Hi, i need help and i hope that someone here can help me, im currently infested by a virus or malware that keeps on coming back, it never stop it always install itself
and it has the capability to
1. read phone status and identity
2. location
3. modify/delete contents
4. find accounts on device
5. download files WITHOUT notification
6.retrieve running app and run at startup
7. draw over other apps
8. read sync settings
it looks very dangerous it could steal info from my phone, based on my research those who are infected by this app also receives msgs with links and it seems that the phone itself created that message and sends to itself
right now i have no idea on how to remove this problem, also rooting is impossible currently because my phone is not supported on any rooting services and i yes i tried everything, emailed them if they supports rooting my phone and they all say no.
i was able to grab a copy of the enginee app in apk format maybe someone is interested on simulating it on an emulator (im doing it right now actually)
wow, very friendly "developers"
Related
I just got my Atrix yesterday, I seem to have the issue where it wont successfully log in to google talk which also means that I cant download apps. I've tried making a new account which also failed to work. Are there any ideas out there for how I could fix it?
Can anybody help me?
I had the same problem and figured out that it was Droid Wall keeping Gtalk from connecting. Make sure Talk can access the network freely.
Sent from my Nexus S using XDA Premium App
Real solution
Gibsonflyingv said:
I just got my Atrix yesterday, I seem to have the issue where it wont successfully log in to google talk which also means that I cant download apps. I've tried making a new account which also failed to work. Are there any ideas out there for how I could fix it?
Click to expand...
Click to collapse
After cloning a samsung gio s5660 through a CWM backup I started experiencing the same issue. Heres What REALLY happens.
Google authenticates you in their services trought unique "keys" which are automatically generated upon system installation / factory reset, so if you clone your device or install a rom which has these "keys" pre-installed, obviously, your rom will only autheticate you in google servers if your phone is the only one using the service at that given time... Upon failure, your phone assumes to be the one who's wrong, and google servers won't autheticate you until you either tell your phone he is not wrong (by deleting the data from play store, which resets its status and errors) or you change the "keys". SO, what can we learn from this? deleting the play store data IS a temporary solution, and won't solve a thing. Let's delete the duplicated keys shall we?
Navigate with your favourite folder explorer on your android (I use X-plore, you can tell me anything, there's nothing better) to the following directory:
- "(root)/data/data/com.google.android.gsf"
Now you have two real options, either you may delete the all folder, which was the perfect solution for me, since my rom is prepared to re-create it upon phone restart and new keys will be generated, OR, you might want to just delete the contents of app_sslcache inside com.google.android.gsf whish are THE KEYS I HAVE BEEN TALKING ABOUT THIS ALL TIME, YEEEIHHHH and reboot your phone...
Needless to say, take a nandroid backup before you do any of this...
Thank me later
For those who remember me from symbian s60v3 phones, yes, it is me, I'm back, and I've moved to the droid world, it's much better indeed
Let me just say, I have no idea why this thread was moved or resurrected. Whoever did so was about a year and a half too late. Please close/delete this thread.
Hi, I stumbled on some website which downloaded an app without my permission via the browser. I disconnected the data connection while it was being saved on my device. However later I got a popup from Dr Safety that an app was installed and it was safe.
But I didn't authorize it and I feel it to be unsafe. I couldn't remember the name but the popup showed something like "com.indi" something. It's not the full name as I can't recollect.
Is there any way to know what was installed?
My device it's Asus ZenFone 2. Thank you.
Hey i have a terrible adware thingy on my phone, unable to remove it. No antivirus detect anything.. Its different sometimes. Before it came only when i open whatsapp now it comes anywhere. It comes 1 time a week (not often) very few times a week. Pls help.. How do i remove this????
No one knows ?
if it started just on whats app i would generally suggest it has linked to the whats app files. now it is opening more and more it has now sync with most of your files and folders.
best thing to do factory reset your device save as much as you can to SD card which you need.
1 Before you reset your Android , see options for backing up your data.
2 On your mobile device, open the Settings menu Settings .
3 Under "Personal", touch Backup & reset. You may need to enter your pattern, PIN or password.
4 Under "Personal data", touch Factory data reset.
5 Read the information on the screen and touch Reset phone.
6 If you have a screen lock, you'll need to enter your pattern, PIN or password.
7 When prompted, touch Delete everything to delete all data from your device's internal storage.
8 When your device has finished erasing, select the option to reboot your device.
Ps stay off the porn sites ^^ generally virus are downloads when visiting random links and the website installs an .apk generally the main anti virus programs are paid to miss these or dont bother because they think there a part of an .apk so do not flag up hope this helps
mgrandy1984 said:
if it started just on whats app i would generally suggest it has linked to the whats app files. now it is opening more and more it has now sync with most of your files and folders.
best thing to do factory reset your device save as much as you can to SD card which you need.
