Help PLEASE HELP!!Hacked HTC one m9

jeremy mclain · Dec 12, 2015

I need to know if my phone is infected or not. I have been receiving weird messages (one saying a facebook acct has been created, issuing a conformation #, and an mms test function from sprint that i did not ask for. This MMS shows that it is 71kb, but under message details it shows it should be 70kb.) Also a jaded ex-fling has made cryptic remarks about it. I have factory reset my phone a few times, but the file for HTC Speak Data, with two sub files (common and en-US) still list Aug 25 2015 as its creation date, there are also other files that cant been seen untill you check show hidden files.

When i look at my storage on my settings, it beings to list what you would expect (Apps, Music, Photos and video, Downloads, System & Other, but quickly changes to only display Apps and System & Other, which it takes a solid 30 secs to go from "calculating..." to their showing their GB. Furthermore I have many apps running that i can't disable or uninstall, including multiple syncing, voice recording, pac processing and transferring apps.

My device is an HTC ONE M9, if anyone could help i would be sincerely appreciative. I readily admit that i am less than a noob in this arena, so i am throwing myself at the mercy of this forum for help. =

Some Apps in the all apps section, there are many more, so please reply if there are some i should look for .

RootPA 172kb

Sim ToolKit 2.17MB

Transfer 7.42 MB, and Transfer my stuff 19.20MB, Icloud transferer 12.31MB

Vpn dialogs 28kb, vDM client 5.06MB

TetheringGuard 2.77MB

Tags 2.28MB

Voice recorder 4.39MB, Voice dictation1.99 MB

A chinese looking font 20kb

user dictionary 88kb

Smith 760kb

Shell 724KB

Settings 22.75MB, Settings storage 865kb

Self service 180kb

reset notify 100kb

QXDM2SD 424kb

Proxy handler 36kb

PacProcessor, 44kb, package installer .91kb, Package access helper 60kb

OMADM Tool 3.17MB

MMS service 216kb

Key Chain 128 kb

Keepalive 112kb

input devices 16kb

HTML viewer 20kb

HTC loglevel 116kb

HTC DM 3.34 MB, HTC DM 6.21MB

frisbee contacts 1.02MB

External storage 80kb

device provisioner .94MB

com.android.sharedstoragebackup 32kb

CIR Module 208kb

Captive portal login 36 kb, captive protal login 2.15 MB

google one time init 808kb

sms back up agent 140kb

ajay pathak · Dec 12, 2015

Your phone is fully infected try formatting if it doesn't works ask customer service

AZgl1500 · Dec 12, 2015

IMO,

you need to do a Factory Reboot, or it is also referred to as a FDR, for Factory Data Reset.

That will format all of the pertinent partitions and the phone will need to be reactivated...
which will occur the nex time you power it up.
You will need to reinstall any apps that you want....

if you are new, it might be beyond your ability at the moment, but it would be nice to have Nova Prime Launcher installed.
then use that to do a Homescreen Backup to your Email account.

Then also, install Superbackup and have it do a save of everything that it can do and send that to your email account.

I do that regularly as Monthly maintenance.

I just recently acquired a new phone, a Note 4 and have been using a S5...

I also keep a backup of my apps on the extSDcard.... I moved that from the S5 to the Note 4.
Then I had SuperBackup do a Restore.... bingo! all of my apps were back.

then,
On the Note 4, I opened my Email app, set it up, and then used it to open my Email folders....
I clicked on Nova Backup and in less than 15 seconds, the entire phone looked exactly like my S5...

My new phone was ready to use in less than 30 minutes. I was pleased.

* Nova Launcher - Android Apps on Google Play

* Super Backup : SMS & Contacts - Android Apps on Google Play

jeremy mclain · Dec 13, 2015

AZgl1500 said:
IMO,

you need to do a Factory Reboot, or it is also referred to as a FDR, for Factory Data Reset.

