• After 15+ years, we've made a big change: Android Forums is now Early Bird Club. Learn more here.

Help malware/spyware built into phone - help

svim said:
Those two Pandora's Box items appear to be integrated into the operating system itself. As you already determined, using NetGuard when selecting just one that would result in a string of other system processes also being blocked. So removing PB could affect that same grouping of processes, possibly bricking your phone or maybe just making it run in quirky ways. But again, this will be trial and error on your part. As there is a source to get a factory ROM to reflash your phone, at least you've got a tentative exit strategy to fall back on.
From my perspective, after following the saga you've posted, at this point I'd just let Titanium Backup freeze that PB crap and move on. (But if you do want to keep going, don't let that stop you in any way.)
Click to expand...
Lol who ever would have thought it be so complicated. It's so weird that netguard it linksedd to other process stopping too but freezing them doesn't harm anything else.
Best bet probably us just to have them frozen and move on.
Can I be sure that if they are frozen they definitely won't be collecting any data etc of course security is my priority so as long the phone is safe enough to use without things being stolen etc then that's good enough I suppose. It's just that niggling feeling of them being present at all poses a risk?
 
little_green said:
Lol who ever would have thought it be so complicated. It's so weird that netguard it linksedd to other process stopping too but freezing them doesn't harm anything else.
Best bet probably us just to have them frozen and move on.
Can I be sure that if they are frozen they definitely won't be collecting any data etc of course security is my priority so as long the phone is safe enough to use without things being stolen etc then that's good enough I suppose. It's just that niggling feeling of them being present at all poses a risk?
Click to expand...
If they're frozen I would assume you to be safe. But with all that's involved, the only safest way is to just get a phone from a different and trusted manufacturer.
 
chanchan05 said:
If they're frozen I would assume you to be safe. But with all that's involved, the only safest way is to just get a phone from a different and trusted manufacturer.
Click to expand...
Haha true but I've actually owned an infocus before and didn't have any issue.... Also not the only person to own this phone and no one else seems to have reported issues.
As I said could have been added by the 3rd party seller
 
Soneone over at xda with the same phone Haas confirmed they have pb aannd pbs on it also. They seem to think it was added by 3rd party seller.... Trying to figure out if we got from the same seller
...
If I were to flash thee stock rom using the method I linked to a few pages back that doesn't seem to require rooting can I still do it that way even though I'm now rooted

Also how Wouod I get kingroot and titaniumbackup pro back as I'm guessing they would be wiped during the reflash process?
 
Last edited:
little_green said:
Soneone over at xda with the same phone Haas confirmed they have pb aannd pbs on it also. They seem to think it was added by 3rd party seller.... Trying to figure out if we got from the same seller
...
If I were to flash thee stock rom using the method I linked to a few pages back that doesn't seem to require rooting can I still do it that way even though I'm now rooted

Also how Wouod I get kingroot and titaniumbackup pro back as I'm guessing they would be wiped during the reflash process?
Click to expand...

If you are 100% sure that the firmware is for the correct device, flash it to full stock and see if the supposed "malware" is there. Having never dealt with this brand I cannot tell you how to go about it, but it's not for the inexperienced nor faint of heart. You will definitely need a computer with necessary drivers, programs, etc. You have a LOT of research and reading ahead of you.

Should you succeed, you will need to reroot the phone if it's stock firmware. You already did this once so that shouldn't be difficult.

As far as getting back your paid apps, that is the easy part. Just login to the account you used to purchase them and install them. Once paid for they are yours, just tied to the account for licensing.
 
Last edited:
I must add that for a 3rd party to install such malware (if it actually is), then they would have had to root it in order to gain access to the system, install it, and THEN unroot to hide the deed. Although possible, it seems to be a lot of work to me.

In other words, if the sole purpose is to track you or steal your information they would be practically giving them away.

Look no further than Windows 10 for such an example. "If in doubt, throw it out" is my motto. Always balance risk vs reward. But that's just me...
 
Last edited:
Father Guido said:
I must add that for a 3rd party to install such malware (if it actually is), then they would have had to root it in order to gain access to the system, install it, and THEN unroot to hide the deed. Although possible, it seems to be a lot of work to me..
Click to expand...

You should re-read this long thread from the beginning, there are two issues , a Pandora's Box app and a Pandora's Box background process, that are very persistent. Neither can be uninstalled nor disabled as a general user, nor blocked by a non-root firewall app (NetGuard) without taking our several linked system processes. After rooting, Titanium Backup Pro could only freeze those two problems but after a reboot they reloaded themselves and were active again. If those aren't root-installed, system apps then what else can it be?
 
