Help Very odd files on Galaxy Amp Prime

[Deleted User]

I have an app called "file viewer" by Sharpened Productions and you can view hidden files and everything else. I'm finding really weird things and have a history of being hacked so don't know if it's normal or being paranoid.

Basically the app shows files and folders in "downloads," "device storage," and "root" and root is where the weird stuff is. First of all, this phone shouldn't be "rooted" as I didn't jailbreak it-maybe it's a different context? I'll upload a couple photos but examples of folders I mean are sd card , which is full of my stuff though I don't have an sdcard, Mali, sys/, mnt/, hid/. Some of the dates are Dec. 1969.

Here is an example of a file called "posttecovery.do.":

# for vold (post recovery)

# only run command csc_factory
on exec-multi-csc-data
precondition -f mounted /data
precondition -f file /data/.layout_version
ls /data/
cp -y -f -r -v --with-fmode=0644 --with-dmode=0771 --with-owner=system.system /data/csc/common /
cp -y -f -r -v --with-fmode=0644 --with-dmode=0771 --with-owner=system.system /data/csc/<salse_code> /
rm -v -r -f --limited-file-size=0 --type=file --except-root-dir /data/app
rm -v -r -f /data/csc
precondition -f mounted /efs
mkdir -f radio system 0771 /efs/recovery
write -f /efs/recovery/postrecovery "exec-multi-csc-data:done\n"

# run condition wipe-data and csc_factory
on exec-install-preload

echo "-- Copying media files..."
precondition -f mounted /data
precondition -f file /data/.layout_version
ls /data/

mkdir media_rw media_rw 0770 /data/media
cp -y -r -v -f --with-fmode=0664 --with-dmode=0775 --with-owner=media_rw.media_rw /system/hidden/INTERNAL_SDCARD/ /data/media/0/
cmp -r /system/hidden/INTERNAL_SDCARD/ /data/media/0/

echo "-- preload checkin..."
mount -f /preload
precondition mounted /preload

cp -y -r -v -f --with-fmode=0664 --with-dmode=0775 --with-owner=media_rw.media_rw /preload/INTERNAL_SDCARD/ /data/media/0/
cmp -r /preload/INTERNAL_SDCARD/ /data/media/0/
unmount /preload

echo "-- Set Factory Reset done..."
precondition -f mounted /efs
# mount -f /efs
mkdir -f radio system 0771 /efs/recovery
write -f /efs/recovery/currentlyFactoryReset "done"
mkdir -f radio system 0771 /efs/recovery
write -f /efs/recovery/postrecovery "exec-install-preload:done\n"
ls /efs/imei/
# unmount /efs

on post-exec-install-preload
#for KOR

precondition -f mounted /data
mkdir system system 0775 /data/app
cp -y -f -v --with-fmode=0664 --with-owner=system.system /system/preload/*.ppk /data/app/*.apk
mkdir -f radio system 0771 /efs/recovery
write -f /efs/recovery/postrecovery "post-exec-install-preload:done\n"
ls /efs/imei/

p

Thanks and any help appreciated. I can't install any updates/security patches either
since 7/17 no matter what I do and I know I should be able to have the one that came out in Jan.

 

[El Presidente]

There is nothing shown in the pictures, nor anything you've described that I would consider anything to worry about.

"Root" is just the name given to the system directory where the OS is. You can't go any higher than that so there's nothing to worry about there.

December 1969/January 1970 is a date often used in Unix/Linux operating systems so again, that;s nothing to be concerned with either.

On a lot of devices/File Manager apps, SD Card card actually means user storage or the devices data partition.

If you think you've been hacked, any other reasons why?

 

[Dannydet]

El Presidente is correct, everything is as it should be. Now enjoy Cinco de Mayo!

 

[Deleted User]

Thanks for the replies gentlemen!

That's very comforting-I have an ex-boyfriend who unfortunately was a tech guy and he would hack into my emails and facebook etc. and when we broke up, do things like change my banking username and password but not take money. I also got an email from my own inbox w/ the subject line "lol nice try" shortly after I tried to forward them out. It said comforting things like "I know when you are home." These accounts all had two factor authentication, not via sms but an app, so at least a small amount of effort went into it-more than just a weak password or something. It also happened a couple years after this break-up, but I can't think of anyone else who would have the skills AND motive that appeared to be just to show "I'm in control."

I'm not particularly NOT technically savvy, but I am not savvy, things take me forever and it doesn't come naturally, so I spent so much time trying to learn how to protect myself during this time but never got very far. Kinda got analysis paralysis. Because of my lack of skills, I can't tell when something is odd or if I'm just being paranoid (unless I hear from you fine ppl!)

I am currently trying to learn how to use Linux mint on a usb device but it gives me almost no permissions. Most folders have a red line in the upper left corner and I'm not sure why. Any advice on what to do or what not to do if I have a history of having a motivated cyber stalker besides the usual don't reuse passwords and make them complex? I have fairly good habits but it gets overwhelming and apparently I can't even make a proper Linux stick!

Thanks!