Need help with Virus - Samsung Galaxy S7 Questions and Answers

i was surfing the web as i usually do and i accidentally licked a link and i opened a separate page but there was nothing on it so i went back and closed he tap. I got curious though and i randomly opened my files app on my s7. I went on device storage and i noticed there was a folder that appeared with the name lpe. I opened the file and it contained 6 files. I ignored the file at first but a few hours later i had left my s7 on my table unlocked and the screen began move and it started to open applications. i fighted my way against the phone and i deleted the file and it stopped. I ran my security software i had CM Security and it picked up no virus so i also went on smart manager and ran the device security there as well it picked up nothing I thought it was all over but i was wrong. The file appeared again by itself the next day. I ran security picked up nothing and deleted the file but it kept coming back the next day. Sometimes it comes back twice a day or sometimes once a day. This is been happening for the last week now. I did a factory rest as well but it came back after 5hrs. Before i did a factory rest i had clean the cache partition using recovery mode. I tried going on Android Authority for help but they didn't know what to so i came here. At this point i don't know what to do.

Maybe an app you had installed is downloading again with Google Backup and restore
Try disabling Sync, factory reset again, but this time do not restore when asked on first boot
There is no way any app or virus (I don't think it is a virus) can survive a factory reset, so it must be getting reinstalled somehow

*Detection* said:
Maybe an app you had installed is downloading again with Google Backup and restore
Try disabling Sync, factory reset again, but this time do not restore when asked on first boot
There is no way any app or virus (I don't think it is a virus) can survive a factory reset, so it must be getting reinstalled somehow
Click to expand...
Click to collapse
Yeah i was thinking to do that as well. gonna try it now and will keep you guys updated if it comes up again.

wawa45 said:
Yeah i was thinking to do that as well. gonna try it now and will keep you guys updated if it comes up again.
Click to expand...
Click to collapse
so i factory rested my phone liked you asked, disabled sync and didn't restore my data from startup( i manually downloaded my apps). Your solution had worked only temporary. i was looking through "My Files" app on my phone and there it was again but the file was bigger. it now contained 6 files instead 5. it is now 114mb big which is double what it used to be. the virus somehow managed to get through the factory rest. Does anybody know the fix to my problem?

lpe folder is not a virus, it is a temp folder for something
Pinger or Sideline create an lpe temp folder, probably others too
And you have already been told in your cloned thread here that it is just a temp folder
http://www.androidauthority.com/community/threads/help-my-s7-has-a-virus.38416/

{
"lightbox_close": "Close",
"lightbox_next": "Next",
"lightbox_previous": "Previous",
"lightbox_error": "The requested content cannot be loaded. Please try again later.",
"lightbox_start_slideshow": "Start slideshow",
"lightbox_stop_slideshow": "Stop slideshow",
"lightbox_full_screen": "Full screen",
"lightbox_thumbnails": "Thumbnails",
"lightbox_download": "Download",
"lightbox_share": "Share",
"lightbox_zoom": "Zoom",
"lightbox_new_window": "New window",
"lightbox_toggle_sidebar": "Toggle sidebar"
}

*Detection* said:
lpe folder is not a virus, it is a temp folder for something
Pinger or Sideline create an lpe temp folder, probably others too
And you have already been told in your cloned thread here that it is just a temp folder
http://www.androidauthority.com/community/threads/help-my-s7-has-a-virus.38416/
Click to expand...
Click to collapse
yes i am aware of that this a temp file it is created after you edit a photo i knew this before. When the file came i hadn't edited a file in weeks or took a photo. i use my phone mainly for games, youtube and doing quick google search. i dont edit photos on my phone and before you ask i have disabled the feature where it saves RAW and JPEG files in my camera settings

Well either way, it is not a virus, just a temp folder that Android creates, so no need to panic

