Database Info

Android Malvertising/Browser Hijack?

Sometimes when surfing the web on my phone I end up either having the play store open with a suggested app or have the page I was starting to read redirected to another site informing me that my device is slow or a similar message.
I'm increasingly seeing these on different Android devices: My Nexus 5, my mothers S4 Mini and even my father owning a S3 sees these kind of adverts every now and again.
Tonight while browsing an XDA article, I was redirected to another page telling me that my phone was running slow. So I closed the tab, and tried to go read XDA once again, and again I'm redirected to this dodgy page asking me to download software. It appeared to do this until I cleared my cache, cookies etc. Was this a browser hijack!? I have scanned my N5 with Malwarebytes to be sure nothing was actually saved to my device and it came up clean.
I am using Stock 4.4.2, not even rooted. I was using Dolphin browser while browsing XDA when this occurred. My question is: how can I prevent this from occurring again? I am fairly sure my phone isn't home to any malware as I always scrutinise apps and their permissions prior to installation.
Sent from my Nexus 5

Hmm. I have no idea what Dolphin does as far keeping up with browser exploits and how well it does as far as security related stuff.
What I use is Firefox with http://noscript.net/nsa/ and https://addons.mozilla.org/en-US/firefox/addon/self-destructing-cookies/ (but mobile version).
Once when I was malware hunting shady sites I did get a different result when checking said sites with my phone (they have some malware distribution sites smart enough to check the browser's User Agent to see what the person is using). Basically it started showing me a scare-ware sort of "Scan now to fix virus!" sort of app, which I then just uploaded to VirusTotal (they share the findings with AV providers).

Specially when im on XDA Developer with Boat Browser sometimes automatic open PlayStoreApp with Cleanmaster or something.
Often popup like Whatsapps beeing expired,
u got virus popup !!??
some strange behavior !!
only on XDA Developer Side !?
Any solution !?

[Completed] Unresponsive script? keeps freezing while web surfing

Hi I am currently using Nexus 6
Since few days ago when I was web surfing, chrome kept freezing and crashing.
I cleared all data, history and cache of chrome. Moreover, I re installed Chrome as well.
However, i couldn't solver the problem.
I thought it might be the problem of chrome, so I tried to use different web browser such as firefox and opera.
But still the problem remains.
The name of unresponsive script is voken eyereturn com
How can I deal with this problem?

Hi
It might b possible that ,one of the sites you are visiting is using eyeturn . which is using that script.
One of the ways to do is ,root your phone and install Adblocker like ad away
http://forum.xda-developers.com/showthread.php?t=2190753
Otherwise ,you will have to stop using an app/ or visit that website which downloads that script.
You can try using Nexus 6 Q/A section for better support in this regard
http://forum.xda-developers.com/nexus-6/help
Good day !

Adware Removal Help

Hey everyone,
I'm new here and I am hoping y'all can help me out. I recently started getting onclick redirect ads on my S6. I get them in Chrome, Dolphin, Maxthon Browser as well as apps such as Smartnews and bleacher report. These redirect ads are prompted only when I open a new link. They do not happen 100% of the time I open a new link and they do not redirect spontaneously. I have no other pop up ad issues to speak of. The only online browser that does not get the redirect ads is Opera Mini. I started getting these ads about a week ago but I had not downloaded any 3rd party apps. I download exclusively from the app store. After scouring the internet for advice I tried the following without success:
1) delete all recently downloaded apps
2) Clear cache and delete history in my internet browsers
3) Factory reset for phone settings
4) Change the DNS in case it was an infected router
5) Use multiple antivirus/malware programs
At this point in time I got desperate and decided to format the phone. After formatting the phone I did not allow it to download any apps. I opened chrome and still had the redirect ads. I started using my old phone to browse the internet because I was tired of the redirect ads. I turned on my S5 and found that I had the same redirect ads. This is the first time I have used my S5 in over a year and I did not have this issue the last time I used it. After finding the redirect ads on my S5, I was worried that it was somehow related to my google account. I formatted my S6 for a second time and created a brand new google account. I still have the redirect ads.
tdlr; I have formatted my phone multiple times, I have tried every piece of advice I have come across and I still have redirect ads on my S6
Any help would be great. I am at my wits end. Thanks in advance.

