I logged into the forum today from my win10 laptop and everytime I open a page in the forum, an executable file called USNC is downloaded. Any other members facing this?
What is this? Is it a bug? A virous? Or should I install it so as to be able to surf the forum better?
Any advise will be appreciated.
Thanx.
Hello.
Even the same thing happens to me. Every time I open a XDA forum page I will see a window where you plan to save a "USNC" file from the web address https://cs.ffbtas.com
This happens either with a Windows 10 PC or MAC.
What is it about? virus? malware?
Happens here also on my phone. Latest Chrome for Android.
I'm getting the same result. @svetius can you look into it?
Same here. It's piss annoying
Same here. I've like 6 downloads!
Yep just logged on and happening to me everytime a page opens on xda... dont think its a virus most likely a bug.. annoying and laggy though
I'm facing the same problem very annoying
Same here. Windows7
It's a broken targeted advert link
They are broken advertising links from a company called Feature Forward. You know those ad videos that play on all sorts of different websites, including this one? Ever wonder how they work? A targeted ad gets sent to your browser. Somehow these are broken, and all you get is an empty file with no extension. But if you check the packet data its an active link to a file traceable to a domain in Washington. Registered under Feature Forward.
http://whois.domaintools.com/ffbtas.com
Don´t know what this have to do with xda ? is there any mod admin or someone else who can declare whats happend ? maybe is a secure problem on xda ?
Whois & Quick Stats
Registrant Org Feature Forward Ltd. is associated with ~1 other domains
Registrar GODADDY.COM, LLC
Registrar Status clientDeleteProhibited, clientRenewProhibited, clientTransferProhibited, clientUpdateProhibited
Dates Created on 2016-03-03 - Expires on 2018-03-03 - Updated on 2016-03-03
Name Server(s) NS1.P20.DYNECT.NET (has 252,892 domains)
NS2.P20.DYNECT.NET (has 252,892 domains)
NS3.P20.DYNECT.NET (has 252,892 domains)
NS4.P20.DYNECT.NET (has 252,892 domains)
IP Address 184.173.133.205 - 1 other site is hosted on this server
IP Location United States - District Of Columbia - Washington - Ofer Zinger
ASN United States AS36351 SOFTLAYER - SoftLayer Technologies Inc., US (registered Dec 12, 2005)
Domain Status Registered And Active Website
Whois History 17 records have been archived since 2016-03-03
IP History 1 change on 2 unique IP addresses over 1 years
Registrar History 1 registrar
Hosting History 1 change on 2 unique name servers over 1 year
Whois Server whois.godaddy.com
Website
Website Title Feature Forward
Server Type nginx/1.8.0
Response Code 200
SEO Score 73%
Terms 1912 (Unique: 588, Linked: 5)
Images 4 (Alt tags missing: 2)
Links 6 (Internal: 0, Outbound: 1)
Whois Record ( last updated on 2017-05-18 )
Domain Name: ffbtas.com
Registrar URL: http://www.godaddy.com
Registrant Name: Ohad Gliksman
Registrant Organization: Feature Forward Ltd.
Name Server: NS1.P20.DYNECT.NET
Name Server: NS2.P20.DYNECT.NET
Name Server: NS3.P20.DYNECT.NET
Name Server: NS4.P20.DYNECT.NET
DNSSEC: unsigned
You must Register or Log in to view the Whois record for this domain name
madvinegar said:
I logged into the forum today from my win10 laptop and everytime I open a page in the forum, an executable file called USNC is downloaded. Any other members facing this?
What is this? Is it a bug? A virous? Or should I install it so as to be able to surf the forum better?
Any advise will be appreciated.
Thx.
Click to expand...
Click to collapse
Yes I do!
However the XDA site is affected only. But I don't have any idea to get rid of it. Any help is greatly appreciated.
PS:
Just found out on Virus Total that it may be a clean site: https://www.virustotal.com/en/file/...e6c5e0d40ee7ea3296d52373/analysis/1492037740/
It's good to know this doesn't seem like a cause for concern.
Same here
Same for me!
Same here. I was about to start a new thread and find many guys facing same issue.
Its annoying. Any thread / forum i click, this file gets downloaded automatically.
The same thing happens on anandtech and other sites. Hard to say if it was 100% legit to begin with or if it was a drive by download operation that has just been shut down.
i m also facing same issue and this file keep downloading automatically in my android as well as pc both running on same wifi network and i found that a new folder named file is formed in my download path which is not deleting if i try to delete then comes back in next second and its occupiying my storage it is behaving like some sort of virus how to get rid of this
Those using chrome i just installed Adblock & Adblock Plus and its gotten rid of the downloads
+1
getting the annoying USNC file thing too. and confirm it's on anandtech as well. if it's a broken advert, then guessing removing the rogue advert from the site would sort it no?
i also used internet explorer just to check if its chrome problem and it said "Do you want to open or save usnc from cs.ffbtas.com?"
Anybody any idea?
Please read this first!
The entire system is build up for demonstration and should show a new way to protect against Internet and Online threats. It should demonstrate that it is possible within the Internet to protect user, devices and there data.
The entire System is a pure & 100% DNS filter system without the usage of any kind of proxy. My goal is it to proof security is possible without using any kind of proxy.
A lot of sites using HTTPS communications within the Internet and therefore I offer a special self signed Root Certificate which block any existing domain on the blacklist with a valid HTTPS connection. Different sites using broken HTTPS Traffic to detect Adblock technologies and some sites might require the keweon Root Certificate. All HTTPS connections are only used to prevent browser and application errors within your Operation Systems.
From the technical point of few a root certificate and just a DNS server is never a threat for any users or any kind of data. The entire system is protected within various ways to prevent data stealing from users and devices.
For actual reasons and because of many discussions I want to inform you about threat possibilities:
1. DNS Server which are not DNS Server and they act as (transparent) Proxy are able to redirect the entire user traffic for Data Analysis or Data stealing.
2. DNS Server which are not DNS Server and they act as (transparent) Proxy can easily redirect traffic to a Web Server and infect your system with this kind of online threats:
Botnets, Cryptoware, Fake Software, Malware, Miningware, Online Worms, Phishing, Ransomware, Remote Keyloggers, Rogue Security Software, Spyware, Trojans and Virus.
This kind of infections are possible via HTTP (via 80 or any other port) or HTTPS (via 443 or any other port) with or without a valid SSL Certificate. A single Let'sEncrypt can easily support this kind of Online Threats.
3. DNS Server which are not DNS Server and they act as (transparent) Proxy can use all methods of attacks in Point 2 to act as Botnet or Cache Server to spread this kind of attacks by a simple HTTP infection and download additional payload via HTTP (via 80 or any other port) or HTTPS (via 443 or any other port) with a single Let'sEncrypt certificate.
4. DNS Server which are not DNS Server and they act as (transparent) Proxy can use a self signed root certificate to steal passwords and logins when you install this. The keweon Root Certificate is designed to protect users and against HTTPS errors which will happens because of filter or blocking HTTPS traffic. When a keweonDNS Server is setup as a (transparent) Proxy it is possible to redirect the entire user traffic and get user login and passwords which is generally known as "MITM ATTACK".
Please take note that the usage of a Root Certificate from someone you don't know can cause serious problems when the Server is build up to target user. With a MITM Attack it is possible to get data, passwords and logon credentials.
5. The entire keweonDNS Project is build and invented to protect users, there Data and its protecting against almost all Online threats. Various fuses are build into the entire environments many times.
6. The keweon Servers do not any kind of Data collection. This is one of my core visions. Why I should build up a system which prevent data collection system and then I will do it by myself? There is also NO (!) Data Collection even on Servers OS Level.
The entire keweonDNS System runs public with global access since 2014. At this point let me say thanks a lot to all users for there trust into me and the entire keweonDNS solution.
Thanks a lot to each single user!!
{
"lightbox_close": "Close",
"lightbox_next": "Next",
"lightbox_previous": "Previous",
"lightbox_error": "The requested content cannot be loaded. Please try again later.",
"lightbox_start_slideshow": "Start slideshow",
"lightbox_stop_slideshow": "Stop slideshow",
"lightbox_full_screen": "Full screen",
"lightbox_thumbnails": "Thumbnails",
"lightbox_download": "Download",
"lightbox_share": "Share",
"lightbox_zoom": "Zoom",
"lightbox_new_window": "New window",
"lightbox_toggle_sidebar": "Toggle sidebar"
}
**************************************************************
Business inquires: Please see contact information section below.
***************************************************************
**************************************************************
Keweon quick start.
Read the available servers and certificate sections now if you already know what you are doing. New users please skip to the "About Keweon" section below and return to the DNS and Certificate sections later:
**************************************************************
**************************************************************
Available DNS servers (choose one primary and one secondary):
Main Servers:
IP: 176.9.62.58
IP: 176.9.62.62
or
IPv6: 2a01:4f8:150:8023::58
IPv6: 2a01:4f8:150:8023::62
Click to expand...
Click to collapse
Update November 28, 2018:
If you have installed the root certificate, I recommend that you use these two servers. This servers can be used without certificate but a lot of sites will not porpper work.
IPv4: 213.239.207.143
IPv6: 2a01:4f8:a0:8487::143
IPv4: 107.191.55.215
IPv6: 2001:19f0:6401:175d::215
Click to expand...
Click to collapse
These servers have special blocklist entries which blocks things such as graph.facebook.com, pixel.facebook.com, all amazon-adsystem.com domains and all the things which are normaly not possible to block without any impact to apps, websites and other things. Also, this blocks special domains for YouTube which prevents data transmission to them.