1 Before you reset your Android , see options for backing up your data.
2 On your mobile device, open the Settings menu Settings .
3 Under "Personal", touch Backup & reset. You may need to enter your pattern, PIN or password.
4 Under "Personal data", touch Factory data reset.
5 Read the information on the screen and touch Reset phone.
6 If you have a screen lock, you'll need to enter your pattern, PIN or password.
7 When prompted, touch Delete everything to delete all data from your device's internal storage.
8 When your device has finished erasing, select the option to reboot your device.
Ps stay off the porn sites ^^ generally virus are downloads when visiting random links and the website installs an .apk generally the main anti virus programs are paid to miss these or dont bother because they think there a part of an .apk so do not flag up hope this helps
Click to expand...
Click to collapse
Thx for the long help thing. But im not gonna reset because of a pop up thing i barely see anymore, but well thanks
Yeah more and more things like this are being sent through whatsapp and fb. It mostly because now alot of people from smaller/developing countries are using it while the majority of us gave it up and switched to something else.
if you would like to know where and what is pop it up try installing "QtADB" it has a program in it called "logcat" basically shows you all jobs that the phone is running you can use this to bug check where the program is running from but you may be going in circles for a few hours thats why i said just to reset. google QtADB should come up with a list of instructions to install.
mgrandy1984 said:
if you would like to know where and what is pop it up try installing "QtADB" it has a program in it called "logcat" basically shows you all jobs that the phone is running you can use this to bug check where the program is running from but you may be going in circles for a few hours thats why i said just to reset. google QtADB should come up with a list of instructions to install.
Click to expand...
Click to collapse
Lol thats some deep ****, i dont need o install as i have one built in. But not goig thru all that trouble cus of a few lines of text XDD
(Im new to XDA and initially posted this in the wrong place and do not know how to delete the last one. If admin deletes one because of multi posting, please keep this one up) my phone is infected with a virus that has imbedded itself in my system settings, any anti malware apps used do not detect it. when plugging my phone into my computer (for developer access) it began to install the device driver. once the "device driver" installed it took all administrative use away from me and locked all drives. I do not have ABD access or any computer access at this point. this phone has killed 3 laptops and a desktop. the only way ive been able to partially stop the virus is using a firewall to block it. since my phone is NOT rooted I cannot delete system files containing the virus. I noticed the virus will edit apps and system functions to try and hide itself (Google play services) for example. someone is using a form of remote access to control things and change settings. it is possible that someone (close family or friend) may have gotten their hands on it to install the virus. factory reset does nothing as the virus is stored in system settings. phone cannot be hooked to Pc without severe repercussions. I cannot gain root access through any rooting apps for some reason. only tried to access system settings. I HAVE TRIED EVERYTHING.
Defeated01 said:
(Im new to XDA and initially posted this in the wrong place and do not know how to delete the last one. If admin deletes one because of multi posting, please keep this one up) my phone is infected with a virus that has imbedded itself in my system settings, any anti malware apps used do not detect it. when plugging my phone into my computer (for developer access) it began to install the device driver. once the "device driver" installed it took all administrative use away from me and locked all drives. I do not have ABD access or any computer access at this point. this phone has killed 3 laptops and a desktop. the only way ive been able to partially stop the virus is using a firewall to block it. since my phone is NOT rooted I cannot delete system files containing the virus. I noticed the virus will edit apps and system functions to try and hide itself (Google play services) for example. someone is using a form of remote access to control things and change settings. it is possible that someone (close family or friend) may have gotten their hands on it to install the virus. factory reset does nothing as the virus is stored in system settings. phone cannot be hooked to Pc without severe repercussions. I cannot gain root access through any rooting apps for some reason. only tried to access system settings. I HAVE TRIED EVERYTHING.
Click to expand...
Click to collapse
First of all, you should disable autostart on your laptop/PC ( on Windows 10 press [WINDOWS] + "Setup"). There you can config autostart/actions for sd-card, mobile memory and your phone (scroll down on this page). No auto play or sync (fotos/media) for ALL devices is recommend. Don't log in your PC as admin, use a non-admin-account for testing with your phone.
Take a fresh sd card, copy the virustotal scanner on it (take it from the attachment at that post: https://forum.xda-developers.com/showpost.php?p=77053739&postcount=11), switch the sd-card to "read only" (https://www.youtube.com/watch?v=SgguVeKWCTw), put it in your phone, install the virustotal app from the sd-card, go online and let it run. So we figure (hopefull) out, which malware it is and where it is located. Write down the findings (name, location, how much scanner find it) and post it here...
Are you shure, that your ADB-SW/Drivers for the PC/Laptop are okay and clean? Plz post additional Infos about your phone...
