Trojan infected recovery phone partition - Security Discussion

Hi,
I'm new to XDA. I think I'm in the right forum for my issue. My phone was infected with what I think is a type of auto rooting trojan. I was looking for info on an app I'm using called Duraspeed. I came across this website that started throwing popups at me saying my phone had tons of viruses, which was a lie. By the time I could break free from the drive by attacks, it was too late. I started getting sluggish performance on my phone and popup ads randomly. Even though it somehow gained root access, my phone is not rooted. Never was. Its still not! Because I checked with several apps off the playstore to confirm this. Long story short:
It put a file called "ads_popup-release.apk"
in my root folder /system/priv-app/
And modified a file called "8e710bb7.0"
in root folder /system/etc/security/cacerts/
or put (installed) the file there I'm not sure.
The file running on the phone as a system app is called "ad_surface"
I can only force stop and disable ad_surface without the ability to uninstall. I have to repeat this process every time I reboot. This stops the ads from popping up. Funny thing is, even though the force stop button in app settings is greyed meaning it was stopped and disabled, my OS Monitor app that shows running processes shows ad_surface is still running. Yet, it does stop the random popup ads by doing it this way. I've tried 360 AV, Avast, AVG, Malwarebytea, Kaspers, stubborn rootkit remover, a lot of antivirus programs but nothing detects it. I'm using Total Commander File Manager to view the device system partitions. I even copied the two trojan files to a folder on the user partition to see if any of the antivirus programs could check them there away from the root areas. But nothing. My guess is that I need to root my phone so I can gain access to the apk file and delete it. I haven't done a factory reset because I realize that apk file is in the recovery partition in order to reinstall itself. I've never rooted a phone before, but I have Kingroot installed. I downloaded it from XDA. I just don't have the guts to use it in fear of bricking. Do you think it would work with my phone? Does it abort the root procedure if it can't do it? Here are my phone specs:
Vortex Beat 8
Software build: 8_V1.5_20171011
Chipset: MT6580M Cortex-A7
CPU Architecture: ARMv7 Processor Rev 3(V71)
Cores: 4 1300MHz
Kernal Version: 3.18.19
Total Ram: 459MB
Internal ROM: 8GB (4GB for user)
That's about it. If there's anything anybody who could recommend how to go about this I would greatly appreciate the help. Thank you...

Go try factory resetting it, doesn't hurt to try.
If the "virus" is still there you can always re-flash the phones os. Here is the link to the stock ROM ---> http://www.needrom.com/wp-content/uploads/2017/04/BEAT-8_V1.06_20170413.rar
The below link is a tutorial on how to flash the phones ROM.
https://www.getdroidtips.com/stock-rom-vortex-beat-8/#How_to_Download_Stock_ROM_on_VORTEX_Beat_8
In mtkdroid tools, Have all the boxes unchecked, and make sure you only have "ANDRIOD" and "RECOVERY" checked marked. The other boxes are just about the phones information and properties. Theses shouldn't be checked because it might erase your imei/drivers or other stuff. After flashing the rom make sure you do a complete factory rest + cache. Erase whatever you have on ur sd cards or micro sd cards.
Just do this and call it a day
Good luck

Cool
Hi, thank you! I will try this. I will have to borrow someone's computer like my nephews. I did try Kingroot and OneClickRoot but they both failed. Perhaps due to a locked bootloader. Or the evil trojan that made itself super user blocking them. I did do a factory reset, but the trojan persist. My mistake was forgetting to turn off unknown sources in security settings. I think that's how it got in... I'll keep checking back on this thread in the meantime to see if someone knows a tool that can kill the trojan, but I doubt it. Cheers!

SecretSociety68 said:
Hi, thank you! I will try this. I will have to borrow someone's computer like my nephews. I did try Kingroot and OneClickRoot but they both failed. Perhaps due to a locked bootloader. Or the evil trojan that made itself super user blocking them. I did do a factory reset, but the trojan persist. My mistake was forgetting to turn off unknown sources in security settings. I think that's how it got in... I'll keep checking back on this thread in the meantime to see if someone knows a tool that can kill the trojan, but I doubt it. Cheers!
Click to expand...
Click to collapse
I'm having similar troubles I somehow believe I have an entire infected Network from Windows 10 to iOS and all the cell phones even two 3-g flip even the Smart car has been recognized I communicated with the virus / hacker Network I have no idea how to get rid of it I give his self super user privileges without quite rooting the phone and hides itself in system apps so it's virtually impossible to get rid of at least for me it is I have post here called wading deep Waters please do check it out

sassyfrassy said:
I'm having similar troubles I somehow believe I have an entire infected Network from Windows 10 to iOS and all the cell phones even two 3-g flip even the Smart car has been recognized I communicated with the virus / hacker Network I have no idea how to get rid of it I give his self super user privileges without quite rooting the phone and hides itself in system apps so it's virtually impossible to get rid of at least for me it is I have post here called wading deep Waters please do check it out
Click to expand...
Click to collapse
It isn't unheard of for a router to get infected with a virus/malware, rare, but not exactly impossible. I've run across others here over the years that have discussed this issue. I don't remember any specifics, tools or methods to fix the issue though, but you can probably find info on removing malware from a router.
Sent from my LGL84VL using Tapatalk

Droidriven said:
It isn't unheard of for a router to get infected with a virus/malware, rare, but not exactly impossible. I've run across others here over the years that have discussed this issue. I don't remember any specifics, tools or methods to fix the issue though, but you can probably find info on removing malware from a router.
Click to expand...
Click to collapse
Thank you for your prompt response I'm not positive that the router and modem are infected more or less they are overloaded from the amount of leeches in hitchhiker's I have from this awful network of hackers and code running through my TV's my cars for god sakes I read one of their lauder's I got in somehow and I could see that they were logging how many seconds it took me from getting out of the car to getting in my home that was just one scary example they could tell when my phone was in my pocket and if I was walking and how many people were with me this is just my cell phone not to mention my TV's the laptops I have no idea what to do

sassyfrassy said:
Thank you for your prompt response I'm not positive that the router and modem are infected more or less they are overloaded from the amount of leeches in hitchhiker's I have from this awful network of hackers and code running through my TV's my cars for god sakes I read one of their lauder's I got in somehow and I could see that they were logging how many seconds it took me from getting out of the car to getting in my home that was just one scary example they could tell when my phone was in my pocket and if I was walking and how many people were with me this is just my cell phone not to mention my TV's the laptops I have no idea what to do
Click to expand...
Click to collapse
It sounds to me like their hold over you has more to do with your personal information than with your devices. With certain pieces of your info, they can gain access to any device that you sign into, login to or even just enter information in while using, even if it isn't yours.
If your network provider randomly cycles IP addresses among its users, it could be that the hacker has previously hijacked that IP address while another user was using it and his access carried over to you when the IP was assigned to you. If this is so, a new IP and changing all of your account info among all of the various accounts you have would cut him off, maybe?
I'm not the best at network security issues that go that deep. My network management/LAN Admin days were a very long time ago, too many things have changed.
Sent from my LGL84VL using Tapatalk

