Hi all I am brand new to smartphones and basically I did something really dumb. I rooted my phone with the one-click root and installed some apps that I think might be malware. I did a factory data reset but am concerned about the possibility that with a rooted phone some malware may have survived
What can I do to be absolutely sure I have removed any trace of malware that may have been on my phone. I am not concerned about data, settings, or anything like that.
Long story short I was dumb and want to fix the problem I created.
I either want someone to tell me that the malware couldn't have survived the factory reset or to tell me how to fully remove it.
I would flash again with full data wipe version, after that you should be fine but you can also download a product from Norton, AVG, Lookout or others to scan your phone from Google Play store.
Next time just buy your apps or look at porn on your computer welcome to xda
All I've done is the factory reset option in the settings menu. You said "flash again." Should I be flashing another ROM? It seems to me that that might be a more guaranteed solution as the factory reset I performed didn't delete any parts of the operating system which could be compromised.
Also, to be specific I believe I had/have this: nakedsecurity.sophos.com/2012/04/12/android-malware-angry-birds-space-game
Its possible there could have been other malware as well.
"Next time just buy your apps or look at porn on your computer welcome to xda" I know, I pirated apps, got malware, lesson learned.
Pyropanda said:
All I've done is the factory reset option in the settings menu. You said "flash again." Should I be flashing another ROM? It seems to me that that might be a more guaranteed solution as the factory reset I performed didn't delete any parts of the operating system which could be compromised.
Also, to be specific I believe I had/have this: nakedsecurity.sophos.com/2012/04/12/android-malware-angry-birds-space-game
Its possible there could have been other malware as well.
"Next time just buy your apps or look at porn on your computer welcome to xda" I know, I pirated apps, got malware, lesson learned.
Click to expand...
Click to collapse
I would think that running one of sfhub's Odin One-Click packages (the full one, not the NODATA version) should clear anything that may be lingering.
Pyropanda said:
All I've done is the factory reset option in the settings menu. You said "flash again." Should I be flashing another ROM? It seems to me that that might be a more guaranteed solution as the factory reset I performed didn't delete any parts of the operating system which could be compromised.
Also, to be specific I believe I had/have this: nakedsecurity.sophos.com/2012/04/12/android-malware-angry-birds-space-game
Its possible there could have been other malware as well.
"Next time just buy your apps or look at porn on your computer welcome to xda" I know, I pirated apps, got malware, lesson learned.
Click to expand...
Click to collapse
It would be a real asset to the community if you list the apps that you find suspect that way people can first investigate them in the future if they are interested in downloading them.
This a cleaner reset procedure you can try if you feel you are infected
1) remove external SD
2) format internal SD
3) install EK02 ODIN OneClick
4) format internal SD
5) perform ##786# reset (you can get MSL using "getprop ril.MSL" in adb shell)
This will reset internal SD, the ROM, the kernel, the modem, and NVRAM.
I won't say this is completely immune to malware infections as I've seen those vectors get quite advanced in their install techniques on PCs, but my guess is it would handle 99.9% of what is out on Android.
Related
I don't know what i'm wrong but when i try to install USB driver with GNex TOOLKIT i can't, at end of the procedure, my serial number. The software returns "...doesn't have loaded mui entry"
I don't know what can i do...
Thanks
P.S. I'm unable to post in dedicated section/topic because of my post counter is under 10
Sry for bad english
Install drivers manually
Sent from my Galaxy Nexus using xda premium
kgreemi stric
thanks, it was very simple! the pdanet returned an error but at the end all work right. i think.. now i can try "camera enhancements".
can you say me if i have to reset the phone/lose all my data/have to format or something like this, for obtain the "camera enhancements"?
i've this phone from 4 days and i've spent all my free time to set it properly. i don't want lose all my progress, it was a waste of time
mArCo1928 said:
thanks, it was very simple! the pdanet returned an error but at the end all work right. i think.. now i can try "camera enhancements".
can you say me if i have to reset the phone/lose all my data/have to format or something like this, for obtain the "camera enhancements"?
i've this phone from 4 days and i've spent all my free time to set it properly. i don't want lose all my progress, it was a waste of time
Click to expand...
