• After 15+ years, we've made a big change: Android Forums is now Early Bird Club. Learn more here.

Root Help! Phone locked by Pirates

N

nubianepiphany

Newbie
Hi.

I have a Samsung G3..yea, I know it's old...but anyway, was surfing the web on the phone today, accidentally hit a link and now my phone is locked....with a message to send $500 to unlock it..I've been through the files as I can see them, but don't recognize anything funny...I'm not a techy person.
Back in 2013, I had Remanifest root the phone for me with TWRP...we made the nandroid, etc...but I am unable to get to ANY FILES on the phone.

This is my ONLY phone and I don't have the money to just run out and buy a new one. Was wondering if anyone would be willing to perhaps help me flash the recovery or has TWRP (cause I dont' think my ATT model will run any other for a small fee.

I checked to see if Remanifest was around, but he hasn't been seen on the board in a while.

Any help that can be provided would be great.
Thanks.
 
JustRamon said:
Can you tell us the level of the lock? Does it appear before the android boot animation? Does it load after you leave the lockscreen?
Click to expand...

It locks the screen on the phone after it boots up...it goes all the way through boot sequence, I get to see my apps on the screen...then...BAM...it locks it to this stinking screen with Obama pointing his finger at me...followed by all the ways I can payup to unlock the phone...I'm too mad. I wish I could upload a screenshot, but I can't even get into ES file explorer...I got nothing.
 
Yes...FBI warning...I was looking around to see if there are any programs I can download to laptop to scan for virus...I tried using my AVG, but it won't even read the phone.
 
I have Lookout...gonna try that.


Well, that won't work...can't scan it from laptop...darn the luck:(
And I just had a family pass away...was awaiting phone call from my mom...can't even answer the stinking phone.
 
Maybe download the drivers for your phone install them on your laptop download ODIN find a stock rom and enter download mode if you can and use that to restore your phone to stock?
 
Heights713 said:
If you have twrp installed have you tried wiping the device from recovery?
Click to expand...

Heights713 said:
Maybe download the drivers for your phone install them on your laptop download ODIN find a stock rom and enter download mode if you can and use that to restore your phone to stock?
Click to expand...

I can't get into the phone to see anything...and for the last, that's asking me to do something I've no idea about.

But thanks, anyway...lol
 
I take it, after you accidentally downloaded the app from the internet, you CHOSE to install it?
Or it installed itself (which would be very new and scary)
Did you have Unknown Sources allowed in Settings, Security?
Just interested
 
funkylogik said:
I take it, after you accidentally downloaded the app from the internet, you CHOSE to install it?
Or it installed itself (which would be very new and scary)
Did you have Unknown Sources allowed in Settings, Security?
Just interested
Click to expand...
He should have had that enabled. I know Google's security is high on package installation...

Also sometimes you hit buttons accidentally, like when mistyping on a keyboard. It may have been just an accident.
 
None of these options help...I CANNOT get past the screen lock option..via safe mode or any other...and if I were able to just use an app...I would, but I cannot download anything nor use any apps already on the phone.
My last option would be to factory reset it and I'm afraid to try and re-flash it on my own.
I'm ****ed.
 
It installed by itself...trust me...it's showing up as a browser icon on the phone, that I can see on the screen..but when I've gone in and looked at what files I can see...I can't find it.

Oddly, when I got to file Android and than applications..the entire folder is blank.
 
nubianepiphany said:
It installed by itself...trust me...it's showing up as a browser icon on the phone, that I can see on the screen..but when I've gone in and looked at what files I can see...I can't find it.

Oddly, when I got to file Android and than applications..the entire folder is blank.
Click to expand...
Method 3: Reported to work on Samsung Galaxy S3 and other devices

Power down your Android device.Turn on, then press and hold Volume Down (Galaxy S3 and others), Volume Up (HTC One and others), or Volume Down and Volume Up together (various Motorola devices) when the vendor’s logo appears.If you have managed to select Safe Mode, you will see the text “Safe Mode” at the bottom left corner of the screen.

STEP 2: Uninstall the malicious app from your Android phone

The Police or FBI virus for Android installs itself under the name BaDoink (apparently the name of a well-known online porn service), so we will need to uninstall it from your smartphone.

