Help! I think I found spyware!

[KaTastrophy92]

I stumbled across 2 unfamiliar files in my Google Docs. From what little I know about spyware I think these suspicious files could have been planted there by my ex boyfriend. I'm just going to copy and paste a few lines from each as opposed to attaching them in case they're actually dangerous. I actually paid an ethical hacker to check into it for me to no avail. That just left me feeling like a tools. I don't know what else to do. If anyone can identify this writing for me I would Greatly Appreciate it.
15/08/2019 06:18:18 [CallRecorderService]/9: DEVICE_STRATEGY_CHECK: LM-X210(G)
(cv1) defaulting to VOICE_CALL
15/08/2019 08:15:37 [CallRecorderService]/9: DEVICE_STRATEGY_CHECK: LM-X210(G)
(cv1) defaulting to VOICE_CALL
15/08/2019 08:15:37 [CallRecorder]/9: SetAutomatic = true
15/08/2019 06:18:18 [CallRecorderService]/9: DEVICE_STRATEGY_CHECK: LM-X210(G)
(cv1) defaulting to VOICE_CALL
15/08/2019 08:15:37 [CallRecorderService]/9: DEVICE_STRATEGY_CHECK: LM-X210(G)
(cv1) defaulting to VOICE_CALL
15/08/2019 08:15:37 [CallRecorder]/9: SetAutomatic = true


And Here's A Few Lines From The 2nd One(which is 13 pages long..)
com.android.internal.os.RuntimeInit$MethodAndArgsCaller.run(RuntimeInit.java:438)

    at com.android.internal.os.ZygoteInit.main(ZygoteInit.java:857)

Caused by: java.lang.NullPointerException: Attempt to invoke virtual method 'int java.util.ArrayList.size()' on a null object reference

    at huiyan.p2pipcam.adapter.CameraMoreAdapter.getCount(CameraMoreAdapter.java:50)

 

[Steven58]

Have you done a factory data reset?

 

[GameTheory]

I stumbled across 2 unfamiliar files in my Google Docs. From what little I know about spyware I think these suspicious files could have been planted there by my ex boyfriend. I'm just going to copy and paste a few lines from each as opposed to attaching them in case they're actually dangerous. I actually paid an ethical hacker to check into it for me to no avail. That just left me feeling like a tools. I don't know what else to do. If anyone can identify this writing for me I would Greatly Appreciate it.
15/08/2019 06:18:18 [CallRecorderService]/9: DEVICE_STRATEGY_CHECK: LM-X210(G)
(cv1) defaulting to VOICE_CALL
15/08/2019 08:15:37 [CallRecorderService]/9: DEVICE_STRATEGY_CHECK: LM-X210(G)
(cv1) defaulting to VOICE_CALL
15/08/2019 08:15:37 [CallRecorder]/9: SetAutomatic = true
15/08/2019 06:18:18 [CallRecorderService]/9: DEVICE_STRATEGY_CHECK: LM-X210(G)
(cv1) defaulting to VOICE_CALL
15/08/2019 08:15:37 [CallRecorderService]/9: DEVICE_STRATEGY_CHECK: LM-X210(G)
(cv1) defaulting to VOICE_CALL
15/08/2019 08:15:37 [CallRecorder]/9: SetAutomatic = true


And Here's A Few Lines From The 2nd One(which is 13 pages long..)
com.android.internal.os.RuntimeInit$MethodAndArgsCaller.run(RuntimeInit.java:438)

    at com.android.internal.os.ZygoteInit.main(ZygoteInit.java:857)

Caused by: java.lang.NullPointerException: Attempt to invoke virtual method 'int java.util.ArrayList.size()' on a null object reference

    at huiyan.p2pipcam.adapter.CameraMoreAdapter.getCount(CameraMoreAdapter.java:50)

Seems to me like your Ex was trying to be an android app developer and was working on some type of camera app.

In the second file there's common errors for the Java programming language used for android apps like the Null Pointer Exception. By the looks of it he was unsuccessful in creating his app.

The first file leads be to believe that he was using an "LG Aristo 2" phone to test his app.

So here are some questions...
Did your Ex show interest in app development?
Does he have or had and LG Aristo 2 phone?
What are the names of these 2 files?

By the way, you should demand your money back from that "ethical hacker" you hired if he couldn't at least give you the info I provided above.

 

[MoodyBlues]

By the way, you should demand your money back from that "ethical hacker" you hired if he couldn't at least give you the info I provided above.

I wish I could 'like' that twice!