Click to collapse
As with all programs such as the toolkit and playing with system files Mike the developer of the program recommends a full backup before you start playing - just in case. (So do I, always) That way you don't lose your setup that you have worked on so hard...
The camera mods do not wipe or affect the phone in any way, at least not when I applied them, but things can go wrong, so that's why you back up
stinky73 said:
As with all programs such as the toolkit and playing with system files Mike the developer of the program recommends a full backup before you start playing - just in case. (So do I, always) That way you don't lose your setup that you have worked on so hard...
The camera mods do not wipe or affect the phone in any way, at least not when I applied them, but things can go wrong, so that's why you back up
Click to expand...
Click to collapse
Thanks, for a full backup of my system, application, settings, launcher settings, messages and so on, what i have to do exactly? Also partition and other important stuff if i don't remind/know now. Partition, SD Card, things like that, a complete backup of device i intend.
There's no need to this? I don't want to risk anything
mArCo1928 said:
Thanks, for a full backup of my system, application, settings, launcher settings, messages and so on, what i have to do exactly? Also partition and other important stuff if i don't remind/know now. Partition, SD Card, things like that, a complete backup of device i intend.
There's no need to this? I don't want to risk anything
Click to expand...
Click to collapse
Nandroid backup is included in the Galaxy Nexus Toolkit so use that. Everything is backed up by that - you can even get really clever and extract sms mms etc. from the nandroid (for example here http://forum.xda-developers.com/showthread.php?t=1370349) if that is what you mean by messages. Surely your emails will be on your email server, contacts in your google account as extra backup even though the nandroid will contain them? Unless you do something really radical, like fully wipe the SOC, partition etc doesn't enter into it...
stinky73 said:
Nandroid backup is included in the Galaxy Nexus Toolkit so use that. Everything is backed up by that - you can even get really clever and extract sms mms etc. from the nandroid (for example here http://forum.xda-developers.com/showthread.php?t=1370349) if that is what you mean by messages. Surely your emails will be on your email server, contacts in your google account as extra backup even though the nandroid will contain them? Unless you do something really radical, like fully wipe the SOC, partition etc doesn't enter into it...
Click to expand...
Click to collapse
hi, i unlocked my phone, but... where i can find what it was of my interests? camera enhancements. Where i can find it, in the toolkit 7.4?
ok, it was on mods section of the toolkit
So, I have been attempting this on my own for a couple weeks with little to no luck, and searching XDA hasn't really been fruitful, so I thought I would ask.
So I work in Tech Services at the library at my local university. My team is in charge of electronic equipment loans, and recently purchased 20 Galaxy Tab 3 10.1s for student checkout. What I am trying to do is make a straight factory ROM that is flashable through TWRP but with a set of 3 e-book apps added into system apps. The 3 apps I need added are Kindle, Overdrive Media Console, and Bluefire Reader (it is after all, a library). Doesn't need to be rooted or anything, but to speed up turn-around time, it would be nice if it would wipe data automatically as part of the flashing process so we don't have to worry about peoples passwords or account info being compromised. I have tried many different things, but can't seem to get A: the apps added correctly (they install but FC as soon as I try to open them) and B: a script added that would wipe before flashing the ROM. As far as I can tell through my research, it might be possible, but far beyond my skill and knowledge levels. Honestly, I am not even sure if flashing through recovery is the best solution. I have looked at Samsung Configurator as well as many 3rd party MDM tools and none of them seem to be able to do what I want. Possibly something that could be flashed through Odin?
Any thoughts, suggestions, advise, help, etc. would be greatly appreciated.
Moderators: If this needs to be moved, feel free to do so. I wasn't sure where it belonged, but figured this would be okay.
Thanks everyone!
Edit: Don't know if it matters, but they are Wifi only models.
karlkarloff said:
So, I have been attempting this on my own for a couple weeks with little to no luck, and searching XDA hasn't really been fruitful, so I thought I would ask.
