories and files inside) that this virus creates automatically at startup as follows:
GoAdSdk
Nearby
tessdata
wdh_update
sc5.txt
SessionTime.dat
These files are residing in the phone memory and listed like other app folders.
Even if you've deleted these files/folders via Explorer after accessing the phone via PC, they automatically get created at phone startup.
I wasn't able to open apps like Task Killer and be able to tell which apps are running in the background as this caught be by surprise.
Does anyone know where are the Startup Files for Samsung Galaxy S4 resides in the root directory. My thought is, if I delete the startup app for this virus in the startup folder, it will prevent it from starting up with the phone.
If possible, I would appreciate if one can upload a screen shot or startup app list for samsung so that I don't deleted the genuine critical ones. But I'm desperate in knowing the directory where these apps and startup apps for installed ones resides in the root folder.
I would appreciate any help that one can profide on this. I am only able to access the phone via MobileGo application by Wondershare.
Hi, thank you for using XDA Assist. if it were me I'd flash the stock firmware with odin and return the phone to like new condition. That way you are assured that you'll get rid of the virus. you didn't mention what variant of the S4 you have so I can't point you in the right direction to get further help.
Related
So how do you get it? The first step is to head over to this thread on the XDA Developers Forum. The top post includes a set of instructions and a download link for a zip archive containing three APK files that need to be installed in a particular order.
My Android 4.1 Galaxy Note II, with a KitKat launcher face-lift.
Now, advanced users who are already comfortable opening zip archives on their phone and managing files can do all of this downloading and installing directly on their Android phone. But in general, I recommend downloading the zip archive to your computer first, decompressing it, and placing the files somewhere you can access easily. To get them on your phone, email the each file individually (to limit the possibility of file size limitations) to an email account you can access from the phone. Alternately, you can send to Dropbox or Google Drive and then download them back down to your phone.
But before you proceed with installing them, make sure your phone is setup to work with files from sources other than Google. To do this, dive into your phone settings, select Security, and then with any luck you should see an option to accept files from "unknown sources." Make sure the box is checked and then back out to your home screen.
You'll also need to make sure you're comfortable with the worst case scenario: a factory reset. Members of the XDA Forum have reported mostly successful results using devices running Android 4.2 or later. Anything earlier is iffy. My Galaxy Note II running Android 4.1 was a rare exception, but even then, features such as Google Now voice commands did not work properly. This is a "use at your own risk" procedure, so make sure your photos, videos, data and settings are backed up before attempting this.
After installing the last of the APK files, you'll be walked through the introduction to the new KitKat launcher.
Once the files are accessible from your phone, via email or whatever method you chose, select the PreBuiltGMScore APK file first. You may be given a choice of how to install the APK. I went with the Package Installer, but other options may be just as viable. It may also warn you that you are replacing an existing file -- that's fine. Once installed, simply hit Done and move on to the next file, which in this case is the Velvet APK. Rinse and repeat, and finally move on to the GoogleHome APK file. At the end of installing that one, however, you'll want to hit Open instead of Done. Doing so will usher you into clean, slick world of the KitKat launcher.
As your first order of business, I suggest a tap and hold on the home screen, which will bring up options for changing the wallpaper, installing home screen widgets, and configuring your Google Now experience. If nothing else, choosing from the new wallpapers will help complete the KitKat transformation.
Hello, some of you may noticed it. There is a new section in Samsung's file manager software. It's a list of all accessed files "timeline"
How can I disable that? Or at least delete it contents from time to time?
Thanks in advance
Additional information. I guess this only applies to Samsung Galaxy Tab's.
I've got here a Samsung Galaxy Tab 4 7°
Didn't find anything helpful via Google, so maybe someone here knows about it and can help me/us to disable it (my device isn't rooted if that is important to know)
Regards
Meh
No idea. When I delete all cache files from 'my files', 'gallery' and 'media storage' it also clear temporary this Timeline. But it will only last a few moments.
Any additional ideas where to look at are very welcome
facing the same problem here
cant find any way to disable this new crap function
This is going to be long winded because of the research I've already done before asking the question.