 

[svim]

Since you had it checked out and don't believe the results, try submitting what you feel is 'spyware' to VirusTotal, it's a very well established site with long history:
https://www.virustotal.com/gui/home/upload
https://en.wikipedia.org/wiki/VirusTotal
AV products are by no means 100% reliable, with false positives and failure to detect being a very common issue. VirusTotal is not itself an AV detection service but a conglomeration of multiple AV services, the issue being it relies on different scanners and detectors that each have their own abilities in finding exploits. So set your expectations accordingly -- even if nothing notable is detected, that doesn't mean there isn't something to worry about but offhand it just appears as if your ex inadvertently left some project he dabbled with on your Google Drive service. Is there some reason as to why you think this was indeed a nefarious action on his part? Is your phone suddenly having issues with usability?

 

[KaTastrophy92]

Seems to me like your Ex was trying to be an android app developer and was working on some type of camera app.

In the second file there's common errors for the Java programming language used for android apps like the Null Pointer Exception. By the looks of it he was unsuccessful in creating his app.

The first file leads be to believe that he was using an 'LG Aristo 2' phone to test his app.

So here are some questions...
Did your Ex show interest in app development?
Does he have or had and LG Aristo 2 phone?
What are the names of these 2 files?

By the way, you should demand your money back from that 'ethical hacker' you hired if he couldn't at least give you the info I provided above.

Hi Steven58.
Thank you for responding. I did a factory reset right away. It was the next day that I found the 2nd file.

Also, since then, I have lost All my audio recordings and as a songwriter that is downright devastating. Then, this morning when I opened my File app looking for something else, I see almost 100 emojis added in the under images.
My ex builds websites and was in on the ground floor at IBM before personal computers were available. So, yes, he is capable of building programs. However, the LG Aristo phone is mine and because we live an hour apart he very seldom has access to it. When we Were able to spend time together I can't remember him Ever having possession of my phone.

The name of the 1st file I found is 'CallRecord_log-2' and the 2nd file has no title although the word 'wansview' inside the document is the brand name of my in-home security cameras.

I intend to ask for a refund from the 'professional ethical hacker' I hired however I feel that is a long shot.
I am Eternally Grateful for your input. It is putting my fears of the 'spyware' possibility theory at ease.
Thank you!
KaTastrophy

 

[KaTastrophy92]

TO GAME THEORY,
Please forgive me for directing my entire response to Steven58. I'm still fumbling around this forum.

TO SVIM.
I will definitely send my enquiry to the 2 companies you suggested. Thanks for your response. What the 'ethical hacker' I hired said was that the hack on my devices was buried so deep that he would have to purchase more, and more 'tools' to crack it. I believed him because he sent me 2 progress reports. I admit that I was taken, but I was confused and afraid, not to mention emotional over the whole 'breakup' after 16 years. I'm attaching the progress reports I received. It would be interesting to get your opinion on them.
THANK YOU!!
(please let me know if the 2 attachments are replicas of each other)

 

[KaTastrophy92]

Oops! Here is the second file sent to me by 'professional ethical hacker'

 

[svim]

Note that doing a Factory Reset affects only the data partition that's on your phone, so if those 'suspect' files are in your Google Docs they reside online in your Google account, not on your phone.

Strongly suggest you get second opinion on your phone actually being compromised.

 

[MoodyBlues]

I'm attaching the progress reports I received.

Can you tell us what these 'progress reports' were supposed to mean to you?

I'm asking because, as a UNIX/Linux professional since the last Ice Age, I can't imagine what you were supposed to glean from them.

 

[KaTastrophy92]

The reports were supposed to show me how close he was to cracking the code of the hack. He was So Close but he needed One More Tool to get to the bottom of it all and that was going to cost more money... Money that I'm not desperate enough to spend.
And, as far as my ex having any motivation to hurt me, he dumped me after 16 yrs and I'm left with all the questions. If anyone would be spying on the other it would be me. A I'm very confused...

 

[svim]

This isn't meant to be snarky or dismissive to your problem but it might be better for your own mental health to just buy a new phone. At this point since you have so many suspicions about your current phone, continuing to use it is just a source of frustration and aggravation. For your own peace of mind, just stop using this phone and get a new, 'clean' one.

Buy a new phone and before you even turn it on for the first time, be sure to:
-- Back up your data to a computer, and then be sure to scan the backup with a trusted anti-virus and anti-malware utility.
-- Reset the passwords for all your online services.
Then start up your new phone, adding in your Google account and all other social media services using their new passwords, and copy over all your 'scanned and hopefully cleansed' files.

 

[MoodyBlues]

The reports were supposed to show me how close he was to cracking the code of the hack.

Yes, but are you a UNIX expert? My guess--and please correct me if I'm wrong--is that you're not. My other guess is that this person thought showing you a bunch of computerese mumbo-jumbo would appease and reassure you that he was on to something.

