Related
Ok, before everyone jumps to conclusions on multiple accounts let me get this out there.
1. I am not a noob when it comes to forums and no how to search ie my search results:
http://forum.xda-developers.com/showthread.php?t=989241
http://forum.xda-developers.com/showthread.php?t=1067003
http://forum.xda-developers.com/showthread.php?t=913958
2. I am not a noob when it comes to android devices and would call myself moderately knowledgable in the subject and really cant think of any other ideas also google nor sprint is not helping in the slightest ( and honestly I dont expect them too).
3. The story below is true and i DID NOT STEAL or receive a STOLEN phone, nor am i some jealous boyfirend. I am doing this for a friend, so here it goes.
My coworkers son commited suicide and has asked me to look at his phone to see if i can find away to unlock it so he can either know if anybody knew this was happening or most likely i think for closure of this whole ordeal. When given to me he had already given the phone to many gestures and gives me the google account lockout screen. the father just wants to see the latest messages on the phone as well as anything that might have come up. now this is what i have done so far:
PHONE: EVO 4G
Status: Stock AKA NOT ROOTED
1. I have taken out the SD card to see if i can grab anything off of there but the last time the text messages were backed up were on 7-31-2011, so that really doesn t help me there. I cant think of any other folders to look in in order to find anything else.
2. The phone was never set to USB debugging so there is no chance of rooting the phone (although i am not sure this would even unlock the phone at this point)
3. His father does not know the gmail account and I have only found a few other accounts through facebook and odd random searches that you can scarely do on the internet. After reading some other posts though I am not sure i could do what i was thinking with this because it only updates the computer and not the password on the phone.
4. Tried calling the phone. The phone doesnt even register as if someone is calling. The father said he didnt turn off the phone yet, and it makes since as i am creepily getting text messages as we speak.
So this is where i am at. I cannot think of too much more. Like i said i dont want the phone, it isnt stolen, and i am really just trying to help the guy out. Google told him becaus ethe kid is older then 18 ther eis nothing they can do and if that is there policy then that is BS especially in this situation. and sprint told him they can do a factory reset on the phone. so those are out of the question.
If you're positive that usb debugging is off, then there's not much you can do.
If you can reset the password to his Google account, and the phone has an internet connection, then inputting the new Google information should unlock the phone. I'm not sure if a connection is automatically created during this process. If you'd like, I can test the theory on my own Evo if you can't get any further.
Most people use the same password for everything. If you can find a password for anything, it's likely that's the password for his Google account. Check his computer as well. If he has saved his login information in his web browser, you should be able to pull that information.
Unfortunately you would have many more options if the phone was rooted. You could do a nandroid backup then sift through the data.img. I'm not sure if the stock recovery allows for anything that will help you. When you get into the stock recovery, it looks like you don't have any options. I believe holding both volume buttons simultaneously on the screen with the red triangle/exclamation point will give you a list of options.
If you cannot get into the phone, the SD card is probably going to be your best source of information - though it's unlikely that you'll get much. Browse through all of the directories. He could've switched SMS Backup apps and the information could be stored in a less obvious location. Try /sdcard/data and /sdcard/android/data.
If I can think of anything else I will post it. Both ADB and MyPhoneExplorer (I'm not positive that's the name) would be helpful in this situation, but without usb debugging on I don't think you'll be able to use them. Research further into enabling usb debugging without access to the OS.
I'm sorry for your friend's (and your) loss. I hope that in some way, even if not through the phone, he can find closure.
Sent from my Evo + MIUI using Tapatalk!
Thanks for the response good ideas, and I will try them. Turns out this kid never had a computer and in talking with the friends they only had his other email accounts so I will think of someway to get around that, but anyways thanks again.
Your best bet would be something like the Cellebrite UFED that was getting some attention a few months ago. There are other mobile forensics utilities - I'm not sure if they can be purchased by a single person or if there are guidelines these companies must follow before selling the devices. I'm also sure that they're not cheap, so unless you or your friend are very well off, you probably couldn't buy one yourself anyway.
I took a Computer Forensics course and we spent a week on mobile forensics. This was before Android was popular, and I believe that we used the device on a BlackBerry. The device (I don't remember the name) made an image of the contents which we then looked through using Forensic Toolkit or something similar.
