[Q] Mallware in SVHD 1.0.0 ? - Desire HD Q&A, Help & Troubleshooting

First of all, I'm a long time lurker on the XDA forums, haven't posted at all (why would I, if there aren't substantial questions ). Until now, that is. I was lurking the D-HD Dev fora when I came across a new Sense 4.1 rom; http://forum.xda-developers.com/showthread.php?t=2204384
Not happy with the Sense4 roms there are I really wanted to try it.
Downloaded it, and my ESET Smart Security went haywire. According to ESET the package contained mallware, Android/Plankton.I
Reported it so a moderator could look into it. Afterwards I looked into the package itself, seems like install_flash_player.apk was detected as mallware. The file contained a read-me file with a reference to RevMob Team (something to do with adds) and the file classes.dex was detected as a threat. Compared to an actual flash player package the file-sizes mismatched quite a bit.
First of all, is it a false positive of ESET, or actual mallware.
Second, The report I filed was answered as:
This is misuse of the report function. Pls make 10 useful posts and then come to the dev forum. Or PM the member. Thanks
Click to expand...
Click to collapse
This baffled me quite a bit, im reporting a godd****d possibility of mallware, and am replied to like that?! Nice, could be quite some people's phones are infected with mallware.
Is it normal to act like that, then? Off-course, if people aren't running a scanner, it is there own fault...

Lol, they should have at least looked into the problem
Sent from my Desire HD using Tapatalk 2

I contacted mygamers, he assures me that it is a false positive.
Also scanned install_flash_player.apk at
virustotal (dot) com/nl/file/ab1c124f868680a1f6a620fdb1595719bc012719f619ce76c4683094c64c63f0/analysis/1364154496/
15 out of 46 scanners detected something or another.
Call me paranoid, but I think I'll skip on this rom

Asherdu said:
First of all, I'm a long time lurker on the XDA forums, haven't posted at all (why would I, if there aren't substantial questions ). Until now, that is. I was lurking the D-HD Dev fora when I came across a new Sense 4.1 rom; http://forum.xda-developers.com/showthread.php?t=2204384
Not happy with the Sense4 roms there are I really wanted to try it.
Downloaded it, and my ESET Smart Security went haywire. According to ESET the package contained mallware, Android/Plankton.I
Reported it so a moderator could look into it. Afterwards I looked into the package itself, seems like install_flash_player.apk was detected as mallware. The file contained a read-me file with a reference to RevMob Team (something to do with adds) and the file classes.dex was detected as a threat. Compared to an actual flash player package the file-sizes mismatched quite a bit.
First of all, is it a false positive of ESET, or actual mallware.
Second, The report I filed was answered as:
This baffled me quite a bit, im reporting a godd****d possibility of mallware, and am replied to like that?! Nice, could be quite some people's phones are infected with mallware.
Is it normal to act like that, then? Off-course, if people aren't running a scanner, it is there own fault...
Click to expand...
Click to collapse
It is unfortunate for you

Not to be mean or anything but you should really change antivirus as eset sucks...

Well then.... I seem to be correct. Did want to try the rom, and, indeed, it is a fast rom... but... 'install_flash_player.apk' isn't the true, adobe, flash player package. Rather it barfs a platoria of adds and starts a download of flash player.
So, mallware non the less (and NOT a false positive).
Don't believe me? just start the flash player app in the app drawer.
Ahwel, how really needs flash player, it is a security risk on its own HTML5 all the way.
Muikkuman said:
Not to be mean or anything but you should really change antivirus as eset sucks...
Click to expand...
Click to collapse
All a mather of opinion

It's simple. It's only a piece of software designed for Android, and so can't harm your PC. The ads can be blocked with AdAway.
And also, use a better antivirus. I suggest CommonSense 2013, its working great for me
Hit Thanks if I helped you out
--------------------------------
HTC Desire HD (RCMix Energized)
Samsung GNote 10.1 (Stock)

uhm...
*blink*
My internet security software detects a file that isn't the file it claims to be and you tell me to get a bette....
Wow... just... wow... Glad you are not in the computer support business, at least, I really hope you are not.
Don't be daft, man! I know that something detected as 'Android/Plankton.I' is aimed to Android and not Windows (or whatever).
Fact remains, there are still official adobe flash packages for android, instead of add network packages.
Ahwell, just a factory reset and the data folder is clean Who uses flash anyway.

