Related
I'm getting a weird pop up box with every click on xda-developers this morning.
The box pops up, saying I need to enter a user name and password for stage.myplaydirect.com
This happens for both firefox and IE.
Anyone else having this problem? Makes for a frustrating surfing experience. Only happens on the xda site. Reset computer, ran virus scan and came back clean.
nrfitchett4 said:
I'm getting a weird pop up box with every click on xda-developers this morning.
The box pops up, saying I need to enter a user name and password for stage.myplaydirect.com
This happens for both firefox and IE.
Anyone else having this problem? Makes for a frustrating surfing experience. Only happens on the xda site. Reset computer, ran virus scan and came back clean.
Click to expand...
Click to collapse
Yes, me too using firefox. Really irritating and I hasten to add that I have not attempted to submit my real username and password incase it's a rather 'in your face' form of phishing.
Medved77 said:
Yes, me too using firefox. Really irritating and I hasten to add that I have not attempted to submit my real username and password incase it's a rather 'in your face' form of phishing.
Click to expand...
Click to collapse
I got the same problem on both firefox and IE, and only when browsing this forum. No other sites or forums cause this pop up and my virus checker came up empty as did a complete scan of my system.
That's why I'm pretty sure something from this site is generating it.
Good to know I'm not the only one. Google didn't shed any light on it either other than some sony myplaydirect program, which isn't installed on my computer and I had never heard of.
Same here stage.myplaydirect.com
nrfitchett4 said:
I got the same problem on both firefox and IE, and only when browsing this forum. No other sites or forums cause this pop up and my virus checker came up empty as did a complete scan of my system.
That's why I'm pretty sure something from this site is generating it.
Good to know I'm not the only one. Google didn't shed any light on it either other than some sony myplaydirect program, which isn't installed on my computer and I had never heard of.
Click to expand...
Click to collapse
Have same problem with my Nexus One, log on to "stage.myplaydirect.com" pops up every time i reach the XDA forum and only there.
But on my computer it does not???
I have it too! really annoying... is it a bug of xda?
i have same message on all pages on XDA using FF3.6 and IE8.
No viruses found by anti virus program
I think this was solved by Svetius, and was related to third party advert code.
FWIW, xda doesn't ask for your password in such a box, so don't type it into that box. And your XDA password never needs to be typed into a site other than xda-developers.com and iphone-developers.com (if you import your account there)
I consider the "find my phone" software a necessary must on any mobile device. The ability to locate, ping, and wipe your Mobile is an extraordinary advantage in the digital age. I've used it once to find an errant iPhone 3GS and again on WP7 with a Samsung Focus along with helping my sister who continually forgets where her iPhone is.
What do you use on your Galaxy Nexus? Have you had an unfortunate circumstance that allowed you to field test it yet?
I've always had Lookout installed with all my phones. Fortunately I have never had to use it.
https://market.android.com/details?id=com.lookout&feature=search_result#?t=W251bGwsMSwyLDEsImNvbS5sb29rb3V0Il0.
I used ' Where's My Droid' on my N One and continue to use it on my GNex, also had loads of added bits with tasker working off the same trigger like lock phone and give warning message with a contact number to return... just in case it was a nice old lady that found it Not sure if Tasker will work fully on ICS yet so i've not set it up.
I also had Lookout installed but whenever i tried to locate it on their site it could never get a lock on. I dont know if they didn't fully support the UK that was the problem or that i was always flashing ROMs and it constantly being installed caused problems.
I have a Google Apps account for my family and a few of us have Android devices, so I installed the Google Apps Device Policy app on all the Android phones (in the Market and it's by Google). That app enables device policies and such for each user/device (encryption, syncing, syncing while roaming... anything a business would want to restrict/allow for their device).The plus about that app is that it gives me access to this (the mydevices link):
http://www.google.com/support/mobile/bin/answer.py?answer=1235372&topic=1233222
It's free and allows Google Apps users to lock, locate, reset pin, ring device, etc for Android devices. Remote wipe and everything else is part of Google Apps too.