Another thing to consider. Install a real ip tables based firewall such as AFWall+ to disallow access. The system can't override the ip tables unless it overwrites them somehow. Enable logging within the firewall app. You can then review the log and see what (who?) it is trying to connect to.
 
Father Guido said:
I must add that for a 3rd party to install such malware (if it actually is), then they would have had to root it in order to gain access to the system, install it, and THEN unroot to hide the deed. Although possible, it seems to be a lot of work to me.

In other words, if the sole purpose is to track you or steal your information they would be practically giving them away.

Look no further than Windows 10 for such an example. "If in doubt, throw it out" is my motto. Always balance risk vs reward. But that's just me...
Click to expand...

what other purpose do they have for doing such things? I assumed it was usually to steal sensitive data.
balance v risk, i guess giving up and leaving it would be safest but still a waste of money and means I have to continue using my less appealing device in terms of design and performance.


Father Guido said:
Another thing to consider. Install a real ip tables based firewall such as AFWall+ to disallow access. The system can't override the ip tables unless it overwrites them somehow. Enable logging within the firewall app. You can then review the log and see what (who?) it is trying to connect to.
Click to expand...
thanks i will try this and see how it goes.

4 people on xda now confirming pb is part of the stock rom. 2 claiming its not nesc malware other 2 are like myself - concerned owners of the device
will try searching for a custom rom then....
 
little_green said:
what other purpose do they have for doing such things? I assumed it was usually to steal sensitive data.
balance v risk, i guess giving up and leaving it would be safest but still a waste of money and means I have to continue using my less appealing device in terms of design and performance.



thanks i will try this and see how it goes.

4 people on xda now confirming pb is part of the stock rom. 2 claiming its not nesc malware other 2 are like myself - concerned owners of the device
will try searching for a custom rom then....
Click to expand...

That's what I would do, but you'll need a custom recovery to install a custom ROM. Is one available for your device?
 
lots of info on this here:
http://4pda.ru/forum/index.php?showtopic=729645
clicked on the "safe to remove painless" and it shows a list. apparently pb & pbs are.
relying on google translate, but if anyone can have a quick brose as i'm sure there are terms in there that make more sense to you than me lol

edit if u click translate you wont see the list of apps that are apparently safe to get rid of. the user that posted the list has a nirvana avatar - hope that helps u find the post.
i'm just trying to read through more to see HOW they uninstalled them
and anything about a custom rom.
ovbs if its safe to just go ahead and uninstall them using titanium backup that would be better
 
Last edited:
further updates, somone over at xda said:
"I talked to a person, who has the phone in Vietnam with the original Chinese M560 firmware, which has NO Google Play Store installed.
He does not have Pandora Box Service. So it must be preinstalled just in the European M808 firmwares."

some stuff here about the various firmware options
 
Father Guido said:
Another thing to consider. Install a real ip tables based firewall such as AFWall+ to disallow access. The system can't override the ip tables unless it overwrites them somehow. Enable logging within the firewall app. You can then review the log and see what (who?) it is trying to connect to.
Click to expand...
downloaded this app, it doesnt make much sense to me.
it says
mode: white list (allow selected) then lists some of my apps. pb & pbs are NOT listed.
under preferences - log - i've ticked "enable firewall logs"
but what I dont understand is the list page, where is says "allow selected" none of them are ticked on wifi or data does this mean they now don't have web access & i'd need to tick to enable them to access the web?
and I dont understand why PB & PBS arent showing, it cant be bc they are frozen coz location em2 is frozen & it shows on the list
 
been discussin gthis phone with people over at xda quite a bit and when i explain the whole process a lot of them are commenting says I shouldnt have used kingroot as it steals information :/
is this true?
i assumed it would be safe since it was recommended as a way to enable me to block a service which seemed to be stealing info.
if its true how do I go about getting rid of it from the device?
 
Kingroot may not be the ideal root solution but for a lot of phone models it's one of the few options that work. What root process did they say will work better for your InFocus?
As for replacing it there are several sites explaining how to switch from Kingroot to SuperSU but it does require researching on your part to separate the '...this should work' postings from the valid ones. Or if you just want to block whatever info-leaking process Kingroot is running the background from any online access, you already have NetGuard on your phone.
 
How do I find out what leaking info processes are being run?
I can try blocking with netguard though I'm sure someone mentioned that blocking kingroot web blocks other things too but I can see for myself.
They didn't say what I should have used but say the would only use king root to root then flash an entire new clean rom.

I've heard of kingroot before hence thought it was pretty trusty :$
 
You must log in or register to reply here.
Back
Top Bottom