Asherdu said:
uhm...
*blink*
My internet security software detects a file that isn't the file it claims to be and you tell me to get a bette....
Wow... just... wow... Glad you are not in the computer support business, at least, I really hope you are not.
Don't be daft, man! I know that something detected as 'Android/Plankton.I' is aimed to Android and not Windows (or whatever).
Fact remains, there are still official adobe flash packages for android, instead of add network packages.
Ahwell, just a factory reset and the data folder is clean Who uses flash anyway.
Click to expand...
Click to collapse
First off, chill out a bit
Second, he has a point.
Your anti-virus software detected a "something" that is harmful... It may be harmful, but for Windows. There is no point in running Windows A-V software to scan Android or linux files... Viruses are written for specific systems and are ineffective on others. Just like all other programs. Hope I cleared some things up.

I disagree with that. Malicious software is malicious software, no matter what the operating system is. A virus scanner should detect it, no mather if it is windows based, osx or linux (linux and osx virii, riiiight )
My point is, why would someone use malicious software when there are packages from the original developer (Adobe, in this case).
It is to bad, too, because the rom it self is indeed quiet fast and stable.
Even though a factory reset will clean up the data directory (and thus delete the package), I'm cautious if it comes to this rom.
And, to be entirely honest, I believe the moderator who closed my report, is lazy. To lazy to investigate a possible threat. Eventualy it is 'just' adware, but, at the same time, it could have been something more dangerous.
That was it for me, I will stay at the lurking corner again

no mallware found , its cleane
checked by smart security

Related

unlock CE 6.0 of Windows Phone 7? Is this will help?

Hi
I thought this may be useful to our gurus in development. I am sorry if it is wrong place to post.
Is this a way to unlock CE 6.0 of Windows Phone 7? This I have seen in endgadget. This brings the native CE explorer in Zune. can we use this to bring file explorer in WP7?
Links:
http://www.zuneboards.com/forums/download-openzdk-applications/54495-liberate-explorer-zune-hd.html
http://www.engadget.com/2010/11/01/liberate-for-the-zune-hd-unlocks-hidden-windows-ce-potential/
Thanks,
Ravi
I can't find the source for that exact project (if you have a link, please post it), but I've spent a lot of time looking at the OpenZDK exploit source code, trying to adapt it to WP7.
There are a couple problems. The first is that you need to be able to install an app on the phone in order to get the exploit to work. Zune already allows you to install third-party apps, so the only problem they had was how to break out of the XNA/managed/C# jail. Then they can distribute the breakout as an executable, and anyone can run it. That won't work on WP7 because the only way to install a third-party app is if you have a developer license and the sourcecode. Or you can download it from the app store, but obviously Microsoft isn't going to allow exploits onto the store (they even have automated checking for the kind of exploit they have over at Zuneboards).
The second problem is even if you were able to run random apps on WP7, the exploit still wouldn't work. Microsoft has gotten a lot more serious about security on WP7, and they've closed off all the easy hacks like that (as far as I can tell, of course I'll keep looking). They didn't take security so seriously on WP7, and accidentally gave developers access to an unsafe memcpy(). In WP7 they have a much more robust security model, and closed that off. Which is sad.
I haven't been able to get pInvoke to work on WP7, or even use pointers. You can get the compiler to generate unsafe code, but the runtime on the phone crashes when it comes to any pointer. pInvoke might theoretically work, it's possible I've just been using it wrong, but I've tried a lot of different things and haven't gotten it to work.
Oh yeah, I found the announcement here:
http://www.zuneboards.com/forums/zu...-your-zune-new-version-includes-keyboard.html
Says it's built on openZDK, which means it is using the memcpy() exploit, and my last post wasn't completely off
athompson said:
Oh yeah, I found the announcement here:
http://www.zuneboards.com/forums/zu...-your-zune-new-version-includes-keyboard.html
Says it's built on openZDK, which means it is using the memcpy() exploit, and my last post wasn't completely off
Click to expand...
Click to collapse
I am really sorry, because most of the things you said, i'm not understanding, because I am not a professional developer or for that not even near to that area of coding (am a Pharmacist... my highest knoweldge is little HTML coding).
I am wondering is this will help in any way to access file system in WP7 and build an file explorer kind of app or can we install Totalchrom or resco file explorer kind of app??? using this can we enable bluetooth ftp or internet file download kind of options?
Thanks
lol ya, I guess I should have started with the executive summary. In short, my assessment is no, it doesn't help, because Windows Phone 7 is too different. I really wish it did help.
athompson said:
lol ya, I guess I should have started with the executive summary. In short, my assessment is no, it doesn't help, because Windows Phone 7 is too different. I really wish it did help.
Click to expand...
Click to collapse
+1, unfortunately this won't help us at all.

