I have a virus attached to my phone / google cloud and I can not shake it. I've tried multiple anti virus apps, all of them found absolutely nothing on my phone. I have factory reset my phone 3 separate times,the last one,I did not import my contacts list( that's where the virus first attacked) . And somehow, my contacts appeared a few hours later. All with the same problem ( see supplied screenshot) please someone ,help. It has been going on for 6 months now and I have not found one other person to have a similar issue!? How can I be the only one affected smh
It's been a long while since I had a Galaxy (S5), but I help my sister and my mom with their S20 and S22...
Apologies if I am a bit obvious & obtuse -- but you haven't mentioned what I'm about to suggest -- but I remember getting that when my phone book was set to display email addresses and not only contacts with phone numbers. As with the Middle Eastern contacts, I imagine that THAT might've been a "virus" or something, which synced to your Google or Samsung account, and it simply keeps getting re-synced every time you reset your device and/or just re-synced in general after a time.
You may/might need to delete the entries manually from your Google account and/or your Samsung account contact lists -- and then finally your device.
If anything, a "virus" does not survive a factory reset...you either have to re-install or re-download the virus in some fashion (whether knowingly or not) after the reset...
Good luck with everything!
simplepinoi177 said:
If anything, a "virus" does not survive a factory reset...you either have to re-install or re-download the virus in some fashion (whether knowingly or not) after the reset...
Click to expand...
Click to collapse
Not true. Rootkits do just that. Remember the infamous XHelper?
Does a Factory Reset Remove Viruses From Your Phone?
Running a factory reset on your phone can potentially clear out a persistent virus that is otherwise hard to remove. But does it remove all viruses?
www.makeuseof.com
TheMystic said:
Not true. Rootkits do just that. Remember the infamous XHelper?
Does a Factory Reset Remove Viruses From Your Phone?
Running a factory reset on your phone can potentially clear out a persistent virus that is otherwise hard to remove. But does it remove all viruses?
www.makeuseof.com
Click to expand...
Click to collapse
I did not know about this. Can something like XHelper implant itself without root access? I have my doubts OP had root access in any state in the number of factory resets performed...
And -- although I have not looked into the URL or XHelper -- it doesn't look like that or other rootkit "viruses" purpose would be what happened to OP -- merely changing and/or inputting random contacts...
simplepinoi177 said:
Can something like XHelper implant itself without root access?
Click to expand...
Click to collapse
Yes, that’s what happened. It used some exploit in Android to hide itself in the system partition.
simplepinoi177 said:
it doesn't look like that or other rootkit "viruses" purpose would be what happened to OP
Click to expand...
Click to collapse
This is not the case with OP. He simply has to clean up his contacts.
I did manually erase all contacts after the last time, within 5 hours they were back. 435 contacts erased and brought back. It's mind numbing.
What is this xhelper?
muffintop75 said:
I did manually erase all contacts after the last time, within 5 hours they were back. 435 contacts erased and brought back. It's mind numbing.
Click to expand...
Click to collapse
Have you given any 3rd party app access to your contacts? They are coming back because they are being resynced from cloud. You have to delete them from your Google account (assuming that’s what you use) as well as any other account that you have added.
1. On your mobile, sign out of your Google account that is having these contacts. And delete all contacts on your device.
2. Delete all these contacts on the web (using a browser on your laptop). Do this on all your cloud accounts that have your contacts.
3. Once it is cleaned in the cloud, add your Google account back on your device.
You don’t have any virus.
It's as @TheMystic says, we'd be willing to bet that something is resyncing your contacts from a cloud; at the very least it is not a virus.
Unless the virus' only purpose is chaos, there's no reason a virus would do this action -- it's just not how modern viruses work nor their purpose. They open exploits to either damage your system (OS-wise), hold you ransom, or obtain your information. Maybe back in the 70's and 80's and early 90's, there were viruses whose only purpose was to wreak havoc and delete as much data as possible, now viruses are meant to somehow get monetary returns -- creating random contacts would in no way get any "hackers" any money.