To uninstall the malicious app from your Android device, go to the Settings menu, then click on Apps or Application manager (this may differ depending on your device).
This will bring up a list of installed apps, including the malicious app that is responsible for the Police or FBI lock screen.
At this moment the malicious app that is locking Android phones goes by the name of “BaDoink”, however cyber criminals will most likely change the name of the app in the future (other known names: Video Player, Network Driver System, Video Render and other names). Search in the list of apps for any unknown or suspicious apps. In our case the malicious app is “BaDoink“.


If the malicious app is “Adobe Flash Player“, then your Android phone is infected with the latest version ofScarePakage ransomware. This app will most likely will not allow you to uninstall it.
To remove it, some variants of ScarePakage (fake Adobe Flash Player app) will uninstall themselves if you enter a random, long-enough number to satisfy the MoneyPak (15-digits) demand. If this will not work, than you will have to follow reset your phone.

Touch the app you’d like to uninstall.This won’t start the app, but will open up the program’s App Info screen, then click on “Uninstall” button:


If you cannot uninstall the malicious because the Uninstallbutton is not available, we will need to follow these steps:

Go to Settings, then click onSecurity and select Device administrators.
Here, you can see the various apps checked forDevice Adminstrator access, just uncheck the app that you would like to uninstall and Deactivate it in the next screen.
Now you can go back and the Uninstall button should be now available.

A confirmation dialog should be displayed for the malicious app, click on “OK” to remove the malicious app from your Android phone.
You may now reboot your Android phone out of the “Safe Mode”.
 
JustRamon said:
Method 3: Reported to work on Samsung Galaxy S3 and other devices

Power down your Android device.Turn on, then press and hold Volume Down (Galaxy S3 and others), Volume Up (HTC One and others), or Volume Down and Volume Up together (various Motorola devices) when the vendor’s logo appears.If you have managed to select Safe Mode, you will see the text “Safe Mode” at the bottom left corner of the screen.

STEP 2: Uninstall the malicious app from your Android phone

The Police or FBI virus for Android installs itself under the name BaDoink (apparently the name of a well-known online porn service), so we will need to uninstall it from your smartphone.

To uninstall the malicious app from your Android device, go to the Settings menu, then click on Apps or Application manager (this may differ depending on your device).
This will bring up a list of installed apps, including the malicious app that is responsible for the Police or FBI lock screen.
At this moment the malicious app that is locking Android phones goes by the name of “BaDoink”, however cyber criminals will most likely change the name of the app in the future (other known names: Video Player, Network Driver System, Video Render and other names). Search in the list of apps for any unknown or suspicious apps. In our case the malicious app is “BaDoink“.


If the malicious app is “Adobe Flash Player“, then your Android phone is infected with the latest version ofScarePakage ransomware. This app will most likely will not allow you to uninstall it.
To remove it, some variants of ScarePakage (fake Adobe Flash Player app) will uninstall themselves if you enter a random, long-enough number to satisfy the MoneyPak (15-digits) demand. If this will not work, than you will have to follow reset your phone.

Touch the app you’d like to uninstall.This won’t start the app, but will open up the program’s App Info screen, then click on “Uninstall” button:


If you cannot uninstall the malicious because the Uninstallbutton is not available, we will need to follow these steps:

Go to Settings, then click onSecurity and select Device administrators.
Here, you can see the various apps checked forDevice Adminstrator access, just uncheck the app that you would like to uninstall and Deactivate it in the next screen.
Now you can go back and the Uninstall button should be now available.

A confirmation dialog should be displayed for the malicious app, click on “OK” to remove the malicious app from your Android phone.
You may now reboot your Android phone out of the “Safe Mode”.
Click to expand...
That should help
 
Just read that link and safe mode SHOULD work! Genius!
On an s3 with phone turned off I think you boot safe mode by holding in Power and volume down.
From there find the app and uninstall it (didn't read as far as the name of the app but it should be in that link) :thumbsupdroid:
 
nubianepiphany said:
It installed by itself...trust me...it's showing up as a browser icon on the phone, that I can see on the screen..but when I've gone in and looked at what files I can see...I can't find it.

Oddly, when I got to file Android and than applications..the entire folder is blank.
Click to expand...
I trust you [emoji4]
 
One thing that worries me is that I think the OP is rooted.. Could an app be smart enough to install itself as a system app on a rooted phone, making it immune to safe mode?
 
You must log in or register to reply here.
Back
Top Bottom