Contact from Kin Developers

About 2 weeks ago, I took johnkussack's advice (I think it was him) and went to LinkedIn to try t be friends with anyone who came up on the search for "kin phone". In the invite email, I just said that I noticed they worked on the Kin phones and would like to ask them a few questions on how one could write to the phone. I have had 3 responses in the last 2 days.
Guy1: didn't know because he worked on the UI for the Kin Studio
Guy2: kindly told me he couldn't release an unauthorized build and that he would be breaking the law by doing so.
Guy3: This guy worked on the phone for over a year. He first told me I was breaking the DCMA by hacking/reverse engineering Kin, regardless of intent. Then he said this important thing:
"You are absolutely right in assuming that the device is locked; in fact, it has a hardware lock that is common to many such devices. When the devices roll of the manufacturing line the programming fuses are blown (literally) preventing any further programming of the device. This is all handled by hardware so unless you find a flaw with that you are out of luck."
So if this is true (sounds like it is), the "dream" is over. Hopefully there is some way that someone out there can find.
If I get more responses, I will post them here. Don't ask me to go back to these three who already replied and asked them more questions, I think I made some of them mad.
Hmmmm... I don't know whether or not the KIN models will accept OTA updates so that's a good question to ask. If OTA updates are possible then it's inherently possible to change the software. I wonder...
Yes, it was me the one who said about "linkedin".
But i also said "in one word NDA". You should known even before ask that the signed NDA are also legal contracts, so i prevented before asking them.
On the DCMA, yes.. on the USA. Outside the big country, the legal question is different and may not operate with that law. (if ever). If they provide a normal (legal?) way to unbrick my factory mode here, or to use the phone options, then i wait for the cost for it.
And everyone knew that hardware was not the way, just at the moment where first flash attempt failed. "Dream" is doable by software, if anything is to be done.
What i don't get is why to ask for rom rom roooooms, where we need drivers drivers driveeeeers... or sdk's. We won't get it anyway from MS, but no flashing means a rom is futile, non useful,crap pack of bytes.
But i also said "in one word NDA". You should known even before ask that the signed NDA are also legal contracts, so i prevented before asking them.
Click to expand...
Click to collapse
I figured I just take a shot in the dark; hope for the best and expect the worst. Since the phone and suuport from MS was discontinued, maybe the NDAs would be voided.
And everyone knew that hardware was not the way, just at the moment where first flash attempt failed. "Dream" is doable by software, if anything is to be done.
Click to expand...
Click to collapse
Good to know you still think there's a way.
What i don't get is why to ask for rom rom roooooms, where we need drivers drivers driveeeeers... or sdk's. We won't get it anyway from MS, but no flashing means a rom is futile, non useful,crap pack of bytes.
Click to expand...
Click to collapse
I just asked if "there is a way to get around the write lock". Had I known ahead of time to ask about drivers or SDKs, I would have put that in the msg.
I strongly believe that we could operate with the device,softwarewise. there is proof that the kin NAND memory (for now on, called "Storage" as label) is writeable. Not sure on the Rom part.
Of course, i mean.. just use it as a normal writable storage memory.
I posted how it could be done and would do it myself but, again, i bricked my phone, and available ones (through bidding sites) are so expensive to buy another one just for this (+ $150). Don't see a way to get it internationally again.
And even doing it, i'm not sure about what could be done just writing on the storage mem....
If the fuse byte is burn't should not it have prevented you from bricking?
kintwouser said:
If the fuse byte is burn't should not it have prevented you from bricking?
Click to expand...
Click to collapse
Nvitem bricked, not flashing bricked. You can succesfully write to the NVItems memory. But i guess it's just configuration memory and not the one "fused".
I just want to mention that jailbreaking a phone is NOT illegal in the United States! Geohot hacked the iphone... Apple went after him... Apple lost.
Also blowing the programming fuses seems a little fishy to me actually. No other phone does that. The majority of other phones have been flashed. I just think it would be pretty odd for a company to do that so that they no longer could update it. I am not sure I believe him. If this really was true... then why wouldn't Apple or Sony be doing it? This also doesn't make sense since Microsoft actually originally intended on putting WP7 on this as well as allowing apps for it. Check this article out:
http://www.intomobile.com/2010/05/12/kin-windows-phone-7-a-lot-closer-than-we-thought/
you must understand, its not possible to blow fuses in the hardware, it would be a top news story if they were able to keep the OS running in complience with the flash memory without it crashing. Obviously that was a lie to discourage us, and i dont even think that was a real kin developer, because microsoft clearly stated that all kin developers would be moved to WP7 or another programming section. And it doesnt matter if its legal or not to jailbrake phones, if we are porting a new OS, we wouldnt have modified the original OS, which is what jailbraking means. Most likely the OS is hidden deep in the flash memory with a write - protection. If you think its saying access denied because they said the fuses were blown, its wrong. They must just have a password or code that needs to be sent continuasly to the phone to access files. If the fuses were blown, then nothing would be able to be accessed by zune, because it would be impossible to reach the memory.
soninja8 said:
Most likely the OS is hidden deep in the flash memory with a write - protection. If you think its saying access denied because they said the fuses were blown, its wrong. They must just have a password or code that needs to be sent continuasly to the phone to access files. If the fuses were blown, then nothing would be able to be accessed by zune, because it would be impossible to reach the memory.
Click to expand...
Click to collapse
Not my expertise field, but this mobiles can (and in fact they do) have several memories, storing the OS in the ROM memory and all the data on the NAND memory (our "8gb" storage).
Zune software has protocols to query for available storages (requiring its label/id) and is allowed to write/read to it. If you dare to click on update version (at least in the 1st version I tried) it expressed that the option was not "available" to that device without web requesting data, apparently.
So.. in the nand flash we may only have the equivalent of a SD Card. And my last wince PDA showed that as /Storage too, apart from main wince ROM.
You can format the nand memory using win explorer if in fact it is the 8gig storage. I did this and it deleted all pics,albums etc. It was interesting to note that we cannot copy or view these pics without an access error but it does let me delete them.
I just wan't to be able to get my pics off this piece of crap without emailing them.
I posted it once. You are able to:
- Query storage properties (label, size, id,...)
- Query storage folders
- Query folder files.
- Query tracks / albums / playlist / images / anyZuneSupportedFile
- Delete * file (whatever)
- Format the storage
You are "unable" to:
- Upload (create) a file into the device
- Download a file from the device.
MTP protocol tools allows you to do so, from command line (not quite sure if they are available on Win32 OS's), but... fails to operate with this device when it comes to the "unavailable" operations.
I am curious as to which former developers you contacted?
I was doing some research and noticed that Microsoft acquired the company Danger, Inc. After Microsoft purchased them, the former president of Danger went to develop Android (later acquired by Google). One thing I read was that most of Dangers employees left after being purchased by Microsoft. Apparently these people don't like Microsoft all that much! I also looked into it a little more and found one of the founders of Danger who had a twitter account. Of course all of his tweets were via a "KIN". Thought that was interesting. It seems to me that these former Danger employees would be interested in helping out if they don't hold to high of an esteem for the big "M".
seems like this is your first "inside the move" trying-to-hack/reverse a thing, so i will say:
people involved doesnt wanna risk through legal issues, even if they were pissed off, just for "some kids" to have a driver or rom. NDA are strong there, and they could either sign them or leave (if leaving, they don't have the interesting things).
At most you would get bad-mood or good-luck comments, and ocassionaly (very uncommon), leaks (wont happen here).
yeah, they purchased danger for an amazing 500 million dollars, which they later developed the kin with it, they were planning to put windows phone 7 on it, but they were to behind and released it with the old windows CE, then the former developer moved to work on a free source OS, later called android. Google wanted to get android while it was cheap, so they bought that company, and made the old developer as 2nd engineer.
Maybe not worth yet, but we should get more *info* about the SBL mode (aka "Ms Pink Bootstrap), as coinflipper said that it was the way to flash OS or parts (like radio's).
I have been trying even OMA wap WBXML bootstrap examples with it, but as we dont know if our phone is standard, it's like looking for a water drop in the sea of possibilities.
We do not need a guide on how to do something, but what-to-do with it.
Maybe, JUST MAYBE, we could design a program like bitpim. I am a mac user and when I used bitpim with my enV touch, I used to edit all sorts of files. Examples would be phone info, server info etc. We could make a program like that to get the info. I know programming may be hard, but its worth a shot. I hate the OS on this phone, ESPECIALLY WHEN YOU PIN APPS! THEY LOOK HORRIBLE
Kinuser1 said:
Maybe, JUST MAYBE, we could design a program like bitpim. I am a mac user and when I used bitpim with my enV touch, I used to edit all sorts of files.
Click to expand...
Click to collapse
We can't. If we have not the protocols or the supported phone features (protocols, drivers, documentation,...) you cannot guess it and put it into visual basic (or Xcode) and then by *magic*get the program you want.
i will admit that i know very little about protocols and drivers but i would like to point out that bitpim is open source, and that the code can be found here ->
http-//sourceforge.net/scm/?type=svn&group_id=75211 (change "-" to ":")
i seem to recall bitpim already having limited support for the kin, but perhaps with a little research and a little code tweaking we can find ways to improve it? i'm not sure how feasable it is as i have very little experience with programming for phones/usb devices, but it's just a thought.
slimeq said:
i will admit that i know very little about protocols and drivers but i would like to point out that bitpim is open source, and that the code can be found here ->
http-//sourceforge.net/scm/?type=svn&group_id=75211 (change "-" to ":")
i seem to recall bitpim already having limited support for the kin, but perhaps with a little research and a little code tweaking we can find ways to improve it? i'm not sure how feasable it is as i have very little experience with programming for phones/usb devices, but it's just a thought.
Click to expand...
Click to collapse
We can't. If we have not the protocols or the supported phone features (protocols, drivers, documentation,...) you cannot guess it and put it into visual basic (or Xcode) and then by *magic*get the program you want.
Click to expand...
Click to collapse
The above applies to any software you want. Unless you magically found documentation or files (like OP), there's no way to. So f#cked.
The thing is always the same, tweaking tweaking... what to tweak, huh?