I did as instructed. We will see lol. Thank you very much for your time. I am wondering something though. If this is not a virus,what do I call it? It's something, I have to have a name for it. And I really want to find out who caused it
muffintop75 said:
I have a virus attached to my phone / google cloud and I can not shake it. I've tried multiple anti virus apps, all of them found absolutely nothing on my phone. I have factory reset my phone 3 separate times,the last one,I did not import my contacts list( that's where the virus first attacked) . And somehow, my contacts appeared a few hours later. All with the same problem ( see supplied screenshot) please someone ,help. It has been going on for 6 months now and I have not found one other person to have a similar issue!? How can I be the only one affected smh
Click to expand...
Click to collapse
Dont think so its a virus.
first - stop syncing of contacts from google drive. Delete all contacts from google, if you can.
use this app - https://play.google.com/store/apps/details?id=com.makelifesimple.duplicatedetector
this will remove all duplicates - name and number based, empty contacts, email ID's etc.
Had the same issue years ago, turned out to be sync issue with google.
So far so good it's been two hours. And everything still looks good. One thing the mystic suggested had me check my settings , I had ,for some reason, allowed 3rd party access to my contacts. Why would anyone ever want random web sites to have access to their contacts? Why is that even a setting? Lmao But no matter, it's turned off now. And I also followed the mystics other suggestions. For once ,I feel confident that this solved my issue. But only time will tell. It was taking weeks for my contacts to erase themselves before. But it all makes a little more sense to me now. I will keep you guys updated. ,thanks again for all your help ,this forum thread did what months of me searching online,and going from one tech "guru" store to the next. Every single one of them said( in some form) " the only way to get rid of this issue is to start a whole new google account, and to not access my old account,from my new one" . I refused to believe that. They were all just being lazy because it wasn't 15 years of THEIR life that was getting erased . So thank you for helping me find a real solution
Related
ActiveSync has decided that my device must be called WM_Administa1,2,3,4 etc. I've deleted the Partners keys in the registry on my PC and device, but it still remembers things. Anyone know how to make it completely forget and let me name my own device?
Thanks
at45 said:
ActiveSync has decided that my device must be called WM_Administa1,2,3,4 etc. I've deleted the Partners keys in the registry on my PC and device, but it still remembers things. Anyone know how to make it completely forget and let me name my own device?
Thanks
Click to expand...
Click to collapse
Not the answer you want. But honestly? Active sync is so retarded and has always been more of a pain than a gain.
And it's probably gone in WM 7... So, why not take this opportunity to "get in sync" with the better way this stuff is done now:
One such way is to use Google Sync -- and move all your contacts to a gmail account, which then has a google calendar associated with it. Once it is there, in the google cloud, then it can sync with your phone without active sync ever entering the picture again. Then you can just use the cable as a USB connection only.
It's been a while since i made this transition, but i am so less bothered by all the anxiety caused by active sync when going rom to rom etc.
STEP 1: getting outlook data to google - to then enable google sync, and contact sync.. i can't recall now if google had a tool for this, re exporting out of outlook for the one time to get gmail/cal in sync.
but there is an app that does it, called OGGsync -- and it works perfectly. only prob is it is not free, and cost $30 ... others may know of some other way to do this, if it appeals to you at all...
in the meantime, sorry for your problems. I ran into that, as we all have, many times. and frankly i never knew HOW to fix it... i thonk it always ended up being trial and error wasting hours ... and.. certainly your time is way more valuable per hour than $30 ... that was my view in the end.
good luck
Erm, no. Sending all my data to a 3rd party via the internet only to have them scan and index it before returning it to a machine one foot away from the first is not progress. There's nothing good about that model at all, and it's offtopic.
at45 said:
Erm, no. Sending all my data to a 3rd party via the internet only to have them scan and index it before returning it to a machine one foot away from the first is not progress. There's nothing good about that model at all, and it's offtopic.