That will format all of the pertinent partitions and the phone will need to be reactivated...
which will occur the nex time you power it up.
You will need to reinstall any apps that you want....

if you are new, it might be beyond your ability at the moment, but it would be nice to have Nova Prime Launcher installed.
then use that to do a Homescreen Backup to your Email account.

Then also, install Superbackup and have it do a save of everything that it can do and send that to your email account.

I do that regularly as Monthly maintenance.

I just recently acquired a new phone, a Note 4 and have been using a S5...

I also keep a backup of my apps on the extSDcard.... I moved that from the S5 to the Note 4.
Then I had SuperBackup do a Restore.... bingo! all of my apps were back.

then,
On the Note 4, I opened my Email app, set it up, and then used it to open my Email folders....
I clicked on Nova Backup and in less than 15 seconds, the entire phone looked exactly like my S5...

My new phone was ready to use in less than 30 minutes. I was pleased.

* Nova Launcher - Android Apps on Google Play

* Super Backup : SMS & Contacts - Android Apps on Google Play

Is that the same thing as a factory reset?

jeremy mclain · Dec 13, 2015

ajay pathak said:
Your phone is fully infected try formatting if it doesn't works ask customer service

Thank you, it was linked with some fraudulent charges to a family members account. I am meeting with a friend of the family tomorrow that works for the Army, he feels confident that charges can be brought against the perpetrators, how likley do you think it is that we will be able to identify the pieces of shit that did this?

Cloudy April · Feb 22, 2016

jeremy mclain said:
I need to know if my phone is infected or not. I have been receiving weird messages (one saying a facebook acct has been created, issuing a conformation #, and an mms test function from sprint that i did not ask for. This MMS shows that it is 71kb, but under message details it shows it should be 70kb.) Also a jaded ex-fling has made cryptic remarks about it. I have factory reset my phone a few times, but the file for HTC Speak Data, with two sub files (common and en-US) still list Aug 25 2015 as its creation date, there are also other files that cant been seen untill you check show hidden files.

When i look at my storage on my settings, it beings to list what you would expect (Apps, Music, Photos and video, Downloads, System & Other, but quickly changes to only display Apps and System & Other, which it takes a solid 30 secs to go from "calculating..." to their showing their GB. Furthermore I have many apps running that i can't disable or uninstall, including multiple syncing, voice recording, pac processing and transferring apps.

My device is an HTC ONE M9, if anyone could help i would be sincerely appreciative. I readily admit that i am less than a noob in this arena, so i am throwing myself at the mercy of this forum for help. =

Some Apps in the all apps section, there are many more, so please reply if there are some i should look for .

RootPA 172kb

Sim ToolKit 2.17MB

Transfer 7.42 MB, and Transfer my stuff 19.20MB, Icloud transferer 12.31MB

Vpn dialogs 28kb, vDM client 5.06MB

TetheringGuard 2.77MB

Tags 2.28MB

Voice recorder 4.39MB, Voice dictation1.99 MB

A chinese looking font 20kb

user dictionary 88kb

Smith 760kb

Shell 724KB

Settings 22.75MB, Settings storage 865kb

Self service 180kb

reset notify 100kb

QXDM2SD 424kb

Proxy handler 36kb

PacProcessor, 44kb, package installer .91kb, Package access helper 60kb

OMADM Tool 3.17MB

MMS service 216kb

Key Chain 128 kb

Keepalive 112kb

input devices 16kb

HTML viewer 20kb

HTC loglevel 116kb

HTC DM 3.34 MB, HTC DM 6.21MB

frisbee contacts 1.02MB

External storage 80kb

device provisioner .94MB

com.android.sharedstoragebackup 32kb

CIR Module 208kb

Captive portal login 36 kb, captive protal login 2.15 MB

google one time init 808kb

sms back up agent 140kb

****I have the exact same thing on my phone, same thing! What is it, or what was it? I've done factory reset, several times! just a few day's ago after the marshmallow update.. they're all still there.. what did you end up doing? Please help me too.. lol!