**************************************************************
Available Server List for keweon Privacy & Security
(Server Edition keweonDNS v.6.80.280.LL)
Australia / Sidney: (vServer)
k1ns-au-001.keweon.center
45.76.125.130
2001:19f0:5801:b45::130
France / Paris: (vServer)
k1ns-fr-001.keweon.center
45.77.62.37
2001:19f0:6801:95e::37
Germany / Frankfurt (vServer)
k1ns-de-001.keweon.center
104.207.131.11
2001:19f0:6c01:61f::11
India / Bangalore (vServer)
k1ns-in-001.keweon.center
IPv4: 139.59.33.236
IPv6: 2400:6180:100:d0::30d:5001
Japan / Tokio (vServer)
k1ns-jp-001.keweon.center
45.77.25.72
2001:19f0:7001:22a8::72
Netherland / Amsterdam (vServer)
k1ns-nl-001.keweon.center
45.77.138.206
2001:19f0:5001:d8d::206
Singapore / Singapore: (vServer)
k1ns-sp-001.keweon.center
45.76.151.221
2001:19f0:4400:4f31::221
UK / London (vServer)
k1ns-lon-001.keweon.center
45.32.183.39
2001:19f0:7402:a61::39
USA / Dallas (vServer)
k1ns-tx-001.keweon.center
45.76.57.41
2001:19f0:6401:9ed::41
USA / New Jersey (vServer)
k1ns-ny-001.keweon.center
45.77.144.132
2001:19f0:5:2962::132
USA / Silicon Valley (vServer)
k1ns-sv-001.keweon.center
45.32.140.26
2001:19f0:ac01:639::26
**************************************************************
**************************************************************
Keweon Root certificate (not required, but will suppress certificate errors):
http://pki.keweon.center
For Windows Systeme (MSI File) The certificate is working for IE, Edge and Chrome Browser.
>> CLICK HERE <<
MSI within a ZIP file:
>> CLICK HERE <<
For Android and iOS devices, also for Firefox and Mozilla Browser:
>> CLICK HERE <<
Certificate within a ZIP file:
>> CLICK HERE <<
For Admins to use it within Active Directory as REG file:
>> CLICK HERE <<
REG within a ZIP file:
>> CLICK HERE <<
If you want to have a "AllInOne Package" use this link please:
>> CLICK HERE <<
(End of Quick Start section)
**************************************************************
**************************************************************
About Keweon:
Keweon comes from the German words "KEine WErbung ONline"--translated to English it means "no advertising online."
Keweon is more than a generic adblock system. Keweon does:
Advertising Blocking
Adware Protection
App Protection
Bandwidth Protection for Mobile Phones
Botnets Protection
Cryptoware Protection
Fake Online Shop Filter
Fake Software Protection
Malware Protection
Miningware Protection
Online Worms Protection
Pharming Protection
Phishing Protection
Popup Blocker
Privacy Protection
Ransomware Protection
Remote Keyloggers Protection
Rogue Security Software Protection
Spoofing Protection
Spyware Protection
Tracing Protection
Tracking Protection
Trojan Protection
Virus Protection
and a lot of other things
Things Keweon does not do or does not have:
Acceptible advertising exceptions
A Malware or virus scanner
Data collection
Keweon will:
Save bandwidth. Ads are blocked, not just hidden.
**************************************************************
**************************************************************
Basic instructions:
1. Take the DNS Servers
2. Install the keweon Adblock Root Certificate (recommended, not required)
3. Change your Internet Router or your Mobile Device to use the servers
4. Reboot (Router and PC)
**************************************************************
**************************************************************
Trusted apps for changing DNS on your device:
- Android: https://play.google.com/store/apps/details?id=com.frostnerd.dnschanger
- iOS/Apple: https://itunes.apple.com/us/app/dns-override-set-dns-for-wi-fi-and-cellular/id1060830093
- Chrome OS: Click on wifi icon, click on Network, scroll to Name Servers, and input DNS entries.
- Chrome browser help: https://www.xda-developers.com/fix-dns-ad-blocker-chrome/
**************************************************************
**************************************************************
FAQ:
1) Does my traffic runs trough the keweon System?
Not even one byte from you or your device will flow through my servers. Also the same with HTTPS things. Take a sniffer or wireshark or NirSoft Network Suites and you will be surprised. All HTTPS Ads traffic will be terminated with "0" bytes which will show to you that there is no sniffing or spying from my side.
2) Here are some questions from Telegram users which might be interesting for you.
http://downloads.keweon.center/keweon/keweon_questionnaire.pdf
3) If you have questions - please ask!
**************************************************************
**************************************************************
Contact information:
If you want to send blacklists (things that should be blocked) please send them to: [email protected]
If you want to send whitelists (things that shouldn't be blocked) please send them to: [email protected]
If you open a Website and this site looks kind of strange because of missing CSS & other things, then take the URL, copy to TXT and send this TXT to: [email protected]
Developer email: [email protected] (If you are a Company and if you want to test and use keweonDNS within a business environment I can offer you a faster connection within EMEA.
This is only possible if you have a public static IP Address. Dynamic Addresses are currently not possible for security reasons.)
**************************************************************
**************************************************************
New license terms because of the EU DSGVO/GDRP (25.05.2018):
Business and Corporate usage is not allowed without my written permission.
The usage of keweon within a private and personal environment and all released and public available files of the entire keweon System are subject of the License right of the WTFPL license.
Excluded from this license are all server technologies, the SSL technologies and in addition all source codes which personally belongs to me.
**************************************************************
How to use keweon?
It's very easy:
1. Take the DNS Servers
2. Install the keweon Adblock Root Certificate ( <<< THIS IS ONLY A RECOMMENDATION)
3. Change your Internet Router or your Mobile Device to it
4. Reboot (Router and PC)
5. Done! That's it.
6. See the Internet within a never seen way
In the meantime the keweon AdBlock Root Certificate has more than 4 Millions global downloads. This certificate is not required but for a few websites it is mandatory.
This certificate will only surpress the certificate errors. Not all of them because I'm still working on this.
On iOS Devices just open Safari. With Android use the default Browser and go to http://pki.keweon.center and after 3 sec. the download of the certificate will start. JUST THE DOWNLOAD!! You need to install it by yourself. More facts about the keweon Root Certificate will comming soon on the website.
Test the DNS Servers within this List and choose the one which is the fastest for you:
https://forum.xda-developers.com/android/software-hacking/keweon-privacy-online-security-t3681139#6
How to use it on Android devices:
Use an App of your choice or use this. I also use this app and from my point of view this is the worldwide best App to change the DNS settings on Android devices. No Root Access is required. The developer is from Germany and I have had a good contact to him. The app is free of charge and also free of advertising. The source code for this app is also available on GitHub. If you have troubles with it or want to have additonal features than contact the developer. He would be happy about every feedback.
https://play.google.com/store/apps/details?id=com.frostnerd.dnschanger
How to use it on iOS/Apple devices:
All my iOS Tester using this App. If you have a better one or you are able to translate the Android App to XCode - your welcome.
https://itunes.apple.com/us/app/dns-override-set-dns-for-wi-fi-and-cellular/id1060830093
You are using Chrome and the DNS thing is not working? (thanks a lot @NamitNayan for this info)
Google wants to prevent Adblocking via DNS. Therefore they have enabled an experimental Switch by default to prevent DNS blocking.
Take a look at here if it's not working >>> HERE <<< and fix the problem within seconds.
Technical Details
Public available DNS:
Take a look at this thread:
https://forum.xda-developers.com/showpost.php?p=73985083&postcount=6
Background System:
The current system needs 42 Server (!) in the Background that everything is working.
Actually the entire infrastructure is hosted on 5 different providers.
How does it work?
The entire System works with several Servers. Ubuntu, FreeBSD 11 and my own build Operation System based on UNIX is installed. The entire developement and all source codes are not public available. There is more than 14 yrs of work inside.
Current Blacklist size:
39.585.224 Domains (export to TXT)
Current Virus/Ransomware Blacklist size:
18.853.587 Domains (export to TXT)
Current Blacklist contains:
Tracker, Malware, Spyware, Adware, Advertising, Poison Websites Fake Software (Adobe Flash Updates which is in real Malware/Virus) & a few false/positive Sites.
To cover all HTTPS errors because a lot of Advertising Vendors display and spread this crap via https to the world I have created the keweon Root Certificate. Allmost every Malware and Spyware will be installed via HTTPS. The Root Certificate is only responsible to suppress all https error messages for all this Advertising and poison things.
Which Systems are working and acting with keweon?
The keweon System is tested on almost every Operation System and Devices (iOS, Android, Xbox, Playstation, Samsung TV, etc... ) It's currently running within 3 companies because I know the Admins there. You can use it within you private environment but please DO NOT USE it within a Business environment.
Why I can't use it within a Business environment?
There are 2 reasons for it.
1. I want that the entire system becomes free for private and personal usage and I already have requests from Companies and even from the Public Sector that they are interested about to use the System. As long as there are too many error within the System I don't have the option to sell this as an Business solution. That's the deal.
2. Private for free, Business needs to license it. Of cause, the current system needs to be a bigger and stable system..
Does my traffic runs trough the keweon System?
Not even one byte from you or your device will flows through my servers. Also the same with the HTTPS things. Take a sniffer or wireshark or NirSoft Network Suites and you will be surprised. All HTTPS Ads traffic will be terminated with "0" bytes which will show to you that there is no sniffing or spying from my side.
It would not make any sense that I drop all this crap traffic, blame to the advertising Industrie and I do exactly this things which I want to prevent?
Btw... This fact was also the problem why I have had no success with investors. They want that I enable data sniffing or user sniffing but I would rather throw away the entire system & developement than doing what they want.
I need your help and support
1. Support me with Black and White lists
It’s veryimportant to know that keweonDNS will NEVER (!) do a censorship of the Internet. If you want to have i.e. Facebook blocked via HOSTS file, it’s up to you. But this will never be done via keweonDNS. I have other plans with porn and violence but this is a stage with keweon kidsafe which is currently far, far away.
IMPORTANT:
Any list you want to send to me has to be send as an attachment within an EMail. I will give you a short example for this.
If you have a Raspberry PI and you have a real cute blacklist than copy all the addresses (or URL’s) into a TXT file and send it to me via mail. The same with some important whitelists. Don't care about the size.
Don’t copy the addresses or URL's into Subject or Body of this Mail because this will never arrive. I don’t want to track and check all the mails and for security reasons only attachments will be processed. Please make sure you only send ZIP files that contains the TXT file or send native TXT files. Everything else will be dropped for security reasons. Don’t care about double entries and it doesn’t matters if you send the same TXT file 5 or 10 times again and again.