virus and spyware

I've been trawling through XDA now for some 5 years without any kind of problem.
In the past 5 days my computer has been hit twice with XP SECURITY 2011 Spyware for which I had to wipe my drive and re-install a backup(thank you Acronis )
I' ve also been hit FIVE times with "defender.exe" some kind of Trojan,which my anti-virus TREND dealt with.
Now,I did not click on anything like an advert ,they just appeared and took over ...
Just thought I would report this in case anything can be done about it and to warn others .
malybru said:
I've been trawling through XDA now for some 5 years without any kind of problem.
In the past 5 days my computer has been hit twice with XP SECURITY 2011 Spyware for which I had to wipe my drive and re-install a backup(thank you Acronis )
I' ve also been hit FIVE times with "defender.exe" some kind of Trojan,which my anti-virus TREND dealt with.
Now,I did not click on anything like an advert ,they just appeared and took over ...
Just thought I would report this in case anything can be done about it and to warn others .
Click to expand...
Click to collapse
This doesn't sound like an XDA issue, unless you are downloading files directly from the site (which you didn't mention.)
If your on firefox you can download an addon to block ads and also when I got the rogue anti virus thing I went into safe mode and malwarebytes ate it so you don't have to resort to that option to get that virus off.
waffle_ said:
This doesn't sound like an XDA issue, unless you are downloading files directly from the site (which you didn't mention.)
Click to expand...
Click to collapse
I'm not downloading anything.
I'm not clicking on anything.
I'm just reading through the pages.
i.e. it just happens...
Firefox with addons is the way to go!
Running IE 8 on XP with SP 3
malybru said:
Running IE 8 on XP with SP 3
Click to expand...
Click to collapse
Are you 100% certain that you are fully patched, and not getting this from any other site?
I browse XDA on windows and linux. No attacks here. If any exe was attempting to load, linux would prompt a file download window...
Can you locate the file perhaps in connection or firewall logs?
Also, IE 8 isn't renowned for its high security. Might I suggest Chrome, as its sandboxing is pretty impressive.
If it (The problem) was on XDA, I am sure more people would have seen it, and it would be sorted by now...
pulser_g2 said:
Are you 100% certain that you are fully patched, and not getting this from any other site?
I browse XDA on windows and linux. No attacks here. If any exe was attempting to load, linux would prompt a file download window...
Can you locate the file perhaps in connection or firewall logs?
Also, IE 8 isn't renowned for its high security. Might I suggest Chrome, as its sandboxing is pretty impressive.
If it (The problem) was on XDA, I am sure more people would have seen it, and it would be sorted by now...
Click to expand...
Click to collapse
Hi,
when the attacks occured,I was only browsing these pages.
My anti-virus caught five files which it called "TROJ_FAKEAV.SM10"
As for the spyware,I have no record because I had to wipe my system.It called itself "XP SECURITY 2011".That's the only information I could get ,because it locked me out of my system.
I was not trying to cause trouble by bringing this to people's attention.It was more of a warning,and to see if other people had suffered anything similar.
As for my own security,I bought Webroot Spy Sweeper,and I might just try Google Chrome(thanks for the tip )
malybru said:
Hi,
when the attacks occured,I was only browsing these pages.
My anti-virus caught five files which it called "TROJ_FAKEAV.SM10"
As for the spyware,I have no record because I had to wipe my system.It called itself "XP SECURITY 2011".That's the only information I could get ,because it locked me out of my system.
I was not trying to cause trouble by bringing this to people's attention.It was more of a warning,and to see if other people had suffered anything similar.
As for my own security,I bought Webroot Spy Sweeper,and I might just try Google Chrome(thanks for the tip )
Click to expand...
Click to collapse
This has nothing to do with the XDA site. Switch to Google Chrome (amazing security and fast browsing), or Firefox. Google Chrome has EXTENSIONS that you can install for these certain things.
This can't be an XDA problem. Most likely, it is a IE8 problem and all the **** that comes with it. Switch browsers and then uninstall IE8.
WARNING: * Google Chrome is heavily dependent on IE settings. *
XP Security 2011 is just coming back on its on!!!
Like everyone else says, it's not XDA giving you this issue. The problem is, and will continue to be, you are running an already infected system. Wiping the system clean should get rid of it, but once you restore a backup from Acronis, you are more than likely restoring the infection! The best way to get rid of XP Security 2011 is to run Malwarebytes Antimalware in safe mode. Also run CCleaner while still in safe mode to remove all temporary internet files and TEMP files (which is where a lot of these types of spyware normally hang out). Then once its gone go back to normal mode and download a copy of SUPERAntiSpyware and allow it to give you real-time protection. The problem with XP Security 2011 (and it's previous annual variants) is that it is very resilient (upon reboots, it reinstalls itself if the entire infection is not removed). If all else fails, pay a pro to get rid of the actual infection, install some better protection than Webroot (which thoroughly sucks) and you should be good.
How about google chrome? would it do the job too??
imso said:
How about google chrome? would it do the job too??
Click to expand...
Click to collapse
It should, but having a good (real-time) anti-spyware solution (like MS Security Essentials, AVG, SUPERAntispyware, SpyBot S&D or Malwarebytes) is the best way to HELP prevent spyware infections like that. Also keep a good Antivirus software up to date too (like Norton 360, AVG, Avast, Nod32, Kaspersky or MS Security Essentials). But nowadays over 90% of infections are spyware not viruses!
imso said:
How about google chrome? would it do the job too??
Click to expand...
Click to collapse
Keep in mind Google Chrome still heavily relies on IE settings and config.
willflint said:
It should, but having a good (real-time) anti-spyware solution (like MS Security Essentials, AVG, SUPERAntispyware, SpyBot S&D or Malwarebytes) is the best way to HELP prevent spyware infections like that. Also keep a good Antivirus software up to date too (like Norton 360, AVG, Avast, Nod32, Kaspersky or MS Security Essentials). But nowadays over 90% of infections are spyware not viruses!
Click to expand...
Click to collapse
Hi,
Thanks for the advice.
Can I please ask what is your experience of the programs you mention,and on what basis you are making these suggestions.
I did some research on anti-spyware and webroot came highly recommended.What makes you say that it sucks?
Also I have installed Chrome and Firefox and am alternating between the two. Having said that Webroot has just quarantined a file called "keyloggr for chrome"
Having no luck recently...
malybru said:
Hi,
Thanks for the advice.
Can I please ask what is your experience of the programs you mention,and on what basis you are making these suggestions.
I did some research on anti-spyware and webroot came highly recommended.What makes you say that it sucks?
Also I have installed Chrome and Firefox and am alternating between the two. Having said that Webroot has just quarantined a file called "keyloggr for chrome"
Having no luck recently...
Click to expand...
Click to collapse
Be sure not to install any extensions that aren't highly popular and have a bad review. Also, Webroot isn't exactly accurate and real time, I wouldn't use it.