I think, someone may have taken my phone, rooted it, and installed or is possibly using Samsung KNOX? If this were the case is there a way to break Knox without a PC? I don't want access to anything in it, just to destroy it. If this is part of the problem, just a quick theory and question I will get back to you with more information. Thank you
Defeated01 said:
I think, someone may have taken my phone, rooted it, and installed or is possibly using Samsung KNOX? If this were the case is there a way to break Knox without a PC? I don't want access to anything in it, just to destroy it. If this is part of the problem, just a quick theory and question I will get back to you with more information. Thank you
Click to expand...
Click to collapse
There are malware in the wild, which can root you phone (like "Dvmap"). In this case you only have one chance about the complete flashing of the device with a clean rom. This type of malware also infects system files, so it cannot be quarantined and removed. At the moment I don't understand why the computers you used for flashing don't work anymore. if the drivers / software are OK (do you have the right versions for windows7/8/10 and e.g. 32/64 Bit) this should not happen? Does this work with other smartphones? Normally the phone is switched off for flashing, so Android is not running. Also autostart should not work then.... that would be completely new behavior.....
"
Every device this phone plugs into, dies after Bluetooth randomly coming on
I'm struggling with something that never happened to me, I'm unable to restore my database to my recently upgraded Samsung J3 2016 - is running LineageOS 14.1 now
The phone was running stock Android 5.1.1, version J320FXXU0AQI1, nothing fancy here.
Made some research about what ROM to use and decided to upgrade to LineageOS 14.1, I'm really sick and tired of Google spying my steps, my contacts and the number of times i take a piss every day, and so on. Right now I don't have any Google account associated with the mobile (could this be the problem, since this is a custom ROM?)
Everything ran smoothly, backed up my contacts, call logs, SMS, pictures and the ENTIRE Whataspp folder. This method always worked fine on several phones I've upgraded or simple swapped equipment to a more up-to-date hardware. Everytime worked like a charm, restored logs, contacts and so on, in what it concerns to Whatsapp i simply moved the ENTIRE folder to the new phone (or upgraded phone), installed the Whatsapp app and is just straight forward for the app to ask me for a SMS code to activate the software and then asked me to restore my backed up database. It has been very simple so far, but not this time:
When it reachs the point to detect and restore my database Whatsapp states that can find one Database from 1970 (???? WTF) with 0 bytes, and after that it fails to restore my data (not strange, 0 bytes is no data). I've already tried earlier versions of Whataspp, tried different databases (there are 7 in my folder, i don't believe all of them are corrupted). I'm reaching 0 ways to explore. BTW, i dont use Google drive to store my backups because its enough for Google to know how many times i take a piss everyday, i rather have the backups with me, on my phone (thanks any way Google), but the files are safe in my desktop and on my phone for now, inaccessible so far but their're there.
Can any one point me some way to try to revive my database? Just a note, i have an older phone that still have Whatsapp there, i didn't erased it, maybe it's there something of interest for this situation?
Thanks so much in advance for everyone that can help, any hint can be helpful.
Update!
I've managed to get another phone, exactly the same, Samsung J3 201 J320F.
I've sent my whatsapp folder to the phone, signed in to my google account, installed whatasapp and, like 98% of the times my backup is ok and is restored. Now I have two phones:
1- one with Whataspp working fine (the one with Stock ROM 5.1.1 J320FXXU0AQI1
2- another one, the main phone, where i want to put my whataspp backup working but it simply doesnt work (previous post). Everything elese is settled and working just fine. Maybe whatasapp doesnt like Custom ROMs??
So, I'm sure that my backups are fine, right now I have access to anything that i may need i guess. I don't believe that Im the first person not beeing able to restore whataspp backups in LineageOS.
Please help
New developments.: I've installed Ressurection 5.8.5, the latest available for this phone. It runs ok, but Whataspp problem is still there, the backup is marked to have 0Kb, somehow Whataspp simple doesn't want to recover my backup if I'm using a custom firmware (I receive a warning about no support from them if I have problems at the beginning of the startup process).
So far this method didn't work (Whatsapp shows my Backup with 0Kb):
1) Copy your latest crypt 12 file to /sdcard/WhatsApp/Databases/
2) Install / Activate WhatsApp
3) WhatsApp will retrieve the key from their server and restore your backup.
I've tried this method that appeared to have some success in same cases. Followed everything but no luck, Whataspp detects a 0Kb backup also.
Meanwhile I still don't believe that I'm the very 1st person that this happens, I'm still very impressed with this. If the OP thinks I'm in the wrong Topic please feel free to move it to the right place, maybe there I'll have better luck.