I have an AT&T LG Optimus G E970 running stock non rooted 4.1.2.
I cracked the screen of my phone and it's now touch unresponsive. I have a swipe lock on the phone. Is there a way I can unlock the phone with ADB? I tried the "adb shell input swipe" command with the different coordinates, but as you already know it reads each one as a separate swipe, so it can't be done that way.
I've also read about "getevent" and "sendevent" and that also may be too slow and the phone could stop reading the input before it's completed. I don't have another Optimus G to record the input anyway, and I've read each device has it's own coding/output. The only other phones I could use for "getevent" are a Galaxy S5 and a Pantech Flex, which both have a different screen resolution than the Optimus G so the coordinates would be off. I guess it could be possible for someone else with an Optimus G to record the "getevent" and send it to me if I gave them my swipe pattern...
I've also tried the "Crack android pattern lock" guides, but using the commands to delete the gesture.key, etc, I get "permission denied" and "/system/bin/sh: sqlite3: not found". My particular phone doesn't have a recovery mode(from everything I've tried) so the other options to delete them in recovery can't be done. Even "adb reboot recovery" doesn't work, it just goes to the exclamation graphic.
The only other option I can think of is the LG On-Screen Phone which lets you control your phone from the computer with your mouse and keyboard. To use that, you need to have "PC Software" mode enabled for "USB Connection Type", but I have mine in MTP. I can't figure out how to change it from MTP to PC Software.
There's a command "adb shell sdutil ums enable" that enables usb mass storage on older versions of android. There should be an equivalent for newer versions and other connection types.
I also found something that looks like it could change the connection mode to mtp with:
adb shell setprop sys.usb.config mtp,adb
What would be the command to set it to PC software mode?
If it would help, I did "adb shell getprop" and this is anything that mentions usb:
[init.svc.lge-cmm-usb-sh]: [stopped]
[init.svc.lge-usb-sh]: [stopped]
[persist.sys.usb.config]: [mtp_only,adb]
[sys.usb.config]: [mtp_only,adb]
[sys.usb.provisioned]: [1]
[sys.usb.state]: [mtp_only,adb]
Thank you.
Is it impossibrew?
I just tried
adb shell pm clear com.lge.lockscreen
adb shell pm clear com.lge.lockscreensettings
and all that did was set my lockscreen wallpaper back to default.
I just downloaded a program called Backuptrans that lets me see my text messages, missed calls, bookmarks, any photos videos or music that's on the internal memory, and all my contacts, but it still doesn't let me see my memos, which is what I really wanted to see. It's letting me see all of that on my locked non rooted phone.
Anyone can just hook up anyone's phone to that app and see all of that info.
I'm using the free version, you don't need to pay to see that info and either write it down or take a screenshot of it. You just need to pay if you want to physically transfer files.
I already pulled the backup.rnt from the memo folder with adb, but that seems like just a fragment of the memo's that I had. The Backkuptrans program only shows those same folders and files that I had already pulled, none of which are the current memos that I had taken.
For anyone else that wants to know, if you already have 7-zip installed, you can just right click on backup.rnt and choose 7-zip, extract here, to get the richnote files. Then rename the file to richnote.sql. Download the SQLite browser from sqlitebrowser.org, choose open database and find the richnote.sql file. Click the "Browse Data" tab, then the "Table" dropdown menu to notes. Extend the "textonly" section until you can read all of your notes/memos. My most important memo isn't there, so some of yours might not show up either. It's just the backup file, not the original. I have no idea how to get to the original outside of using the app on the phone.
WalterSchmitty said:
I just downloaded a program called Backuptrans that lets me see my text messages, missed calls, bookmarks, any photos videos or music that's on the internal memory, and all my contacts, but it still doesn't let me see my memos, which is what I really wanted to see. It's letting me see all of that on my locked non rooted phone.
Anyone can just hook up anyone's phone to that app and see all of that info.
I'm using the free version, you don't need to pay to see that info and either write it down or take a screenshot of it. You just need to pay if you want to physically transfer files.