[Q] How install a clean Linux Ubuntu on my HDHD

Hello experts on this forum
I`m a total newbie into this technology. I got myself a nice HTC desire HD. After a while, I got aggravated, feeling monitored by Mr. Orwell, whith this Android system. To my great surprise, I believe that I managed to route the phone, and install a Linux firewall. However, I still feel a little paranoid.
I know that people like me, stumbling around on a forum like this, might be a pain in the a. because we don`t "RFTM": However I tried, but there`s so many words that I don`t understand. I`m not a computer expert, and I`m not familiar with DOS programming. However, If I get my hands on a clear list, I know I can do it.
My question is this: I Use a modern iMac, with a card reader. I`ve two separate micro sd cards. Do anyone of you know about a nice, and simple explanation that idiots like me would understand, in order to completely wipe out this Google OS, and install a "clean" Ubuntu? I`m willing to make a real effort to learn, and I have patience. I love my HDHD because of the big nice screen, but I like to keep my personal life only for myself. I can`t stand that Mr. Orwell snap up all my datapackets.
Any help would be greatly appreciated, from you experts. I fear that this might be hard with a Mac, but I do have access to full DOS- utility on my computer. (iMac with i7 processor.
Also, am I pretty safe, with Ubunto on my machine?
Thank you so much in advance.
You do realise that running ubuntu on a device that only has a touchscreen is kinda fail...
Also, i doubt Mr. Orwell - whoever he is ( The only guy i can find on google is some author) would even be able to monitor anything. Android is completely Open source, so it would be kinda suspicious to insert code that sends "Packets" somewhere.
Even if someone is somehow monitoring you through the Android OS, i doubt that they would bother monitoring a single person, out of the tens or hundreds of millions of other android users.
Regardless, following this guide, and doing a full wipe (Download superwipe from android revolution, flash it in CWM) should completely remove android. (And install ubuntu)
314 said:
You do realise that running ubuntu on a device that only has a touchscreen is kinda fail...
Also, i doubt Mr. Orwell - whoever he is ( The only guy i can find on google is some author) would even be able to monitor anything. Android is completely Open source, so it would be kinda suspicious to insert code that sends "Packets" somewhere.
Even if someone is somehow monitoring you through the Android OS, i doubt that they would bother monitoring a single person, out of the tens or hundreds of millions of other android users.
Regardless, following this guide, and doing a full wipe (Download superwipe from android revolution, flash it in CWM) should completely remove android. (And install ubuntu)
Click to expand...
Click to collapse
Hi, and thank you very much for answering my question. Mr. Orwell wrote about 1984, if I`m not wrong. Today, my gut feeling tells me, that all the apps onboard my HTC sends away datapackets that I would like to stop. After installing this Linux firewall, I was amazed to see how many apps that sent away packets with headers, containing mye personalia. Even my camera stopped working properly, when activating the linux firewall.
Nix ok for me. To bad, because I found the Android system very nice and intuitive to use. My great challenge, is that I`m not a nerd. I whish a was, in a technical perspective. Many thanks for your link to the guide. As long as I can type text messages, check the web/mail, and maybe the weather forecast, I`m happy.
What I really fear, is that I will manage to mess up this machine of mine. Well, it`s just a thing, and I `ll survive, if I brake it. My economy isn`t the greatest, but heck, it`s worth a try.
Best regards!
You could always try flashing a clean install of CM7. It doesnt have any HTC Apps, just google.
Also, the packets are either log data, or sync data for HTCSense.com contact/etc backup. You can disable it by flashing ROM Cleaner and only removing the HTC Hub related and HTC "Spyware". This is only required if you want to stay on sense.
Google backup can be disabled by removing your google account, or going Settings>Privacy and untick "Back up my settings" (I think its disabled by default on CM/Miui roms)

WARNING: Jiayu S3 Malware warning! How to detect and remove.

