Root is "exploit.androidos.gingerbreak.a" malware?

[wangchili]

Rooted phone no problem. My new anti-virus app Zoner Anti-Virus is saying that my SuperUser app contains "exploit.androidos.gingerbreak.a" which it marks as malware.

Is this correct? Or did it mistakened the rooting hack as malware?

Thanks for the help!

jw

 

[Rxpert83]

It is safe to ignore that. Rooting your phone uses a vulnerability in the software of the phone. Your antivirus is correctly saying that superuser is taking advantage of that security flaw. Superuser is not malware, your antivirus is just mistaking it for being malware

There should be a box to ignore that specific notification.

 

[9to5cynic]

It is safe to ignore that. Rooting your phone uses a vulnerability in the software of the phone. Your antivirus is correctly saying that superuser is taking advantage of that security flaw. Superuser is not malware, your antivirus is just mistaking it for being malware

There should be a box to ignore that specific notification.

Hmm... I don't know much about how the gingerbreak rooting process works, but I though for a true root (one that survives reload), once the phone was rooted, the security exploit was done. That the exploit code only ran/runs during the root process?
---
That being said, I'd say you are fine. What rom are you running OP?

 

[Rxpert83]

Yes, but from what understand the antivirus is detecting that SU has root access. The same thing happened to my fathers EVO directly after I had rooted it with the same files I had used for mine. He was using an antivirus program and on that one it specifically said that it detected SU had root access and listed some malware code.


If your scared your SU is somehow corrupted you can just uninstall it and reinstall from market. At least then you'll know the one you have is clean.

Maybe I explained that all poorly in the first post

 

[Rxpert83]

Actually, after doing some more research it seems like the latest superuser update is setting it off. Once again, probably a false positive, but that seems to be doing it. Installing the old superuser in the rooting for dummeis guide should solve this for you.

 

[9to5cynic]

Hm... to me that "exploit.androidos.gingerbreak.a" sounds like a piece of the root exploit code (gingerbreak). I'm not sure why that would be in the superuser app (unless gingerbreak creates the superuser app for stock roms..?)

Maybe that's it.

Also, I should have copied and pasted that in quotes up there. Typing it out.... noob mistake

 

[Rxpert83]

Could be, but I think its just the way that antivirus company has named that particular piece of "malware". They all name them by their own naming system.

 

[9to5cynic]

Ahhh... and I was thinking it was a portion of the SU app...

I know when you go through the AndroidDev guide (while *attempting* to learn Java) it has you name your apps in a method similar to myApplication.android.com or something similar.

I assumed that it was pulling the "exploit.androidos.gingerbreak.a" from the SU file...

So it's getting the "exploit.androidos.gingerbreak.a" from it's own database of vulnerabilites/exploits? It is just finding signatures that the gingerbreak has been done right?

 

[argedion]

Ahhh... and I was thinking it was a portion of the SU app...

I know when you go through the AndroidDev guide (while *attempting* to learn Java) it has you name your apps in a method similar to myApplication.android.com or something similar.

I assumed that it was pulling the "exploit.androidos.gingerbreak.a" from the SU file...

So it's getting the "exploit.androidos.gingerbreak.a" from it's own database of vulnerabilites/exploits? It is just finding signatures that the gingerbreak has been done right?

You are correct. Typically AntiVirus checks its database to see "what the malicious"code is. Most anti virus program are filled with false positives. Hense why most recomend quarintine