Droidriven said:
It sounds to me like their hold over you has more to do with your personal information than with your devices. With certain pieces of your info, they can gain access to any device that you sign into, login to or even just enter information in while using, even if it isn't yours.
If your network provider randomly cycles IP addresses among its users, it could be that the hacker has previously hijacked that IP address while another user was using it and his access carried over to you when the IP was assigned to you. If this is so, a new IP and changing all of your account info among all of the various accounts you have would cut him off, maybe?
I'm not the best at network security issues that go that deep. My network management/LAN Admin days were a very long time ago, too many things have changed.
Click to expand...
Click to collapse
Thank you I really appreciate you taking the time to think about my situation I have had no one to talk to about this for 2 months

sassyfrassy said:
Thank you I really appreciate you taking the time to think about my situation I have had no one to talk to about this for 2 months
Click to expand...
Click to collapse
Not sure how much help I'll be to you. I'm no expert in what you're dealing with. I'm just telling you some possibilities that I've seen others dealing with over the years.
Sent from my LGL84VL using Tapatalk

Droidriven said:
It sounds to me like their hold over you has more to do with your personal information than with your devices. With certain pieces of your info, they can gain access to any device that you sign into, login to or even just enter information in while using, even if it isn't yours.
If your network provider randomly cycles IP addresses among its users, it could be that the hacker has previously hijacked that IP address while another user was using it and his access carried over to you when the IP was assigned to you. If this is so, a new IP and changing all of your account info among all of the various accounts you have would cut him off, maybe?
I'm not the best at network security issues that go that deep. My network management/LAN Admin days were a very long time ago, too many things have changed.
Click to expand...
Click to collapse
You hit the nail on the head! Told me "unfortunately we have met"
Sent from my LGE LGL158VL using XDA Labs

SecretSociety68 said:
It put a file called "ads_popup-release.apk"
in my root folder /system/priv-app/
Click to expand...
Click to collapse
translation it installed itself to the privilege app section on your phone which does not delete with a reset (new rom does) this also gives the app more power
it can only be done with root so the app rooted your phone (at least temp) here is a app that removes it but it needs root
https://f-droid.org/en/packages/de.j4velin.systemappmover/
And a system priv app has AFAIK full power however as of Oreo thier is another file to give it permisions so says google https://source.android.com/devices/tech/config/perms-whitelist namely
/etc/permissions/privapp-permissions-OEM_NAME.xml
/etc/permissions/privapp-permissions-DEVICE_NAME.xml
check these files and see what you find
SecretSociety68 said:
And modified a file called "8e710bb7.0"
in root folder /system/etc/security/cacerts/
or put (installed) the file there I'm not sure.
Click to expand...
Click to collapse
translation installed a CA certificate that enables them to have a SSL connection or with this certificate can spoof websites
of course this should be deleted but again you will need root (or new Rom)
SecretSociety68 said:
The file running on the phone as a system app is called "ad_surface"
Click to expand...
Click to collapse
The app has to be running with a linux GUID so you can check with that
the apps can not find root this can be because the program used root once to get a elevated status (temporary root) and then does not need it anymore
so you cannot find it. The question still remains how they did that but right now you need to get out.

Waiting for other response. Hehe.

I had this take control of multiple devices and 2 computers. 3 android phones and an apple iphone and 2 windows computers. I countless hours going through logs and data. On my android devices it even made a cloned version of TWRP so it would reinstall itself through recovery. I spent hours on the phone with samsung and apple senior advisors. I viewed the analytic data on the apple device over and over. Extremely werid things were running. Constantly writting system wwrites on a stock apple phone. It was able to transfer from device to device over wifi hotspot. It went on for over two months. I had a roku tv also become monitored. It was the craziest **** ive ever had happen to me. It litterally almost drove me insane and I thought I was going crazy. Ive never seen anything like it. Even google reaults were completely false and fake sites. I disnt know this happened to anyone else. Ive got countless logs and screenshots saved in case I ever needed to share the info. It even remotely sipped my desktop hard drives and had me connecring to a remote server on boot.
---------- Post added at 07:48 PM ---------- Previous post was at 07:37 PM ----------
I could make a phone call and hear breathing in the background. Id make a call and touch tone sounds would go off after the first ring. I was getting constant interference through my phone. It connected all my devices to a home group I never created. I literally had to destroy the devices
---------- Post added at 08:15 PM ---------- Previous post was at 07:48 PM ----------
Applied protocal - makes sense man, in juat glad I got it off my back. On the iphone, when yyou would install a new app from the "app store" it would run a wake up over 4000 times a second to wake up an unknown app in system files . im assuming this was to clone the app or change some code in it when it was installed. The app name was ??? In the analytic logs and it was an "event write system". This was some dirty stuff man. Is this something that is common right now? This exploit across so many devices? Id love to share some of these logs and screenshots if anyone is interested.