If you know anyone in a computer program, ask if they have access to a similar device. We were allowed to use whatever tools were available during specified times (mainly for lab work, but we could use them for other reasons), so this would be your best bet for getting information off of the phone. Other places, like repair shops (and police departments) may have access to similar technology. If you can find someone empathetic to your situation with access to mobile forensics tools then you may be able to get somewhere.
It's a long shot, but I had the thought & wanted to bump your thread for you in hopes that someone with more knowledge could help you out.
If the device happens to have wifi on & is connected, you can also hack into it over the network. If this is the case and you need more information, shoot me a pm and I'll give you what information I know on ways to do so.
Sent from my Evo + MIUI using Tapatalk!
thanks for sharing.................
Hey guys, i got a scareware pop up last night and rebooted my phone.
Then it popped p again so I googled I should disable my ad preferences. but While I was looking through my google stuff I found a ton of these "modules"
I don't remember them being there before. Between the Chimera Virus and the Chimera tool floating around out there, and not being able to find good information on it..., , it makes me pretty paranoid.
I noticed in settings that I have these Chimera Modules in the bottom part of my google services info.
Does anyone know what those are and why they are there?
First of all, this would be better suited for the Q&A forum.
To somewhat answer your question, if I were to take a guess, something you installed, probably in the hopes of gaining root or unlocking your device, was either malware or a scam. There is a site for this tool which looks really shady. I've never heard of it, so I could be completely wrong. If I were you, I would uninstall your most recently installed apps and see if it goes away. Otherwise, I would do a factory reset to protect myself.
Would second the factory reset - if you're rooted I'd also take a scorched earth approach and wipe as much as I can within recovery just to make sure.
I found similar modules on my phone in Google Setting "[internal] section. But from what I can see inside it lists only packages from Google Services and after a bit of searching Google Services contains package with "chimera" in its name namely: "com.google.android.chimera.container.*". Therefore I think it don't have to be connected with any adware/spyware etc. you might have accidentally installed on your phone. Maybe it showed up lately on many phones with some update or it was there already for sometime? Waiting to hear about it from other users.
how can you make your ph delete what is added because ive got stuff on my ph & dont know what all has been added since i bought ph had 1 yr my furst i know nothing about them
[/COLOR]
comprohacked said:
I have Chimera Modules "Listeners", "Stagefright" Virus, c.betrad.com, GPS Locations popping up in Las Vegas (The exact same time I'm sitting on my bed in El Cajon, CA) on a LINUX using Chrome 44.something, which is very strange, being as I only have smartphones to use that keep getting hacked and/or being destroyed by being rendered completely useless. There are files I didn't put on my device (s) and I can't access them, I've been completely locked out of email accounts I've had since my children were going into Junior High School. Countlesd, irreplaceable photos, cherished momentz and video are all gone!!! Our Precious Memories that only I took the time to capture, are not expected to ever be seen, again!! I just found out my Router has also been hijacked, I'm learning terminology I was never before interested in learning (and, really...I still am not...I am and app chick...I love trying and using new apps)! My calls, posts, texts,, emails have been intercepted and, responses have been returned as though I were compiling the messages in whatever form, now, none of my old friends will speak to me....so, I have no social life, anymore. I'm constantly being redirected elsewhere on the web, I passed background and DMV checks for both Uber and Lyft, but, I can't drive for them when even their Driver apps are badly compromised, that I cannot even get to the part of the app where I log on, I just keep being redirected!!! Since this all started about a year ago, I may spoken to an actual employee of my Service Provider....MAYbe 4 times...it took me a long while before I realized my outgoing calls were intercepted and I was speaking to an imposter!!! Oh and ALL of the so-called Antivirus apps are completely bogus and easily disarmed (while returning false results that your "device (or, apps or, files or, system, etc) are safe and virus-free"....and you are LOOKING AT THE VIRUS WORK ON THE APP AND YOU SEE ALL THESE REALLY MESSED UP COMMANDS IN THE LOGS AND URL STRING AND, PFOGRAMS, BUT your device is SAFE!!! UNfrkgbeLIEVABLE!!! This stuff is so REAL AND UNFRKGREAL!!! WTH???? You'll never catch these supervillain superbeings with their superintelligence who are on a supermission....I'm one of them. I had a lot of stuff here in this box, but I didn't copy like I usually do and now a huge chunk of it is gone. Nevermind, I'm not in the mood, anymore. Carry on with making me supermiserable in your superdon'tgivdadamn way. I'm just going to go to bed, watch YouTube, if you let me and, chill in a superchill way. Carry on, Carry on. By the way, Kaspersky didn't last e minutes of the first layer of attack by cyberthemfkngangsta...I'm telling you it Kaspersky was disarmed and effectively rendered disabled and wholly ineffective. Better come deep and loaded on brain grains...feeling much more powerful than your websites. Simple as that. Good luck.
