• After 15+ years, we've made a big change: Android Forums is now Early Bird Club. Learn more here.

Help Malware

M

muttleytm

Newbie
I have a Galaxy SIII (Version version) that has been setup with FreedomPop and is rooted.

Earlier today, I was on a local TV stations web site and I got a pop up message saying that I had one my choice of an iphone, ipad or other electronic device from some facebook page that included xyz in its name. I didn't do anything except to try to navigate away from that page and I then got a message saying that my Samsung Galaxy III was at risk and I should proceed to downlowd an update of the OS. The page with the update download is at:

global.mstrck06a.com/?uid=2500637158#

I didn't download it, but, the phone browser is sort of stuck there.

So I'm sure I either got directed to a malware site or something activated something already on my phone to do this.

I did install a couple apps last week. One was divvy an app to find divvy bike rentals and racks and the other was mobile yelp. I think that was all.

I do have Lookout on it and it should be running in the background. I use it to locate the phone, but, as I recall it also has antimalware features and I never got an alarm.

Any advice on how to proceed?
 
muttleytm said:
I have a Galaxy SIII (Version version) that has been setup with FreedomPop and is rooted.

Earlier today, I was on a local TV stations web site and I got a pop up message saying that I had one my choice of an iphone, ipad or other electronic device from some facebook page that included xyz in its name. I didn't do anything except to try to navigate away from that page and I then got a message saying that my Samsung Galaxy III was at risk and I should proceed to downlowd an update of the OS. The page with the update download is at:

global.mstrck06a.com/?uid=2500637158#

I didn't download it, but, the phone browser is sort of stuck there.

So I'm sure I either got directed to a malware site or something activated something already on my phone to do this.

I did install a couple apps last week. One was divvy an app to find divvy bike rentals and racks and the other was mobile yelp. I think that was all.

I do have Lookout on it and it should be running in the background. I use it to locate the phone, but, as I recall it also has antimalware features and I never got an alarm.

Any advice on how to proceed?
Click to expand...
Ny problem is that an ad saying that i have won a new iphone7 from global.mstrack06a.com. this Pops up each time i unlock my phone, even when not connected to internett!
 
Have you tried clearing your browser cache?

There are other questions I could ask, e.g. have you installed any new apps in the last couple of weeks, especially any not from the Play Store, but that's the first thing to try. If this is something that's been downloaded already it may not need a current internet connection.
 
Hadron said:
Have you tried clearing your browser cache?

There are other questions I could ask, e.g. have you installed any new apps in the last couple of weeks, especially any not from the Play Store, but that's the first thing to try. If this is something that's been downloaded already it may not need a current internet connection.
Click to expand...
I have tried to clear my browser cache with no luck. I know how it infected my device. i downloaded an apk file from a site i dont remember The name on. IT Was a file that should give me free Spotify premiun, but a few seconds later the ad poped up so i removed the Spotify ''hack'' quicly, but The ad is still popping up each time i unlock my phone...
 
So that sounds like the "hack" installed something else. If you can identify what else it installed then you can try to remove it. If not, there are two options: factory reset if whatever it is was not installed to /system, or reflash the ROM if it was.

Since the phone was rooted it will have been easier to install malware to /system, where it will survive a reset, but an old phone like the S3 was probably vulnerable even without root (basically if a "rooting app" will work on it then malware can use the same techniques to install stuff to /system). I'd personally be tempted to just do everything in one go: back up your apps/user data, reset the device, reflash the ROM, then be careful to only restore apps and data you are sure of (and maybe check you are clean before doing that). And be wary of sites that offer ways of getting paid stuff for free, they are one of the major malware sources. Which makes sense if you think about it: if they are happy to screw other people over, why assume they would not screw you too?
 
My phone is not rooted and have never Been, i dont know The name og The virus/adware/malware. I know that free paid apps sites Are very malicious, but some times IT actualy work, and i have Avast antivirus so i thought IT would not be a big risk. I dont understand your reply 100% because i am from norway, but i understand AS that a total freash-up would help. I dont actualy know how to do a backup. Does IT save all my apps and progress in them? Contacts? If so, i am hinna do that. Thank you for supporting me :)
 
Hadron said:
So that sounds like the "hack" installed something else. If you can identify what else it installed then you can try to remove it. If not, there are two options: factory reset if whatever it is was not installed to /system, or reflash the ROM if it was.

Since the phone was rooted it will have been easier to install malware to /system, where it will survive a reset, but an old phone like the S3 was probably vulnerable even without root (basically if a "rooting app" will work on it then malware can use the same techniques to install stuff to /system). I'd personally be tempted to just do everything in one go: back up your apps/user data, reset the device, reflash the ROM, then be careful to only restore apps and data you are sure of (and maybe check you are clean before doing that). And be wary of sites that offer ways of getting paid stuff for free, they are one of the major malware sources. Which makes sense if you think about it: if they are happy to screw other people over, why assume they would not screw you too?
Click to expand...
My phone has never Been rooted. I have never done a backup before and dont know how to do it. Do IT save my apps and their progress ? Contacts? If so, i would do IT. I tried malwarebytes to fund The malware, and IT did, but IT could not remove IT because The malware is a device administrator . I write another comment but i think i accsidently deleted IT... Note: i am Norwegian 13 years old som my english is not exelent. However thank you for supporting me :) (gotta sleep now)
 
Sorry, I backtracked too far up the thread and read a previous poster's post as yours (a risk when a very old thread is resurrected).