Click to expand...
Click to collapse
yeah well screw you for a ****ty attitude. You don't need to be an asshole. You can just say "that's not what I want". Most people on this site do not behave as you do, thankfully. But their numbers are growing and I would like to STAMP IT OUT. This site wasn't created for assholiness. have a nice day!
Ha. I didn't read that after the first few words. No need to. The 'net's full of people like you, which unfortunately means that the world is, and we've all met your local counterparts.
Anyway if you'd kindly get off my thread and be a prick in reality where less people have to put up with you I'm sure many users would be appreciative.
Back ONTOPIC it turns out the solution was to simply erase the Partners keys in the registries and re-install ActiveSync. Probably not ideal but only takes a minute to do and it works fine.
The keys are something like [HKLM\software\microsoft\windows ce services\partners]
at45 said:
Ha. I didn't read that after the first few words. No need to. The 'net's full of people like you, which unfortunately means that the world is, and we've all met your local counterparts.
Anyway if you'd kindly get off my thread and be a prick in reality where less people have to put up with you I'm sure many users would be appreciative.
Back ONTOPIC it turns out the solution was to simply erase the Partners keys in the registries and re-install ActiveSync. Probably not ideal but only takes a minute to do and it works fine.
The keys are something like [HKLM\software\microsoft\windows ce services\partners]
Click to expand...
Click to collapse
oh coool!! thanks for the info!!i never thought if it that way..b.t.w. great attitude and you are smart !! we need that attitude in the whitehouse!! ,that was a cool burn
You two should joust.
just delet ur sycned phone from settings
Recently I received a notice from Google saying that my account was accessed from Russia. I also recently installed a custom Android ROM onto my T-Mobile HTC HD2. I was thinking, pretty much anyone can take the Android OS, make a custom version, and release it for download, right?
If so, is it possible that the person who created the custom Android ROM also modified it so they could steal my personal information? I really do like the ROM I am currently using and would not like to switch if I don't have to, but this whole Google thing has me paranoid now.
I have had my facebook lock down a few times from that kind of thing. But never out of the country. Did you check if mock locations is enabled? Settings - Applications -Development. Not sure id that could be the issue, but it is possible it was your phone reporting as another location.
Sent by Supersonic!
Now Google has sent me a second notice, AFTER changing my password, so this is really starting to bother me. I tried changing that Mock Locations setting, but it was already disabled. Just to be sure I haven't entered any of my new passwords into my phone yet since this last incident and I'm going to see if I still have problems.
johnny1178 said:
Now Google has sent me a second notice, AFTER changing my password, so this is really starting to bother me.
Click to expand...
Click to collapse
That's not good. Stay away from those warez & p0rn sites that end in ".ru"
Sent from my ADR6400L using XDA App
Watch out.
Are you sure google is sending these messages?
And does the mail contain a link for you to click on sayiong to change your password?
Alot of times the mail themselves are the scams. And are in most cases sent using the google account but from another server.
Could you copy paste the headers...leaving out your personal mail. In Outlook you can view this by opening the mail File->Info -> properties.
You should see internetheaders there.
Copy paste them. Dunno how to find them in Gmail havn't checked yet gonna see later how to view them in Gmail
Anything is possible, someone making a ROM could put whatever they wanted in there.
It's probably not the most likely way your account would end up compromised though, it could be anything from random hacking to malware on your PC.
Well, that's a good question. It's something that I wonder myself and that sometimes concerns me.
I have ESET antivirus installed and regularly do quick scans on my PC, but I suppose that wouldn't catch everything.
As far as the Google notice, it is not an email message. The notice appears in a red box with bold text at the top of my inbox when I sign into gmail, and I also checked the URL to make sure I was actually on Google.com.