Firefox wont work without chrome?

So i just got my 10+ 2 days ago and immediately rooted it with magisk. For the past 2 days i have been working on customizing, debloating, and degooglefying it. So far i have removed almost all google apps as well as some samsung bloatware. I have also removed bixby and remapped the bixby button for other tasks...
However i have run into a peculiar issue; if i remove chrome none of my firefox browsers will work, with the exception of orfox... this includes firefox focus, firefox klar and icecat. Those browsers will open no problem but if i type anything into the URL bar and hit go/enter the browsers immediately close/crash. If i reinstall chrome, firefox browsers work without issues. If i force stop and disable chrome, firefox browsers work with no issues. I just cant uninstall chrome.
Im using debloat in magisk modules and im sure the browsers share some dependencies, however i have tried reinstalling firefox browsers after removing chrome and same problem.
Anyone else have this issue or does everyone else use chrome?

I am unrooted with chrome disabled, Firefox beta runs fine. Have you removed android webview too? Try the fenix preview it uses the new rendering engine?
Unrelated question, I used to use note 1 back in the day it had no knox so rooting was simple. Went the nexus/pixel way after that, and rooting on it was basically just pressing a button. Just moved from a pixel 1 to this s10+.
My usage of the root on the pixel had dropped to titanium backup and kernel for boosting it's low performance, could you please explain your use for root on s10? Also, if you want to use your warranty will you be able to?

Yea i currently have chrome disabled and firefox works fine, i just cant uninstall chrome without issues.
To answer your unrelated question, i am a long time linux user and am used to being free to change anything I want with nothing off limits. For the s10 i want to be able to tweak all the settings to my desires and only run the software that i use. I dont want bloatware that i dont use either running in the background or just taking up space.
And as far as i know, the method of root for the s10 line using magisk can be unrooted and bootloader can be relocked but that requires wiping everything and flashing stock firmware which should allow you to use your warranty. I dont actually have a warranty as i bought the international unlocked version and samsung factory warranty doesnt cover accidental physical damage which is the only thing i would ever use a warranty for.

thearmeddiyer said:
So i just got my 10+ 2 days ago and immediately rooted it with magisk. For the past 2 days i have been working on customizing, debloating, and degooglefying it. So far i have removed almost all google apps as well as some samsung bloatware. I have also removed bixby and remapped the bixby button for other tasks...
However i have run into a peculiar issue; if i remove chrome none of my firefox browsers will work, with the exception of orfox... this includes firefox focus, firefox klar and icecat. Those browsers will open no problem but if i type anything into the URL bar and hit go/enter the browsers immediately close/crash. If i reinstall chrome, firefox browsers work without issues. If i force stop and disable chrome, firefox browsers work with no issues. I just cant uninstall chrome.
Im using debloat in magisk modules and im sure the browsers share some dependencies, however i have tried reinstalling firefox browsers after removing chrome and same problem.
Anyone else have this issue or does everyone else use chrome?
Click to expand...
Click to collapse
It's because there is no alternative webview provider, or Android System Webview is broken. Check developer settings. I have to keep chrome installed for its webview provider and for some reason the built in Android System Webview is broken, even if I update it.