Recieved my shiny new Jiayu S3 3GB version today.
Noticed some dodgy apps in the all apps list, decided to malware scan - glad I did!
First check to see if your device is infected.
Go to your google apps play store and install Malware-byte's Anti-Malware Mobile.
Run a scan on the device, if it's the same as me you'll get 19 detected items. Feel free to scan with another scanner if you don't trust it.
After scanning with just Malware-bytes, the items I had were:
afternoon
Black Hole
blue sea
Butterfly Love
Fangge
Fantasy
FoldPager
Galaxy5
GoldenLife
Gridiron
honor
IOS7
LuckyCat
Petal
PowderBox
Snow and ice
Star Diamond
Twinkle
Zoo
REMOVAL:
I had to go into the security menu of the settings and enable Superuser.
Install this app from the Play Store: 'System app remover (ROOT)' (I can't post outside links)
Using this app you can remove the apps. I also removed the "Unlocker" and "father.rickety.ordinaire.suspiciousness" even though they weren't detected as Malware because..well they sound suspicious. (I mean come on, 'suspiciousness' in the title?!)
I have been monitoring the phone and I have seen no effect of functionality after removing these packages.
The speed of the phone has also increased, which is nice.
From my research it looks like Jiayu have used a 4.4.4 base ROM that was infected as there are other Jaiyu phones with the 4.4.4 ROM that are infected with these.
Best of luck and enjoy your malware free Jiayu S3
I am on the latest S3S rom 20150507-083407 and ran this anti malware and it picked up nothing, a clean scan. I bought mine from the Factory website.
No known malware on mine. As an extra precaution I use DroidWall, a iptables app to block any conversation from apps that don't need access to internet or lan.
KapzyPanda, where did you buy your phone ? Have you changed the Android (OTA, custom ROM) ?
I got mine from coolicool, EU warehouse, several OTA updates, then update to S3S 20150507-083407 from needrom.
Scanning now, found 2 problems.
Actually, the same file: WiFiKill - this is not a problem.
Your 19 problems found - what was the name of the infection ?
Congratulations..... you managed to remove all your pretty (variety) lock screens. Including the star diamond which is FABULOUS and can be seen in action in s7yler's review of this phone on youtube at time code 6:40.... In the later firmware version it has been removed because of all the false flagging which is a darn shame because I love this lock screen. Soooooo if any of you know how to get hold of the desired star diamond, DO please let me know...... It would be much appreciated....
PippiD said:
Congratulations..... you managed to remove all your pretty (variety) lock screens. Including the star diamond which is FABULOUS and can be seen in action in s7yler's review of this phone on youtube at time code 6:40.... In the later firmware version it has been removed because of all the false flagging which is a darn shame because I love this lock screen. Soooooo if any of you know how to get hold of the desired star diamond, DO please let me know...... It would be much appreciated....
Click to expand...
Click to collapse
I guess if you can find the ROM (perhaps on needrom), then you can unpack it, and loop mount the system partition where the star diamond can be found as apk.
Nofan Tasi said:
I guess if you can find the ROM (perhaps on needrom), then you can unpack it, and loop mount the system partition where the star diamond can be found as apk.
Click to expand...
Click to collapse
I didn't even know that was possible.... Newbie eager to learn..... Just did a search on the how to's now and see that you can unpack a rom with winrar etc.... Wow... Now I don't understand the loop mounting bit (yet) but I guess I can't just extract the apk, place it in the download folder and run because it's part of the system? What about using something like APK Swapper?
PippiD said:
I didn't even know that was possible.... Newbie eager to learn..... Just did a search on the how to's now and see that you can unpack a rom with winrar etc.... Wow... Now I don't understand the loop mounting bit (yet) but I guess I can't just extract the apk, place it in the download folder and run because it's part of the system? What about using something like APK Swapper?