I'm sorry you were taken by this anything-but-ethical hacker. But live and learn, right?

Those files you're suspicious of--delete them! They're Google Docs, right? Unless you saved them locally, they should only exist in Google's cloud--so get rid of them.

Other things you've mentioned, like a file that has no name, simply don't make sense in the computer world. With UNIX/Linux systems, which include Android, it's possible to name a file with non-printable characters, but that's something I haven't even thought about in 30 years.

You said that after doing a factory reset, you lost all your audio files. Are you quite sure about that chronology? You're aware that factory resetting your device deletes all your personal files, right? Is it possible the order was reversed?

I know this not only won't help you now, but may piss you off, but here goes: if you had come here first, we could've saved you some money, angst, stress and worry. We could have stepped you through resolving any concerns you had.

My advice is to first verify that your audio files are actually gone; they may have somehow gotten moved or renamed. We can help you look for them.

Then, after backing up any personal files you want to keep, and deleting anything from Google Docs that you don't want, log out of your Google account and do a factory reset. Then, from a computer browser, log in to your Google account and enable/set up two-step verification.

Now fire up your phone and step through setting it up; you'll be prompted for the 2-step login method you chose. Do fresh installs of any apps you want; copy over any files you saved (like photos or videos); keep your phone to yourself. This should give you a bright, shiny 'new' phone with no shit on it.

If that fails...buy a new phone.

 

[KaTastrophy92]

This isn't meant to be snarky or dismissive to your problem but it might be better for your own mental health to just buy a new phone. At this point since you have so many suspicions about your current phone, continuing to use it is just a source of frustration and aggravation. For your own peace of mind, just stop using this phone and get a new, 'clean' one.

Buy a new phone and before you even turn it on for the first time, be sure to:
-- Back up your data to a computer, and then be sure to scan the backup with a trusted anti-virus and anti-malware utility.
-- Reset the passwords for all your online services.
Then start up your new phone, adding in your Google account and all other social media services using their new passwords, and copy over all your 'scanned and hopefully cleansed' files.

svim,
I don't take your comments as snarky or dismissive at all. You are going out of your way to help me here and my gratitude far outweighs my insecurity.
The only reason I haven't thrown my phone into the Gulf Of Mexico yet is because I was afraid this threat may not be isolated to the one device. Also, as you can see, I'm not very knowledgeable in this field. Just enough to be dangerous, lol.
Also, there have been incidents with my Messenger account. Such as, a new account called Sunny Dee appeared on my messenger home page as a second account of mine. I deleted it, but not before I took a screen shot of it.

And, lastly, which anti-virus/anti-malware utility do you recommend?

Thank you!

 

[KaTastrophy92]

Yes, but are you a UNIX expert? My guess--and please correct me if I'm wrong--is that you're not. My other guess is that this person thought showing you a bunch of computerese mumbo-jumbo would appease and reassure you that he was on to something.

I'm sorry you were taken by this anything-but-ethical hacker. But live and learn, right?

Those files you're suspicious of--delete them! They're Google Docs, right? Unless you saved them locally, they should only exist in Google's cloud--so get rid of them.

Other things you've mentioned, like a file that has no name, simply don't make sense in the computer world. With UNIX/Linux systems, which include Android, it's possible to name a file with non-printable characters, but that's something I haven't even thought about in 30 years.

You said that after doing a factory reset, you lost all your audio files. Are you quite sure about that chronology? You're aware that factory resetting your device deletes all your personal files, right? Is it possible the order was reversed?

I know this not only won't help you now, but may piss you off, but here goes: if you had come here first, we could've saved you some money, angst, stress and worry. We could have stepped you through resolving any concerns you had.

My advice is to first verify that your audio files are actually gone; they may have somehow gotten moved or renamed. We can help you look for them.

Then, after backing up any personal files you want to keep, and deleting anything from Google Docs that you don't want, log out of your Google account and do a factory reset. Then, from a computer browser, log in to your Google account and enable/set up two-step verification.

Now fire up your phone and step through setting it up; you'll be prompted for the 2-step login method you chose. Do fresh installs of any apps you want; copy over any files you saved (like photos or videos); keep your phone to yourself. This should give you a bright, shiny 'new' phone with no shit on it.

If that fails...buy a new phone.

I DO wish I had found this forum Before I had hired the hacker. I'm aware that I'm not the sharpest knife in the drawer, so speak freely. No need to sugar coat.
The way I found this forum was by copying a line from the suspicious file and pasting it into my browser. The search first took me to Stack Overflow, GitHub, and some hacker sites. It wasn't until the 4th or 5th time I did that, that I wound up here.
I have many more questions for you, like where do I look for the audio filled? And, should I consider switching to Linux?
But, I'll have to come back in a few hours.
Please, if possible, read my response to svim.
Thanks M.B.!