Don't need a separate app and monthly fees, it's all handled by Google and works perfectly.
Interesting. Do you have to setup a server or what? I understand the client side policy app but not the backend.
How do you tie them together?
G2x - 2.3.7 CM7
Transformer - 3.2 Revolver OC/UV
player911 said:
Interesting. Do you have to setup a server or what? I understand the client side policy app but not the backend.
How do you tie them together?
Click to expand...
Click to collapse
Didn't have to set up anything, no servers or tying any services together. On my android phone, I just setup my account with my Google Apps email/password, install the Device Policy app, and .... done.
All the devices show up for my family in my Google Apps control panel (under settings -> mobile if you're familiar with Google Apps's panel). And that mydevices link "just works". Don't have to set up anything else, it's great. Google does it all for you.
I believe the device policy app periodically pings Google's servers every few days (it's a bare app with no settings, only a couple pages of info on policies and current status), that process lets the Google Apps admin (me in this case) restrict/allow anything via the Apps Control panel.
The mydevices webpage is more of a "push", since "ring device", "reset pin", "locate device", and all those buttons are instantaneous. i.e. I click "ring device" and a few seconds later my phone rings super loud, even when on silent (this is assuming there is a data connection available to the phone).
I got SeekDroid from the Amazon Appstore when it was free. It's pretty good. It gives the GPS location from where the phone was last used, lets you send alarms and messages to the phone, lock the phone, and remote wipe the phone and SD card if necessary.
---------- Post added at 02:06 PM ---------- Previous post was at 02:04 PM ----------
BinaryTB said:
Didn't have to set up anything, no servers or tying any services together. On my android phone, I just setup my account with my Google Apps email/password, install the Device Policy app, and .... done.
All the devices show up for my family in my Google Apps control panel (under settings -> mobile if you're familiar with Google Apps's panel). And that mydevices link "just works". Don't have to set up anything else, it's great. Google does it all for you.
I believe the device policy app periodically pings Google's servers every few days (it's a bare app with no settings, only a couple pages of info on policies and current status), that process lets the Google Apps admin (me in this case) restrict/allow anything via the Apps Control panel.
The mydevices webpage is more of a "push", since "ring device", "reset pin", "locate device", and all those buttons are instantaneous. i.e. I click "ring device" and a few seconds later my phone rings super loud, even when on silent (this is assuming there is a data connection available to the phone).
Click to expand...
Click to collapse
that sounds cool, i may have to look into it when my GN arrives.
BinaryTB said:
I have a Google Apps account for my family and a few of us have Android devices, so I installed the Google Apps Device Policy app on all the Android phones (in the Market and it's by Google). That app enables device policies and such for each user/device (encryption, syncing, syncing while roaming... anything a business would want to restrict/allow for their device).The plus about that app is that it gives me access to this (the mydevices link):
http://www.google.com/support/mobile/bin/answer.py?answer=1235372&topic=1233222
It's free and allows Google Apps users to lock, locate, reset pin, ring device, etc for Android devices. Remote wipe and everything else is part of Google Apps too.
Don't need a separate app and monthly fees, it's all handled by Google and works perfectly.
Click to expand...
Click to collapse
Unfortunately the first line is: This article applies only for Google Apps for Business, Education, and Government customers.
Any work arounds found by XDA?
Anyone else?
Another vote for Seekdroid. It always worked well on my Desire and i plan on using it with my GN. One of the best features is you can actually remove seekdroid from appearing in the phone menu or app list which prevents anyone from removing the app without your permission.
I used http://www.mobiledefense.com/ on my nexus s. Not sure if they ever released a retail version yet though. Kinda curious about the Google Apps thing now though...
Cerberus, Cerberus, Cerberus!!!
Such an excellent application! Please check it out, you won't be disappointed!!
I'm surprised no one has mentioned Prey yet.
Just tried Cerberus. Wow. Awesome! Thanks for the suggestion.
I've always used prey - I actually had a friend get his laptop stolen in Africa, and he's currently coordinating with the African police to get it back. They've made arrests and stuff - I was extremely impressed.