Related

[Tutorial] Capture Samsung OTA Update to .bin File

***Mods - I think this belongs here (whether it's useful or not). If not, have your way with it. Thanks!***
I recently had to re-flash my firmware after poking a little too deeply into my /system folder. Once I got back up and running, I checked for software updates and there was one (I imagine to take me to UELA1?). Downloaded it, asked to reboot and it failed. I thought if I could find the update, I could apply it through ADB or CWM...that's not the case either. But, here's the steps I took to find it...and unfortunately, my method requires some paid software. There may be another, cheaper way to do it, but I like easy.
Go to "Settings" > "About Device" > "Software Update" > "Update". If you've never done this, it's going to ask you what country your in.
Click on "Download" on the next screen and take note of the size of the file.
{
"lightbox_close": "Close",
"lightbox_next": "Next",
"lightbox_previous": "Previous",
"lightbox_error": "The requested content cannot be loaded. Please try again later.",
"lightbox_start_slideshow": "Start slideshow",
"lightbox_stop_slideshow": "Stop slideshow",
"lightbox_full_screen": "Full screen",
"lightbox_thumbnails": "Thumbnails",
"lightbox_download": "Download",
"lightbox_share": "Share",
"lightbox_zoom": "Zoom",
"lightbox_new_window": "New window",
"lightbox_toggle_sidebar": "Toggle sidebar"
}
It should download the package and then ask if you want to install it or wait til later. Choose "Later" and pick any amount of time that suits you.
Knowing that in order for it to install an update at the next reboot, I figured there would have to be an auto start entry somewhere. I started up JRummy's ROM Toolbox Pro and selected "Auto Start Manager". Sure enough, there were two "Software Update" entries...
Long press on one of them and choose "Manage"
If you got lucky, like me, the "Application Info" screen will pop up and you'll see under "Storage" that it's using around the same amount of space as the download needed. If not, long press on the other and select "Manage".
Now, fire up Speed Software's SQLite Editor and it should've parsed all of the SQLite databases on your phone and given you a list of them, like so...
Now this is trial & error...select the "Software Update" database and I happen to know we're looking for one with the "wssdmdatabase.db" in it...
Select the "wssdmdatabase.db" database and you should get a screen resembling this...
Now select "Fumo" and long press the only entry under "Fumo" and select "Edit Record". You'll be presented with the following screen...
You're concerned with the entry with the arrow next to it. Enter it exactly as you see it in your browser and it will download the file to your PC. Voila!
Now, you're asking what do we do with the .bin file...good question. I was hoping someone on here might have an answer to that. Mainly because I can't stand Samsung's bloatware called "Kies". I'd love to be able to find a way to update our tabs even after root and all that good stuff.
Excellent Find! Congrats. Love It.
Will this file ever dissappear if not installed? for example, I know Kies updates will be auto deleted within about 2 minutes after updating.
bravo.
sbin/redbend_ua is used for flashing FOTA. And Kies updates are encrypted, if that helps any.
chrisrotolo said:
Excellent Find! Congrats. Love It.
Will this file ever dissappear if not installed? for example, I know Kies updates will be auto deleted within about 2 minutes after updating.
bravo.
sbin/redbend_ua is used for flashing FOTA. And Kies updates are encrypted, if that helps any.
Click to expand...
Click to collapse
As this file now resides on your PC (or on your tab, as this process works from it also), it should remain there until you delete it.
I use kies windows temp folder capturing .md5 method
Why don't you just download the update from Samsung update server and flash it with Odin?

