• After 15+ years, we've made a big change: Android Forums is now Early Bird Club. Learn more here.

Help Unknown ?Security? Warning

Irn

Irn

Lurker
Phone: Galaxy S4 Sprint.

Issue: For the past couple of days, I keep receiving a message (text and image) warning me about some program/website/etc that may be compromising my security/identity. However, it doesn't identify what application it is targeting. Nor is there anything I see which tells me what program it is. I can never see the full message as it is too large for my screen. Even when I move around, I still can't decipher full sentences.

I uploaded a screenshot of the part of the image.
 

Attachments

  • Screenshot_2015-03-19-14-30-27.png
    Screenshot_2015-03-19-14-30-27.png
    208.2 KB · Views: 95
More than likely it's a ruse to get you install more malware.

Check out "Addons Detector"

https://play.google.com/store/apps/details?id=com.denper.addonsdetector

Another member with a similar problem found that helped him catch the culprit.

Press Scan, then after it's done, Add On to see if it finds anything. I've tested it myself.

Say how it works out for you, if it's not that there are other things to check.
 
Thank you for your suggestion.

I installed "Addons Detector" and ran the scan. If I interpret the results properly, I don't notice anything suspicious. Please tell me if I am missing anything. I have attached the results file, scanresult_2015-03-20_11.01.29.pdf

Additional Notes:
1. Occurrence: Intermittent- 5x times a day.
2. Links: There doesn't seem to be any links by pressing anywhere on the notice.

Other suggestions?
 

Attachments

If you can't see the whole notice then there's no telling if there are links there or not.

Go to your storage to the Android/data folder and look for anything browser related, like Chrome.

Delete those folders.

If it's a browser hijack, it'll be hiding in there where scans won't detect it.

If unsure about deleting folders, go to your App manager, All, and delete data and cache for each browser you have installed.

If that fails, then you need to try a factory data reset to nuke whatever is in there.

You can save a lot with either Kies or Helium Backup from the Play Store before the reset.

Don't apply the backup restore right away, give it a day to ensure that the problem is really gone.
 
Irn said:
Thank you for your suggestion.

I installed "Addons Detector" and ran the scan. If I interpret the results properly, I don't notice anything suspicious. Please tell me if I am missing anything. I have attached the results file, scanresult_2015-03-20_11.01.29.pdf

Additional Notes:
1. Occurrence: Intermittent- 5x times a day.
2. Links: There doesn't seem to be any links by pressing anywhere on the notice.

Other suggestions?
Click to expand...
What appears to me is that your phone is launching a borderless browser window (there is a word for it but I can't remember it now-- container or something) directed to a URL that is blocked by your network or maybe firewall as a phishing scam. The malware App that is launching the browser window is trying to show you the ad but something won't let it load (this is good). That would be why you can't see the whole page, because it is not expected to be viewed this way, it is designed to view in a desktop browser or at least a normal android browser. (Sort of like if you are using AdBlocking or something and you sometimes see section of webpages with red exclamation points and warnings and such).

You still have the problem of why the borderless browser window is launching (possibly an app you installed or got tricked into installing on your phone), but I think this explains the behavior.

Edit: Actually it is not a good thing that this message is appearing instead of an ad. http://forums.whatthetech.com/index.php?showtopic=92925
Suggests that the page you are seeing is associated with a malware (apparently poorly programmed because it won't even display properly to trick you into clicking through)
 
Last edited:
Thought I would let everyone know that I did a Factory Reset and a complete reinstall of everything (No restore from backup). It is the long way to do it, hopefully I won't have to do it again.

Thanks to everyone for your input.
 
You must log in or register to reply here.
Back
Top Bottom