Not that I have much knowledge in that direction, but the issue sounds more like it is about the file than Whatsapp itself. Maybe some permission issue? If you use a filemanager app like total commander, can it read the file fully? I found a topic that had 0 byte filesize issue and a simple reboot apparently fixed it.
musschrott said:
Not that I have much knowledge in that direction, but the issue sounds more like it is about the file than Whatsapp itself. Maybe some permission issue? If you use a filemanager app like total commander, can it read the file fully? I found a topic that had 0 byte filesize issue and a simple reboot apparently fixed it.
Click to expand...
Click to collapse
Hello musschrott, and thanks for replying.
I've tried moving the database file, erase it, changing it's name and the android system allows me to do it, i think the file itself is free to be read by Whataspp, but your other tip, the permissions in system made me google around (even more..) about it and I found here on XDA this. : "The privacy protection in the drop down menu and the permission in the app settings." (credits to LegoTechniker). On the privacy protection is all ON but in the Permission is all OFF and Whataspp nor the System ask me to turn it ON and it can result on whatasapp reading files with 0Kb from 1970.
I'll give a try but only tomorrow because the code/phonecall from Whataspp have a 48h delay and keeps increasing everytime I try a different method to solve this issue.
musschrott, thanks again!
tomalamix said:
Hello musschrott, and thanks for replying.
I've tried moving the database file, erase it, changing it's name and the android system allows me to do it, i think the file itself is free to be read by Whataspp, but your other tip, the permissions in system made me google around (even more..) about it and I found here on XDA this. : "The privacy protection in the drop down menu and the permission in the app settings." (credits to LegoTechniker). On the privacy protection is all ON but in the Permission is all OFF and Whataspp nor the System ask me to turn it ON and it can result on whatasapp reading files with 0Kb from 1970.
I'll give a try but only tomorrow because the code/phonecall from Whataspp have a 48h delay and keeps increasing everytime I try a different method to solve this issue.
musschrott, thanks again!
Click to expand...
Click to collapse
For everyone and specially those who helped (musschrott).
This has worked for me: giving full permissions to Whataspp in "Settings - Privacy" and in "Settings - Applications" worked like a charm, you have to do it BEFORE you start Whatsapp.
Best regards to everyone and thanks once more!
Make sure the WhatsApp backup file is in internal storage, and rename the backup file to msgstore.db.crypt.
After upgrading to LineageOS 14.1,install WhatsApp.When asked to restore from backup,choose the "msgstore.db.crypt" file.
mango9 said:
Make sure the WhatsApp backup file is in internal storage, and rename the backup file to msgstore.db.crypt.
After upgrading to LineageOS 14.1,install WhatsApp.When asked to restore from backup,choose the "msgstore.db.crypt" file.
Click to expand...
Click to collapse
Yes,
Those are the basic steps, but BEFORE running Whatasapp for the 1st time you have to give permissions in the system to Whatsapp because these are all OFF and the system doesn't ask to turn them ON when the permission is needed, simply presents you a file with 0Kb from 1970 and that's it. Again, you have to do this BEFORE the 1st Whatsapp startup and everything should run well.
Best regards
My issue is I gave full write permissions but then it goes straight to the Google Drive restore and does not show my local backup.
When I followed this by Rahil:
https://www.reddit.com/r/whatsapp/comments/np2zjp
"So today I finally fixed the issue myself
Click to expand...
Click to collapse
Steps: 1)make sure you rename the database as it should be.
2)Install whatsapp
3)Insert your number when asked
4)Use Otp/code
5)Then the app will ask you for google drive permission ,click allow/ok
6)Then the app will ask for contact permission ,simply deny this permission (very important)
7)Then the app will ask for storage permission ,hit allow (very important)
8)Then you will see your local storage behind the popup saying allow google drive and crap You will need to press add account and have your fingers ready for instant tapping between add account and instant tapping restore button ,and out of 10-30 times doing this practice, you will luckily hit restore button, I know this sounds confusing, And I can make a tutorial video if you want ,this works 100%
9)once it is restored ,you will still see app asking google drive option, don't click skip (this will reset the app ,leading to nothing restored) , So when the app is asking to restore from google drive, close the app right away (very important)
10)open the app ,and the app will ask you to set name ,set your name ,and you'll see all your backup"
Click to expand...
Click to collapse
It works but then it shows my local backup as 0k and from 12/31/1969
This is Driving me wild and now I have to wait 12 hrs to try again. Has anyone solved this ridiculous error?
dpoverlord said:
My issue is I gave full write permissions but then it goes straight to the Google Drive restore and does not show my local backup.
When I followed this by Rahil:
https://www.reddit.com/r/whatsapp/comments/np2zjp
It works but then it shows my local backup as 0k and from 12/31/1969
This is Driving me wild and now I have to wait 12 hrs to try again. Has anyone solved this ridiculous error?
Click to expand...
Click to collapse
Did you find a solution to this? I have the exact same problem