How to remove keylogging and other spy software from Android devices?

[Android Question]

I have downloaded and ran the programme Rootkit Hunter on my Macbook Pro 10.8.3 and got the following results:


For "Checking LD_LIBRARY_PATH variable", it says in yellow "skipped".

For "Checking for hidden processes", it also says in yellow "skipped".

I also have red warning notices in relation to system configuration file checks and filesystem checks alerting me to the following:

"Checking if SSH protocol v1 in allowed The SSH configuration option 'Protocol' has not been set";

"Checking if syslog remote logging is allowed Syslog configuration file allows remote logging: install.* .0.1:32376"

"Checking /dev for suspicious file types Suspicious file types found in /dev: /dev/fd/6: MS Windows icon resource"

"Checking for hidden files and directories Hidden file found: /usr/share/man/man5/. rhosts.5: troff or preprocessor input text".

I am working on getting rid of this nasty stuff, but I also have a Galaxy Tab 10.1 and a Samsung S4 phone as well which I believe are also infected.

The individual who has been infecting me with malware via malicious email targeted an iPhone 4 which I owned (which I have now gotten rid of and replaced with a Samsung S4); and from there broke into my house Wifi network and quickly wormed their way into my Macbook and Galaxy Tab too (I know that for sure: the malicious individual has been taunting me with information stolen from the devices), and most likely my brand new Samsung S4 as well (although this has yet to be confirmed; I'd appreciate it if someone could tell me how I can check for sure) as well as the other devices in my house belonging to family members.

I have posted on other forums and been told to "nuke" the Macbook drive. However I do not know how to get rid of this stuff from my Android devices. Doing a restore to factory settings does not work.

Any advice on how to do this would be much appreciated. As would any advice on how to prevent reinfection, as it seems very easy for someone to use one machine to infect another on a network - mine is WAP2, protected with a strong password, and this posed no problem for an amateur hacker.

 

[Hadron]

I assume that rootkit hunter report is for your Macbook, since it doesn't correspond to an android filesystem.

I think we need more information, unfortunately. For example, why do you say that a factory reset does not solve the problem on an android device? That will remove anything that has not been installed as a system app, and you would need root access to install malware to system. I don't believe that anyone can root your device without physical access to it - it's not just a matter of cracking an existing account on the device, and generally requires usb access and putting the device into special modes. Hence a factory reset really should suffice.

The best I can suggest is that you register with AF so that you can post a description of the problem and symptoms in our main forum (I'd suggest the "Android Lounge" section). That way more people will see it, which useful for something specialised like this, and it will be easier to discuss, since at present you can read replies to this question but cannot respond in the same thread.

If you want to really make sure a device is clean, you can reflash it with a new set of stock software. This will overwrite the system as well as erasing user data and hence remove any possible spyware on the phone. I don't know Samsungs, so can't advise on precisely how to do this myself - I see tools called "kies" and "odin" discussed in this context.

But if someone has network access, are you sure that they necessarily have access to these devices, and are not just getting the information from network sharing? I've seen horror stories about some devices being set to share all sorts of stuff on wireless networks by default (e.g. intimate photos being shared on the office WiFi network because the phone's owner didn't realise the sharing settings existed, never mind were turned on by default - and that example was a Samsung device). So they may only need access to one device and still be able to access things that you thought were on a different one.

One thing I will say: WEP is old and weak encryption. Unless your network hardware is very old I would suggest moving to a more modern protocol if you have security concerns.

The other thing I would certainly do is report this to the police.