I already pulled the backup.rnt from the memo folder with adb, but that seems like just a fragment of the memo's that I had. The Backkuptrans program only shows those same folders and files that I had already pulled, none of which are the current memos that I had taken.
For anyone else that wants to know, if you already have 7-zip installed, you can just right click on backup.rnt and choose 7-zip, extract here, to get the richnote files. Then rename the file to richnote.sql. Download the SQLite browser from sqlitebrowser.org, choose open database and find the richnote.sql file. Click the "Browse Data" tab, then the "Table" dropdown menu to notes. Extend the "textonly" section until you can read all of your notes/memos. My most important memo isn't there, so some of yours might not show up either. It's just the backup file, not the original. I have no idea how to get to the original outside of using the app on the phone.
Click to expand...
Click to collapse
Hi, can you help me ?? I can try to rename and unzip the file backup.rnt bat I have the error message ((
7zip message says:
"Impossible to open the backup.rnt file as an archive"
pleaseeeee heeeelllp meee !!
thanks all
Cristina
I saw this on my device, and only found little info/threads, with almost zero content/analysis. Aparently the kindle app leaves a bunch of random files around. And since the prefix is "RCE" i am a little paranoid, since that usually means "Remote code execution" and is usually associated with exploits
Files:
CS_JIT_Animation.mp4
jit_cs_positive_preview.png
rce_plugin_strings_resource_cs_CZ.json.min
rce_plugin_strings_resource_de_DE.json.min
rce_plugin_strings_resource_en_US.json.min
rce_plugin_strings_resource_es_ES.json.min
rce_plugin_strings_resource_fr_FR.json.min
rce_plugin_strings_resource_it_IT.json.min
rce_plugin_strings_resource_ja_JP.json.min
rce_plugin_strings_resource_nl_NL.json.min
rce_plugin_strings_resource_pt_BR.json.min
rce_plugin_strings_resource_v2_TYPO_TEST.json
rce_plugin_strings_resource_zh_CN.json.min
All Attached in a zip created by the android native file manager.
Current places mentioning this
https://forums.oneplus.com/threads/unkown-files-in-download.948860/
https://talk.sonymobile.com/t5/Xper...erious-Files-in-Downloads-Folder/td-p/1353185
https://forum.xda-developers.com/xperia-xz1/help/phone-mysterious-files-download-folder-t3871763
https://www.youtube.com/watch?v=eMmx5tRm0jM (one of the files is a video, someone uploaded to youtube ...and to https://gfycat.com/generouspinkcolt
How to make those files appear for you:
Install kindle from the google app store
if you already have it installed, or want to see the files again after you deleted, Stop the app and delete all storage. (nothing will be lost, this app syncs everything and some more to the amazon servers)
perform the first Sync on kindle app
Now, insert a pen drive and open the native android File Mananger and look at the local Download folder
Files are somewhat hidden:
If you look into the download folder with any other app (I tried, blackberry file manager, oi file manager, Ghost Commander, and Termux --after enabling the storage setup)
Files probably have a weird attribute or ownership... but the native android file manager does not show anything other than creation date! And every single file operation (copy, move, compress) reset the information to "regular user, creation time set to now". So either I see them on the Native File Manager, without any information available, or I do not see the files until I destroy the information.
Android version is not important (seems to happen on several versions) and has been happening for a while (First mention seems to be Nov2018)
Anyone have any idea what this is? I know I will probably reverse eng the kindle app at some point, wast a bunch of time, and realize it is just some dumb amateur library badly implemented by amazon... or maybe not. I think at this point I am most curious as to how the app "hides" the files from most everything.
I have a hand me down phone (Samsung S6 SM-G920V) from my daughter.
It works fine, except for one problem. I found an app install file called porn_hub.apk while looking for a another file. I used "My Files" file browser to look for a lost podcast, and while scrolling the browser's "My Files > Downloads" list, I notice the apk file.
I want to figure out how it got on my phone and then remove it.
Also, how can I figure out if it was installed?
I've read that I might need to root the phone to get admin access to the file. I still use the phone so I don't want to cause myself headaches by rooting it. (I've never rooted a phone before)
Any advice/help would be much appreciated.
Thanks,
exe2bin