So I work in Tech Services at the library at my local university. My team is in charge of electronic equipment loans, and recently purchased 20 Galaxy Tab 3 10.1s for student checkout. What I am trying to do is make a straight factory ROM that is flashable through TWRP but with a set of 3 e-book apps added into system apps. The 3 apps I need added are Kindle, Overdrive Media Console, and Bluefire Reader (it is after all, a library). Doesn't need to be rooted or anything, but to speed up turn-around time, it would be nice if it would wipe data automatically as part of the flashing process so we don't have to worry about peoples passwords or account info being compromised. I have tried many different things, but can't seem to get A: the apps added correctly (they install but FC as soon as I try to open them) and B: a script added that would wipe before flashing the ROM. As far as I can tell through my research, it might be possible, but far beyond my skill and knowledge levels. Honestly, I am not even sure if flashing through recovery is the best solution. I have looked at Samsung Configurator as well as many 3rd party MDM tools and none of them seem to be able to do what I want. Possibly something that could be flashed through Odin?
Any thoughts, suggestions, advise, help, etc. would be greatly appreciated.
Moderators: If this needs to be moved, feel free to do so. I wasn't sure where it belonged, but figured this would be okay.
Thanks everyone!
Edit: Don't know if it matters, but they are Wifi only models.
Click to expand...
Click to collapse
Just off the top of my head...this is what I would do.
Root the tabs (probably need to install custom recovery for that, but I'm not sure since I don't follow the 10 in forum).
Install Titanium Backup
Install the 3 apps that you want to make as "system" apps (install as any normal app).
Use Titanium backup to "convert to system app" (this will place app in the /system/app" directory).
Uninstall Titanium Backup and use the unroot option in SuperSu.
This should leave you those 3 apps installed as system apps.
You can then, perform a factory reset when the Tabs are returned and still have those apps available. Factory reset does not wipe the system partition, so the apps will remain.
Thanks! I will definitely try that!
So I have always wondered what happens when you remote wipe a phone from like Android Device Manager and if you have a custom recovery like TWRP. I tried the wipe on my M8 and it for sure worked, but since TWRP was installed it left all the data ion the SD Card. Is there anyway to force TWRP to do a full factory reset by default rather than just removing apps etc?
If not I may just have to install the stock recovery, if I can find it for my Bell M8.
jebise101 said:
So I have always wondered what happens when you remote wipe a phone from like Android Device Manager and if you have a custom recovery like TWRP. I tried the wipe on my M8 and it for sure worked, but since TWRP was installed it left all the data ion the SD Card. Is there anyway to force TWRP to do a full factory reset by default rather than just removing apps etc?
If not I may just have to install the stock recovery, if I can find it for my Bell M8.
Click to expand...
Click to collapse
From TWRP, (Advanced) wipe and select sdcard.
Niorun said:
From TWRP, (Advanced) wipe and select sdcard.
Click to expand...
Click to collapse
that won't wok if the phone is not in my hands.
make a back up and try it out and let us know ! lol
already did, wiped from device manager and it wiped the phone but left the SD card intact. This is a major oversight for custom recovery because same applies on my N7. Send a remote wipe to the phone, your actually just giving your data away because now they can access your SD card since you wiped it remotely but it didn't wipe the SD card.
Wonder if encrypting the SD Card and then wiping will resolve this? The data should be useless after remote wiping and will need the advanced wipe from TWRP to bring the SD card back to life.
I use an app called Cerberus that can remotely wipe the SD card. It also has a bunch of other features for remotely controlling phones.
Been a happy user for several years. Never needed the remote wipe, but I have used the location and other features.
GinoAMelone said:
I use an app called Cerberus that can remotely wipe the SD card. It also has a bunch of other features for remotely controlling phones.
Been a happy user for several years. Never needed the remote wipe, but I have used the location and other features.
Click to expand...
Click to collapse
Thanx for your suggestion, that apps looks promising. Been looking for something like this after a buddy's phone was stolen. A self destruct wiould be great after x number of unlock attempts-not sure if it has this or not, but will definitely check it out.
jayinc11 said:
Thanx for your suggestion, that apps looks promising. Been looking for something like this after a buddy's phone was stolen. A self destruct wiould be great after x number of unlock attempts-not sure if it has this or not, but will definitely check it out.
Click to expand...
Click to collapse
It doesn't have a wipe on failures, but it does take a picture and email you after X failures.
It can also be setup to notify you if a different SIM is inserted.
I also like that is can be controlled via a client app, the web or texts from any phone (with a password).