Click to expand...
Click to collapse
Hi comprohacked .. Its nice to know in not the only one .. I am a network engineer with a bachelors in computer science, so I'm much more familiar with the things I have seen. Fighting it has only proven to render my devices unusable, but it has been extremely educational for me. I can tell you some of the things vie learned so far: first of all they use UPnP and a vulnerability in Adobe to gain access. They even moved my Adobe from the programs list to my windows update list. They are very stealthy as my system event codes show them errorig out hundreds of times until they get a success, then continue, what they were doing was elevating their access beginning with default then user, up to admin, and continue until the have system access .. Basically as far as programs or anything else, its windows itself making requests. Then they use what's called a root kit, they actually flash your bios and create a second bios that can not see or access. They map your I/Os and reserve memory space on your periphials ad flash the ROMs of your video, audio, network card, USB ports and really everything else .. And while they take complete root control and ownership of all the hardware, they use network discovery to find every device, cell phones, playstations, Xbox,notebooks, routers, modems, anything connected and do the same thing to all of these, then set up a raid, meaning fault tolerance, or lets just call it a backup of each system on other systems on the network, that way even if you get passed the b
Mbr rootkit somehow, and somehow able to regain control of your PC or phone and reset it, they just put it back as soon as it boots up again. They basically sandbox you as a child environment, while they have a parent profile that overlays whatever they want you to see. They Grey out buttons for setting that can potential trip them up, proxy your web traffic .. They configure servers for your dns and the list goes on. You see on captures that your dns traffic is going out to your loopback address of 127. The will have small portion of your hard drive where they keep whats called metadata, lets just say they have backups of their backups .. Ive experienced everything you listed and more .. They use legitimate software from windows or google but hide the rest,and since they control the OS they tell the programs whrrr they can and canyon look.
These are nit kids doing it, it is far too advanced fir that, and with the language packages I would say nit just America, but several other countries . They eveN have bk
You described to a t exactly what I have on all of my devices. Can you share about what to do about it?
I'd like to drop some information about what your describing Phil, and some of the people/organisations connected with developing it, and how it has been used in the finance and trading sector. Can you or anyone suggest links to places on the web or ways I could do that? Effectively, so that the information spreads quickly.
Have u found a soultion
My husband and I are currently dealing with the same issue down to a t. Any more info on any of it so far?
Same thing
It started about 2 months ago. First i use comcast internet. Comcast was out front on the pole doing something idk cause i dont have neighbors an my internet was fine. Then a week later a public utilities truck was across the street on a pole that didnt have a transformer on it. They installed a box at the top. Proware technologies. I walked over to them and they hurriedly got down and left. I thought strange. So i went to my desktop and looked at my network and even wierder is i had a some pc connected by ethernet to my comcast modem that was sitting in front of me. I only have 1 computer hooked up by ethernet that i know of and can see only one cable to my pc. So i hurriedly copied all the info from mac address etc of the mysterious connected pc. After about an hour they had chsnged my name of hetwork and had hidden there pc. Theres a lot more that i wont blab on about but i think its the FBI. The box came down last weekend in the middle of the night- but i still cant get any internet company they all tell me they dont service my area when ive had them in the past. Im connected to sum modem i have no idea where cause its not the one i should be connected to. Its crazy. I feel crazy. Drives me crazy! Friends cell phones get all screwed up wen they come over. Its aweful. What can i do?