SecretSociety68 said:
Hi,
I'm new to XDA. I think I'm in the right forum for my issue. My phone was infected with what I think is a type of auto rooting trojan. I was looking for info on an app I'm using called Duraspeed. I came across this website that started throwing popups at me saying my phone had tons of viruses, which was a lie. By the time I could break free from the drive by attacks, it was too late. I started getting sluggish performance on my phone and popup ads randomly. Even though it somehow gained root access, my phone is not rooted. Never was. Its still not! Because I checked with several apps off the playstore to confirm this. Long story short:
It put a file called "ads_popup-release.apk"
in my root folder /system/priv-app/
And modified a file called "8e710bb7.0"
in root folder /system/etc/security/cacerts/
or put (installed) the file there I'm not sure.
The file running on the phone as a system app is called "ad_surface"
I can only force stop and disable ad_surface without the ability to uninstall. I have to repeat this process every time I reboot. This stops the ads from popping up. Funny thing is, even though the force stop button in app settings is greyed meaning it was stopped and disabled, my OS Monitor app that shows running processes shows ad_surface is still running. Yet, it does stop the random popup ads by doing it this way. I've tried 360 AV, Avast, AVG, Malwarebytea, Kaspers, stubborn rootkit remover, a lot of antivirus programs but nothing detects it. I'm using Total Commander File Manager to view the device system partitions. I even copied the two trojan files to a folder on the user partition to see if any of the antivirus programs could check them there away from the root areas. But nothing. My guess is that I need to root my phone so I can gain access to the apk file and delete it. I haven't done a factory reset because I realize that apk file is in the recovery partition in order to reinstall itself. I've never rooted a phone before, but I have Kingroot installed. I downloaded it from XDA. I just don't have the guts to use it in fear of bricking. Do you think it would work with my phone? Does it abort the root procedure if it can't do it? Here are my phone specs:
Vortex Beat 8
Software build: 8_V1.5_20171011
Chipset: MT6580M Cortex-A7
CPU Architecture: ARMv7 Processor Rev 3(V71)
Cores: 4 1300MHz
Kernal Version: 3.18.19
Total Ram: 459MB
Internal ROM: 8GB (4GB for user)
That's about it. If there's anything anybody who could recommend how to go about this I would greatly appreciate the help. Thank you...
Click to expand...
Click to collapse
Definitely malmare! Mine was called "Ad-Time", like a kid's show or something, but either way, very persistent and pervasive! I have 2 roms, (v 1.5 & 1.6), in img format, easy fastboot flash. Look at this phone wrong and it's rooted. Anybody interested, hit me up, I even got the couple-line script to install SuperSU /system (beat 8 doesn't like Magisk). A simple su.d script to enable permissive selinux, build.prop changes, and you have a $30 Nexus via MTK. I also ported TWRP 3.2.1(no bugs) & Philz, but TWRP is my comfort-zone.
Sent from my ZTE Sapphire 3G using XDA Labs
---------- Post added at 02:03 AM ---------- Previous post was at 01:48 AM ----------
sameboat said:
I had this take control of multiple devices and 2 computers. 3 android phones and an apple iphone and 2 windows computers. I countless hours going through logs and data. On my android devices it even made a cloned version of TWRP so it would reinstall itself through recovery. I spent hours on the phone with samsung and apple senior advisors. I viewed the analytic data on the apple device over and over. Extremely werid things were running. Constantly writting system wwrites on a stock apple phone. It was able to transfer from device to device over wifi hotspot. It went on for over two months. I had a roku tv also become monitored. It was the craziest **** ive ever had happen to me. It litterally almost drove me insane and I thought I was going crazy. Ive never seen anything like it. Even google reaults were completely false and fake sites. I disnt know this happened to anyone else. Ive got countless logs and screenshots saved in case I ever needed to share the info. It even remotely sipped my desktop hard drives and had me connecring to a remote server on boot.
---------- Post added at 07:48 PM ---------- Previous post was at 07:37 PM ----------
I could make a phone call and hear breathing in the background. Id make a call and touch tone sounds would go off after the first ring. I was getting constant interference through my phone. It connected all my devices to a home group I never created. I literally had to destroy the devices
---------- Post added at 08:15 PM ---------- Previous post was at 07:48 PM ----------
Applied protocal - makes sense man, in juat glad I got it off my back. On the iphone, when yyou would install a new app from the "app store" it would run a wake up over 4000 times a second to wake up an unknown app in system files . im assuming this was to clone the app or change some code in it when it was installed. The app name was ??? In the analytic logs and it was an "event write system". This was some dirty stuff man. Is this something that is common right now? This exploit across so many devices? Id love to share some of these logs and screenshots if anyone is interested.
Click to expand...
Click to collapse
Typical Chinese ad/malware/surveillance. If you visit china, you turn over your devices for "inspection", so they can sideload some state-sponsored goodies. A lot of these Chinese roms have the ads baked-in, like mine. Whoever's listening and seeing my pics is gonna need therapy, because I filled the phone up with some STRANGE s*** Remove the apk, but there's several .xml's and .jar's that gotta go, too.
Sent from my ZTE Sapphire 3G using XDA Labs

What is the best way to counter this problem?

Dassote said:
What is the best way to counter this problem?
Click to expand...
Click to collapse
Root, and remove all traces of the " ad_* " app and even the duraspeed app if you want, but I didn't see anything untrustworthy about that. Duraspeed is in the default.prop (running booster), so it's in the kernel. Root uninstall just leaves you no way to control, kuz the PROCESS will go and go, unless you're willing to play with the kernel. Not for amateurs like myself My Beat 8 has been flashed or fastboot-booted more times than I can count. Good times.
Once your Chinese spyware is uninstalled, delete build.prop lines with "running booster", /system/lib's with it, and I think it was in the /system/bin, and /vendor/app had one. Clear them all, and you'll need to tweak the build.prop some more. debug.qemu.kernel=1, ro.secure_storage.support=0, ro.debuggable=1, then reboot AFTER you chmod 644 the build.prop! The "debug.qemu.kernel=1" was what made the rest stick. ADD those props, but don't change the existing ones (kernel). I just deleted the default values, replaced with "" . Fits the whole debug vibe. I should upload a copy of my final build.prop, cheap-a** phone runs like a champ.
Sent from my LG G Stylo using XDA Labs