I like that it has an update.zip installer that survives factory resets. Few thieves will know/think to flash a new ROM.
Edit: Geez, I sound like a shill. Just a very happy user. I think I found it on XDA originally.
GinoAMelone said:
It doesn't have a wipe on failures, but it does take a picture and email you after X failures.
It can also be setup to notify you if a different SIM is inserted.
I also like that is can be controlled via a client app, the web or texts from any phone (with a password).
I like that it has an update.zip installer that survives factory resets. Few thieves will know/think to flash a new ROM.
Edit: Geez, I sound like a shill. Just a very happy user. I think I found it on XDA originally.
Click to expand...
Click to collapse
Nah you don't really - I perfectly get it. The stress I have seen on my buddy is immense, so I appreciate you emphasizing on this app. The thief wants $800 else... They have already changed gmail password, facebook, yada yada. If there's an app we can send to the phone and destroy it now that would be awesome. Any who major lesson learned. Thanx again.
jayinc11 said:
If there's an app we can send to the phone and destroy it now that would be awesome. Any who major lesson learned. Thanx again.
Click to expand...
Click to collapse
I know I've seen an app that you can push that will locate the phone. Lemme look. Some thoughts for your friend...
Android Device Manager might work.
Maybe Lookout: https://play.google.com/store/apps/details?id=com.lookout
This one looks very promising: https://play.google.com/store/apps/details?id=com.androidlost
This article seems to go over a bunch of options: http://phandroid.com/2014/02/11/find-lost-stolen-android-phone/
More good stuff: http://trendblog.net/how-to-track-your-lost-android-phone-without-tracking-app/
Best of luck.
Hi all,
I got my LG G4 H815 phone infected with a remote access trojan. I believe it was binded to an image, and came through the Kik app, as I havn't installed any APKs on it (I recently flashed the stock image). It all started by some guy on kik who I met in a hacking group, and he sent me a fully black image, I clicked it, and ever since, I monitored the outbound and inbound connections and found some suspicious connections. The guy admits he can see what I am doing and see through my camera even. Luckily I dont have it rooted, so the trojan can't access administrator privileges. Would flashing the stock firmware clear the malware?
And can someone please look into the vulnerability that allows for executable files to be embedded into images, and sent?
Install twrp and formate everything I had same issue but from an app
He can remote root it and make the phone look u rooted from normal means that also I had I would try to use root apps to check but Android pay would detect root
Sent from my Nexus 6P using Tapatalk
gjkrisa said:
Install twrp and formate everything I had same issue but from an app
He can remote root it and make the phone look u rooted from normal means that also I had I would try to use root apps to check but Android pay would detect root
Sent from my Nexus 6P using Tapatalk
Click to expand...
Click to collapse
Thank god this model of the G4 has an unlocked bootloader, and can therefore install TWRP. Now what would be the situation for those with locked bootloaders?
I installed Android Pay, I can login to it, and come to the step where you add a credit/debit card. Is this a good sign?
the best way to have clean phone is using KDZ and refurbished option
raptorddd said:
the best way to have clean phone is using KDZ and refurbished option
Click to expand...
Click to collapse
Will refurbish option format the drive and then reinstall the Android?
BIG_BADASS said:
Will refurbish option format the drive and then reinstall the Android?
Click to expand...
Click to collapse
it clean wipe all partitions like the first time LG factory installed firmware on phone the first time.. all will be wiped.
raptorddd said:
it clean wipe all partitions like the first time LG factory installed firmware on phone the first time.. all will be wiped.
Click to expand...
Click to collapse
Ok thanks.
BIG_BADASS said:
Hi all,
I got my LG G4 H815 phone infected with a remote access trojan. I believe it was binded to an image, and came through the Kik app, as I havn't installed any APKs on it (I recently flashed the stock image). It all started by some guy on kik who I met in a hacking group, and he sent me a fully black image, I clicked it, and ever since, I monitored the outbound and inbound connections and found some suspicious connections. The guy admits he can see what I am doing and see through my camera even. Luckily I dont have it rooted, so the trojan can't access administrator privileges. Would flashing the stock firmware clear the malware?
And can someone please look into the vulnerability that allows for executable files to be embedded into images, and sent?