My wife and I have also had this same NOBUS level hack done to us and after 9 months I realized a few tricks that have shut them down several times but they always seem to figure some new hack to thwart my efforts until I finally took a screwdriver and shorted out my MOBO out of shear frustration. That seemed to work! Lol well now I do everything on my cell that I had to root to eliminate their emulated files and restore a custom ROM. As for the PC that is a harder nut to crack...
Thank God, I thought I was losing my mind,3 laptops, 2 cable companys and 3 different phones, and now these modules, my daughter thinks I'm nuts but I know what I see and I know what I have done, factory resets don't work, I keep changing my password info my wifi info even my numbers, if I'm not using my phone or wifi I keep it disconnected this is crazy, what's the purpose.
OK I've done some extensive research on this google play services chimera. It's not a bug or virus or . It's google play services latest secret weapon to control our devices. It's a container full of different modules. I've blocked some through amplify. They start as an alarm. Then turn to wakelocks. One is a system update server that runs continually while our phones try and sleep. Killing our batteries. I'm running Oreo Android 8.0 and have just recently started seeing this said activity. It's no wonder normal people that don't root their devices have no idea what these are. Being slipped in on updates. They know what we know and it's their efforts to go around that and try different things to regain control of anything computerized. Take for instance. Was talking in conversation the other day. Mentioned New Nike shoes. Low and behold next day it's in my damn Facebook feed. Uninstalled fb, that's just way to much for me. Hope this might help. But definitely not a virus
Oh my god i am so glad i found this i am crying. I literally thought i might be insane. Been dealing with this for over 2 years but has lately gotten worse by a mile. For now I'm just relieved I have company. I do not believe it is Google. There is a "real" Google out there and everytime I interacted with them they were helpful. Currently though I'm connecting to some imposter "Google" in India. I also have comcast but the router in my basement is NOT the one I am connecting to. Everyone thinks i am a lunatic when i tell them any of this. I kept seeing the term Firefly come up and it feels important
Same same
Comprohacked and ppl below. Exact same thing has been happening to me for months. No one will help not even family. No one speaks to me. I knew nothing at all at first. Ive been scammed etc. Phone after phone. About 30 this yr. I dont know if this will work because everytime i type something om a forum it never sends or theres always an issue with it redirecting etc. I dont even log onto google anymore om a new phone but theres still a hidden account connected and **** downloading itself. Photos get deleted. I have a daughter now and ive lost everything. Im embarrassed for her to see how lonely i am when she grows up. Its all government related. I do know that and how corrupt this world is. How google are allowed to do whateber they want. Im on medication now. I dunno if anyone has had any luck on how to claim there lives back but im just about done for good. Just thanks to everyone coz i know im not alone.
What the hell is going on in here? I feel like I'm scrolling through a conspiracy post on reddit or something. I need more info!
HackedInAz said:
My wife and I have also had this same NOBUS level hack done to us and after 9 months I realized a few tricks that have shut them down several times but they always seem to figure some new hack to thwart my efforts until I finally took a screwdriver and shorted out my MOBO out of shear frustration. That seemed to work! Lol well now I do everything on my cell that I had to root to eliminate their emulated files and restore a custom ROM. As for the PC that is a harder nut to crack...
Click to expand...
Click to collapse
It's funny you say that. Not considering the other ways described previously in this post, I just knew my modem was the source of my issues, thinking I had eliminated all other possibilities. Ironically a screwdriver through the Ethernet device (not sure of exact terminology here) took a screwdriver through the center of it. Worked well for turning it into trash lol.
Targeted
You people who have been locked out of your own devices and online accounts...google "Targeted Individual."
It really doesn't work the way everyone says it should. I was trying to unlock the bootloader on my phone, and I made sure to download firmware for the phone that matched the model number. It was a Lumia 920 model RM-820 from AT&T, and the firmware I used was supposedly designed for that phone. The filename of the firmware I found was RM820_3051.50009.1425.2001_RETAIL_nam_usa_100_01_443332_prd_signed.ffu
Ever since I flashed it, it's been bringing up a frowning face and rebooting itself. I've been told to use the WDRT tool, but it won't recognize the phone no matter what I do. It keeps searching for the device and never finding it, no matter how many times I reset the phone or whether I pull up the screen with the gear and the lightning bolt by using volume up. When I use the screen with a gear and lightning bolt, the software tries to detect something, but it never gets any further than the "please wait" screen. Anything other than that mode completely fails to detect anything.