Related

GT-B9150 Samsung Homesync *ROOT*

so i will start off by saying i was disappointed when i got this device because i thought it had full access to the Google play store when only 5% or less apps work, none of which i want (Netflix, hulu, plex etc. not there) i was looking for this device to be both a media server/gaming device for some asphalt 8/real racing action. etc. so i am starting this thread to hope it attracts attention and we can get someone to help us root it because if we can accomplish that i heard of a program called market helper that would trick the market into thinking we are using an s4 or something.
erik10002 said:
so i will start off by saying i was disappointed when i got this device because i thought it had full access to the Google play store when only 5% or less apps work, none of which i want (Netflix, hulu, plex etc. not there) i was looking for this device to be both a media server/gaming device for some asphalt 8/real racing action. etc. so i am starting this thread to hope it attracts attention and we can get someone to help us root it because if we can accomplish that i heard of a program called market helper that would trick the market into thinking we are using an s4 or something.
Click to expand...
Click to collapse
Thanks for starting it. I am in the same situation. Just for the context, it has Exynos 5250 dual core processor @1.7ghz and a 1TB hard drive inside mounted with ext4 in /storage/emulated/0 (also /sdcard etc.).
I'm trying to root it since a week now without success. I tried to flash self-made boot.tar with boot.img inside using Odin 3.09, but it FAILS. Same goes for pre-rooted system.img. It seems that this bootlader has a lock and it's checking signature, since we can't sign it like Samsung, it refuses to flash. Heimdall 1.4.0 also fails with a message stating "failed to confirm end of file transfer sequence". I've tried some chinese websites root method, but it also did not work (Odin does not flash the root file).
I've downgraded from Oct 2013 firmware to an ealiest one that I could find : B9150ZSABME2_B9150OZSBME2_TGY from May 2013. With this, I ran Cydia Impactor on it and it was able to place /system/xbin/su into the system partition. However, it is not setuid root, thus when I run su, it just waits forever. I don't know how the exploit can place the binary there but not make it setuid root. Supersu.apk is also installed, but it does not launch normally and dies.
The Impactor is able to run a telnetd server as "system" user, but system user also can't setuid root the su binary. It can't mount system RW. Impactor can't launch a telnet server as root neither.
I've tried some other exploits that were found for S4 (pwn etc. ), DoomLord v17. It all failed. I also tried SRS One Click Root, and Chinese eroot, they also failed. I'm now out of ideas and appreciate if anyone would have any idea.
I am attaching partition layout. I can also send the kernel if necessary.
okay so this is what i have done so far, i know nothing about developing a root procedure but i am very impatient.
nova launcher installed (forced landscape in nova settings and now every app loads landscape like it should)
Blackmart (this is where i will be downloading all my apps from straight to the device)
got angry birds installed as a test app (worked perfectly)
did all this in a few minutes before i went to bed and will keep exploring tonight, hope this helps some people who own the device. next im going to try and install a FPS or racing game and see how that turns out.
Erik10002, I've also installed Nova, but then you lose the status bar as the notifications on Samsung firmware is a bit diferent (on upper left side with an indicator count). I'm not sure if it would be usable without status bar. (or am I mistaken? ie where the running program icons shall be seen as well as the clock, etc.).
It seems that our device has some kind of kernel protection or capability restriction to run setuid root su binary, according to Saurik himself. So I will try to further think how it can be overcome.
---------- Post added at 09:46 PM ---------- Previous post was at 09:16 PM ----------
Erik10002, I've also installed Nova, but then you lose the status bar as the notifications on Samsung firmware is a bit diferent (on upper left side with an indicator count). I'm not sure if it would be usable without status bar. (or am I mistaken? ie where the running program icons shall be seen as well as the clock, etc.).
It seems that our device has some kind of kernel protection or capability restriction to run setuid root su binary, according to Saurik himself.
How do you enter download mode on this thing?
Two methods :
1) power off. Then press function button, hold it, then press power button. Led will be red. This is download mode
2) enable developer mode, usb debugging. Then connect it to your pc with its micro USB port and run adb reboot download
If you want recovery, adb reboot recovery
not a glimmer of hope for root on this device so far :crying:
Yes unfortunately nobody seems to be interested. I also gave up and using it stock now. Except the issue of not being able to write timestamps on internal files, it's OK. For timestamps issue, I just use an external USB and use internal ones for files where I don't care about creation modification times. (ie movies etc)
I want to try to open its case to see if hdd is replaceable and if I can externally set 777 permissions on files which may help me set timestamps. Any clue how this box can be opened?
Don't know how to open it up and yes it is a shame as I was looking for this to be an android multimedia powerhouse and Android game console and those dreams got crushed although I got real racing up and running (and it runs smoothly) and get all my apps/games through blackmart alpha I have been to lazy to get an android gaming controller and am currently just using the box as a backup for my Galaxy devices but will venture further eventually. Surprised this thread I started hasn't got more attention because when I type Samsung homesync root into Google this is the 2nd link on the page I think. I will keep praying, one day, one day!
Sent from my SM-N900W8 using XDA Premium 4 mobile app
In fact it's still OK. I'm running SMB server and SSH server on it. They run on non standard ports but all my pc are Linux so it's not an issue.
I have Torrent for downloading, Xbmc for media, bittorent sync for syncing. Biggest annoyance is the timestamp issue that's bugging all phones and tablets with ext4 sdcards and that play store is a joke with nearly all apps not compatible while most of them run just fine. Why did Sammy do something like this is beyond my understanding.
So this device is not getting any attention from the devs? Hope it will be rooted one day. It has got way more potential than what it is now.
I think this device has powerful hardware specs but poor software, Wish someone find a way to root it so we can use it more effective
---------- Post added at 02:44 PM ---------- Previous post was at 02:39 PM ----------
erik10002 said:
so i will start off by saying i was disappointed when i got this device because i thought it had full access to the Google play store when only 5% or less apps work, none of which i want (Netflix, hulu, plex etc. not there) i was looking for this device to be both a media server/gaming device for some asphalt 8/real racing action. etc. so i am starting this thread to hope it attracts attention and we can get someone to help us root it because if we can accomplish that i heard of a program called market helper that would trick the market into thinking we are using an s4 or something.
Click to expand...
Click to collapse
Let's create an vote for this device so any dev find way to root it!
toan3000 said:
I think this device has powerful hardware specs but poor software, Wish someone find a way to root it so we can use it more effective
---------- Post added at 02:44 PM ---------- Previous post was at 02:39 PM ----------
Let's create an vote for this device so any dev find way to root it!
Click to expand...
Click to collapse
I do believe that this device will not have great success.
The first point is that it is only devoted to Samsung devices. Why ? I have another android Phone and I cannot use this stuff...
If I have to spend 300 Euro for a device that requires other samsung device, this is a closed one like a MAC and I dislike it.
You can install homesync apk by side loading at least on some Android phones and tablets, as far as I read in some Websites. You could give it a try.
Sent from my SM-N9005 using Tapatalk
http://www.engadget.com/2013/12/17/samsung-homesync-media-hub-compatibility/
Yeah. Samsung has extended support to other Android devices for homesync app. Despite hearing so many negative reviews on this device, I shomehow enjoy using it. I'm using the device everyday for media consumption everyday without fail.
How does XBMC run on this thing? And does the Homesync Phone Remote Control work within XBMC? Thats the main reason I'm looking to get this device quite honestly.
Thanks a lot.
I saw the rooting method on a Chinese site. I'm thinking about buying this Homesync for HD Player and torrent download.
Zanr Zij said:
I saw the rooting method on a Chinese site. I'm thinking about buying this Homesync for HD Player and torrent download.
Click to expand...
Click to collapse
Which website?
Sent from my GT-I9505 using Tapatalk
tect said:
Which website?
Sent from my GT-I9505 using Tapatalk
Click to expand...
Click to collapse
Here you go
http://www.2gcn.com/android/ROOT/20130908/5137.html
Zanr Zij said:
Here you go
http://www.2gcn.com/android/ROOT/20130908/5137.html
Click to expand...
Click to collapse
Not working on my homesync