Click to expand...
Click to collapse
Easier method may be to install Malwarebytes for android available on Play Store. Take note on this information from the Malwarebytes site (https://blog.malwarebytes.com/threats/remote-access-trojan-rat/):
Remediation
Remote Access Trojans are covert by nature and may utilize a randomized filename/path structure to try to prevent identification of the software. Installing and running Malwarebytes Anti-Malware and Malwarebytes Anti-Exploit will help mitigate any potential infection by removing associated files and registry modifications, and/or preventing the initial infection vector from allowing the system to be compromised.
Aftermath
Remote Access Trojans have the potential to collect vast amounts of information against users of an infected machine. If Remote Access Trojan programs are found on a system, it should be assumed that any personal information (which has been accessed on the infected machine) has been compromised. Users should immediately update all usernames and passwords from a clean computer, and notify the appropriate administrator of the system of the potential compromise. Monitor credit reports and bank statements carefully over the following months to spot any suspicious activity to financial accounts.
Basically, you could be seriously screwed ... and have a lot of work to do to overcome this. LOL
sdembiske said:
Easier method may be to install Malwarebytes for android available on Play Store. Take note on this information from the Malwarebytes site (https://blog.malwarebytes.com/threats/remote-access-trojan-rat/):
Remediation
Remote Access Trojans are covert by nature and may utilize a randomized filename/path structure to try to prevent identification of the software. Installing and running Malwarebytes Anti-Malware and Malwarebytes Anti-Exploit will help mitigate any potential infection by removing associated files and registry modifications, and/or preventing the initial infection vector from allowing the system to be compromised.
Aftermath
Remote Access Trojans have the potential to collect vast amounts of information against users of an infected machine. If Remote Access Trojan programs are found on a system, it should be assumed that any personal information (which has been accessed on the infected machine) has been compromised. Users should immediately update all usernames and passwords from a clean computer, and notify the appropriate administrator of the system of the potential compromise. Monitor credit reports and bank statements carefully over the following months to spot any suspicious activity to financial accounts.
Basically, you could be seriously screwed ... and have a lot of work to do to overcome this. LOL
Click to expand...
Click to collapse
That's why in my experience formating all storage is easier to get rid of the trojan or if you have warranty find a reason to send it in and they will send you a different one
Sent from my Nexus 6P using Tapatalk
How does this trojan work ?
As a background process ?
Sent from my SM-N930F using Tapatalk
gjkrisa said:
That's why in my experience formating all storage is easier to get rid of the trojan or if you have warranty find a reason to send it in and they will send you a different one
Sent from my Nexus 6P using Tapatalk
Click to expand...
Click to collapse
Easier and a loss less hassle (no data loss), is to use a good anti-malware/anti-virus program to remove the infection and associated entries e.g., Malwarebytes or Norton Security Mobile. However, doing it your way is also a good solution ... BUT ... it does not solve the most important issue in and of itself, namely: any personal information (which has been accessed on the infected machine) has been compromised. Users should immediately update all usernames and passwords from a clean computer, and notify the appropriate administrator of the system of the potential compromise. Monitor credit reports and bank statements carefully over the following months to spot any suspicious activity to financial accounts. Simply formatting the storage does not take care of this, does it. eh ... ?
sdembiske said:
Easier and a loss less hassle (no data loss), is to use a good anti-malware/anti-virus program to remove the infection and associated entries e.g., Malwarebytes or Norton Security Mobile. However, doing it your way is also a good solution ... BUT ... it does not solve the most important issue in and of itself, namely: any personal information (which has been accessed on the infected machine) has been compromised. Users should immediately update all usernames and passwords from a clean computer, and notify the appropriate administrator of the system of the potential compromise. Monitor credit reports and bank statements carefully over the following months to spot any suspicious activity to financial accounts. Simply formatting the storage does not take care of this, does it. eh ... ?
Click to expand...
Click to collapse
You are right that you must use a uninfected pc or device to update/change password
But using a antivirus may catch most viruses but there are still ways to not be detected as issue I had with my last run in I had antivirus installed but probably after infection.
Sent from my Nexus 6P using Tapatalk
BIG_BADASS said:
Thank god this model of the G4 has an unlocked bootloader, and can therefore install TWRP. Now what would be the situation for those with locked bootloaders?