It's very difficult to find information on this problem, because a lot of the FAQs and guides are really old and full of dead links. I don't have any kind of real background in this, and I struggled to make sense of anything I was reading about this. I'm really kind of a moron when it comes to phones, and I was a little overconfident because I know what I'm doing with PCs. I really hate how phones obfuscate all the details, won't tell you what's going on, turn your device into a brick if you make one mistake, and make it so hard to do anything with a device other than what the manufacturer intended.
In all honesty, it's very likely that if I don't get this thing fixed, I'll probably end up putting my SIM card into a TracPhone or similar device for a couple months until I can afford a new phone. Could someone help out a total moron? Please?
EDIT: Well, you can actually go ahead and close this thread... I don't know what happened, but apparently my Mom was able to fix it. The procedure failed on my desktop PC, my Surface Book, and my old laptop... but my Mom tried to use her laptop, and somehow it worked. I wasn't even watching her, so I have no idea how, though. And she doesn't know anything about computers, but she somehow did in 10 minutes what I couldn't do in 2 days.
athenian200 said:
It really doesn't work the way everyone says it should. I was trying to unlock the bootloader on my phone, and I made sure to download firmware for the phone that matched the model number. It was a Lumia 920 model RM-820 from AT&T, and the firmware I used was supposedly designed for that phone. The filename of the firmware I found was RM820_3051.50009.1425.2001_RETAIL_nam_usa_100_01_443332_prd_signed.ffu
Ever since I flashed it, it's been bringing up a frowning face and rebooting itself. I've been told to use the WDRT tool, but it won't recognize the phone no matter what I do. It keeps searching for the device and never finding it, no matter how many times I reset the phone or whether I pull up the screen with the gear and the lightning bolt by using volume up. When I use the screen with a gear and lightning bolt, the software tries to detect something, but it never gets any further than the "please wait" screen. Anything other than that mode completely fails to detect anything.
It's very difficult to find information on this problem, because a lot of the FAQs and guides are really old and full of dead links. I don't have any kind of real background in this, and I struggled to make sense of anything I was reading about this. I'm really kind of a moron when it comes to phones, and I was a little overconfident because I know what I'm doing with PCs. I really hate how phones obfuscate all the details, won't tell you what's going on, turn your device into a brick if you make one mistake, and make it so hard to do anything with a device other than what the manufacturer intended.
In all honesty, it's very likely that if I don't get this thing fixed, I'll probably end up putting my SIM card into a TracPhone or similar device for a couple months until I can afford a new phone. Could someone help out a total moron? Please?
EDIT: Well, you can actually go ahead and close this thread... I don't know what happened, but apparently my Mom was able to fix it. The procedure failed on my desktop PC, my Surface Book, and my old laptop... but my Mom tried to use her laptop, and somehow it worked. I wasn't even watching her, so I have no idea how, though. And she doesn't know anything about computers, but she somehow did in 10 minutes what I couldn't do in 2 days.
Click to expand...
Click to collapse
I've had a similar problem with mine, bootloader unlock process didnt finish correctly and my Lumia 920 won't switch on, respond to Soft/Hard resets or respond to connections to the computer. WDRT and WPInternals no longer detect the device at all.
I hope someone knows how to sort this out
Hi everyone! Really need help or a better understanding PLEASE!
Read everything, no rude remarks!
So i THINK my firmware/kernel was changed/edited? Lol If that makes ANY sense?
So I have a Galaxy S8 bought from Cricket but is unlocked now & is NOT or NEVER been rooted.
My roommate works for a company who supplies a phone (exact phone as mine but Verizon, mines on Sprint now.) Roommate told me he could be tracked threw his work phone & work laptop so everything is seen by the company? Creepy but understandable for work. They can even remotely charge his work cell! Seen with my own eyes! Crazy cool.
Anyway.. I just recently noticed my phone settings have bee changing, adaptive brightness enables, NFC enables, & wifi extra choppy to name a few. I also get a VERY low on-call volume, have missing files&pics, startup encryption disabled on multiple occasions which is B.S!! And I see sites in my history that were visited but i hadnt been on em!