[Q] Having problems installing TB

Hi, I downloaded Titanium Backup and tried to install it but it keeps saying that there is no storage space and that I should clear some space. But i checked my storage and i still have about 27gb of free space left. I also tried installing and uninstalling other apps and it works fine its just TB that does not work. Anyone have any idea whats going on?
I have attached a couple screenshots so you can see.
Thanks in advance
Cheers,
deocare
{
"lightbox_close": "Close",
"lightbox_next": "Next",
"lightbox_previous": "Previous",
"lightbox_error": "The requested content cannot be loaded. Please try again later.",
"lightbox_start_slideshow": "Start slideshow",
"lightbox_stop_slideshow": "Stop slideshow",
"lightbox_full_screen": "Full screen",
"lightbox_thumbnails": "Thumbnails",
"lightbox_download": "Download",
"lightbox_share": "Share",
"lightbox_zoom": "Zoom",
"lightbox_new_window": "New window",
"lightbox_toggle_sidebar": "Toggle sidebar"
}
What does the "Storage" page in Settings say?
Does it work if you install it directly from the Play app?
it says 25gb of free space and ive tried installing it directly from the playstore as well does not work but every other app works
OK, then the error message does not state the real problem.
Next idea: Install CatLog, then try installing TB again until it fails, then open CatLog and scroll up until you find the real error message. Or instead use adb logcat from a PC if you prefer that.
_that said:
OK, then the error message does not state the real problem.
Next idea: Install CatLog, then try installing TB again until it fails, then open CatLog and scroll up until you find the real error message. Or instead use adb logcat from a PC if you prefer that.
Click to expand...
Click to collapse
i got this from the logcat but don't know what it means nor on how to fix the problem
I think you may have too many apps running somehow. Try clearing your cache and davik cache. Have you tried side loading TB? You can download the previous version directly from them. Just remember to enable third party apps installs. If it works, you'll be able to upgrade to the latest version via in app or Google Play.
I don't know how to read the catlog, so no help there.
I've had this problem several times. It usually happens when you've installed it once before. What you need to do is go into /data/app and delete the Titanium Bacukup .odex file. I can't remember the full file name, but it'll have titanium backup in the name.
You should the be able to re-install fine.
Alitheia said:
I've had this problem several times. It usually happens when you've installed it once before. What you need to do is go into /data/app and delete the Titanium Bacukup .odex file. I can't remember the full file name, but it'll have titanium backup in the name.
Click to expand...
Click to collapse
I've read something similar when searching for the error message, but I don't understand where such an odex file would come from (usually, odex files exist only for system apps - the user-installed apps have dex files in /data/dalvik-cache instead).
But yes, deleting everything related to TB from /data/app, /data/data and /data/dalvik-cache is the next thing to try - the file names start with com.keramidas.TitaniumBackup (or, in dalvik-cache, with [email protected]@" prefixed). You need a root-enabled file manager for this, I use Ghost Commander.
Alitheia said:
I've had this problem several times. It usually happens when you've installed it once before. What you need to do is go into /data/app and delete the Titanium Bacukup .odex file. I can't remember the full file name, but it'll have titanium backup in the name.
You should the be able to re-install fine.
Click to expand...
Click to collapse
it worked thx alot