dragon touch a1x 10.1 inch all winner quad rooting software

i found a program to root this device. i noticed it isnt easy to find anyone who can so i want to share
____mgyun____/en/GetVRoot
just make sure usb debugg is on and plug your phone to your pc and let the vroot do the rest
addy
just add wwwdot and dotcom to that addy where the ____ are
Dragon Touch A1X wont root?
metalicofage said:
i found a program to root this device. i noticed it isnt easy to find anyone who can so i want to share
____mgyun____/en/GetVRoot
just make sure usb debugg is on and plug your phone to your pc and let the vroot do the rest
Click to expand...
Click to collapse
Ive downloaded the iroot/vroot and when I try it it looks good for a few miniutes then downloads some Chinese app and that's about it. PLEASE HELP ME OUT ON THIS!!! I really need to root this tablet but cant seen to figure it out. I have the USB debug on. I have no idea what the problem is. Maybe its a different iroot/vroot version you used compared to what I downloaded from them today? hmmm
Thanks
BigBud
BigBud421 said:
Ive downloaded the iroot/vroot and when I try it it looks good for a few miniutes then downloads some Chinese app and that's about it. PLEASE HELP ME OUT ON THIS!!! I really need to root this tablet but cant seen to figure it out. I have the USB debug on. I have no idea what the problem is. Maybe its a different iroot/vroot version you used compared to what I downloaded from them today? hmmm
Thanks
BigBud
Click to expand...
Click to collapse
no that is the right app you just need to fig your way thru... there is no eng version. i got it to work but did not like the iroot app so i then installed "superSU" here is how i did it, when it installs iroot you first reboot then install superSU from the play store and reboot then run super su, it will launch iroot and give superSU root abilty. then reboot... then uninstall iroot/vroot... and reboot one last time and you have a dragon touch with root and superSU
I was looking for a solution to root a Dragon Touch y88x 7" tablet last night, and as seems to be the case with most Dragon Touch products, there just isn't a lot of specific information on how to root them.
Someone had mentioned a tool to download from the manufacturer's website, but unfortunately the link to it is dead, and a Google search linked to the same dead page.
Then, some assbandit/shill/idiot/troll (not sure which; could be all of the above) recommended vRoot/iRoot. I should have known better, but the last time I was an active user of the forums here, people that posted advice could be trusted.
I can't for the life of me find the thread this jerk posted the link and said something like, "There's some adware it will try to get you to install, but just hit no or decline and you'll be fine".
So I found the download page. A page entirely in Chinese but for the button saying "Download". I clicked it, like every other gullible, desperate, or lazy moron that's ever clicked the link.
I had both Malwarebytes and aVast up to date and running at this time, just to be clear.
Upon running the installer, I was in fact asked if i would like to try some unknown worthless adware that checks the weather and a few others. Clicked "No" on all of them.
When the installer was done, the window for vRoot popped up. Entirely written in Chinese, I followed the instructions someone had written and it said it was successful.
BS. No dice.
Then, on my computer, (Win 7 X64), i noticed the notification bar filling up with crap I wouldn't install to save my life.
- I have no fewer than 9 processes that start with Windows that I am unable to uninstall or disable effectively.
- No fewer than 13 pieces of unwanted software that all pop up with their nag screens as soon as I logon to Windows.
I ran a full scan with Malwarebytes and got a few hits. Quarantined them, and ran a deep scan with aVast! which included a boot time scan that took all day. It found tons of corrupted and problematic files as well as some of this new software that is obviously malware. To my chagrin, when the computer was restarted and I logged back in, I was once again greeted with the nagware as if it were giving me the middle finger. WTF.
At this point, I am sure it's done other terrible things to my Windows installation and I'll have to go through the incredible pain in the ass of wiping the drive and re-installing Windows.
So thank you, assbandits that keep trolling and trying to get people to install this trash. I hope enough people notice this issue, jump up and down and whine and scream for the mods to hear our cry, and automatically close threads where vRoot and iRoot are mentioned until this plague goes away.
Bottom line is that vRoot/iRoot is a virus...or, really more like a virus launcher that launches an ICBM that has a warhead full of lots of wizards and angry bees and bill collectors that all want to make you miserable.
---------- Post added at 03:35 AM ---------- Previous post was at 03:28 AM ----------
metalicofage said:
i found a program to root this device. i noticed it isnt easy to find anyone who can so i want to share
____mgyun____/en/GetVRoot
just make sure usb debugg is on and plug your phone to your pc and let the vroot do the rest
Click to expand...
Click to collapse
REPORTED.
I don't know what you personally gain from having people install this virus ridden piece of sh** but you have cost me alone a whole day of using my computer for work trying to rid it to this virus that just won't effing die. Avast didn't detect it. Malwarebytes didn't detect it. Neither will get rid of it.
SO I am reporting you and anyone else that promotes installing this horrible thing.
It does have malware, but!!!
xuul said:
I was looking for a solution to root a Dragon Touch y88x 7" tablet last night, and as seems to be the case with most Dragon Touch products, there just isn't a lot of specific information on how to root them.
Someone had mentioned a tool to download from the manufacturer's website, but unfortunately the link to it is dead, and a Google search linked to the same dead page.
Then, some assbandit/shill/idiot/troll (not sure which; could be all of the above) recommended vRoot/iRoot. I should have known better, but the last time I was an active user of the forums here, people that posted advice could be trusted.
I can't for the life of me find the thread this jerk posted the link and said something like, "There's some adware it will try to get you to install, but just hit no or decline and you'll be fine".
So I found the download page. A page entirely in Chinese but for the button saying "Download". I clicked it, like every other gullible, desperate, or lazy moron that's ever clicked the link.
I had both Malwarebytes and aVast up to date and running at this time, just to be clear.
Upon running the installer, I was in fact asked if i would like to try some unknown worthless adware that checks the weather and a few others. Clicked "No" on all of them.
When the installer was done, the window for vRoot popped up. Entirely written in Chinese, I followed the instructions someone had written and it said it was successful.
BS. No dice.
Then, on my computer, (Win 7 X64), i noticed the notification bar filling up with crap I wouldn't install to save my life.
- I have no fewer than 9 processes that start with Windows that I am unable to uninstall or disable effectively.
- No fewer than 13 pieces of unwanted software that all pop up with their nag screens as soon as I logon to Windows.
I ran a full scan with Malwarebytes and got a few hits. Quarantined them, and ran a deep scan with aVast! which included a boot time scan that took all day. It found tons of corrupted and problematic files as well as some of this new software that is obviously malware. To my chagrin, when the computer was restarted and I logged back in, I was once again greeted with the nagware as if it were giving me the middle finger. WTF.
At this point, I am sure it's done other terrible things to my Windows installation and I'll have to go through the incredible pain in the ass of wiping the drive and re-installing Windows.
So thank you, assbandits that keep trolling and trying to get people to install this trash. I hope enough people notice this issue, jump up and down and whine and scream for the mods to hear our cry, and automatically close threads where vRoot and iRoot are mentioned until this plague goes away.
Bottom line is that vRoot/iRoot is a virus...or, really more like a virus launcher that launches an ICBM that has a warhead full of lots of wizards and angry bees and bill collectors that all want to make you miserable.
---------- Post added at 03:35 AM ---------- Previous post was at 03:28 AM ----------
REPORTED.
I don't know what you personally gain from having people install this virus ridden piece of sh** but you have cost me alone a whole day of using my computer for work trying to rid it to this virus that just won't effing die. Avast didn't detect it. Malwarebytes didn't detect it. Neither will get rid of it.
SO I am reporting you and anyone else that promotes installing this horrible thing.
Click to expand...
Click to collapse
First And Foremost - DON'T Panic about the Malware it installed.
While it's true that iroot / vroot does install malware, it should be noted that it also does gain root access on most android device's.
Now the good news for those of you that have malware issues with vroot or any program that installed crapware. It's very easy to remove.
Download combofix from bleepingcomputers web page, place it on your desktop.
Open your controls panel and run programs and features. Remove any program that was just installed at about the same time as iroot/vroot.
Now close all programs that are running, and launch combofix.
Follow the prompts until it is done. It will reboot your computer and display a text file of what was done. It is finished, and your computer is now cleaned of all malware.
Enjoy.
Youtu.be/a5_iqHBjA7k root it with iroot just add http or www to the front of the link
Sent from my Dragon Touch M8 using XDA Free mobile app

Please help! Phone being remotely accessed and controlled by unauthorized 3rd party..