I installed Android Pay, I can login to it, and come to the step where you add a credit/debit card. Is this a good sign?
Click to expand...
Click to collapse
Logging in to Android pay is first and foremost not smart ... and entering your credit/debit information would be even less smart, i.e., Dumb and Dumber. Change your Google account login and password IMMEDIATELY!
Locked bootloaders do not prevent you from removing malware, whatsoever. Give your head a shake.
It looks like you ran into a bigger BADASS than you purport to be ... LOL.
---------- Post added at 01:12 AM ---------- Previous post was at 01:06 AM ----------
gjkrisa said:
You are right that you must use a uninfected pc or device to update/change password
But using a antivirus may catch most viruses but there are still ways to not be detected as issue I had with my last run in I had antivirus installed but probably after infection.
Sent from my Nexus 6P using Tapatalk
Click to expand...
Click to collapse
Depends on what anti-malware/anti-virus program you are using ... I use both that I mentioned (Malwarebytes and Norton Security, premium versions) ... they are top rated and very effective. I also scan ANY download BEFORE I install it - just common sense in today's world!
sdembiske said:
Logging in to Android pay is first and foremost not smart ... and entering your credit/debit information would be even less smart, i.e., Dumb and Dumber. Change your Google account login and password IMMEDIATELY!
Locked bootloaders do not prevent you from removing malware, whatsoever. Give your head a shake.
It looks like you ran into a bigger BADASS than you purport to be ... LOL.
---------- Post added at 01:12 AM ---------- Previous post was at 01:06 AM ----------
Depends on what anti-malware/anti-virus program you are using ... I use both that I mentioned (Malwarebytes and Norton Security, premium versions) ... they are top rated and very effective. I also scan ANY download BEFORE I install it - just common sense in today's world!
Click to expand...
Click to collapse
Thats why I asked before signing into google pay, whether I have come far enough to distinguish. I never EVER put banking details on my phone. Also, I'ts really easy to bypass antivirus if the trojan is crypted. Also even more difficult if its attached to a file as an Alternate Data Stream. I've tried all the possible antivirus software you can think of, nothing caught it...I have come to my last resort.. that is format everything. Also, you can't practically scan everything you download... especially images you get on whatsapp, kik and others. Once they are downloaded, the damage is already done.
Anyway, I learned my lesson, use kik and other apps where you can share media, on a virtual machine, NEVER on the actual phone. You know.. sometimes I wonder.. why arn't these messaging apps sandboxed properly???
Vuska said:
How does this trojan work ?
As a background process ?
Sent from my SM-N930F using Tapatalk
Click to expand...
Click to collapse
Yes I believe so.
sdembiske said:
Easier and a loss less hassle (no data loss), is to use a good anti-malware/anti-virus program to remove the infection and associated entries e.g., Malwarebytes or Norton Security Mobile. However, doing it your way is also a good solution ... BUT ... it does not solve the most important issue in and of itself, namely: any personal information (which has been accessed on the infected machine) has been compromised. Users should immediately update all usernames and passwords from a clean computer, and notify the appropriate administrator of the system of the potential compromise. Monitor credit reports and bank statements carefully over the following months to spot any suspicious activity to financial accounts. Simply formatting the storage does not take care of this, does it. eh ... ?
Click to expand...
Click to collapse
Malwarebytes caught NOTHING.
sdembiske said:
Locked bootloaders do not prevent you from removing malware, whatsoever. Give your head a shake.
Click to expand...
Click to collapse
Yes but you cannot install TWRP and format the disk if you have a locked bootloader, right? All you can do is flash the stock firmware.
BIG_BADASS said:
Yes but you cannot install TWRP and format the disk if you have a locked bootloader, right? All you can do is flash the stock firmware.
Click to expand...
Click to collapse
Of course you can install TWRP on locked bootloader.
Check TWRP-in-FIsH!
Just a note regarding Anti-Malware and your situation:
believe it or not but installing or using an antivirus program on an already infected system is completely useless !
the only chance to scan an infected system would be to do this offline (live system or within TWRP)... BUT the problem is this will not work or may not work for all malware because some of them can only be detected when the full system is running !
so the only chance to get a free and clean system is to completely format and wipe everything and to ensure that you are using a backup which is 100% clean when you want to restore something!