I remember when I looking for ROMS to download, this particular build (can't remember the name) had the most thread views out of all of them at the time, so hopefully someone else would have noticed this issue by now if it was part of the build...
Anyways, thanks for your help. I'll try running an in-depth ESET scan to see if anything comes up.
I took it a step further and don't use any google account on my custom ROM at all. the less I rely on apps and cache data the better.
I always thought about that. Just me being cynical I suppose. Some of these deevs just do it for the love
I never thought of that before, maybe I should be more careful in the future..
Thank you gr8 idea...
lude219 said:
I took it a step further and don't use any google account on my custom ROM at all. the less I rely on apps and cache data the better.
Click to expand...
Click to collapse
What are you doing where you'd really need to worry about that? Just seems like using an android phone without a google account would be a pain.
OK, here I am with a cliche.
I have factory reset my HTC Titan, just for the fun of it, (to find out how awesome the process of a factory reset will be, but it was completed in just 1 sec) and backing up data completely ran out of my mind.
To top it all, my dreamspark unlock is gone. And now the official phone registration to unlock my phone is not working.
I know, I am a fool. But is there any way to get things back? I mean the apps that I have installed?
I usually do regular syncing with the Zune player, and thus got all my pics and videos on the phone. Also got all the music on my PC, so that's no biggie.
I just want all the apps back, because honestly, I don't remember the names of half of the apps. Is there any way that all the apps that I have purchased and downloaded (the free ones) from my windows account, gets automatically downloaded or synced to my phone?
Anything that you guys think might help my situation. Anything is welcome, even constructive criticism.
Thanks.
PO15ON said:
OK, here I am with a cliche.
I have factory reset my HTC Titan, just for the fun of it, (to find out how awesome the process of a factory reset will be, but it was completed in just 1 sec) and backing up data completely ran out of my mind.
To top it all, my dreamspark unlock is gone. And now the official phone registration to unlock my phone is not working.
I know, I am a fool. But is there any way to get things back? I mean the apps that I have installed?
I usually do regular syncing with the Zune player, and thus got all my pics and videos on the phone. Also got all the music on my PC, so that's no biggie.
I just want all the apps back, because honestly, I don't remember the names of half of the apps. Is there any way that all the apps that I have purchased and downloaded (the free ones) from my windows account, gets automatically downloaded or synced to my phone?
Anything that you guys think might help my situation. Anything is welcome, even constructive criticism.
Thanks.
Click to expand...
Click to collapse
Go to http://www.windowsphone.com and login. On the top right you'll see your name with a little arrow next to it. Click it and choose "account". Right below your personal data you'll find a history of all apps and games you downloaded and installed. You can use this as a list and reinstall directly on your device or you can click the apps and send them to your device (or send an e-mail with the link to the according app). You can find the exact same history in Zune as well: click your name -> click "account" -> click "purchase history". Not sure about the exact names, since I use the german version.
Can't help you with your dreamspark unlock issue though, sorry. :/
I will need to cross a border soon and there's a chance a customs officer may install malware onto my phone so I need to be prepared.
The most likely threat is this APK:
https://github.com/motherboardgithub/bxaq/blob/master/base.apk
The preparations I am making are:
- delete password manager apps
- delete chrome password manager
- delete Gmail app, gdrive
I'm not going to delete 2FA as that can be reset.
I don't have anything obvious to hide and I'm not expecting this to actually happen but having to reset thousands of passwords would be a major inconvenience and the risk is quite high.
It would be nice if I could make it look like the APK is already installed or something like that.
Oh. Well.
Wish me luck!
jago25_98 said:
I will need to cross a border soon and there's a chance a customs officer may install malware onto my phone so I need to be prepared.
The most likely threat is this APK:
https://github.com/motherboardgithub/bxaq/blob/master/base.apk
The preparations I am making are:
- delete password manager apps
- delete chrome password manager
- delete Gmail app, gdrive
I'm not going to delete 2FA as that can be reset.