Thank you in advance. First of all I am still a beginner in knowledge here. My Alcatel fierce 4 TCL 5056N seems to have been hacked and is now being remotely accessed and controlled by an unauthorized 3rd party. I may be way off base but I think my phone may have been exposed to a R.A.T.. Temporarily rooted long enough for someone to modify the kernel and other system coding, which I cannot access myself with an unrooted phone, installing some sort of sub-OS with limited user setting options and a completely different named storage platform,( I.e. emulated, bdef55, self), and not even factory resetting my device helps because it reboots into the sub-OS they installed. They are screen overlaying buttons, and toggles are being reversed in real time before my eyes, settings and options are disappearing from one minute to the next and I've somehow found myself poking around in some windows software on a PC that is used to develop Android software, maybe sdk, not sure but was Linux coding and looked like it was meant for me. I was on the other end of this hack for a few minutes tho but my lack of knowledge made this useless to me. I have downloaded many an app trying to combat this issue but to no avail. Although unsuccessful I have seen a few thing I don't understand but could possibly be helpful for you to identify exactly what my issue is. One thing is an app I downloaded said that a trust cert has enabled a malicious trust agent and my system is being remotely accessed by a third party. The rest is beyond my understanding but I'm going to list a few tidbits you may recognize. LIB, Kinguser, kingroot, persist, unremovable/???/xxx, code Aurora, bootstrap something, libnfc, system/framework/Apache/xml, bin, user value=0 or 1/2, managed provisioning, also a .base ext. on a bunch of sytem apps below the same app without and a few of others. I don't know if that's helpful but it's all I can remember. Symptoms are apps closing on their own, microphone and camera being remotely enabled, unable to update Google play services or store and being forced to use an obviously older and modified version with possible replica apps with restrictions, unexpected reboots, in settings/apps/permissions apps like gallery, when you click battery and then the little i button for info, it says it's a system app and all of the sudden the disable and force close buttons become un-highlighted and unusable and so on and so forth. Lastly, my home wifi is infected I think as well because my roommate is having the same issues. I've tried(unsuccessfully) to root my phone so I could manually remove some of these apps and extra coding and such but it seems impossible because of a locked bootloader. Tried about 10 different ways without success so I've just about given up and smashed the damn thing but then you geniuses popped into my head so I beg of you, please help me or if nothing else, tell me to proceed with the smashing...lol! Thank you very much for your time. P. s. I'm new to XDA dev website so maybe drop me a line at [email protected] with directions back to this thread. Had a bit if trouble navigating here. Thanks again and have a great day! -Spencer