Websites which contains errors or Whitelist needs to be processed within the same way. Send the TXT or ZiP – that’s it.
If you want to send blacklists please send them to: [email protected]
If you want to send whitelists please send them to: [email protected]
2. Support me with false/positive on keweonDNS
If you open a Site and this site stay blank than copy the URL into a TXT file and send it to me. You do not need to collect them. If you send me 50 or 100 Mails and each of them contains only 1 link or address this doesn't matters.
If you want to send URL’s or Links which are blocked and should be not blocked then send them to: [email protected]
If you open a Website and this site looks some kind of strange because of missing CSS & other pretty Website things than take the URL, copy to TXT and send this TXT to: [email protected]
3. Router Compatibility:
With a lot of SOHO Router it is possible to change the IPv6 and IPv4 default DNS Server Address. But there are are also a lot of Router outside where this is not possible.
If you can provide some instructions and screenshots within a PDF I will release this on the Webpage. I have the experience that the AVM FritzBox sometimes will work and sometimes not. That is related to the fact that the Provider support IPv6 and you are only able to change the IPv4 DNS Server Address. With the tiny tool "FBEDITOR" it should be possible to change also the default IPv6 DNS Server Address on AVM Boxes.
German Telekom Router are also a peace of crap. There you can change nothing except the Password and the WLAN key. The work arround by selecting "Different Provider" (anderer Anbieter) where you can set manualy the DNS Server will not work.
Unfortunately I only have CISCO, LINKSYS and ASUS Hardware running with i.e. DD-WRT. I appreciate if you can help me with creating instructions how to change DNS v4 & v6 settings on your Home/SOHO/Wireless Router. No rush on this because all this instructions will be released on the Website.
Million thanks in advance!
Important Links
Website:
http://www.keweon.de and http://www.keweon.com
Forum (in progress)
http://forum.keweon.com
http://board.keweon.com
http://forum.keweon.de
http://board.keweon.de
App URLs:
Android Apps:
Frostnerd (Daniel's) DNS Changer App
Frostnerd (Daniel's) DoT and DoH (DNS over TLS and HTTPS) App (under developement)
iPhone and other iOS devices Apps:
AppStore App - Free of charge DoH changer App
keweon Root Certificate
http://pki.keweon.center
For Windows Systeme (MSI File) The certificate is working for IE, Edge, Opera, Chrome which has no own certificate storage.
MSI within a ZIP file
For Android and iOS devices, also for Firefox and Mozilla Browser (just visit the site with the Browser)
Certificate within a ZIP file
For Admins to use it within Active Directory as REG file
REG within a ZIP file
If you want to have a "AllInOne Package" use this link please
Additional Links
Change DNS Settings on DD-WRT with DNSMASQ within the right way
How to set Firefox DoH Settings
keweonDNS for Windows
Download the QuickSetDNS from NIRSOFT and use it on Windows to change your DNS settings.
Currently it's only working with IPv4. Link to NirSoft is HERE
Use the QuickSetDNS config to add all DNS servers and choose your favorite DNS Server. Unzip the file, copy it into the directory where you have extracted the download.
If you have any recommendations about additional links, let me know!
keweonDNS & installation Information
ALL keweonDNS Servers:
Version: DoT Server - DNS over TLS (updated 03/21/2019)
Used Certificate: Let'sEncrypt Certificate
Server Address: dot.asecdns.com
Port: 853 & 443
IP Addresses:
dot.asecdns.com (159.69.48.240 - HETTNER RZ Falkenstein)
dot.asecdns.com (116.203.117.199 - HETTNER RZ Nuernberg)
dot.asecdns.com (95.216.192.253 - HETTNER RZ Helsinki)
dot.asecdns.com (2a01:4f8:1c17:6e44::240 - HETTNER RZ Falkenstein)
dot.asecdns.com (2a01:4f8:c2c:491::199 - HETTNER RZ Nuernberg)
dot.asecdns.com (2a01:4f9:c010:3071::253 - HETTNER RZ Helsinki)
Version: DoH Server - DNS over HTTPS (updated 03/21/2019)
Used Certificate: Let'sEncrypt Certificate
Server Address: doh.asecdns.com/nebulo
Port: 443
IP Addresses:
doh.asecdns.com (159.69.49.250 - HETTNER RZ Falkenstein)
doh.asecdns.com (116.203.126.207 - HETTNER RZ Nuernberg)
doh.asecdns.com (95.216.165.29 - HETTNER RZ Helsinki)
doh.asecdns.com (2a01:4f8:1c17:6fc7::250 - HETTNER RZ Falkenstein)
doh.asecdns.com (2a01:4f8:c2c:e25::207 - HETTNER RZ Nuernberg)
doh.asecdns.com (2a01:4f9:c010:1cbd::29 - HETTNER RZ Helsinki)
Version: keweonDNS v.6.80.280.LL (updated 03/21/2019)
Australia / Sidney: (vServer)
k1ns-au-001.keweon.center
45.76.125.130
2001:19f0:5801:b45::130
France / Paris: (vServer)
k1ns-fr-001.keweon.center
45.77.62.37
2001:19f0:6801:95e::37
Germany / Frankfurt (vServer)
k1ns-de-001.keweon.center
104.207.131.11
2001:19f0:6c01:61f::11
India / Bangalore (vServer)
k1ns-in-001.keweon.center
IPv4: 139.59.33.236
IPv6: 2400:6180:100:d0::30d:5001
Japan / Tokio (vServer)
k1ns-jp-001.keweon.center
45.77.25.72
2001:19f0:7001:22a8::72
Netherland / Amsterdam (vServer)
k1ns-nl-001.keweon.center
45.77.138.206
2001:19f0:5001:d8d::206
Singapore / Singapore: (vServer)
k1ns-sp-001.keweon.center
45.76.151.221
2001:19f0:4400:4f31::221
UK / London (vServer)
k1ns-lon-001.keweon.center
45.32.183.39
2001:19f0:7402:a61::39
USA / Dallas (vServer)
k1ns-tx-001.keweon.center
45.76.57.41
2001:19f0:6401:9ed::41
USA / New Jersey (vServer)
k1ns-ny-001.keweon.center
45.77.144.132
2001:19f0:5:2962::132
USA / Silicon Valley (vServer)
k1ns-sv-001.keweon.center
45.32.140.26
2001:19f0:ac01:639::26
Physical Instance:
Germany / Falkenstein
k1-de-058-fsn.keweon.center (Physical)
176.9.62.58
2a01:4f8:150:8023::58
and
176.9.62.62
2a01:4f8:150:8023::62
DNS Server to use with keweon Adblock Root Certificate:
This Servers block in addition:
- pixel.facebook.com
- Amazon data collection and advertising
- more things which are normally not possible will coming soon step by step
Germany / Nuernberg
k1-de-143-nbg.keweon.center (Physical)
213.239.207.143
2a01:4f8:a0:8487::143
USA / Dallas - Texas
k1-ns2-us02.keweon.center (vServer)
107.191.55.215
2001:19f0:6401:175d::215
(Updated at 21. March 2019)
Works like a charm better than adaway just download a dns app just have to change the dns then your done
Works like a charm. Thank you. Is there any difference between this and using VPN-based adblocking apps? (importing our own blacklists into it)
ninjanmizuki said:
Works like a charm. Thank you. Is there any difference between this and using VPN-based adblocking apps? (importing our own blacklists into it)
Click to expand...
Click to collapse
This should be no Problem. But if you are using with the VPN App a different DNS Server than my system might not longer work. No clue about your VPN & DNS settings.
Please keep in mind, the last DNS Server rules. If you set my DNS Server and than u run a VPN App with a different DNS Server u will "overwrite" my DNS Server settings.
From the blacklist itself that should fit. Haven't had this bevor. ?
Send me PM if you have further questions.
Anyway, thanks a lot.
UPDATE:
The current Infrastructure will be upgraded to 10 GBit (!) DNS Server power and much more faster system.
Please notice that the DNS Server addresses will change during the next weeks.
After this upgrade you can spread the system to all of your friends.
Thanks a lot & more will comming soon on the website
...which is currently still under developement...
MrT69 said:
UPDATE:
The current Infrastructure will be upgraded to 10 GBit (!) DNS Server power and much more faster system.
Please notice that the DNS Server addresses will change during the next weeks.
After this upgrade you can spread the system to all of your friends.
Thanks a lot & more will comming soon on the website
...which is currently still under developement...
Click to expand...
Click to collapse
Working well, but I get 'invalid security certificate' error popup on most pages. Any way to eliminate?
If this URLs are wrong within the blacklist, do me a favor and send them to me to whitelist them.
Copy the URLs from the Browser into a TXT file and send this to. Keep in mind only attachments will arrive. It will help not if you type the addresses or URLs within the mail Body.
[email protected]
Doesn't matters if you send 100 Mails per Day because the will automatically processed during the night.
I'm happy for every wrong listed URL. Million thanks in advance for your feedback.
If this is affecting websites which are not false positive than you need to wait a few days. Currently I'm working to terminate all https crap from the advertising side. But therefore it is a must to have the keweon Root Certificate installed. Right now I need to terminate every https error manually.
It is incredible how many poison sites work with HTTPS so it was a need to develope a different solution than doing this always manually. The server installation is in progress but first I need to finalize the tests. Should be done until next weekend.
Update 1:
Please take a look at the second posting. The first 10Gbit DNS Server is online and working. Yeaaahhhhh!!!
Germany:
10Gbit DNS v4: 89.33.16.222
10Gbit DNS v6: 2a01:367:c1f2::448
Of cause it's a shared 10Gbit - but it's in Germany and damn fast. Next month the second 10Gbit in USA will be online. Installation is already in progress.
Update 2:
Today at 3:00 AM (Germany GMT+1) after the daily reboot procedure the entire HTTPS problem is solved.
If you have the keweon Root Certificate installed EVERY (!) HTTPS error is gone. I was developing this procedure since more than 2 yrs and during the last 3 months I have had no additional problems or errors.