I don't have anything obvious to hide and I'm not expecting this to actually happen but having to reset thousands of passwords would be a major inconvenience and the risk is quite high.
It would be nice if I could make it look like the APK is already installed or something like that.
Click to expand...
Click to collapse
Just deleting apps likely won't help as files are not actually erased, you'd need to use a scrubber to overwrite them.
Installing that app would also likely not work either. As I understand it they normally install, run scan & download data at the border, (normally it's then uninstalled) if they find it's not genuine you are going to be "investigated" big time! Or worse!
Even if you have nothing to hide your meta data may be used against someone else even if totally innocent or maybe even you eg your txts show you had arranged to meet someone where there was also a religious festival taking place, even if you had no interest in it, they might consider it worth further investigation.
Best to take a dumb phone
IronRoo said:
Just deleting apps likely won't help as files are not actually erased, you'd need to use a scrubber to overwrite them.
Installing that app would also likely not work either. As I understand it they normally install, run scan & download data at the border, (normally it's then uninstalled) if they find it's not genuine you are going to be "investigated" big time! Or worse!
Even if you have nothing to hide your meta data may be used against someone else even if totally innocent or maybe even you eg your txts show you had arranged to meet someone where there was also a religious festival taking place, even if you had no interest in it, they might consider it worth further investigation.
Best to take a dumb phone
Click to expand...
Click to collapse
Which country are you referring to? Thanks for the reply. The scrubber idea could be helpful.
The defeatest POV isn't though. I totally get that a state actor probably can't be defended against. The easiest thing is just to not go of course or find a suspicious dumb phone. I already avoid the USA if I can when flying.
But I'm not trying to defend against a country here. I just want to make the slightest effort to slow down a TSA thief or a Chinese official storing my credit card data on a riddled copy of windows xp - that kind of threat level.
A panic button, everything in the cloud and not cached. There are ways. There has to be ways because how else would business meetings and trades be made?
jago25_98 said:
Which country are you referring to? Thanks for the reply. The scrubber idea could be helpful.
The defeatest POV isn't though. I totally get that a state actor probably can't be defended against. The easiest thing is just to not go of course or find a suspicious dumb phone. I already avoid the USA if I can when flying.
But I'm not trying to defend against a country here. I just want to make the slightest effort to slow down a TSA thief or a Chinese official storing my credit card data on a riddled copy of windows xp - that kind of threat level.
A panic button, everything in the cloud and not cached. There are ways. There has to be ways because how else would business meetings and trades be made?
Click to expand...
Click to collapse
Any update on what happened? If it's still of interest to you, I could probably come up with some ideas.
I've known for 2 years I've been hacked. Everyone I know thinks I'm crazy because for 2 years I've been convinced that my phone was being controlled remotely even though I've changed devices, profiles, and deleted more apps than I can count. Finally yesterday I dicovered Total Virus Scan and it found this. I've had at least 50 antivirus apps with no success and I was not sure if maybe I wasn't a going crazy. I even would stop using my phone for a month or more at a time because that was the only time I had issues. Whoever is behind this has taught me everything I know about android and hacking by directing me in a way that is hard to explain. I'd just see what they wanted me to do by a random page that would pop up, or sentence highlighted, or other discreet cues. If I have not had 100% accuracy on certain issues I've been informed about by following these cues I would be certain I was crazy but there has been like 50 personal issues I've been informed about by following these cues and not a single time has it been we wrong. Unfortunately I let it consume me for about a year and almost ruined my life because of it and what I've learned has seriously altered my life. Yesterday Total Virus Scan found this Keylogger, 2 Trojan, RAT in OS. How do I remove these from my OS andcatch who is behind this? Attached is screenshot of the 4 issues found. Also on SD Maid it said my device wasn't rooted but had a built-in superuser app. Can't find the screenshot I had of that but had a url of toybox. A bunch of numbers then said [email protected] something. Any help will be much appreciated. Thank you in advance.