Security Issues. a must see and read

Okay so ive been battling this for sometime. I'm starting to get a little more knowledgeable but still don't know what to do with all this.I experienced this first back in 2015 then I completely made a switch. Well now I'm back to same issues.
The problems I'm experiencing is it's happening on all the devices I have. The phone I'm on now bought brand new from metropcs. and not even a day 30minutes later I get an update for the phone. I new not to install or download. But it inventively did. Now it's sitting on my storage wanting me to move files to root.
LET ME MAKE THIS CLEAR. NON OF MY DEVICES ARE ROOTED.
to make this short. My devices seem to have a Bluetooth admin. And connects to any Bluetooth device without me knowing.
So far from what I see chromium and stage fright is a big part of what I'm seeing.
I'm attaching some pictures to give more detail look. And it's not just my Android devices it's my Xbox one S as well.
looking to completely remove. I'm not trying to waste money on switching networks or completly going Mia.
Fast responses please.
Sincerly,
-Desperate androidian
BLEEDCOLORYOU said:
Okay so ive been battling this for sometime. I'm starting to get a little more knowledgeable but still don't know what to do with all this.I experienced this first back in 2015 then I completely made a switch. Well now I'm back to same issues.
The problems I'm experiencing is it's happening on all the devices I have. The phone I'm on now bought brand new from metropcs. and not even a day 30minutes later I get an update for the phone. I new not to install or download. But it inventively did. Now it's sitting on my storage wanting me to move files to root.
LET ME MAKE THIS CLEAR. NON OF MY DEVICES ARE ROOTED.
to make this short. My devices seem to have a Bluetooth admin. And connects to any Bluetooth device without me knowing.
So far from what I see chromium and stage fright is a big part of what I'm seeing.
I'm attaching some pictures to give more detail look. And it's not just my Android devices it's my Xbox one S as well.
looking to completely remove. I'm not trying to waste money on switching networks or completly going Mia.
Fast responses please.
Sincerly,
-Desperate androidian
Click to expand...
Click to collapse
The Android community isn't what it used to be that's for sure. No help, no suggestions. Just nothing.
BLEEDCOLORYOU said:
Okay so ive been battling this for sometime. I'm starting to get a little more knowledgeable but still don't know what to do with all this.I experienced this first back in 2015 then I completely made a switch. Well now I'm back to same issues.
The problems I'm experiencing is it's happening on all the devices I have. The phone I'm on now bought brand new from metropcs. and not even a day 30minutes later I get an update for the phone. I new not to install or download. But it inventively did. Now it's sitting on my storage wanting me to move files to root.
LET ME MAKE THIS CLEAR. NON OF MY DEVICES ARE ROOTED.
to make this short. My devices seem to have a Bluetooth admin. And connects to any Bluetooth device without me knowing.
So far from what I see chromium and stage fright is a big part of what I'm seeing.
I'm attaching some pictures to give more detail look. And it's not just my Android devices it's my Xbox one S as well.
looking to completely remove. I'm not trying to waste money on switching networks or completly going Mia.
Fast responses please.
Sincerly,
-Desperate androidian
Click to expand...
Click to collapse
I'm no expert but I'm struggling to see your exact issue you seem to think you have, is it just t your Bluetooth is switching on. All those licences, security certs, file locations etc look normal to me (without checking numbers or being able to compare to same phone os etc) though I have disabled many of those certs eg the Turkish ones etc & my Bluetooth files are different but I can find ref hill those locations online eg Xieomi phones
You appear to have a ZTE, please give model number and current OS & rev (must be stock I suppose). ZTE was found with a backdoor in older phones, sending data to China, so it's possible, & some Chinese phones also update their apps without notification. But as you say your whole network appears compromised so the source may be something else, like your router/modem, or Bluetooth as you think (though some apps require Bluetooth admin permission legitimately, you can disable it as an Admin). Tell us what behaviors you are seeing that you believe are malicious. New phone update soon after you turn on is quite common, as I'm sure you know.
When I had a quick look at your log it did have a lot of activity going to the US DOD, would you expect this, as well as the usual google & Facebook connections. Though (perhaps) strangely also to a server from a small marketing company here in Australia, but I'm no expert even if I looked at your log line by line I wouldn't understand it all.
Ref his other post
https://forum.xda-developers.com/general/security/security-global-family-credientals-t3665851
Things to try. Run a reputable antivirus. Boot into safe mode, so only system apps run, is it still happening? Can you turn off anything that is listed as a device admin? Try run a root checker app. Even if it all comes back negative you may still have a problem as a port may already have been opened and malicious app self deleted or something. Use an app like Fing to see if any device you don't recognise are connected to your network.
You may be able to block some activity if it's not going through root with a firewall eg NetGuard no root firewall, start with everything blocked.
Above are just some general hints, without knowing specifics I can only suggest you backup any stuff you want to keep then factory reset everything & change ALL passwords to strong ones (no good just adding a number on the end of your old ones!), better still reflash all firmware (updates if available) to overwrite everything. This incl your internet access points eg router, and only reconnect to the net/networks after you have done them all (one at a time preferably then you may be able to identify source of problems)
That turned out a lot longer than I intended!
IronRoo said:
I'm no expert but I'm struggling to see your exact issue you seem to think you have, is it just t your Bluetooth is switching on. All those licences, security certs, file locations etc look normal to me (without checking numbers or being able to compare to same phone os etc) though I have disabled many of those certs eg the Turkish ones etc & my Bluetooth files are different but I can find ref hill those locations online eg Xieomi phones
You appear to have a ZTE, please give model number and current OS & rev (must be stock I suppose). ZTE was found with a backdoor in older phones, sending data to China, so it's possible, & some Chinese phones also update their apps without notification. But as you say your whole network appears compromised so the source may be something else, like your router/modem, or Bluetooth as you think (though some apps require Bluetooth admin permission legitimately, you can disable it as an Admin). Tell us what behaviors you are seeing that you believe are malicious. New phone update soon after you turn on is quite common, as I'm sure you know.
When I had a quick look at your log it did have a lot of activity going to the US DOD, would you expect this, as well as the usual google & Facebook connections. Though (perhaps) strangely also to a server from a small marketing company here in Australia, but I'm no expert even if I looked at your log line by line I wouldn't understand it all.
Things to try. Run a reputable antivirus. Boot into safe mode, so only system apps run, is it still happening? Can you turn off anything that is listed as a device admin? Try run a root checker app. Even if it all comes back negative you may still have a problem as a port may already have been opened and malicious app self deleted or something. Use an app like Fing to see if any device you don't recognise are connected to your network.
You may be able to block some activity if it's not going through root with a firewall eg NetGuard no root firewall, start with everything blocked.
Above are just some general hints, without knowing specifics I can only suggest you backup any stuff you want to keep then factory reset everything & change ALL passwords to strong ones (no good just adding a number on the end of your old ones!), better still reflash all firmware (updates if available) to overwrite everything. This incl your internet access points eg router, and only reconnect to the net/networks after you have done them all (one at a time preferably then you may be able to identify source of problems)
That turned out a lot longer than I intended!
Click to expand...
Click to collapse
Thank-you. Now for a better visual. There's to many apps.
And if u can give me links to apps that will help.
And on my oneplus one the Bluetooth thing says :1002 sharing or midi or something.
BLEEDCOLORYOU said:
Thank-you. Now for a better visual. There's to many apps.
And if u can give me links to apps that will help.
And on my oneplus one the Bluetooth thing says :1002 sharing or midi or something.
Click to expand...
Click to collapse
And code.auroa? What is this
BLEEDCOLORYOU said:
Thank-you. Now for a better visual. There's to many apps.
And if u can give me links to apps that will help.
And on my oneplus one the Bluetooth thing says :1002 sharing or midi or something.
Click to expand...
Click to collapse
I don't have that phone so can't really tell what is a suspect app or not, especially just from screen shots.
Here use this app to run on demand scans against the virustotal database (this is not an "antivirus app" like Avast so offers no protection, it only scans apps on demand, so you should run a good antivirus also)
https://play.google.com/store/apps/details?id=com.funnycat.virustotal
it should flag any suspect apps and you can submit any unknown ones you are worried about.
---------- Post added at 05:12 AM ---------- Previous post was at 05:02 AM ----------
BLEEDCOLORYOU said:
And code.auroa? What is this
Click to expand...
Click to collapse
edit: not Firefox then.
org.codeaurora.bluetooth is a legit part of Bluetooth .... Well unless it's flagged by virustotal then it probably is a malicious app just given a common name to try and hide
IronRoo said:
I don't have that phone so can't really tell what is a suspect app or not, especially just from screen shots.
Here use this app to run on demand scans against the virustotal database (this is not an "antivirus app" like Avast so offers no protection)
https://play.google.com/store/apps/details?id=com.funnycat.virustotal
it should flag any suspect apps and you can submit any unknown ones you are worried about.
Click to expand...
Click to collapse
Okay but what is provisioning? Code auroa smartcard services googleplay for instance apps and
And IV never encrypted this phone.
BLEEDCOLORYOU said:
Okay but what is provisioning? Code auroa smartcard services googleplay for instance apps and
And IV never encrypted this phone.
Click to expand...
Click to collapse
And alot of the overlay apps n simtoolkit are all questionmarked
BLEEDCOLORYOU said:
And alot of the overlay apps n simtoolkit are all questionmarked
Click to expand...
Click to collapse
ser my edit above re aurora
sometimes virustotal will have 2 or 3 antiivirus companies flag a file, these are probably false positives so probably nothing to worry about (though could just be a new submission, other companies should soon update if real malicious code, check back in a day or two). If lots of companies flag an apk then you haven a problem.
It looks like you have a problem whit overlays (unless it's an app your phone company installs for that function, not sure what you mean). You should install a proper antivirus app like Avast, malwarebytes etc as a first step, hopefully it can remove malicious apk
---------- Post added at 05:51 AM ---------- Previous post was at 05:37 AM ----------
BLEEDCOLORYOU said:
And IV never encrypted this phone.
Click to expand...
Click to collapse
Doesn't matter, encrypting phone only protects unauthorised access to your data. Once it is unlocked anyone can view your stuff. And once a malicious app is on your system it can shall read all your data even if you had encrypted it as it's unencrypted when you use it
IronRoo said:
ser my edit above re aurora
sometimes virustotal will have 2 or 3 antiivirus companies flag a file, these are probably false positives so probably nothing to worry about (though could just be a new submission, other companies should soon update if real malicious code, check back in a day or two). If lots of companies flag an apk then you haven a problem.
It looks like you have a problem whit overlays (unless it's an app your phone company installs for that function). You should install a proper antivirus app like Avast, malwarebytes etc as a first step, hopefully it can remove malicious apk
---------- Post added at 05:51 AM ---------- Previous post was at 05:37 AM ----------
Doesn't matter, encrypting phone only protects unauthorised access to your data. Once it is unlocked anyone can view your stuff. And once a malicious app is on your system it can shall read all your data even if you had encrypted it as it's unencrypted when you use it
Click to expand...
Click to collapse
Okay so now I'm trying to post screenshots of when I'm connected to wifi and it's not letting me
Pairwise cyphers and
Group cyphers
Sim_num
?
BLEEDCOLORYOU said:
And alot of the overlay apps n simtoolkit are all questionmarked
Click to expand...
Click to collapse
Tap those with question marks to submit to virustotal for analysis
IronRoo said:
Tap those with question marks to submit to virustotal for analysis
Click to expand...
Click to collapse
/sys/fs/selinux/class/appletalk_socket/perms
Not suspious?
BLEEDCOLORYOU said:
/sys/fs/selinux/class/appletalk_socket/perms
Not suspious?
Click to expand...
Click to collapse
Now I'm not stupid, this is facts. I just need defined and solution!!!
No these are normal library files. Stagefright "the malicious exploits" were called this as it was the stagefright framework it exploited. Everyone has these files, here are mine below.
You need to use tools like antivirus to identify bad files but even that is no guarantee as there is the possibility the original malicious file could have self deleted and, for example, just left open ports which would not be found as a "virus" but still allow remote access to your device.
If you cannot identify the actual exploit on your phone then the best solution is probably to just reflash the stock rom as this will wipe & overwrite everything. But if a malicious file is left on your SD card or another networked device you could soon be infected/compromised again. That is why I said before if you can't identify the source of your infection you really need to factory reset or reinstall all OS on all devices affected including your home router etc (or maybe it's your work or public network) and change all passwords.
IronRoo said:
No these are normal library files. Stagefright "the malicious exploits" were called this as it was the stagefright framework it exploited. Everyone has these files, here are mine below.
You need to use tools like antivirus to identify bad files but even that is no guarantee as there is the possibility the original malicious file could have self deleted and, for example, just left open ports which would not be found as a "virus" but still allow remote access to your device.
If you cannot identify the actual exploit on your phone then the best solution is probably to just reflash the stock rom as this will wipe & overwrite everything. But if a malicious file is left on your SD card or another networked device you could soon be infected/compromised again. That is why I said before if you can't identify the source of your infection you really need to factory reset or reinstall all OS on all devices affected including your home router etc (or maybe it's your work or public network) and change all passwords.
Click to expand...
Click to collapse
I'm on a video bridge network I got the direct TV setup with 2 wireless setups. Both secure from what I know.
BLEEDCOLORYOU said:
Pairwise cyphers and
Group cyphers
Sim_num
?
Click to expand...
Click to collapse
These are for encryption of your connection, not your phone
BLEEDCOLORYOU said:
I'm on a video bridge network I got the direct TV setup with 2 wireless setups. Both secure from what I know.
Click to expand...
Click to collapse
I'm no coding/security guru, but I have worked on telecoms, military electronics, etc but my coding & network security knowledge is limited.
I would run this app Fing to check your local network, are there any unknown devices connected?
https://play.google.com/store/apps/details?id=com.overlook.android.fing
note: this only finds currently connected devices, so you'd want to do this several times & especially when you see suspect behavior.
Also check for open ports, easiest way is probably this site, it will scan the first 1000 ports or so (select all)
https://www.grc.com/
go to shields up
but you really need to scan ALL possible ports with a tool like Zenmap (for PC) if you think you are compromised
https://nmap.org/zenmap/
However it's not clear to me if you ever installed a proper antivirus and whether it found and deleted anything? Virustotal seemed to find some suspect apks, I had a quick look at Trendmicro database but it didn't list details of the one it found in your screenshot, but the fact some of those antivirus companies called the suspect apk names with "joke" in it may suggest it's just a joke app your mate has installed, though probably not a joke app if your other devices are really also compromised, from memory there is also real malware with that name which may be able to infect other devices. Running a proper antivirus should easily find and clean any "joke" app on your phone & hopefully any real malware. If you've done this and still seeing indications you are compromised then do what I suggested above. (Also repeat malware checks on other devices and removable storage media)
You should also log into your router as admin and check settings, are you using a secure router password? Is firmware up to date. Is firewall set up correctly? Also close any open ports that you don't use. Turn off remote admin, if router has it. Etc etc what do your router logs show (turn on more detailed logging if necessary) Factory reset or reinstall firmware if you think changes have been made to your router by someone else.
Hi I am having same issues. Exact same behaviors regardless of new phones new carrier and all accounts being unconnected in name. Google etc. This is extreme. Its via bluetooth I agree something with esims or virtual sims for use of wifi access and or signal piracy for media. The DOD files are also something I am familier with seeing. Code Aurora was also a govt project way back. Its Interesting thst I have Verizon files loading on at & t phones and sprint loading on Verizon. Whatever this is has managed to infiltrate my computers as well. Its relentless. Its impressive and sophisticated. Please please help.
Spidder77 said:
Hi I am having same issues. Exact same behaviors regardless of new phones new carrier and all accounts being unconnected in name. Google etc. This is extreme. Its via bluetooth I agree something with esims or virtual sims for use of wifi access and or signal piracy for media. The DOD files are also something I am familier with seeing. Code Aurora was also a govt project way back. Its Interesting thst I have Verizon files loading on at & t phones and sprint loading on Verizon. Whatever this is has managed to infiltrate my computers as well. Its relentless. Its impressive and sophisticated. Please please help.
Click to expand...
Click to collapse
I'm having the same issmy ues. Did anyone ever resolve or figure out what is happening? I think I'm under investigation by the DOD and they own my devices. My uploads/downloads are blocked, internet searches filtered, pics/screenshots of evidence deleted off my phone, etc.