African police drop what they are doing to chase down a misplaced gadget?
More stories please?!
I've always used wheres my droid, but after reading above about prey i am probably going to switch to that.
I've used prey since day one and find it very good and also the ability to alert you it's missing if the sim card changes is a god send as well.
Might check out cerberus as someone mentioned it 3 times so compelled to look now lol
Just launched prey and the logon prompt is all screwed up and you cannot put in some details so you can never login... time to try others now.
---------- Post added at 09:52 AM ---------- Previous post was at 09:28 AM ----------
Brought cerberus really like the fact it can take a photo of the person trying to get past my passcode, might try it out on my other half lol
bmstrong said:
I'm surprised no one has mentioned Prey yet.
Click to expand...
Click to collapse
https://market.android.com/details?id=com.prey
Excatly.
The best i've ever tried up to now.
Love the way it enables gps also if it's down.
I'm surprised no one has mentioned AndroidLost. AndroidLost has remote wipe, GPS locate (never had to use it), send SMS/MMS from phone remotely, make calls, take pictures without the user knowing, record audio clips with the MIC without the user knowing.... all through a web page. No one else uses this?
Hello,
I received that my 2 email google and hotmail have unusual activity and will be block. My laptop is clean, scanning with Malwarebytes, Kapsersky and Microsoft Secuirity Essential. Is this possible to send spams from my phone LG optimus7 , because I use this emails on my phone?
gdavidkov said:
Hello,
I received that my 2 email google and hotmail have unusual activity and will be block. My laptop is clean, scanning with Malwarebytes, Kapsersky and Microsoft Secuirity Essential. Is this possible to send spams from my phone LG optimus7 , because I use this emails on my phone?
Click to expand...
Click to collapse
...
...
No.
Your email accounts could have been hacked, or spoofed.
As far as viruses on your phone go, there are none and there is no way it was compromised on that device, so it would be your computer or in the webmail itself.
I would change the passwords to both email accounts, and go look in your sent folders to see if you've been infected with a spam bot. If a bunch of things have been getting sent from your accounts there's your issue.
I had have gotten the same message. I have neve checked my email on a computer since getting the Samsung Focus and now the HTC Titan. I also notice IE gets hijacked when I went to certain websites. The page would load then the phone would start playing a video. Video I've never selected. Now when I go to some sites it starts to download a file. Luckily it says file type isn't support. I have done two factory resets and Ihave gotten the email warning four times.
Sent from my PI39100 using XDA Windows Phone 7 App
One thing too many people don't realize is that you should never use public wifi. Anyone sharing it with you on a laptop or android device can compromise your gmail, facebook, twitter, etc. easily. Regardless of what platform you're using.
Your best bet is to scan your PC thoroughly (again) with an AV and malwarebytes just to make sure there's nothing on there, and then reset all of your passwords. You're already using the AV tools I would recommend though so I doubt it's your PC. A WM virus is possible since there's not a piece of electronics that exists which is 100% secure, but, extremely unlikely.
Firesheep, what it is and how to protect yourself
DroidSheep - What it is and how it works
Will I've never used a public Wifi or Android hotpot.
Sent from my PI39100 using XDA Windows Phone 7 App
gdavidkov said:
Hello,
I received that my 2 email google and hotmail have unusual activity and will be block. My laptop is clean, scanning with Malwarebytes, Kapsersky and Microsoft Secuirity Essential. Is this possible to send spams from my phone LG optimus7 , because I use this emails on my phone?
Click to expand...
Click to collapse
You're being phished. Numbskulls send out similar "warnings" about bank, credit card, and anything you may care about to try and glean all the info they can from you.
Some suggest you reset passwords, and provide a malicious website link to do so.
Or, you have one of the first of many wp7 virus.
false alarm maybe
Mine wasn't phished. I've had to reset my Gmail three times, never had to before I got a WP. If can get a hold of video camera I'll record what happens to my phone
Sent from my PI39100 using XDA Windows Phone 7 App
It's been a while since I posted (I usually read more than post), and I had to turn off a few things I normally keep on to protect my web browsing. I was wondering if there was a specific list of settings to manipulate to make XDA work properly.