AkJourney · Apr 26, 2016

Cloudy April said:
****I have the exact same thing on my phone, same thing! What is it, or what was it? I've done factory reset, several times! just a few day's ago after the marshmallow update.. they're all still there.. what did you end up doing? Please help me too.. lol!

AkJourney · Apr 26, 2016

And after looking in to this hours...I have the same exact scenario. I googled for a long time, and found this thread. How can we determine the origin of this? I swear, I have an exact duplicate...going for the reload I guess, unless I can help research. I'd like to kick some Ass too!

AkJourney · Apr 26, 2016

Jerry and Cloudy April, I have the same exact files. You cannot get rid of them! I am less than an expert myself....I think what we have is a vpn surveillance program installed....

AkJourney · Apr 26, 2016

I have news...The novice found it after 2 days- this shit is scary- thought I was going on the other side there for a bit. I was hijacked all the way...disconnected wireless, took me a day to figure out that my phone was the secondary means- put it way outside, in my truck- then I actually got the real picture. I was right, it was surveillance....it does so much, fake pages, whew, it goes on and on...glad i waited before doing a factory reset, now I know.And now, for the link, and the rest of the story - [moderator redacted] I hope you do not have to go through what I did- this has changed me in many ways...I am about ready to totally disconnect. And now, I think I will have a couple of drinks, and pat myself on the back for figuring all this out.

lunatic59 · Apr 27, 2016

@AkJourney, thanks for offering to provide your experiences with this issue. I am a little confused, though as the link provided wasn't really an explanation and I couldn't put it together with the problem. Could you explain a little further what you found, if and how you resolved it and how the link you provided was relevant? I'll be happy to restore it once I know it's relevant and safe.

AkJourney · Apr 27, 2016

I shall attempt. The link I provided takes you to the description of the open source software. If you have the files the original poster listed- well, you got it. This setup allows complete control- voice, photos, video- remotely operated through a console. It produces fake pages...(yeah I know, I am sounding like a nut-) be assured, I am not. I called HTC- my cell phone has been altered-my IMEI # is not correct. They recommended an immediate reset. This setup uses messenger-youtube-and records everything, allows the installer to see and hear everything via the cell phone and wireless connection.. In my case the set up is even more expanded- it has been expanded to my smart TV's ( yeah they are android as well). Google api"s, look, I am not a computer genius, I will be the first to admit that fact- but I know when something is not right. I am willing to let an expert remote me- if you would like too, lunatic. Can you remote to an android cell? I would not wish this on anyone...that is my motivation. I am holding off till tomorrow, because my wife is out of town and is flying back in tonight. Tell you what, lunatic- I am going to pm my # to you. Call me if you wish. Thanks.

AkJourney · Apr 27, 2016

https://github.com/M66B/XPrivacy#xprivacy perhaps this will show

lunatic59 · Apr 27, 2016

No need to call. Your other link took me to a rather oddly formatted page and a link to a play store app that was either broken or deleted from play.

I get it now. Although, preventing the apps or services from communicating is only a workaround. You phone, while not spreading your personal information all over god-knows-where it's still just as compromised.

My best recommendation would be to flash a complete copy of the original firmware over the existing installation. It would be like reformatting your hard drive on a PC. Unfortunately you have to put the phone in a maintenance mode to do that (I forget what HTC calls theirs). They should be able to provide you with the directions and the firmware, and tools you'll need to do this. I also would recommend against doing the automatic restore in case whatever nastiness you've contracted has been backed up as well.

If you go over the the HTC Root sub forum, somebody there should be able to walk you through it. I have more experience with Samsung's.

AkJourney · Apr 27, 2016

The link I provided should take you to (being altered) to a complete set up process....i am being remotely controlled- if my cell is inside I cannot view it either. This is one nasty situation- if you google XPrivacy, what do you come up with? The link takes me to a complete and very detailed, with pictures, set up process, instructions...what are you showing for my IP? if you do a whois, who am I? Standing by

Spdfreak34 · Apr 27, 2016

Xprivacy is an xposed module...