The entire HTTPS crap will be terminated and to make sure that this is done from my site, every "keweon termination" is marked with a specific favicon. Sometimes it happens that a site still has a problem with the HTTPS errors even when everything is working on my site. This happens to HTTPS overlays or HTTPS calls with bad coded Java Scripts. If this error happens that you receive a Banner or Overlay with HTTPS error message than please reload the site and the error will never occurs again.
The problem is related to the programmers of the websites. Sometimes I have the feeling that some of them still use FRONTPAGE to develope websites. Anyway, just reload and that's it.
Now the big question - is this save?
Absolut! I will terminate only the evil traffic and within the tunnel there are no data. Let's assume I will do this with Paypal - what will happens?
When the URL's "PayPal and PayPalObjects" are on my blacklists than it is not possible at all for you to contact the website. Because of this it is also not possible to grab any input from your site because the login to PayPal would be not longer possible. Please feel so free and track the traffic. I even would help to investigate and help you to take a deeper look inside.
How is it possible?
Please understand that this is a very difficult thing to explain and on the other hand everything what I would release here in XDA is also visible to "the dark side" and they might have the option to do strike against this. Of cause, I will release more informations on the website which will be the next thing during the next 2 weeks. Currently 40 Servers within the Background only working for terminate this problem. Yes, this is a raised middlefinger to the entire & global ads industrie and I'm so damn proud of my solution.
Please remember: The keweon Root Certificate is still not required. If you have concerns than it is OK for me if you do not use it. If you would like to have a clean and "https error confirmation free" Internet than you should to install it. The certificate will be available at: http://pki.keweon.center - the download will start after 3 seconds and you need to install it.
Update 3:
This is the cutest news. Since one month a company was testing the solution and with the "Sophos" appliance it was possible to configure it within a way that the local installation of the "keweon Root Certificate" was not longer required.
I guess Sophos will not realy notice me but from today I can say that keweon official supports the "Sophos Appliance". The tutorial is in progress and as soon as this is finished I will release it. I hope I will get more instructions from your side how to mange this with other Systems. (CISCO, Checkpoint, PaloAlto and other heavy firewall and security systems)
I like this concept and want to keep testing. Here's my issue - for some reason, activating design change causes very slow loading speed. Same on WiFi or mobile. I have entries active for ipv4 and ipv6. For ipv4, the first set of numbers in post 2 won't work. Dns changer shows red line in entry field, (bad numbers). So, I'm using the second set, (starts with 51.254...). For ipv6, I'm using the first set. They work fine, but cause it to take 10-20 seconds to load a page. It seems like it gets better the more I browse, but still will take 5-10 seconds to load just about any page, and when I open up dns changer and hit 'stop', it is automatically faster, no more lag.
I wondered at first if it was a conflict with other tweaks and mods, (I have build prop tweaks, and AFWall app, etc), so I undid everything and tried again, but the same. I use Naked Browser almost exclusively, but tested with AOSP browser also, and no different.
Any ideas? Thanks
levone1 said:
I like this concept and want to keep testing. Here's my issue - for some reason, activating design change causes very slow loading speed. Same on WiFi or mobile. I have entries active for ipv4 and ipv6. For ipv4, the first set of numbers in post 2 won't work. Dns changer shows red line in entry field, (bad numbers). So, I'm using the second set, (starts with 51.254...). For ipv6, I'm using the first set. They work fine, but cause it to take 10-20 seconds to load a page. It seems like it gets better the more I browse, but still will take 5-10 seconds to load just about any page, and when I open up dns changer and hit 'stop', it is automatically faster, no more lag.
I wondered at first if it was a conflict with other tweaks and mods, (I have build prop tweaks, and AFWall app, etc), so I undid everything and tried again, but the same. I use Naked Browser almost exclusively, but tested with AOSP browser also, and no different.
Any ideas? Thanks
Click to expand...
Click to collapse
Thanks a lot for the feedback.
The problem is related to the latency of my current VPS. That was one of the main reason why I would need to find an Investor. The entire system needs to be run from a physical Host but this will need an Invest for 200.000 Euro per year. 20 GBit Server located within 16 Countries world wide. Would be so cute but they wanted that I collect data from users to sell this. I guess you can imagine what my answers was to this stupid idea.
Anyway... I guess I have an idea. First at all, which county/city you are located? If you don't want to make this public send me a short PM.
Thanks a lot for your support. I'm pretty sure I will find a solution ?
Btw... Anyone else with this problem? Send a short PM with your Country/City.
Thank you very much, it works very well.
I do have a small delay from 5 up to 15 seconds on an initial connection but after the webpage is loaded there is no more delay and often faster than without the dns.
For me its not a big issue, I did pm you with my country and city in case it may be if help for you.
MILLION TIMES THANKS TO ALL OF YOU
FOR YOUR SUPPORT & TRUST INTO KEWEON
Today I received the first f/p blacklist settings and this will be in place tomorrow morning 03:00 AM GMT +1 (German Time). Good to see that the system is in use.
With the help and testing from a view users it seems the current DNS Servers are to slow. I will change the public front end infrastructure. I will anounce this bevore to prevent interruption.
But keep in mind!
I'M NOT GOOGLE OR ANY OTHER DNS PROVIDER WITH A BILLION EURO BUDGET!
Unfortunately I don't have the money to do what I want but I guess this is anyway the best solution which is currently available. I need to host everything on VPS which is from the technical point of view not the best solution because of a high latency. I'm working on this, still think about Investor or Crowdfunding or anthing like this. But first at all I want to have a usable system and a pretty website in place.
That will finally mean that the launch of the website is still in progress - sorry folks - but I guess it is more important that the system will be fast as possible and stable.
OFFER:
If someone of you is interested to take over the responsiblity/administration of the keweon forum - let me know. I'm fine with nearly 8 programming languages but this phpBB3 Board drives me crazy. This is not my world. I appreciate every help and support. My english is not longer the best and my wife would kill me if I would do this also because the technical support of the system needs already a lot of time.
Contact me via PM if you are interested.
MILLION TIMES THANKS AGAIN!
New & faster Servers are online. Feel so free to use it, test it, share it to your friends and wherever you want.
Click here for current DNS Server List
Please test each of the server. Someone from US reportet that UK and NL DNS Server has a damn good performance within USA.
If someone of you have contact to ASIA please let me know what's about the Japan DNS Server.
@Rom DEVS
If you are interested to add the keweon Certificate by default to your ROM you're welcome.
This has the advantage that there is no need to assign a PIN to the device if you place the Certificate by default into the Certificate Store.
Btw, the website is already in progress and I hope you will visit it when it's done.
Really excited about this.
Looking into ways to change the dns on Android with root access, any ideas?
bond32 said:
Really excited about this.
Looking into ways to change the dns on Android with root access, any ideas?
Click to expand...
Click to collapse
Use this App. No Root required. The app is a fake VPN App.
This will mean it will also work in 3G/LTE Mode and it's Open Source available at Git Hub.
Not my App. But I also use this outside.
https://play.google.com/store/apps/details?id=com.frostnerd.dnschanger
Enjoy it!
Hello,
Thanks for taking some time to read this. Let me start off by mentioning that this all originated on my PC I believe and an unauthorized user obtained access to my network and therefore all my devices.
My OnePlus 7 Pro was what seriously concerned me as not only was it infected, the attacker actually pushed a firmware update to my phone and it randomly reset as I was using it into a completely different/custom rom that he of course had complete control over.
I upgraded to a OnePlus 8T and after walking out of the T-Mobile store I found out my new phone was already infected.... How? Well, the escalated priviliges this attacker had allowed him to auto connect to my OnePlus device using the OnePlus SmartSwitch app. Yeah, I thought it was crazy too.
So I've tried to hard reset my devices, which actually turned out to be a bad idea as this infection actually hijacked the the process by (I'm not super familiar with reading all the log data) but it was clear that multiple main processes were killed and it took control and a warning popped up saying (WARNING! This is a Debug Kernel and is not fit for a standard ROM. If you did not authorize this then your privacy may be at risk as this could potentially allow an unauthorized user complete control of your device" it was something along these lines, may not be the exsct wording but you get my point. (This was on my Samsung Galaxy Tab S7+)
More or less the same thing with my OnePlus 8T and it has complete control over all of my apps. The permissions my apps have are literally insane. I've attached screenshiots.
How can I mitigate this? What should I do? It has infected my 2017 MacBook Air, PC, OnePlus 8T, Samsung Galaxy Tab S7+, Asus ROG Rapture GT-AX11000 Router, Netgear Nighthawk Router and possibly more. This thing is crazy advanced to the point I didn't even know malware like this existed.
ALSO: I found out that Busy Box is installed on my devices without my authorization BUT my device isn't rooted.
[Samsung Galaxy Tab S7+]
|One UI Version|
2.5
|Android Version|
10
|Baseband Version|
T978USQS1ATJ5
|Kernel Version|
4.19.81-19543082
#2 Sun Oct 11 17:18:26 KST 2020
|Build Number|
QP1A.190711.020.T978USQS1ATJ5
|SE for Android Status|
Enforcing
SEPF_SM-T978U_10_0020
Sun Oct 11 16:58:25 2020
|Knox Version|
Knox 3.6
Knox API level 32
TIMA 4.1.0
DualDAR 1.2.0
HDM 2.0 - F
|Service Provider SW ver.|
SAOMC_SM-T978U_OYN_TMB_QQ_0026
R52N810TWJM
TMB/TMB/TMB
|Carrier Configuration Version|
2.340001
|Security Software Version|
MDF v3.1 Release 5
WLAN v1.0 Release 2
VPN PP-MOD v2.1 Release 3.0.1
ASKS v3.1 Release 20200806
ADP v3.0 Release 20191001
FIPS BoringSSL v1.4
FIPS SKC v2.1
FIPS SCrypto v2.5
SMR Oct-2020 Release 1
|Android Security Patch Level|
October 1, 2020
[T-Mobile | OnePlus 8T]
|Model|
KB2007
|Android Version|
11
|Carrier Configuartion Version|
2.360001
|Baseband Version|
MPSS.HI.2.0.c4-00028-SDX55_RMTEFS_PACK-1.327103.53
|Kernel Version|
4.19.110-perf+
#1 Wed Dec 16 22:01:42 CST 2020
|Software Version|
11.0.6.8.KB09CB
|Android Security Update|
November 1, 2020
{
"lightbox_close": "Close",
"lightbox_next": "Next",
"lightbox_previous": "Previous",
"lightbox_error": "The requested content cannot be loaded. Please try again later.",
"lightbox_start_slideshow": "Start slideshow",
"lightbox_stop_slideshow": "Stop slideshow",
"lightbox_full_screen": "Full screen",
"lightbox_thumbnails": "Thumbnails",
"lightbox_download": "Download",
"lightbox_share": "Share",
"lightbox_zoom": "Zoom",
"lightbox_new_window": "New window",
"lightbox_toggle_sidebar": "Toggle sidebar"
}
I have the same malware on my device! It's a spyware-type malware, and I'm not sure how my device contracted it, to be honest. I'll type my software information below so that others can find this post, too, and not feel left out.