Could you try to create a backup of those apps and upload somewhere? Maybe it is possible to check it
Try to uninstall those apps with an app uninstaller
If you are unable to uninstall those apps they might be deeply installed? Ive been under the same situation 4-5years ago
Maybe a firmware reflash would do the job but everything will get deleted so try to backup everything
DrunkTrooper said:
Could you try to create a backup of those apps and upload somewhere? Maybe it is possible to check it
Try to uninstall those apps with an app uninstaller
If you are unable to uninstall those apps they might be deeply installed? Ive been under the same situation 4-5years ago
Maybe a firmware reflash would do the job but everything will get deleted so try to backup everything
Click to expand...
Click to collapse
It's not the apps. From what I've read one of the Trojans, the one in Google framework, is a dropper and reproduces and hides them in legit clean apps. That is why antivirus software doesn't pick them up. I've done at least 100 scan's with every malware finder I can find and this is the first time I have gotten a hit on anything but I know for a fact it's been there for at least 2 years. Everything I know about android whoever this person is taught me. It's almost as if they are a friend because they've directed me to learning about someone close to me who was doing me wrong, taught me everything I know about android and hacking, it's crazy man. I can't explain how they communicate with me all I can say is I will just see it and know. Something highlighted briefly, a random page popping up that directly coorilates with what is happening in my life, but also have tried getting money out of me and removed pictures of my wife from my device. I want to find out if it's someone I know before I remove it. If so, I'm thinking criminal charges and anything else I can do to mess with their life like they have mine. They truly destroyed my life for about 18 months and just now getting everything back together. I don't really talk about it anymore because everyone thought I went crazy but still privately search for the cause and who wmis behind it and yesterday I finally found it. Showed my mother and step son and even with these screenshots they still say I'm crazy and seeing things. Just glad I finally have proof. I can't explain what it's like to have EVERYONE around you saying you are crazy and seeing things that aren't there and knowing you aren't. It really sucks and I wouldn't wish what I've experienced the last couple years on my worst enemy.
EJay80 said:
I've known for 2 years I've been hacked. Everyone I know thinks I'm crazy because for 2 years I've been convinced that my phone was being controlled remotely even though I've changed devices, profiles, and deleted more apps than I can count. Finally yesterday I dicovered Total Virus Scan and it found this. I've had at least 50 antivirus apps with no success and I was not sure if maybe I wasn't a going crazy. I even would stop using my phone for a month or more at a time because that was the only time I had issues. Whoever is behind this has taught me everything I know about android and hacking by directing me in a way that is hard to explain. I'd just see what they wanted me to do by a random page that would pop up, or sentence highlighted, or other discreet cues. If I have not had 100% accuracy on certain issues I've been informed about by following these cues I would be certain I was crazy but there has been like 50 personal issues I've been informed about by following these cues and not a single time has it been we wrong. Unfortunately I let it consume me for about a year and almost ruined my life because of it and what I've learned has seriously altered my life. Yesterday Total Virus Scan found this Keylogger, 2 Trojan, RAT in OS. How do I remove these from my OS andcatch who is behind this? Attached is screenshot of the 4 issues found. Also on SD Maid it said my device wasn't rooted but had a built-in superuser app. Can't find the screenshot I had of that but had a url of toybox. A bunch of numbers then said [email protected] something. Any help will be much appreciated. Thank you in advance.
Click to expand...
Click to collapse
You need to utube Beef, it's a exploit that takes over your browser that's started with script embedded in a web page, text, messenger msg, etx. You may confuse it with malware because the attackers will gain the same info if not more by using social engineering.
remove all google accounts from settings, perform a factory reset, create new google account and check Total Virus Scan again.
You can use same google account just don’t restore data
Arealhooman said:
You can use same google account just don’t restore data
Click to expand...
Click to collapse
I don't recommend this as google account is device administrator, anyone knowing that password can remotely install apps