Today, I had to disable uBlock Origin to be able to post. I had to allow scripts from several domains to be able to post and search the forum. It wasn't exactly obvious what I needed, and for the forum search you have to allow cloudflare before you can allow the search provider.
I can't recall a time I've had to disable uBlock before I could interact with a webform either.
Is there a list of minimum scripting and ad domains?
How are ad networks' scripts/ads related to be able to post?
Reading the forum works fine with no scripting allowed, and ad blocking turned on. I block scripts and malware to prevent malvertising and malware infections.
Same issue with me today. Looks like XDA is using a new login form/method and now I can't login easily like I used to.
I'm using UBlock Origin with Vivaldi. If I delete ALL cookies and try to login, the login process doesn't complete successfully. If I turn off UBlock Origin for XDA-Developers OR I whitelist the site, I still can't login. If I do that and delete all cookies, still can't login. The ONLY fix is to disable Ublock Origin completely, delete all cookies, then I can login OK.
So it looks like XDA has some sort of script that detects if adblockers are in use. Even if you whitelist the site in the adblocker, you can't seem to login properly. I also have anti-adblock killer userscripts and extra integrations with Ublock Origin and I guess neither of those are doing its thing on XDA.
My phone was infected with stalkerware, they had access to my files, could view what was on my screen, listen into my mic, view my cameras remotely, everything! It's incredibly creepy! From what I can tell they somehow loaded q hacked version of Google Chrome and or android web viewer. After getting suspicious I downloaded Kaspersky and ran a scan, I found 2 versions of Google Chrome on my phone one of them had the dual messenger app icon on it. The other one said it wasn't a current version from the apps store. I Uninstallerd and downloaded the current version through the app store. I tried to see if a packet sniffer would lead me to them but I think I was too late by that point. I also pulled the Chrome app qnd decompiler it. There was some weird things in there like ignore playstore version but nothing that I could find that would lead me to who was watching me. Is there anything I can still do that will lead me to who did this? I have a strong idea of who it was but need evidence so I can prosecute them. Any help would be appreciated. Im putting up a 500 dollar bounty if anyone can help me get some solid evidence.
dangerruss said:
My phone was infected with stalkerware, they had access to my files, could view what was on my screen, listen into my mic, view my cameras remotely, everything! It's incredibly creepy! From what I can tell they somehow loaded q hacked version of Google Chrome and or android web viewer. After getting suspicious I downloaded Kaspersky and ran a scan, I found 2 versions of Google Chrome on my phone one of them had the dual messenger app icon on it. The other one said it wasn't a current version from the apps store. I Uninstallerd and downloaded the current version through the app store. I tried to see if a packet sniffer would lead me to them but I think I was too late by that point. I also pulled the Chrome app qnd decompiler it. There was some weird things in there like ignore playstore version but nothing that I could find that would lead me to who was watching me. Is there anything I can still do that will lead me to who did this? I have a strong idea of who it was but need evidence so I can prosecute them. Any help would be appreciated. Im putting up a 500 dollar bounty if anyone can help me get some solid evidence.
Click to expand...
Click to collapse
Try logging into your Google account from a computer. Look at what devices have access to your account. I looked at mine a couple of months ago and saw a phone I never owned on AT&T. Funny thing is I have NEVER had AT&T. I've always and still have Verizon. I immediately removed, blocked and reported the device.
HyperChick said:
Try logging into your Google account from a computer. Look at what devices have access to your account. I looked at mine a couple of months ago and saw a phone I never owned on AT&T. Funny thing is I have NEVER had AT&T. I've always and still have Verizon. I immediately removed, blocked and reported the device.
Click to expand...
Click to collapse
That was the first thing I tried. Didn't find anything unfortunately. These a holes are good.
dangerruss said:
That was the first thing I tried. Didn't find anything unfortunately. These a holes are good.
Click to expand...
Click to collapse
Did you run a log of your IP addresses?
HyperChick said:
Did you run a log of your IP addresses?