Chocolatetrain said:
It's because there is no alternative webview provider, or Android System Webview is broken. Check developer settings. I have to keep chrome installed for its webview provider and for some reason the built in Android System Webview is broken, even if I update it.
Click to expand...
Click to collapse
Thank you!!!
This solved my problem
So after I disabled chrome I verified webview provider switched to the android version and that firefox was working properly. I then uninstalled chrome, rebooted and same problem. After a little more research i found out that as long as the chrome webview providor was present and used, the android version will not update by itself. I manually went to the play store and updated it which is all it needed. Chrome is uninstalled completely, android webview is in use, and firefox is working properly.
I will report back if i discover any adverse side effects of running the android version rather than chrome.

thearmeddiyer said:
Thank you!!!
This solved my problem
So after I disabled chrome I verified webview provider switched to the android version and that firefox was working properly. I then uninstalled chrome, rebooted and same problem. After a little more research i found out that as long as the chrome webview providor was present and used, the android version will not update by itself. I manually went to the play store and updated it which is all it needed. Chrome is uninstalled completely, android webview is in use, and firefox is working properly.
I will report back if i discover any adverse side effects of running the android version rather than chrome.
Click to expand...
Click to collapse
Good stuff man, you're welcome haha. For some reason mine's permanently broken, although I don't mind leaving chrome installed.

recommended steps for locating hidden adware

Hi All,
I'd like some recommendations on steps for locating a stubborn adware infestation that virus scanners don't seem to be able to find on my mobile. System is:
- Samsung SM-G900F
- Android 6.0.1
- unrooted
I get advertising redirects several times per day. It isn't clear where they are coming from. Have tried complete system reset. Uninstalled all downloaded apps. Disabled app auto updating. Ran a Malwarebytes scan. It found nothing.
Is there somewhere a log file for browser calls? At least I could find the app that requests the unwanted URLs.

thunderslug said:
Hi All,
I'd like some recommendations on steps for locating a stubborn adware infestation that virus scanners don't seem to be able to find on my mobile. System is:
- Samsung SM-G900F
- Android 6.0.1
- unrooted
I get advertising redirects several times per day. It isn't clear where they are coming from. Have tried complete system reset. Uninstalled all downloaded apps. Disabled app auto updating. Ran a Malwarebytes scan. It found nothing.
Is there somewhere a log file for browser calls? At least I could find the app that requests the unwanted URLs.
Click to expand...
Click to collapse
you could turn on logging in developer options, though you'll need a little tech skill to use & set up.
Probably an easier way is to use a no root firewall eg
https://play.google.com/store/apps/details?id=eu.faircode.netguard
while the log feature is not free as you only want to find one potential app you can set notifications for internet connection attempts to on, then manually check app & ip address it's trying to connect to win you get popup.
Also you could use this app (it's NOT a proper antivirus app, but a useful 2nd opinion to your actual antivirus), it just allows you to easily see app status from virustotal.com & manually submit any that are suspicious or have not yet been submitted,
https://play.google.com/store/apps/details?id=com.funnycat.virustotal
btw even if you really have uninstalled all 3rd party apps one of the bloatware adk's may have a dodgy ad sdk within it. If so you can (probably) block this with the above firewall if you pay for that feature, without having to root your phone or freeze dodgy app. (Also boot phone into safe mode disables all 3rd polarity apps & see if it still happens)
Note: if system is infected by malware factory reset won't help, you need to reflash the FULL (eg 4 or 5 files inside) Samsung factory ROM with complete wipe. Though as I guess the S5 is not receiving updates anymore, I'd be looking into installing LineageOS to get up to date security patches (after first reinstalling stock ROM asuming you have malware as custom roms are not full roms like samsung factory rom)

thunderslug said:
Hi All,
I'd like some recommendations on steps for locating a stubborn adware infestation that virus scanners don't seem to be able to find on my mobile. System is:
- Samsung SM-G900F
- Android 6.0.1
- unrooted
I get advertising redirects several times per day. It isn't clear where they are coming from. Have tried complete system reset. Uninstalled all downloaded apps. Disabled app auto updating. Ran a Malwarebytes scan. It found nothing.
Is there somewhere a log file for browser calls? At least I could find the app that requests the unwanted URLs.
Click to expand...
Click to collapse
Could be xhelper, mostly Chinese phones (what a surprise ?) it seems but at least one Samsung running 6.0.X like you
https://threatpost.com/android-malware-45k-devices-mystery/149654/