Model:
Samsung S9+
Model number:
SM-G956U
One UI version:
2.5
Android version:
10
Baseband version:
G965USQU9FVB2
Kernel version:
4.9.186-22990479
#1 Thu Feb 24 18:22:06 KST 2022
Build number:
QP1A.190711.020.G965USQU9FVB2
SE for Android status:
Enforcing
SEPF_SM-G965U_10_0030
Thu Feb 24 18:33:14 2022
Knox version:
Knox 3.4.1
Knox API level 30
TIMA 4.0.0
Service provider SW ver.:
SAOMC_SM-G965U_OYN_TMB_QQ_0026
32564c5336363098
TMB/XAA/VZW
Carrier configuration version:
2.450001
[Update]
(P.S. After factory resetting my device, it changed to "0.0.0")
Security software version:
MDF v3.1 Release 5
WLAN v1.0 Release 2
VPN PP-MOD v2.1 Release 3.0.1
ASKS v3.1 Release 20200806
ADP v3.0 Release 20191001
FIPS BoringSSL v1.4
FIPS SKC v1.9
FIPS SCrypto v2.2
SMR Mar-2022 Release 1
Android security patch level:
March 1, 2022
When I tried to mess around with my Developer's options, it showed that I am not the administrator. It doesn't allow me to turn on "Restrict my SMS and call log access" under Apps, and a bug report I opened and had looked at gave me these additional specifications I had never seen before:
Build fingerprint:
'samsung/star2qltesq...'
Bootloader:
G965USQU9FVB2
Radio:
G965USQU9FVB2
Network:
(unknown)
Module Metadata version:
330477090
Kernel:
Linux version 4.9.186-22990479...
Besides this, all of my applications have been compromised; they all have odd versions, permissions I cannot control (such the system app, Tips, being able download files without notifying me), can change system settings, install unknown apps, have "Open source licenses," and so on. Some of the capabilities that my app, Messages, has is the ability to modify my call logs, send out messages without my knowledge (then delete them), use my microphone to record at any given time, and connect or disconnect from Wi-Fi. It's quite difficult for me to find authentic information online, because my Google Chrome app constantly gives me false redirections to fake/modified links that appear legitimate.
Everything on my phone will tell me that the apps, the websites, and the operating system are safe and authentic, but they're all infected. I have been under the false impression that nothing was wrong with my device for months now, because judging from my Wi-Fi usage history, it had spiked up between June-July.
I'll also go ahead and attach a sh*tload of screenshots on what the malicious, system applications look like.
Rotting Brain said:
I have the same malware on my device! It's a spyware-type malware, and I'm not sure how my device contracted it, to be honest. I'll type my software information below so that others can find this post, too, and not feel left out.
Model:
Samsung S9+
Model number:
SM-G956U
One UI version:
2.5
Android version:
10
Baseband version:
G965USQU9FVB2
Kernel version:
4.9.186-22990479
#1 Thu Feb 24 18:22:06 KST 2022
Build number:
QP1A.190711.020.G965USQU9FVB2
SE for Android status:
Enforcing
SEPF_SM-G965U_10_0030
Thu Feb 24 18:33:14 2022
Knox version:
Knox 3.4.1
Knox API level 30
TIMA 4.0.0
Service provider SW ver.:
SAOMC_SM-G965U_OYN_TMB_QQ_0026
32564c5336363098
TMB/XAA/VZW
Carrier configuration version:
2.450001
[Update]
(P.S. After factory resetting my device, it changed to "0.0.0")
Security software version:
MDF v3.1 Release 5
WLAN v1.0 Release 2
VPN PP-MOD v2.1 Release 3.0.1
ASKS v3.1 Release 20200806
ADP v3.0 Release 20191001
FIPS BoringSSL v1.4
FIPS SKC v1.9
FIPS SCrypto v2.2
SMR Mar-2022 Release 1
Android security patch level:
March 1, 2022
When I tried to mess around with my Developer's options, it showed that I am not the administrator. It doesn't allow me to turn on "Restrict my SMS and call log access" under Apps, and a bug report I opened and had looked at gave me these additional specifications I had never seen before:
Build fingerprint:
'samsung/star2qltesq...'
Bootloader:
G965USQU9FVB2
Radio:
G965USQU9FVB2
Network:
(unknown)
Module Metadata version:
330477090
Kernel:
Linux version 4.9.186-22990479...
Besides this, all of my applications have been compromised; they all have odd versions, permissions I cannot control (such the system app, Tips, being able download files without notifying me), can change system settings, install unknown apps, have "Open source licenses," and so on. Some of the capabilities that my app, Messages, has is the ability to modify my call logs, send out messages without my knowledge (then delete them), use my microphone to record at any given time, and connect or disconnect from Wi-Fi. It's quite difficult for me to find authentic information online, because my Google Chrome app constantly gives me false redirections to fake/modified links that appear legitimate.
Everything on my phone will tell me that the apps, the websites, and the operating system are safe and authentic, but they're all infected. I have been under the false impression that nothing was wrong with my device for months now, because judging from my Wi-Fi usage history, it had spiked up between June-July.
I'll also go ahead and attach a sh*tload of screenshots on what the malicious, system applications look like.
Click to expand...
Click to collapse
to fix this you need to reinstall te full firmare in odin, and format the sd card o the device ( a back up is not recommended due the malware can be copy too
tutibreaker said:
to fix this you need to reinstall te full firmare in odin, and format the sd card o the device ( a back up is not recommended due the malware can be copy too
Click to expand...
Click to collapse
Thank you, I was planning on doing so, anyway. I'm just learning as much as I can before I reinstall the stock firmware, such as if there's a method I could use that wouldn't trip Knox because I like using some of the Samsung applications.
I have 2 other phones that have been compromised, as well, and the hacker knows, essentially, all my passwords now to all of my accounts, and has access to my SIM card/number. It's frustrating that when an application requests a verification code, I get messages like these:
<#> Account: [redacted] is your Samsung account verification code.
bP2ROrn3fZQ
Click to expand...
Click to collapse
<#> Your WhatsApp code: [redacted]
You can also tap on this link to verify your phone: v.whatsapp.com/[redacted]
Don't share this code with others
4sgLq1p5sV6
Click to expand...
Click to collapse
And it also gets onto my WhatsApp account. I really have to flash my mobile devices, I'm just afraid I'll f*ck up really badly.
Rotting Brain said:
Thank you, I was planning on doing so, anyway. I'm just learning as much as I can before I reinstall the stock firmware, such as if there's a method I could use that wouldn't trip Knox because I like using some of the Samsung applications.
I have 2 other phones that have been compromised, as well, and the hacker knows, essentially, all my passwords now to all of my accounts, and has access to my SIM card/number. It's frustrating that when an application requests a verification code, I get messages like these:
And it also gets onto my WhatsApp account. I really have to flash my mobile devices, I'm just afraid I'll f*ck up really badly.
Click to expand...
Click to collapse
usind odin wont trip knox
tutibreaker said:
usind odin wont trip knox
Click to expand...
Click to collapse
That's relieving to know, thank you!
I have the same issue now going on for 2 years.
I have changed everything from emails devices wifi and cel companies. I've been super careful to not access any infected data from previous devices. On my new note 20 5g ultra out of box disabled blue tooth and dis not connect to any wifi so far. I di not transfer data from any device..
I've lost so much time and money trying to get rid of this. I've lost all 99 of all my Pic videos for over the past decade emails and social media accounts.
Knox has been activated I tried to access the account but I've been unsuccessful.
Has flashing it work for anyone else. I have on previous devices galaxy 8plus just to reverse back to the compromised state.
Glow1717 said:
I have the same issue now going on for 2 years.
I have changed everything from emails devices wifi and cel companies. I've been super careful to not access any infected data from previous devices. On my new note 20 5g ultra out of box disabled blue tooth and dis not connect to any wifi so far. I di not transfer data from any device..
I've lost so much time and money trying to get rid of this. I've lost all 99 of all my Pic videos for over the past decade emails and social media accounts.
Knox has been activated I tried to access the account but I've been unsuccessful.
Has flashing it work for anyone else. I have on previous devices galaxy 8plus just to reverse back to the compromised state.
Click to expand...
Click to collapse
To be honest, I eventually gave up on it because whoever it is that wants access to my devices clearly has the resources to do so.
On top of that, no one would believe me when I tried to explain to them how serious it is and all the information I've gathered to prove my point.
Unfortunately, I'm not fluent enough in coding or low level system management to professionally explain my concern for anyone to listen to.
I came to the realization that in the bigger picture, I'm a nobody in the cybersecurity field and what that means is no one will take me, and most likely you, seriously nor do others want to spend their time assisting us for anything short of a fortune.
If you are experiencing something similar to what I've posted here then chances are high you are being targeted specifically and without the relevant cybersecurity knowledge to protect yourself, you will never get away from it.
Hate to be negative here but I can assure you that I spent countless days, weeks, months trying to figure it out by researching, contacting cybersecurity specialists, forums etc. all to no avail.
I genuinely wish you luck and if you happen to find some information you could share with me, I'd appreciate it.