Click to expand...
Click to collapse
Not until after the connection was severed. My first thought was to run a virus scan. The only thing I found was an application was installed feb 1st and the clean version of chrome stopped uploading on Feb 1st.
Why are there two of these? And how did they use dual messenger to install doubles? I've disabled all of them.
dangerruss said:
Not until after the connection was severed. My first thought was to run a virus scan. The only thing I found was an application was installed feb 1st and the clean version of chrome stopped uploading on Feb 1st.
Click to expand...
Click to collapse
Did you delete the corrupt Chrome already? The IP history may be in there...
you wish to find your IP address Internet history, you can easily do so directly from your Internet browser.
Step 1
Open your Internet browser, and click on "Tools" located in the horizontal menu bar at the top of the window.
Step 2
Click on "Internet Options"
Step 3
Click on "Settings" located beneath the "Browsing History" subheading.
Step 4
Click on the "View Files" button to find your IP address Internet history.
If you post the chrome apk that you dumped or anything else that you have that was related to the "infected" files, they might be helpful in looking for clues.
These are the apk files that I suspect could have been infected. Unfortunately I didn't pull them until after they were updated. But I believe there is still a change log kind of manifest if you decompile them.
On mobile? Im not seeing those options
HyperChick said:
Did you delete the corrupt Chrome already? The IP history may be in there...
you wish to find your IP address Internet history, you can easily do so directly from your Internet browser.
Step 1
Open your Internet browser, and click on "Tools" located in the horizontal menu bar at the top of the window.
Step 2
Click on "Internet Options"
Step 3
Click on "Settings" located beneath the "Browsing History" subheading.
Step 4
Click on the "View Files" button to find your IP address Internet history.
Click to expand...
Click to collapse
From what I can see, those apks unfortunately appear to be normal un-tampered files. The manifest I believe you are referring to is a component of the apk that dictates things like permissions and interfaces, but it does not perform any sort of logging or historical record sadly, as the entire apk is replaced when an app is updated or installed over an existing installation.
I am not sure how much cleaning you have done of your device since it happened, but aside from clues or records which might be available from various services you use (finding connected accounts that aren't yours, history of any account activities that weren't initiated by you, etc), your next best bet would probably be to dig through the files on the device in search of anything that shouldn't be there. Hopefully there is still some artifact of the infection which could potentially point towards its origin. I will follow this thread, happy to dig through files in my spare time.
Does anyone know if android keeps a log of installs or qnything in the root folder perhaps?
Isn't there a relation between duplicate app instances and secure folder?
OnnoJ said:
Isn't there a relation between duplicate app instances and secure folder?
Click to expand...
Click to collapse
Yes but I've never set up secure folder. Never felt a need to.
First thing I do is a factory reset (and hope that gets it) and reset the Google password.
Keep that bloody device 100% isolated from your PC and data backup copies including the SD card*. Wipe the SD card in the device before the reload and again after the reload. Do NOT connect the card or phone to your PC before the new load is proven clean. Load data directly to SD card from the PC then to the 10+ just in case.
Try to piece together when and what did it but that is a secondary concern. Consider it a drill.
Better get while the gettings good... that level of being compromised means no time to lose ditching the OS. I most likely wipe the SD card too and use one of the clean data backups I keep for just such an event. Torch all data on the device.
If it gets into your backup data copies you're boned.
OSs are 100% expendable, critical data is not.
*you can scan it with everything on the planet and still miss trojans, tainted jpegs/pngs, etc if no definitions exist yet. Expect multiple hidden infections now and go full nuke.
Isolating the infection to that device is only priority. It's possible the infection(s) are already on one or more backups and/or your PC. That's why it's important to keep multiple time staggered backups on multiple electronically isolated hdds.
I keep a 3 tier backup and my PC is never internet connected.
Keep your head and limit the spread...
dangerruss said:
Why are there two of these? And how did they use dual messenger to install doubles? I've disabled all of them.
Click to expand...
Click to collapse
looks normal to me. Those are typical apps that run when dual account messenger service is used .