 

[GameTheory]

@KaTastrophy92

I think the path of least resistance that you can take to solve this without costing you anything is as follows...

Both MoodyBlues and svim have more or less outlined this. Figured I'd put it in a neat list for you.

1. Remove your gmail and all other accounts from your phone.
2. Get on a PC and reset the passwords for all accounts (ie. gmail, messenger, and any others you have). Make sure these passwords are long and mixed with numbers and letters and throw some capitol letters in there too. Make sure these passwords are random and not personalized and different for each account.
3. Now do a factory reset on your phone.
4. Finally input your accounts to your phone with your new passwords.

With the above steps anyone that has access to your accounts will loose that access and therefore freeing you of this stressful situation.

As for an anti-virus, I don't use any on linux, but Norton and Kaspersky seem to be good amongst Windows users.

 

[MoodyBlues]

I DO wish I had found this forum Before I had hired the hacker.

I feel pretty confident speaking for others right now: so do we! It would've saved you time, worry and money. But that didn't happen, so let's move forward.

I'm aware that I'm not the sharpest knife in the drawer, so speak freely. No need to sugar coat.

Now, now! Not being an expert in a field doesn't equate to not being smart. I'm sure you're well-versed in things I, and others here, are clueless about.

I have many more questions for you, like where do I look for the audio filled?

Using a file manager/explorer, and not a media app, thoroughly search through all directories and subdirectories you have access to. Your device probably came with its own file manager, but some of them suck. Better to use a good one from the Play Store; there are many, but among my current favorites are Solid Explorer and Astro File Manager (mine are paid).

You'll have to peruse each directory carefully, because if files somehow got renamed, they may not have familiar file types, like MP3 or WAV, in their names. Let us know what, if anything, you find.

And, should I consider switching to Linux?

Yes! A resounding *YES*--from me. But I'm extremely biased--and equally vocal about it. The short version: you're already using a Linux, Android, so why not use real Linux?

Linux on a PC (including laptops) gives you security window$ -still- cannot match, despite decades of trying. Switching to Linux does not need to be difficult or painful. Everyone here knows that my favorite Linux distribution is Kubuntu. Its interface is infinitely customizable and can do things you'd never imagine on windows.

I switched my then-83 year old mother to Kubuntu, set it up to look and act like what she was used to, and said 'there you go!' She loved it, and had no complaints except that it was 'too fast.' And she was perplexed by no longer needing to reboot.

Other people will surely give opposing opinions, and that's fine. You need to decide what's best for you. But just picture a fast computer, secure from viruses that plague windows, with built-in security and privacy, and virtually no rebooting...

Please, if possible, read my response to svim.
Thanks M.B.!

I did, and you're welcome.

 

[KaTastrophy92]

Status update:
I have carefully followed the expert advice of everyone in this forum and it has brought me to a new realization. I ran the 2 files I discovered in my Google Docs through the website to which svim directed me and within seconds they were both determined to be without spyware or malware. (So why were they planted there??)
I have been barking up the wrong tree! My phone is not, in fact, the target as MB or svim (forgive me, I can't see the conversation from this screen) said earlier in the forum. After following everyone's advice I realized that it was my Google account that may have been compromised. So, I went on YouTube an researched what to do. After going into the 'Sign In and Security' section I was able to see what devices had been signed in to my Google account over the past week. Two of those devices I didn't recognize. So I found the IP #s of those 2 devices, one of which was a Google 'switch' and plugged them into a program that geographically pinpoints devices based on their IPs. (It might be called 'Checkpoint' but I'd have to backtrack to be sure. I found many after searching for 'IP Geography') That's when I recognized that someone I know is right now traveling the same area as the switcher. PA, DC, and Tampa. So that took my ex out of the equation.
Upon gaining that knowledge, I went in to change my Google PW once Again when I noticed the option to access other accounts tied to my personal account. It was then that I discovered a 'Brand' account attached. I have never heard of such a thing, but I could not access the account. However, the security question specifically named one of the 2 people who are making that particular road trip as we speak.
The security question is 'where did you meet _______________'(one of their names), but the name is spelled incorrectly so I can't know for sure which one got into my account.

All that being said, I still have so many questions. Especially motivation!

Nevertheless, I am going to continue following the precise directions or my new and highly respected friends here at the Android Forum until I feel the last little possible bug is cleared from my entire system of communications!!

I am mentally EXHAUSTED, but well on my way to redemption thanks to all of You!!

Much Appreciation!!!

KaTastrophy92