It all started when my phone factory reset on its own, sitting right next to me!
**Theres also apps that Ive NEVER seen like a Verizon cloud/acct & Tmobile app. (Is this due to me unlocking the network?) But they weren't there before! My ex husband has a Tmobile Note 5 &My roommate a Verizon s8 &yes they know each other.
**My call log online shows calls were originated by my number &some by my contacts like my mom, the roommate, &friends to the number> 62450000000111 WTF is that about? Sprint was no help!
*My phone was on Cricket for 2yrs &once unlocked, I switched to Sprint.
And yea I did a factory reset via settings and but no change. So i did one via recovery mode but phone is still acting strange.
Im new to this so bare with me!
After some research I downloaded the Termux app &installed a Ubuntu distro. Upon using a command promt I get "mount /proc" followed by the command promt that I need to type in &when I tried I get "Permission Denied" &something about a missing fstab directory?
I have root access via Ubuntu but *NOT a Rooted phone
Another thing.. i did set up a vnc server & while i was going through files (I made NO changes) i would lose permissions as if someone was changing the permissions while i was looking around. After that ONE time i was unable to reconnect to the vnc viewer! So frustrating!
I just want to be sure my roommate didnt mess with my phone its really creepin me out! I'm afraid to use my phone or even take pics of my kid!
I read online to reflash the firmware with Odin which should solve the issue, but *I DO NOT have a computer*
I found a SD Card which I believe belongs to my roommate.. when I put into my phone my LED turned Pink on boot up (usually blue) and took longer than normal but only does so with that specific SD card. Weird?
Lately my roommate makes remarks about hacking & makes comments about stuff i said or websites i brows when he wasnt even home. Really freaked out by it all. Anyone if u can help please!
***Will reflashing cause my carrier unlock to go away?
***Can anyone explain flashing/recovery/stock?
I apologize for this long post!
I have a A52 5g and a tab S7+ wifi, that are both remotely controled and monitored, and serve as gateway to my home network and basicaly every device connected to it. I noticed it at first and mew NOTHING related to this, didnt even know what open source was. Since then i have come to understand that, somehow, my phone seems to run a custom version of android, my guess is, built from AOSP and designed to disguise itself as oem samsung ui, but in background enables remote access and total takeover of every function. I have discovered, using total commander, that storage has been partitioned in 2 separate locations, and that one folder in there is called root system file, and filled with data/apk/installkits/etc.. this has me asking for help in 2 specific questions:
Am i holding a rooted device or is there another possibility that creates this situation? I was convinced its rooted untill i read here that root prevents from using samsung pass, secure folder etc.. and those seem to work on mine(or is it a version of those apps?) If its indeed rooted, will it wype everything if i flash it with the stock rom? And should i trust a small cell repair store to do that or learn how to do it myself?
2: i have bought 3 brand new phones since august, and made sure not to use my usual accounts, no use backups, not even set it up near my home wifi, and it almost instantly started self installing harmful software in background. I see no other way for it to link itself to be owned by me at initial setup, but for the sim card, new of course, but with my usual phone number and service transfered to it. Is that enough to make a breach and compromise a new device? If so, what would be different after fpashing the stock rom, if everything reinstalls itself? Do i need to change my number? Change cellular service provider even? I know its an unusual request but im a fast learner, i have compiled lots of technical info on specific apps, ip's, servers, build id numbers etc.. that i know would make more sense to anyone more qualified than me, and i am about ready to try and wype/flash the thing myself, i just would feel better with a little help since i have gone this far pretty much alone, since no service provider or manifacturer actualy feels like this is their problem to solve....
Here you can download firmware for your phone and flash with Odin, which you can also download at the bottom of the page, there are instructions on how to do it also.
Make sure to download correct firmware for exact device you have. There are few different A52 5G models.. SM-A526B, SM-A526U, SM-A5260, SM-A526U1, SM-A526W.
You will lose all data after flashing new firmware. After this your phone will be like brand new from Samsung..
If your device is rooted then that means your warranty is void and manufacturers and carriers are under no obligation to help you.
I'm trying to understand your situation but its so conflicting I don't know where to begin.