Outside spending a small fortune to hire an expert to come to my house and dig deep into my network, I don't see a way to resolve it, personally.
Good luck
Sentimental Sugarcube said:
I have the same malware on my device! It's a spyware-type malware, and I'm not sure how my device contracted it, to be honest. I'll type my software information below so that others can find this post, too, and not feel left out.
Model:
Samsung S9+
Model number:
SM-G956U
One UI version:
2.5
Android version:
10
Baseband version:
G965USQU9FVB2
Kernel version:
4.9.186-22990479
#1 Thu Feb 24 18:22:06 KST 2022
Build number:
QP1A.190711.020.G965USQU9FVB2
SE for Android status:
Enforcing
SEPF_SM-G965U_10_0030
Thu Feb 24 18:33:14 2022
Knox version:
Knox 3.4.1
Knox API level 30
TIMA 4.0.0
Service provider SW ver.:
SAOMC_SM-G965U_OYN_TMB_QQ_0026
32564c5336363098
TMB/XAA/VZW
Carrier configuration version:
2.450001
[Update]
(P.S. After factory resetting my device, it changed to "0.0.0")
Security software version:
MDF v3.1 Release 5
WLAN v1.0 Release 2
VPN PP-MOD v2.1 Release 3.0.1
ASKS v3.1 Release 20200806
ADP v3.0 Release 20191001
FIPS BoringSSL v1.4
FIPS SKC v1.9
FIPS SCrypto v2.2
SMR Mar-2022 Release 1
Android security patch level:
March 1, 2022
When I tried to mess around with my Developer's options, it showed that I am not the administrator. It doesn't allow me to turn on "Restrict my SMS and call log access" under Apps, and a bug report I opened and had looked at gave me these additional specifications I had never seen before:
Build fingerprint:
'samsung/star2qltesq...'
Bootloader:
G965USQU9FVB2
Radio:
G965USQU9FVB2
Network:
(unknown)
Module Metadata version:
330477090
Kernel:
Linux version 4.9.186-22990479...
Besides this, all of my applications have been compromised; they all have odd versions, permissions I cannot control (such the system app, Tips, being able download files without notifying me), can change system settings, install unknown apps, have "Open source licenses," and so on. Some of the capabilities that my app, Messages, has is the ability to modify my call logs, send out messages without my knowledge (then delete them), use my microphone to record at any given time, and connect or disconnect from Wi-Fi. It's quite difficult for me to find authentic information online, because my Google Chrome app constantly gives me false redirections to fake/modified links that appear legitimate.
Everything on my phone will tell me that the apps, the websites, and the operating system are safe and authentic, but they're all infected. I have been under the false impression that nothing was wrong with my device for months now, because judging from my Wi-Fi usage history, it had spiked up between June-July.
I'll also go ahead and attach a sh*tload of screenshots on what the malicious, system applications look like.
Click to expand...
Click to collapse
I'm glad that at least someone believes me.
My God, seriously.
I really hope you were able to get this fixed. I haven't been able to since my entire network has been infected. It's a really long story but the bottom line is that I've never seen malware with these capabilities. They are incredible and not one you would ever want to be infected with.
Glow1717 said:
I have the same issue now going on for 2 years.
I have changed everything from emails devices wifi and cel companies. I've been super careful to not access any infected data from previous devices. On my new note 20 5g ultra out of box disabled blue tooth and dis not connect to any wifi so far. I di not transfer data from any device..
I've lost so much time and money trying to get rid of this. I've lost all 99 of all my Pic videos for over the past decade emails and social media accounts.
Knox has been activated I tried to access the account but I've been unsuccessful.
Has flashing it work for anyone else. I have on previous devices galaxy 8plus just to reverse back to the compromised state.
Click to expand...
Click to collapse
I'm very sorry to hear that, I can't imagine what it's like to have to deal with this for such a long time. I slowly started losing my sanity when my devices were infected, especially my primary device (the Samsung Galaxy S9+), and had started becoming irrational at times due to the paranoia and lack of understanding about what had been going on the entire time.
I have yet to flash any of my devices, so I don't know just how well it'll work out doing so. What Android version is your Samsung Galaxy S8+, though? Because devices running on Android 9 (Pie) and up are pretty unique in the sense that the security rids the device of malware & spyware once a factory reset takes place, so if you have a newer operating system like you do on your Samsung Galaxy Note 20 Ultra 5G, then you may be able to fix that issue. Although, it would only clear up issues you have on your firmware/software & not be able to help issues you'd occur with a compromised hardware & network connection.
When I factory reset my Samsung Galaxy S9+ (which runs on Android 10), the oddity disappeared! I wish I had done it sooner or routinely, at least, because it would've saved me from so much stress & anxiety.
Although, as @JesseJamez55 mentioned, you may be directly targeted, and that makes a huge difference in the matter. I, for one, am not specifically in the center of attention — my best friend is, and I suppose I somehow got involved in this awfulness just for knowing about so many of the concerning experiences he's had in the last several years.
JesseJamez55 said:
To be honest, I eventually gave up on it because whoever it is that wants access to my devices clearly has the resources to do so.
On top of that, no one would believe me when I tried to explain to them how serious it is and all the information I've gathered to prove my point.
Unfortunately, I'm not fluent enough in coding or low level system management to professionally explain my concern for anyone to listen to.
I came to the realization that in the bigger picture, I'm a nobody in the cybersecurity field and what that means is no one will take me, and most likely you, seriously nor do others want to spend their time assisting us for anything short of a fortune.
If you are experiencing something similar to what I've posted here then chances are high you are being targeted specifically and without the relevant cybersecurity knowledge to protect yourself, you will never get away from it.
Hate to be negative here but I can assure you that I spent countless days, weeks, months trying to figure it out by researching, contacting cybersecurity specialists, forums etc. all to no avail.
I genuinely wish you luck and if you happen to find some information you could share with me, I'd appreciate it.
Outside spending a small fortune to hire an expert to come to my house and dig deep into my network, I don't see a way to resolve it, personally.
Good luck
Click to expand...
Click to collapse
I was planning on doing the same thing when I had gotten tired of it; I was just going to accept that my life will always be this way and there's nothing I can do to try to stop it from happening because I wasn't educated enough about the problems I was facing, and couldn't find any real information due to the DSN spoofing.
It's best to not share this with too many people — we'll end up looking like nutjobs, which we probably are a little of, due to apophenia & the heightened stress/anxiety (causing paranoia), haha. But in all seriousness, the people of people won't understand or believe is — especially when we're more suspectable to being discredited.
I think that's what the hackers/stalkers do — pick out & mess with those that have disadvantages (such as if one uses illegal substances known to distort our thinking or if one is diagnosed with a serious mental illness) because we're easily discredited.
How long has this been happening to you, if you don't mind me asking?
JesseJamez55 said:
I'm glad that at least someone believes me.
My God, seriously.
I really hope you were able to get this fixed. I haven't been able to since my entire network has been infected. It's a really long story but the bottom line is that I've never seen malware with these capabilities. They are incredible and not one you would ever want to be infected with.
Click to expand...
Click to collapse
I was extremely relieved when I found out there are others that believed me too & who were suffering from the same issues & malware.
I was able to get it fixed, thankfully, but I've also changed my way of thinking about this whole thing. I've started taking my medications, too (or I'm starting to again). And I agree, it's definitely a considerably severe form of electronic harassment. But I suppose it's inevitable, and there's no point in stressing out so much over it anymore — for me, at least.
JesseJamez55 said:
To be honest, I eventually gave up on it because whoever it is that wants access to my devices clearly has the resources to do so.
On top of that, no one would believe me when I tried to explain to them how serious it is and all the information I've gathered to prove my point.
Unfortunately, I'm not fluent enough in coding or low level system management to professionally explain my concern for anyone to listen to.
I came to the realization that in the bigger picture, I'm a nobody in the cybersecurity field and what that means is no one will take me, and most likely you, seriously nor do others want to spend their time assisting us for anything short of a fortune.
If you are experiencing something similar to what I've posted here then chances are high you are being targeted specifically and without the relevant cybersecurity knowledge to protect yourself, you will never get away from it.
Hate to be negative here but I can assure you that I spent countless days, weeks, months trying to figure it out by researching, contacting cybersecurity specialists, forums etc. all to no avail.
I genuinely wish you luck and if you happen to find some information you could share with me, I'd appreciate it.
Outside spending a small fortune to hire an expert to come to my house and dig deep into my network, I don't see a way to resolve it, personally.
Good luck
Click to expand...
Click to collapse
Your completely right. I thank you for your feedback and I greatly appreciate it. I usually get laughed at or from IT support at cox or other companies that will explain how to what is happening to my digital life is none existent and has not been developed yet and send me on my way after a virus scan resulting in 0 threats.
Your also think your right been someone targeting me. At this point I need to get my foil hat.. I really don't share that thought because even my bf has advised me to get a mental health evaluation... I understand after hearing me try to figure it out for mths 24/7..
This is the reason why I believe that it is a possibility. When all this came about I lived in North Las Vegas it's pretty bad unfortunately I didn't know when I bought and moved in from California. I felt safe it's a gated community!
I'm just gonna lay it out and I know what I sound like and I did end up going to get checked out clean menta aside from some anxiety from all of this.