But if the only problem is that it's a device administrator that is simple: go to your security settings and you'll find a "device administrators" section. Just untick the box for that app and it is no longer a device administrator. Then you can just uninstall it. It would be perfect if that is all it needs to get rid of it :)
 
Hadron said:
Sorry, I backtracked too far up the thread and read a previous poster's post as yours (a risk when a very old thread is resurrected).

But if the only problem is that it's a device administrator that is simple: go to your security settings and you'll find a "device administrators" section. Just untick the box for that app and it is no longer a device administrator. Then you can just uninstall it. It would be perfect if that is all it needs to get rid of it :)[/QUOt
Click to expand...
Hadron said:
Sorry, I backtracked too far up the thread and read a previous poster's post as yours (a risk when a very old thread is resurrected).

But if the only problem is that it's a device administrator that is simple: go to your security settings and you'll find a "device administrators" section. Just untick the box for that app and it is no longer a device administrator. Then you can just uninstall it. It would be perfect if that is all it needs to get rid of it :)
Click to expand...
I tried that but The list over apps that Are device administrator, Shows ONLY my appstore apps/Android system apps and not this ad/malware. So i cant do enyting with IT cause IT is a device admin and i cant turn IT off. But i can do a fully factory reset.
 
This is old, but might be worth a try: https://play.google.com/store/apps/details?id=com.trendmicro.mtrt.hiddenDAcleaner&hl=en. It claims to be able to show "hidden" device administrators. I've also read that the McAfee mobile security app has a feature for finding hidden device administrators, so that is also worth trying (I'm not a fan of McAfee generally, but if it does work it will be less hassle than a backup and reset).

You could also try booting into "safe mode" (where all user-installed apps are disabled) and see whether you have any more luck then. This will involve booting while pressing some buttons, exactly which will depend on what phone you have.

Backups could be a pain. If you have been saving your contacts as Google contacts then they are synced with your GMail and safe. If not, you should "export" them from the contacts app (in the view where it lists all contacts bring up the app's menu and select import/export, which may be under "manage contacts"). App data can by synced with Google servers, but I never use that option so don't know how well it works (I am rooted, so have other backup options). There are backup apps that can back up a lot of app data (e.g. Helium, from the Play Store), and specialist SMS/MMS backup apps. If a reset becomes necessary then it's probably worth backing up everything you can and if that gives you 2 backups of some things that's fine.

The real worry would be if this thing has managed to install to /system, because then a reset won't remove it and you need to reflash the phone software. What phone do you have and what OS version?
 
Last edited:
Hadron said:
This is old, but might be worth a try: https://play.google.com/store/apps/details?id=com.trendmicro.mtrt.hiddenDAcleaner&hl=en. It claims to be able to show "hidden" device administrators. I've also read that the McAfee mobile security app has a feature for finding hidden device administrators, so that is also worth trying (I'm not a fan of McAfee generally, but if it does work it will be less hassle than a backup and reset).

You could also try booting into "safe mode" (where all user-installed apps are disabled) and see whether you have any more luck then. This will involve booting while pressing some buttons, exactly which will depend on what phone you have.

Backups could be a pain. If you have been saving your contacts as Google contacts then they are synced with your GMail and safe. If not, you should "export" them from the contacts app (in the view where it lists all contacts bring up the app's menu and select import/export, which may be under "manage contacts"). App data can by synced with Google servers, but I never use that option so don't know how well it works (I am rooted, so have other backup options). There are backup apps that can back up a lot of app data (e.g. Helium, from the Play Store), and specialist SMS/MMS backup apps. If a reset becomes necessary then it's probably worth backing up everything you can and if that gives you 2 backups of some things that's fine.

The real worry would be if this thing has managed to install to /system, because then a reset won't remove it and you need to reflash the phone software. What phone do you have and what OS version?
Click to expand...
I tried a app called "backup your phone" IT backup all settings, apps, contacts, Gmail, and so on. "Backup your phone" created a zip file to Dropbox. can i just install that after factory reset? IT does not show The malware with The "hidden device admin shower"
 
I don't know the app, but presumably anything it did back up could be restored if you install the app again after a reset, re-enter your Dropbox details, then run the app. I assume it has a restore function?

Personally I'd make sure that vital stuff was backed up separately - no harm in having 2 backups.

Do you know the name of this malware?
 
Hadron said:
I don't know the app, but presumably anything it did back up could be restored if you install the app again after a reset, re-enter your Dropbox details, then run the app. I assume it has a restore function?

Personally I'd make sure that vital stuff was backed up separately - no harm in having 2 backups.

Do you know the name of this malware?
Click to expand...
IT has a restore function, i dont know The name og that malware,but maybe i can do some reseach. I Will comment if i fond out The name.
 
You must log in or register to reply here.
Back
Top Bottom