Click to expand...
Click to collapse
I work on linux where one loop mounts files that are filesystems. I guess similar tools exist on other operating systems, but I cannot tell. Sorry...
Nofan Tasi said:
I work on linux where one loop mounts files that are filesystems. I guess similar tools exist on other operating systems, but I cannot tell. Sorry...
Click to expand...
Click to collapse
NAH! You've been a great help! thanks....
hi
you should be careful from where you download roms.
Some will/are indeed infected.
I saw at least 3 roms infected (2 from that site we all know needr ...) and another one from another forum ...
Also, some Chinese stores re-flashed their devices, with those roms... I dont know whats the deal...
cheers
The deal is that what we consider viruses the China based devices are required to have so the Chinese government can monitor it's citizens.
To be honest unless you live in China I would avoid China devices.
zelendel said:
The deal is that what we consider viruses the China based devices are required to have so the Chinese government can monitor it's citizens.
To be honest unless you live in China I would avoid China devices.
Click to expand...
Click to collapse
@zelendel
You seem to hold sufficient wisdom to close threads where so called
illegal activity is happening by innocent people who do not even know
it is illegal and where one would rather need to put people in jail
who provide tools to implement the illegal activity. It is like you
point to the drug user in stead of the drug dealer. These are my last
words on XDA. I disappear and perhaps come back under different name
(this one and all names here are kind of fake anyway).
Nofan Tasi said:
@zelendel
You seem to hold sufficient wisdom to close threads where so called
illegal activity is happening by innocent people who do not even know
it is illegal and where one would rather need to put people in jail
who provide tools to implement the illegal activity. It is like you
point to the drug user in stead of the drug dealer. These are my last
words on XDA. I disappear and perhaps come back under different name
(this one and all names here are kind of fake anyway).
Click to expand...
Click to collapse
If it is legal or not depends on where you live. Plain and simple. Just because people don't know it's illegal doesn't protect them. It's called research. Something that should be done.
Also making another account is against xda rules and is a banable offence.
There is an app called recents. It has a blue icon with a cog. I didn't install that and every time I unlocked my phone filled my screen with ads. I got rid of the app and everything is fine. Please check your phones
atsimeri said:
There is an app called recents. It has a blue icon with a cog. I didn't install that and every time I unlocked my phone filled my screen with ads. I got rid of the app and everything is fine. Please check your phones
Click to expand...
Click to collapse
I had ads too and just found this installed on my device! Uninstalled now, thank's Astimeri :good:
mrgbuzz said:
I had ads too and just found this installed on my device! Uninstalled now, thank's Astimeri :good:
Click to expand...
Click to collapse
Same happened to me. Fortunately, it can be easily removed.
Odd.. I noticed that recents have updated it self... I've now removed both! thanks OP.
High RAM consumption...
Since this week,ive started expierence some laggs and high ram consumption...
I have the 3 GB version,and with just google chrome i can reach 1.2 free memory...
Is it normal?
Custom rom (by dalet11, from needrom) with twrp recovery. Xposed and many modules...(13+-)
Is that matters?
Thanks, i'm new...:highfive:
about miscellaneous adds
is anyone here getting miscellaneous ads while opening any app??
raghavveerlas said:
is anyone here getting miscellaneous ads while opening any app??
Click to expand...
Click to collapse
Which ROM? You can search the big thread from "s7yler" for a user named "NStorm". He found some maleware.

Categories

Resources