android device manager

On my old device ADM could locate my device. Since i get new device from RMA ADM cannot locate my device. I tried every suggestion that i found on forum and internet and nothing helped. Since it dont work since i get new device maybe the reason can be that i put the backuped partitions from old to the new device throuht twrp. So what shall i do?
DTFuser said:
On my old device ADM could locate my device. Since i get new device from RMA ADM cannot locate my device. I tried every suggestion that i found on forum and internet and nothing helped. Since it dont work since i get new device maybe the reason can be that i put the backuped partitions from old to the new device throuht twrp. So what shall i do?
Click to expand...
Click to collapse
go into the main settings, security, make sure that the android device manager is set as an administrator.
{
"lightbox_close": "Close",
"lightbox_next": "Next",
"lightbox_previous": "Previous",
"lightbox_error": "The requested content cannot be loaded. Please try again later.",
"lightbox_start_slideshow": "Start slideshow",
"lightbox_stop_slideshow": "Stop slideshow",
"lightbox_full_screen": "Full screen",
"lightbox_thumbnails": "Thumbnails",
"lightbox_download": "Download",
"lightbox_share": "Share",
"lightbox_zoom": "Zoom",
"lightbox_new_window": "New window",
"lightbox_toggle_sidebar": "Toggle sidebar"
}
simms22 said:
go into the main settings, security, make sure that the android device manager is set as an administrator.
Click to expand...
Click to collapse
It is. But as i said, it was working on old device so it should be something correlated to the restoring backup from old to the new device.
DTFuser said:
It is. But as i said, it was working on old device so it should be something correlated to the restoring backup from old to the new device.
Click to expand...
Click to collapse
ah, it was an older nandroid you restored on a new device.. uninstall the app, then reinstall it.
simms22 said:
ah, it was an older nandroid you restored on a new device.. uninstall the app, then reinstall it.
Click to expand...
Click to collapse
It did not helped.
This is one of many reasons I personally never recommend that people use a nandroid from one device to another.
Just wipe and flash stock with fastboot. Done.
Backup your user apps and data with titanium backup.
I will try that as a last resort since there is a little progress.
As can be seen on picture ADM locate my device, but it says that it is unavailable.
From second picture can be seen that ADM registered my both N5, and that old one was last been online on the 12 of July and that the new device was last online on the 4 of August. On the 4th August was my new device still with a original firmware. But after that when I put OmniROM and restore data from old device ADM thinks that my device was not online but it can locate it. Strange.
Any suggestions?

Oppo Plugin Tools : Safe or unsafe.

i saw an strange app installed on my oppo A37f App: "OppoToolsPlugin". This app installed on may 20, 2020 Package name: com.wuxianlin.oppotoolsplugin
i found this with App "SD Maid Pro" which i ususally use for making my phone to run smooth.
the problem is i want to figure out about this strang app which installed on the mentioned date.
i got insecure while i read description about this app (check the screen shot). and want to know details about this app and wanted to know if someone is spying on me or not. please help me out with this problem. i didn't uninstall this app because i want to know if this app is safe or not. if note then i want to moniter it who is controling.
Check the app detailes in screen shots.
{
"lightbox_close": "Close",
"lightbox_next": "Next",
"lightbox_previous": "Previous",
"lightbox_error": "The requested content cannot be loaded. Please try again later.",
"lightbox_start_slideshow": "Start slideshow",
"lightbox_stop_slideshow": "Stop slideshow",
"lightbox_full_screen": "Full screen",
"lightbox_thumbnails": "Thumbnails",
"lightbox_download": "Download",
"lightbox_share": "Share",
"lightbox_zoom": "Zoom",
"lightbox_new_window": "New window",
"lightbox_toggle_sidebar": "Toggle sidebar"
}
Did you install it?
Make a copy via ApkExport
Scan with online Virustotal. Decide.
If you uninstall it and that doesn't work, factory reset.
i don't know if i installed it. till i know as installation was done on the date i mentioned, at that time pendamic was active. i was not working anymore on that time so as i know about that time i din't installed it but just a hours ago i notice this app in my installed app note as system apps.
>app scan completed.
6Luci9 said:
ok i will scan it.
i don't know if i installed it. till i know as installation was done on the date i mentioned, at that time pendamic was active. i was not working anymore on that time so as i know about that time i din't installed it but just a hours ago i notice this app in my installed app note as system apps.
Click to expand...
Click to collapse
It looks like a rooting app.
I'm not familiar with that device manufacturer or app. However it looks like a high risk apk to me especially if you're not rooted and can't recall downloading it. It's probably capable of causing a lot of damage.
If running on Android 9 or higher, a factory reset should purge any root kits if present. If you do a factory reset, set a new Google account password (make sure you write it down correctly) after the factory reset. Change any other critical passwords.
blackhawk said:
It looks like a rooting app.
I'm not familiar with that device manufacturer or app. However it looks like a high risk apk to me especially if you're not rooted and can't recall downloading it. It's probably capable of causing a lot of damage.
If running on Android 9 or higher, a factory reset should purge any root kits if present. If you do a factory reset, set a new Google account password (make sure you write it down correctly) after the factory reset. Change any other critical passwords.
Click to expand...
Click to collapse
ok thank you for your suggestions. i will uninstall it.
6Luci9 said:
ok thank you for your suggestions. i will uninstall it.
Click to expand...
Click to collapse
Do a scan with Malwarebytes afterwards.
Keep an eye on your download folder and make sure install unknown sources is always disabled unless you need to use it to sideload.
Be careful what you install...