After moving in a mth later I had some tampering with my truck but wasn't sure maybe by accident I did it .. I was always on the run.. but a few wks later I heard the back door open and I asked who was there and I caught someone's backside running out. I figured some stupid curious teen .. so concerned me living alone employed running a company and also a side business flipping cars and a truck a sports car and a classic that I was rebuilding.. maybe was drawing attention of the wrong kind. I got me a dog! Problem fixed um no still night noises outside and once on the roof that my BF was there that night and we would call the Police dept.. over and over again. So time to get cameras. Started with the ring system I had cameras in every direction including a couple inside. It was amazing! For a day that night someone tripped by breaker lost power again we ran out it was the BF of the person that managed the community... another police report for the pile. To make it short unless I was looking at it live what ever that was recorded I would get to see it original video maybe once and when I would try to show someone video would be gone or edited (at the time I did not know that video could be edited or set privacy guards filters from amazon etc) also I would started to see at night someone with lazer pointers. Later I was told it would disable the camera. True or not after looking like a mad woman with claiming to have proof to call the police.. and I no longer had the evidence no matter where I would back It up to.. I was mad all that money on the ring for this BS.. so I got Canary then I got Alfred and a long list of cameras apps and all the same. Luckily I was giving some credit when on a motion in an inside my home you could see a hand reaching to move the camera a I was able to show my BF and a friend but by the time pd showed up the video had been edited and the beginning with the dogs barking and the hand over my bed reaching for the camera was missing.. yes someone was in my bedroom while I was asleep and my BF was in bed asleep with me. The other hard evidence was not digital.. I was in the bathroom and heard noise coming from under my home.. I screamed out for help to the people that had come over for a get together. They saw the guy run from under the house and they chased him about a block and jumped into a waiting minivan. The rest of evidence I had in video that I once could see actual break ins in process and video with excellent quality would with in a min turn to a smear of colors exta zoomed imaged glared lights .. that nobody believed that I saw the person committing the crime. I had kept the videos and images of my smeared proof with hopes that one day I could get help and reverse the editing that destroyed my proof. I don't have many left..
After living in fear with most of my belongings and valuable stolen a walked away from my purchased home to rent in a safer neighborhood. Un the process I lost my job my side business..the classic dismantle my truck crashed into while parked at night hit and run ofcourse and turbo taken out of sports car .. and almost losing my mental.. having to deal with "hacking" constantly having to change passwords removing my device form child restrictions or fighting with my own virus protection software that would be program to restrict me accessing help and getting error codes when accessing government agencies google cox and tmobile.. it was the worst I believe. I'm glad I'm safe but still with this issue issue.. I've been trying to learn on my own and I Google everything.. I mean every word I come across and YouTube if I need further clarification and I started taking some classes to understand and remove and prevent what is happening to me one day.
Sorry about the novel.. lol
I'm going to attach a sample of my smeared images and some images of the modification that I have currently maybe someone understand all of this
Where I'm at .. I bought this phone and did not connect to wifi disabled blue tooth and disabled automatic downloads and I had not even turned on my data .. so I looked into OTA .. over the air programing and issues with samsung the data breaches etc.. I talk to samsung they said the modifications was not via OTA .. the IT rep could have been right ?? Not sure yet .. how else could possibly else be .. (about 2 years ago I found in my google shared doc that I was sharing to other my experiments results with radio data communication.. and was very common for me to see the verbiage spectrum radio, RTU, Scada, unlicensed radio, IoT, Ericson, transmitting data over radio as a wifi alternative. Alot of the apps I had then had something to do with that technology and companies) My ignorance at the time told me it had something to do with the huge radio antena that came with the home.
So I revisited that idea as a possible entrance point of infection??
I found libav64 with over 1060 system files saved on my device
Also in the framework files I found several of Verizon files.. I have t mobile never had Verizon. Because I have a Verizon build enforcing t mobile .. tmobile support accused me of inserting a Verizon chip .. I explained that I don't have one and never did .. she asked me to return it manufactur and exchange for new one.
I'm having an issue with upload speed for the images so I will repost with just the images
Sentimental Sugarcube said:
I'm very sorry to hear that, I can't imagine what it's like to have to deal with this for such a long time. I slowly started losing my sanity when my devices were infected, especially my primary device (the Samsung Galaxy S9+), and had started becoming irrational at times due to the paranoia and lack of understanding about what had been going on the entire time.
I have yet to flash any of my devices, so I don't know just how well it'll work out doing so. What Android version is your Samsung Galaxy S8+, though? Because devices running on Android 9 (Pie) and up are pretty unique in the sense that the security rids the device of malware & spyware once a factory reset takes place, so if you have a newer operating system like you do on your Samsung Galaxy Note 20 Ultra 5G, then you may be able to fix that issue. Although, it would only clear up issues you have on your firmware/software & not be able to help issues you'd occur with a compromised hardware & network connection.
When I factory reset my Samsung Galaxy S9+ (which runs on Android 10), the oddity disappeared! I wish I had done it sooner or routinely, at least, because it would've saved me from so much stress & anxiety.
Although, as @JesseJamez55 mentioned, you may be directly targeted, and that makes a huge difference in the matter. I, for one, am not specifically in the center of attention — my best friend is, and I suppose I somehow got involved in this awfulness just for knowing about so many of the concerning experiences he's had in the last several years.
Click to expand...
Click to collapse
My situation isn't on Android only, it's my entire network which includes the following;
PC's
Android Phones
Android Tablets (No longer own)
Macbook Pro (No longer own)
MacBook Air (No longer own)
Chromebook (After allowing Linux via Developer Settings)
Router
Samsung Smart TV (No longer own)
Sony AV Receiver
My CCTV DVR System (No longer own)
Any other device that either connects to my network or can be accessed via the Nearby Devices pervasive permission within Android (This is my best guess for how devices are being infected when I haven't in any way accessed my network)
After all my research and some helpful clues/texts/emails sent to me, i found out that I am being specifically targeted by my upstairs neighbor that strongly dislikes me and finds me extremely amusing.
I won't go into further details but this is why I gave up. They are exponentially more fluent in cybersecurity than I could ever hope to be and since they have local access to my devices, I could never hope to win. I need to move which I will be doing very soon.
This is why I say if you are going through anything close to what I am then it's almost certainly a targeted attack. I'm sure there are other possibilities but this is what my experience is.
Do you ever use the Tor network? Depending on where you decided to browse or what you may have downloaded, you can get some especially nasty malware from there, too. Even just browsing some sites can deliver drive-by malware or not having your browser/firewall set up correctly is enough to lose your anonymity. Something to think about since it could be a government agency keeping tabs on you for a reason only you would know. Just a thought.I'll leave you with one final thought; would you honestly consider yourself a very interesting person? Do you have hobbies others would be interested in learning more about it they had the relevant skills to do so?After thinking about it, I do. I have my hobbies that I would find different or weird if I were someone else. So that mixed with some neighbors that have networking skills, are always home and way to damn nosy is how I got where I'm at.That's my real situation so just something to consider.
I am so glad I came across this thread. Honestly. Had the exact same issue Dec last year. Although I suspect they were in the network for a couple of years before I realised. Tried to solve it for 6 weeks. Gave up, threw all network devices out and started over. All good. For three months. Even with the most strictest routines in watching what I was clicking online, not downloading anything, updates ran regularly, new vpn and more costly antivirus and equipment. It returned.
I honestly don't think its a personal attack, but it's insane how it spreads. I've worked constantly on it since June. Contacted so many people. I can't afford to throw this new stuff out, don't have money to replace it all again. My doc sent me to see a psychiatrist. Said I'm delusional. I told them I was feeling stressed and exhausted just trying to boot whoever this was out of my network and life. Psychiatrist says I'm sane, just needing to relax and have someone actually listen to me.
I have 2 pcs, laptop, 3 mobile phones, xboxes and TV being controlled by whatever this is. Root trust certs are all wrong. Traffic being directed to http although looks legit as if its https. All have been flashed with wrong ota updates. I am considering flashing my phone but don't think it will help as will be doing it with infected pc... seems pointless.
I am starting to realise I have to live with it and just get on with stuff. I've been seriously slacking in work and been so focused on this malware/spyware/rootkit whatever it is.
Honestly it's a massive relief to know I am not alone.
I am having the same issue. What I have learned so far:
> The malware is a RAT
> It can infect and embed itself in most IoT capable devices and most anything that has RF capability, including BT, NFC, Zigbee, etc.
>It enumerates all devices in your local network. After this step it appears to inject malicious code into device drivers, specifically network interfaces. It then creates virtual network interfaces, swaps and/or spoofs MAC addresses on the devices in your network. For example, what appears to be your router on first glance, is actually your xbox or laptop which is now hosting all your devices while your router is throwing out hidden wifi networks that connect other devices.
>It creates virtual BT interfaces and is capable of discreetly connecting with other BT capable devices in the background.
>It appears to be sending a continous video/audio stream to servers located in New York and Ashburn, VA.
>It changes VPN settings for your carrier.
>It routes browser traffic to a CDN server so you get preloaded versions of certain webpages and apps.
>Some of the code I discovered in app manifests include instructions for the phone to access a created hidden camera interface called "hiddencamera0", while specifying that the led indicator for the camera remains turned off.
>It prevents me from doing a hard reset and won't allow usb or wireless debugging, making it impossible (for me at least) to flash a new OS to my device.
>When I removed certain DNS entries from the registry or updated my AD on any of my 4 Windows based computers, the OS was wiped. When it was reinstalled, the same activity resumed.
>Using simple network command prompts, I discovered early on that my computers had established connections with various servers, even with all of the network capable devices turned off. I was able to stop these by disabling each device.
>Each time the device is restarted, the malware seems to gain more control over the system.
>Antivirus software does not detect it and the only way I was able to see what was going on was to uninstall my antivirus and go into Windows Defender Firewall as an admin. There I was able to see over a hundred rules enabling communication between my device and the remote server. I immediately deleted the inbound and outbound rules, but they repopulated until I manually disabled each interface. The first time I did this on my laptop, my phone and my son's phone actually switched back to the appropiate mobile network for about 15 minutes. Then my computer reset itself and it went back to it's malware version of operation.
I will attach screenshots a bit later.
Oh y
sudo_null said:
I am having the same issue. What I have learned so far:
> The malware is a RAT
> It can infect and embed itself in most IoT capable devices and most anything that has RF capability, including BT, NFC, Zigbee, etc.
>It enumerates all devices in your local network. After this step it appears to inject malicious code into device drivers, specifically network interfaces. It then creates virtual network interfaces, swaps and/or spoofs MAC addresses on the devices in your network. For example, what appears to be your router on first glance, is actually your xbox or laptop which is now hosting all your devices while your router is throwing out hidden wifi networks that connect other devices.
>It creates virtual BT interfaces and is capable of discreetly connecting with other BT capable devices in the background.