For example, you say your device runs a custom AOSP with a Samsung UI. Thats exactly how it actually works. Samsung take the AOSP, customise it with their own functionality, then overlay their own skin as the UI. Theres absolutely nothing unusual about that.
I'm conflicted as to whether your rooted or not. If the manufacturer or carrier has physically seen the device and won't repair it then that would suggest your definitely rooted. If you spoke to them virtually and told them your rooted then they will use it as an excuse whether you're truly rooted or not. The partitions you mention could be the internal storage and an sd card which can be seen non-rooted. I dont know what you mean when you mention a "root system file". Is it an actual folder called "root" or is the app you're using just telling you that you've reached the "root" of the filesystem? I can't quite work out what you mean. You also say Knox-powered apps still work which just adds to the confusion.
You stated you have had 3 new devices and they all self-installed harmful software. To get one device compromised is possible. To get three compromised means your either a high profile government target (which I doubt because they wouldn't be so sloppy as this) or your doing something to compromise your own devices such as continuously visiting dodgy websites.
Flashing will fix things but so would having a new device. The only common denominator is you so either you're doing something wrong or you truly are a government target in which case I wish you good luck!
First let me appologise for the long silence, i cut off most online activity for a while and just read your answers. To clarify, i have not solved my prolem yet. But ill try to explain better what you ask about my situation:
About de os version arobase40 got it right. I Asked google play help reps. And a stock samsung version of android would not trigger googles warning about running a custom version of android. So that point to a modified after-the-fact more than to the fact samsung has their propierary version installed.
About beeing rooted or not, ylwhat you are asking is what im not totaly certajn of, also. I know partition can happen without rooting, its seems to have created a "virtual sd card" since its named as such when sd card slot is actualy empty. About the root files folder, i cant say for sure, all i can say is that its holding a large amount of Gigs that dont get taken into account when looking at storage capacity and usage, and accessing that folder gives me a message that root files cant be access from this device. Does it mean my device had root acess privileges revoked to prevent viewing files that hide what is given control of the software remotely, so i dont find out or have the capacity to remove or alter those files?
What is absolutely sure is that if it is rooted, it wasnt done by me. As for the chance the devices were not factory brand new, 1 of them was not, got it opend box from amazon, a saudi arabia version, but my prkblems had started months before getting it, did not keep it more than 2 months, and all others before and since are 100% pure factory new, some directly from my cellular service provider, as financed device came with 2 year agreement of service,(actualy 2 of them i got this way) and the last one is my tab s7+ i got online directly from samsung canada website, on preorder, delivered on release day.
And lastly the fact i cant seem to shake those persistent leeches, is not from having reckless habbits online, but from having careless and uneducated habbits before that all started, usual older lazy dude stuff, like not changing my wifi password after a ruff breakup with bipolar psycho ex gf, or having only a few passwords reused on most my accounts. I have stopped doing those things long ago now that i know better, but i suspect that i could have been unaware something gettnng installed and staying dormant for a while, maybe? The ex had way more opportunities than needed to do something like this and is more than psycho enough to realy do it also. For having the skills to do it, lets say she has "assets" that can easily get her guys willing to help about that. It may also be coming from somwhere else, but as you say im not a super spy or a high ranking gov. Official. Im not even that interesting, and have absolutely no usable id for fraud or anything, my credit history would raise more red flags then there is in all china. So after so long struggling with this still very active, i cant even think of a rational reason to do so much effort into this, theres nothing to gain, i only can imagine that maybe a twisted mind seeking revege, or with a sick way of amusing themselves could see the point to all that, but i dont realy care. I only want to get rid of it.
As for the way it manages to be so much persistent, i can only see one option left i didnt remove from the process, and its through my phone number/account on the sim card, even a new sim on a new phone, still is linked to my cell service. I did initial setup with only that new sim card, accounts freshely created during setup, with no info or anythink linkable to my previous accounts, and even did it sitting outside, far from any building that could get me in range of a wifi network. And it still was no more effective at staying secure.
Thats why i did not yet try to flash a stock rom myself on my device, because it would, at best, become exactly like it was when brand new, and i know that this is not enough to keep it secure, and that means theres still something im missing in the whole picture.