So I accidently deleted some video's and pictures from my gallery?

I've been trying tons of app and software on my pc? I cant seem to find them ? it happened few days ago should be still recoverable right ?? No I normally wouldn't delete anything unless I knew for sure it was backed up too cloud but some reason It wasn't connected or syncing files ugh Its work related idk what to do Please help me TY
Please anyone ??
Not sure how it is on your phone, in the gallery app on my phone, there is a 'Recently deleted' folder. From here, we can recover photos that were accidentally deleted within 30 days. I will upload a screenshot about this later.
{
"lightbox_close": "Close",
"lightbox_next": "Next",
"lightbox_previous": "Previous",
"lightbox_error": "The requested content cannot be loaded. Please try again later.",
"lightbox_start_slideshow": "Start slideshow",
"lightbox_stop_slideshow": "Stop slideshow",
"lightbox_full_screen": "Full screen",
"lightbox_thumbnails": "Thumbnails",
"lightbox_download": "Download",
"lightbox_share": "Share",
"lightbox_zoom": "Zoom",
"lightbox_new_window": "New window",
"lightbox_toggle_sidebar": "Toggle sidebar"
}
Ty for reply, and I have the Samsung Galaxy S21 Ultra. And I emptied the recycling on accident because bi thought the files where uploaded to cloud like they usually are but for some reason my syncing got turned off somehow? So the files are completely gone I tried tons apps but allot of them won't go very deep scanning unless I'm rooted
Bump
So nothing can be done ? Im screwed
brianadam78 said:
I've been trying tons of app and software on my pc? I cant seem to find them ? it happened few days ago should be still recoverable right ?? No I normally wouldn't delete anything unless I knew for sure it was backed up too cloud but some reason It wasn't connected or syncing files ugh Its work related idk what to do Please help me TY
Click to expand...
Click to collapse
If you're talking about the mobile phone the best solution would be to root your phone and use DiskDigger.
dedq said:
If you're talking about the mobile phone the best solution would be to root your phone and use DiskDigger.
Click to expand...
Click to collapse
K well I was hoping I didn't have to root it, I won't be able to get OTA updates and use certain apps
brianadam78 said:
K well I was hoping I didn't have to root it, I won't be able to get OTA updates and use certain apps
Click to expand...
Click to collapse
I don't think you will be able to do anything if you don't root your phone.
I will try finding a way to hide the root for the sake of keeping the OTA.
dedq said:
I don't think you will be able to do anything if you don't root your phone.
I will try finding a way to hide the root for the sake of keeping the OTA.
Click to expand...
Click to collapse
Hmm how would I hide root ? And what about the apps that won't work while rooted ?
brianadam78 said:
Hmm how would I hide root ? And what about the apps that won't work while rooted ?
Click to expand...
Click to collapse
I suggest you search something about it on this forum because I haven't been hiding root for a very long time now. I think Magisk can help with that.
When files are wiped / deleted, the corresponding entry in the MFT ( the Master File Table is where a file's name and the chain of allocation units assigned to the file are stored ) is marked as re-useable, though the wiped / deleted files may still be physically present if the freed space has not been overwritten in the meantime.
IMO a forensic software is needed to extract physical content of the wiped / deleted files, will say to do a bitwise copy of this freed storage space Android's dd command typically is used what requires relevant Android's directories are mounted as RW what requires Android is rooted before.
Rooting Android is nothing else than to add su binary to Android's filesystem, preferredably to /data/local/tmp directory, what can get achieved via ADB.

Categories

Resources