Cloudy April · Sep 21, 2016

I gave up the htc, and went with s7 galxy... anyone have any issues with the s7? lunatic59..any info on protecting the s7 will be greatly appreciated! TY! ~Cloudy

lunatic59 · Sep 21, 2016

First, you have the latest Galaxy, so you'll have the latest Android version. That alone is more secure. And you will have more control over permissions (if Samsung didn't remove that) ... My wife won't let me touch her S7 Edge for more that a couple seconds

but she seems very happy with it and hasn't had any issues. Believe me, if she did, I'd be the first to hear about them and i'd hear about them every day until it was fixed. :rolleyes:

Then pay more attention to permissions on apps that you install, and don't install if something doesn't look right. Better to ask first then have to deal with the mess afterwards. I'd also check out the play store reviews. If there's anything suspicious going on, users will call them out on it. It might also give you some insights into how an S7 might behave with that app. Stay away from shady websites and only get apps from trusted sources.

If you are going to take chances with unknown apps, then you probably should look at some of the security apps and antivirus scanners. I can't tell you anything about those, though. I don't use them.

Cloudy April · Sep 24, 2016

Thank you very much! I have put on vpn netg uard.. and have cm securty to browse privatly.. i occssnly use msngr only bc fb brower kicks me out to use it.. so once i use it i uninstall it.. and reinstll if i need to use it again.. i do use whtsap p, due to having family in other countries.. other than that.. i only use the play store on the phon.. I so far, love my s7! the camera takes great pics, the video calling is such a plus! the batry last good and it still can heat up some. but i do use it a lot..

thanks again! cheerio!

AZgl1500 · Sep 25, 2016

CM Security to protect your browsing??
that is just about a misnomer.

CM is a Chinese company and they sell your HIPPA info to anyone.

get Ghostery instead, far safer.

GERTIEMARIE · Dec 2, 2017

https://sms-cir.droidinformer.org
This is just one link, but CIR is a company, like APK Pure, Google Play, Xposed...cir module is similar to the required apk which one must first install if they intend to instal N utilize an Xposed module... similar to apk pure

AkJourney said:
I shall attempt. The link I provided takes you to the description of the open source software. If you have the files the original poster listed- well, you got it. This setup allows complete control- voice, photos, video- remotely operated through a console. It produces fake pages...(yeah I know, I am sounding like a nut-) be assured, I am not. I called HTC- my cell phone has been altered-my IMEI # is not correct. They recommended an immediate reset. This setup uses messenger-youtube-and records everything, allows the installer to see and hear everything via the cell phone and wireless connection.. In my case the set up is even more expanded- it has been expanded to my smart TV's ( yeah they are android as well). Google api"s, look, I am not a computer genius, I will be the first to admit that fact- but I know when something is not right. I am willing to let an expert remote me- if you would like too, lunatic. Can you remote to an android cell? I would not wish this on anyone...that is my motivation. I am holding off till tomorrow, because my wife is out of town and is flying back in tonight. Tell you what, lunatic- I am going to pm my # to you. Call me if you wish. Thanks.

Mikestony · Dec 3, 2017

GERTIEMARIE said:
https://sms-cir.droidinformer.org
This is just one link, but CIR is a company, like APK Pure, Google Play, Xposed...cir module is similar to the required apk which one must first install if they intend to instal N utilize an Xposed module... similar to apk pure

Hello there!
Albeit a bit of an old thread, that link has no download option and it appears to have been removed from Google Play. Is that a legit site? i.e. no pirated apps? I briefly looked around and it seems most had redirects to Play.

Help PLEASE HELP!!Hacked HTC one m9

Lurker

Lurker

Extreme Android User

Lurker

Lurker

Lurker

Lurker

Lurker

Lurker

Lurker

Moderati ergo sum

Lurker

Lurker

Moderati ergo sum

Lurker

Android Enthusiast

Lurker

Moderati ergo sum

Lurker

Extreme Android User

Lurker

~30% Carbon Black ±