>It appears to be sending a continous video/audio stream to servers located in New York and Ashburn, VA.
>It changes VPN settings for your carrier.
>It routes browser traffic to a CDN server so you get preloaded versions of certain webpages and apps.
>Some of the code I discovered in app manifests include instructions for the phone to access a created hidden camera interface called "hiddencamera0", while specifying that the led indicator for the camera remains turned off.
>It prevents me from doing a hard reset and won't allow usb or wireless debugging, making it impossible (for me at least) to flash a new OS to my device.
>When I removed certain DNS entries from the registry or updated my AD on any of my 4 Windows based computers, the OS was wiped. When it was reinstalled, the same activity resumed.
>Using simple network command prompts, I discovered early on that my computers had established connections with various servers, even with all of the network capable devices turned off. I was able to stop these by disabling each device.
>Each time the device is restarted, the malware seems to gain more control over the system.
>Antivirus software does not detect it and the only way I was able to see what was going on was to uninstall my antivirus and go into Windows Defender Firewall as an admin. There I was able to see over a hundred rules enabling communication between my device and the remote server. I immediately deleted the inbound and outbound rules, but they repopulated until I manually disabled each interface. The first time I did this on my laptop, my phone and my son's phone actually switched back to the appropiate mobile network for about 15 minutes. Then my computer reset itself and it went back to it's malware version of operation.
I will attach screenshots a bit later.
Click to expand...
Click to collapse
One more thing that is particularly disturbing: It appears to be connected to my vehicle BT and Uconnect interface. There is more, but I will inckude that later as well.
This is exactly what I am facing.
It seems like it has been a couple of years.
Yes the LED of the camera is off too.
Did you manage to solve it ?
Anyone with a solution?
To be honest I'm not into the cybersecurity field but it sounds like the ultimate type of malware - one that hacks everything conveniently. I hate to say it, but you might have to replace literally everything. You could try to at least backup some stuff that's important but you're going to have to look at the local technician to see what you need. I could provide some help for those who need it in this forum.
Glow1717 said:
Your completely right. I thank you for your feedback and I greatly appreciate it. I usually get laughed at or from IT support at cox or other companies that will explain how to what is happening to my digital life is none existent and has not been developed yet and send me on my way after a virus scan resulting in 0 threats.
Your also think your right been someone targeting me. At this point I need to get my foil hat.. I really don't share that thought because even my bf has advised me to get a mental health evaluation... I understand after hearing me try to figure it out for mths 24/7..
This is the reason why I believe that it is a possibility. When all this came about I lived in North Las Vegas it's pretty bad unfortunately I didn't know when I bought and moved in from California. I felt safe it's a gated community!
I'm just gonna lay it out and I know what I sound like and I did end up going to get checked out clean menta aside from some anxiety from all of this.
After moving in a mth later I had some tampering with my truck but wasn't sure maybe by accident I did it .. I was always on the run.. but a few wks later I heard the back door open and I asked who was there and I caught someone's backside running out. I figured some stupid curious teen .. so concerned me living alone employed running a company and also a side business flipping cars and a truck a sports car and a classic that I was rebuilding.. maybe was drawing attention of the wrong kind. I got me a dog! Problem fixed um no still night noises outside and once on the roof that my BF was there that night and we would call the Police dept.. over and over again. So time to get cameras. Started with the ring system I had cameras in every direction including a couple inside. It was amazing! For a day that night someone tripped by breaker lost power again we ran out it was the BF of the person that managed the community... another police report for the pile. To make it short unless I was looking at it live what ever that was recorded I would get to see it original video maybe once and when I would try to show someone video would be gone or edited (at the time I did not know that video could be edited or set privacy guards filters from amazon etc) also I would started to see at night someone with lazer pointers. Later I was told it would disable the camera. True or not after looking like a mad woman with claiming to have proof to call the police.. and I no longer had the evidence no matter where I would back It up to.. I was mad all that money on the ring for this BS.. so I got Canary then I got Alfred and a long list of cameras apps and all the same. Luckily I was giving some credit when on a motion in an inside my home you could see a hand reaching to move the camera a I was able to show my BF and a friend but by the time pd showed up the video had been edited and the beginning with the dogs barking and the hand over my bed reaching for the camera was missing.. yes someone was in my bedroom while I was asleep and my BF was in bed asleep with me. The other hard evidence was not digital.. I was in the bathroom and heard noise coming from under my home.. I screamed out for help to the people that had come over for a get together. They saw the guy run from under the house and they chased him about a block and jumped into a waiting minivan. The rest of evidence I had in video that I once could see actual break ins in process and video with excellent quality would with in a min turn to a smear of colors exta zoomed imaged glared lights .. that nobody believed that I saw the person committing the crime. I had kept the videos and images of my smeared proof with hopes that one day I could get help and reverse the editing that destroyed my proof. I don't have many left..
After living in fear with most of my belongings and valuable stolen a walked away from my purchased home to rent in a safer neighborhood. Un the process I lost my job my side business..the classic dismantle my truck crashed into while parked at night hit and run ofcourse and turbo taken out of sports car .. and almost losing my mental.. having to deal with "hacking" constantly having to change passwords removing my device form child restrictions or fighting with my own virus protection software that would be program to restrict me accessing help and getting error codes when accessing government agencies google cox and tmobile.. it was the worst I believe. I'm glad I'm safe but still with this issue issue.. I've been trying to learn on my own and I Google everything.. I mean every word I come across and YouTube if I need further clarification and I started taking some classes to understand and remove and prevent what is happening to me one day.
Sorry about the novel.. lol
I'm going to attach a sample of my smeared images and some images of the modification that I have currently maybe someone understand all of this
Where I'm at .. I bought this phone and did not connect to wifi disabled blue tooth and disabled automatic downloads and I had not even turned on my data .. so I looked into OTA .. over the air programing and issues with samsung the data breaches etc.. I talk to samsung they said the modifications was not via OTA .. the IT rep could have been right ?? Not sure yet .. how else could possibly else be .. (about 2 years ago I found in my google shared doc that I was sharing to other my experiments results with radio data communication.. and was very common for me to see the verbiage spectrum radio, RTU, Scada, unlicensed radio, IoT, Ericson, transmitting data over radio as a wifi alternative. Alot of the apps I had then had something to do with that technology and companies) My ignorance at the time told me it had something to do with the huge radio antena that came with the home.
So I revisited that idea as a possible entrance point of infection??
I found libav64 with over 1060 system files saved on my device
Also in the framework files I found several of Verizon files.. I have t mobile never had Verizon. Because I have a Verizon build enforcing t mobile .. tmobile support accused me of inserting a Verizon chip .. I explained that I don't have one and never did .. she asked me to return it manufactur and exchange for new one.
I'm having an issue with upload speed for the images so I will repost with just the images
Click to expand...
Click to collapse
You need to right now remove the malware, as that's the problem. The symptoms of this malware seems to be that people randomly attack you because they know your location and are listening to you 24x7. You remove that malware first and then fix the home security later. Good luck
This seems a bit over-exaggerated, the "dangerous" processes you're talking about actually look like normal services on a samsung device lol, it's not uncommon for some frameworks and stuff to have a lot of privileges, the message you're saying you see on boot could maybe be the:
Code:
The phone is not running Samsung's official software. You may have problems with features or security. and you won't be able to install software updates.
This is typical for a bootloader unlocked/modified device, feel free to send photos of the messages you're describing, and it can help point into the correct direction.
The "traced" app you're using seems very misinforming though. The Call app having permissions to call and read storage/contacts is normal.
If you're really that paranoid about random services (which look fairly normal) - feel free to format everything, debloat down to the core OS, wrap your walls in tin-foil, throw out your phone and hide under your bed lol (sarcasm)
rainyskye said:
This seems a bit over-exaggerated, the "dangerous" processes you're talking about actually look like normal services on a samsung device lol, it's not uncommon for some frameworks and stuff to have a lot of privileges, the message you're saying you see on boot could maybe be the:
Code:
The phone is not running Samsung's official software. You may have problems with features or security. and you won't be able to install software updates.
This is typical for a bootloader unlocked/modified device, feel free to send photos of the messages you're describing, and it can help point into the correct direction.
The "traced" app you're using seems very misinforming though. The Call app having permissions to call and read storage/contacts is normal.
If you're really that paranoid about random services (which look fairly normal) - feel free to format everything, debloat down to the core OS, wrap your walls in tin-foil, throw out your phone and hide under your bed lol (sarcasm)
Click to expand...
Click to collapse
And remember kids, if someone tells you "the government wouldn't do that!", Oh yes they would.
rainyskye said:
This seems a bit over-exaggerated, the "dangerous" processes you're talking about actually look like normal services on a samsung device lol, it's not uncommon for some frameworks and stuff to have a lot of privileges, the message you're saying you see on boot could maybe be the:
Code:
The phone is not running Samsung's official software. You may have problems with features or security. and you won't be able to install software updates.
This is typical for a bootloader unlocked/modified device, feel free to send photos of the messages you're describing, and it can help point into the correct direction.
The "traced" app you're using seems very misinforming though. The Call app having permissions to call and read storage/contacts is normal.
If you're really that paranoid about random services (which look fairly normal) - feel free to format everything, debloat down to the core OS, wrap your walls in tin-foil, throw out your phone and hide under your bed lol (sarcasm)
Click to expand...
Click to collapse
I love how we are calling them schizophrenias, when they clearly need help with cleaning a serious infection on their devices
fillwithjoy1 said:
I love how we are calling them schizophrenias, when they clearly need help with cleaning a serious infection on their devices
Click to expand...
Click to collapse
could that infection be called "blink" by any chance? it's a serious piece of software that makes its way onto every windows and android device without user discretion. that sounds a lot like what's happening, and blink has the ability to utilize any active internet connections when activated.
pmnlla said:
could that infection be called "blink" by any chance? it's a serious piece of software that makes its way onto every windows and android device without user discretion. that sounds a lot like what's happening, and blink has the ability to utilize any active internet connections when activated.
Click to expand...
Click to collapse
Possibly could be, but it does seem like the OP would need to completely reset their devices which won't be easy