17 years in it security can tell you: No anti malware software can protect you 100%.
Even when you have it active and up2date all the time.
Even when you scan everything before extract/use/install software.
Even when you have multiple scanners (totally useless on the same machine but I talk about different anti malware vendors on gateway plus desktop)
Scan and clean an infected system with an Anti Malware software (even when done offline) will not necessarily mean that you are 100% clean.
The best anti malware protection was / is / and will always be: ....YOU (your brain)
Do not install dubious software.
Do not click on every link.
Do not open attachments which you do not expect to get (even when the sender is your friends address! keep in mind that he can be infected!).
.. or just simply: Use your brain before clicking
Anti malware software is only a LAST RESORT and NOT your main protection!
That's what the most humans forget or just do not (WANT TO) know.
This is the same for smartphones or desktop PCs and just to keep you scared there is a chance that even when you wipe everything that you are still infected.
on desktop PCs there is for example BIOS malware available which cannot be removed by just formatting your system. the same is possible on Android but well I haven't seen it yet... (that doesn't mean anything though).
.
Sent from my LG-H815 using XDA Labs
steadfasterX said:
Of course you can install TWRP on locked bootloader.
Check TWRP-in-FIsH!
Just a note regarding Anti-Malware and your situation:
believe it or not but installing or using an antivirus program on an already infected system is completely useless !
the only chance to scan an infected system would be to do this offline (live system or within TWRP)... BUT the problem is this will not work or may not work for all malware because some of them can only be detected when the full system is running !
so the only chance to get a free and clean system is to completely format and wipe everything and to ensure that you are using a backup which is 100% clean when you want to restore something!
17 years in it security can tell you:
No anti malware software can protect you 100%.
Even when you have it active and up2date all the time.
Even when you scan everything before extract/use/install software. Even when you have multiple scanners (totally useless on the same machine but I talk about different anti malware vendors on gateway plus desktop)
The best anti malware protection was/ is / and will always be: YOU (your brain).
Do not install dubious software. Do not click on every link. Do not open attachments which you do not expect to get (even when the sender is your friends address! keep in mind that he can be infected!).
Anti malware software is only a LAST RESORT not your main protection!
That's what the most humans forget or just do not (WANT TO) know.
This is the same for smartphones or desktop PCs and just to keep you scared there is a chance that even when you wipe everything that you are still infected.
on desktop PCs there is for example BIOS malware available which cannot be removed by just formatting your system. the same is possible on Android but well I haven't seen it yet... (that doesn't mean anything though).
.
Sent from my LG-H815 using XDA Labs
Click to expand...
Click to collapse
I unlocked my bootloader on my H815 but I'm too scared to install TWRP.... if I just flash the stock kdz file, will it clear the malware?
BIG_BADASS said:
Yes but you cannot install TWRP and format the disk if you have a locked bootloader, right? All you can do is flash the stock firmware.
Click to expand...
Click to collapse
You were more than once made aware of TWRP-in-FiSH, a customized TWRP version for those with locked bootloaders. I make regular backups with TWRP-in-FiSH and when I am confident the latest one I've made is clean with no issues detected on the phone, I copy them over to my desktop for a backup in the event my phone does get infected or bricked.
Hi, I don't know if it's the right place to ask for help, but I'll still try.
A couple of days ago while travelling I updated my OnePlus 9 Pro with the latest update of Android 12 not knowing that update was apparently quite buggy as I found out later. Previously all updates have always run smoothly on my phones, so I wasn't really cautious about it. As a result after update phone didn't work anymore, it started always to vibrate after giving sim card PIN kinda trying to start (similar to the sound of whirring hard drive), but it couldn't go beyond the home screen's wallpaper. As I needed my phone, I had to choose "Format user data" under Wipe data from the boot menu as there weren't any other options under Wipe. I got a working phone after that, but I lost all my data.
So the question is: is there a way to restore videos and photos from the gallery (my photos weren't synchronizing to Google Photos) after this formatting? And more precisely, eg. by using DroidKit Data recovery tool I can perform only quick recovery unrooted, which doesn't find any files from the gallery. There is an option to perform a deep recovery, but for that I need to root my phone. Rooting apparently requires bootloader unlocking, which most likely wipes all phone data anyway without possibility to restore.