Possible tampering or what?

Ok. Last year someone was able to tunnel into my network at home. Alot of crazy s*** went down. Long story short, I think there's something fishy going on again.. let me explain.
Everytime I get a new phone, laptop, desktop, etc. I start finding a ridiculous amount of hidden files and folders. The PC side is no longer the issue, now its moved to Android, I think?..
The question I want to know, is how can I compare my what my phone should be installing after a factory reset, file wise? I've looked for a list online to compare with and no luck so far. I also found that there is a partition of the internal storage, completely hidden and inaccessible. Like.. I can't see anything. Add that with permissions being changed randomly so I'm not able to take full control over these pesky little buggers.
In short, I'm either wayyyy to high off that last dab, or my phone is being tampered with. What can I do? Here's what I'm working with.
Samsung A21 (SM-S215DL) using Straight Talk. Attached is a screenshot of the SW mumbo jumbo. I really hope someone can help. TIA!
namdrop22 said:
The question I want to know, is how can I compare my what my phone should be installing after a factory reset, file wise? I've looked for a list online to compare with and no luck so far.
Click to expand...
Click to collapse
IMO nobody can tell you what apps to install after a Factory Reset: it's alone your decision what apps you want to run.
jwoegerbauer said:
IMO nobody can tell you what apps to install after a Factory Reset: it's alone your decision what apps you want to run.
Click to expand...
Click to collapse
No no. You're missing the question here.
namdrop22 said:
No no. You're missing the question here.
Click to expand...
Click to collapse
May be.
A Factory Reset doesn't install anything, it wipes all user apps and data. A Factory Reset never touches Android OS itself.
Look at the running apps and services, anything utilizating root or kernel or system privileges will not be in that list unless it's using a app to bootstrap but if you have a weird duplicate system app or an app with a strange name could help you narrow it down. if you have usb debugging enabled you may be able to run a logcat as well to see what messages the system is generating.
Does samsung offer any tools to read the boot log? You might find something In that too. Lastly, well you should do this first, check if there are any exploits or vulnerabilities with your phones software and hardware. Google search " chipset-or-software-name-here + escalate vulnerable cve exploit "
Check past software versions too, you could get hit while the vuln is unknown or lesser known then it patches the manufacturers patches.
Can u elaborate on these file systems or folders you say you have that are invisible?
Unless you loaded malware, a trojan etc on to the phone either in data from the PC, email download, an app you installed or a download from the internet.
Even so it would die with a factory reset... so do another factory reset so if you think so.
Then be careful what you allow into it.
Don't let anyone use your phone or access any of your devices ie flashcards, PC etc.
Run
SafetyNet Test - Apps on Google Play
SafetyNet device compatibility test
play.google.com
to check whether phone's Android got tampered or not

Categories

Resources