And more questions: would a deep recovery even find those gallery files, if the phone would be rooted? If bootloader unlocking wipes all data completely, so it wouldn't be possible to restore any data after that for sure? Is there an option to perform a deep scan without a phone being rooted? Is there an option to root without bootloader unlocking? There are some apps, which don't really do automatic rooting, and they aren't trustworthy, despite they say that they can root phones in seconds.
I definitely have learned from this recent experience, and I will do better in the future.
I think most likely it's not possible to restore my photos and videos I lost in this case, but I just had to ask to make sure, there are no more tricks I can use... Any thoughts? Thanks!
I would think there would be an app in the app store that would recover your photos and videos without root since they are to located in the root drive. It may take a few tries to find the right app. Good luck. That is why I routinely backup everything on my internal storage to the PC just for this reason.
Your storage is encrypted. There is no way to recover the files as the factory reset generated new keys when wiping the storage. Sorry for the bad news. Make sure to make backups before taking updates in the future is all anyone can suggest.
EtherealRemnant said:
Your storage is encrypted. There is no way to recover the files as the factory reset generated new keys when wiping the storage. Sorry for the bad news. Make sure to make backups before taking updates in the future is all anyone can suggest.
Click to expand...
Click to collapse
Thank you for the reply! I just wonder, why then everywhere on so many websites they say, it's possible to recover data after factory reset? But as I tried it seems impossible as you say.
Just one example: https://www.hardreset.info/devices/...possible-to-recover-data-after-factory-reset/.
73ch61rl said:
Thank you for the reply! I just wonder, why then everywhere on so many websites they say, it's possible to recover data after factory reset? But as I tried it seems impossible as you say.
Just one example: https://www.hardreset.info/devices/...possible-to-recover-data-after-factory-reset/.
Click to expand...
Click to collapse
Then go after it......
The 8 Best Free Android Data Recovery Software [2023]
Is there any free Android data recovery software? Yes, 100%. The top 8 free Android data recovery software can help you recover deleted files from Android mobile phone carrying a Micro SD card.
recoverit.wondershare.com
73ch61rl said:
Thank you for the reply! I just wonder, why then everywhere on so many websites they say, it's possible to recover data after factory reset? But as I tried it seems impossible as you say.
Just one example: https://www.hardreset.info/devices/...possible-to-recover-data-after-factory-reset/.
Click to expand...
Click to collapse
I mean a lot of those places just copy and paste info to drive clicks. Android didn't always encrypt userdata.
TheGhost1951 said:
Then go after it......
The 8 Best Free Android Data Recovery Software [2023]
Is there any free Android data recovery software? Yes, 100%. The top 8 free Android data recovery software can help you recover deleted files from Android mobile phone carrying a Micro SD card.
recoverit.wondershare.com
Click to expand...
Click to collapse
I've tried many of those before, but they don't see gallery photos nor videos at all after phone factory reset, though they claim they can do that. What these apps can see and recover in my experience are call history, documents, audio files, sms (all of these things were recovered anyway from the phone backup), photos and videos from Whatsapp (which I don't need as its' chats were backed up before that update). Some of them offer a deep recovery (don't know what a deep scan would find in the end), which requires phone to be rooted, and that requires bootloader unlocking, which will wipe storage for good anyway, so basically all those apps are useless.
73ch61rl said:
I've tried many of those before, but they don't see gallery photos nor videos at all after phone factory reset, though they claim they can do that. What these apps can see and recover in my experience are call history, documents, audio files, sms (all of these things were recovered anyway from the phone backup), photos and videos from Whatsapp (which I don't need as its' chats were backed up before that update). Some of them offer a deep recovery (don't know what a deep scan would find in the end), which requires phone to be rooted, and that requires bootloader unlocking, which will wipe storage for good anyway, so basically all those apps are useless.
Click to expand...
Click to collapse
Then I am out of answers, sorry!
TheGhost1951 said:
Then I am out of answers, sorry!
Click to expand...
Click to collapse
Thank you for trying to help anyway!