• After 15+ years, we've made a big change: Android Forums is now Early Bird Club. Learn more here.

Viciously virulent virus caught through SD card in New York

gschadow

Lurker
My wife has had a Samsung Galaxy J7, and one fine day we were visiting New York City, where, to make more photos, we went into a pretty solid looking phone store and bought what seemed like a genuine SanDisk SD card. It was not some cheap crap from a sidewalk sales scam. Once she inserted that card, it gave problems, never worked well, some fraudulent fake. But worse yet, it infected her phone with a viciously virulent virus which we could never again get removed. Brought it to several technicians already, but they were unable to fix it. Factory reset, of course, several times, and every time the virus is there. I am almost certain that these technicians tried to flash the firmware also, yet the virus crap keeps coming back.

What could this be? I am flabbergasted. Is there really some corner of memory that is completely unreachable by factory reset and flashing the firmware? Could be that it somehow hooks itself into the thing that is used to lock the phone onto a specific provider, that too doesn't go away by flushing firmware. So, what is the approach to get rid of this virus, or is it that one must write off that phone as a total loss?

IMO this is a reason not to buy mainstream brands of phones. I bet with my Xiaomi phone this could never have happened. Right?
 
just curious as to how you know that it is infected by a virus? i doubt that it was because of the sd card.

i have had both htc and samsung, since the dawn of android, and never had any virus or anything.

what is exactly going on?
 
just curious as to how you know that it is infected by a virus? i doubt that it was because of the sd card.

i have had both htc and samsung, since the dawn of android, and never had any virus or anything.

what is exactly going on?

Thanks for the reply. I am quite sure that it is because of that SD card. I know because she never got a virus and on that day she did not have any Internet connection anyway, so no downloading of shady stuff was possible. The problem started right after this SD card was installed.

The symptoms were that photos were not stored right, that even without that SD card (which had of course long been removed) photos are damaged, either file read errors / blank or sometimes cut up half of one photo and half of another.

There are also weird ads appearing, like a Facebook ad that appears from the top status bar like a Christmas tree ornament ball. (She doesn't use the Facebook App). Really weird stuff. Also, the phone sucks battery power like it was constantly churning and sometimes becomes unresponsive.

Like I said, factory reset did not work. That has been tried several times.
 
14230710-cinismo-ilustrado-apple-650-a542d8629a-1494423893.jpg


I thought only iPhones can be infected :)
 
I think your wife's phone may be a malware victim. Malware infection is different from Virus infection but I'm not sure how to explain it...
I can believe that.

I am myself an gadget hacker, I proudly replaced a hacked firmware on my Motorola V600 clamshell phone, to put a different screen background on (just "a few" years ago). :D

I would like to understand what the issue is here, and perhaps get to the point where I might clean out that garbage and either sell the phone in a completely working clean condition or use it to play with modified Android versions. Such as Google spyware free Android setups. Something I don't easily get to do with my Xiaomi and other weird Chinese brands that I normally use.
 
Since a Factory Reset didn't fix your problem, it's likely that whatever exploit is on her J7 is something that installed itself into the Android operating system itself. There's a common misconception that a Factory Reset will wipe everything but that's only partially true. The internal storage media in her phone is divided into several partitions, most are dedicated solely to the operating system and one is the set aside as the user's data partition. That data partition is where all a user's data, saved files, app config/settings reside, and it's just that data partition that gets wiped clean during a Factory Reset. The operating system partitions are left as is, the OS does not get wiped away, it's just that data partition. The installed OS cannot wipe itself, nor can it magically reinstall itself even if it does get deleted by other means. This also means that after a Factory Reset, just as an example if her phone was originally running Marshmallow and later upgraded to Nougat, it will remain running Nougat after the Reset. Again, the Factory Reset does not affect the OS itself.
Most Android exploits will only be limited to that user partition, the system partitions have restricted privileges. Some exploits however, are more cleverly crafted and are able to compromise the OS. Once an exploit resides in one of the system partitions, a Factory Reset won't make any difference. In that case you need to replace the OS. There is no master install image for consumer phones where you can just manually install a clean Android OS onto her phone, it's a matter where you need to flash a stock, Samsung ROM.
Another thing to keep in mind is 'if' there is some exploit that's in the installed OS, even if you try using an anti-virus/anti-malware app the odds are it won't help. This goes back to that permission level/privileges issue -- installing one of those utilities will be done by the user and will have user-level privileges so for the most part while it will have full control over everything in that data partition, that utility will only have limited abilities to do anything involving direct access to any of the system partitions (it's essentially a user-level app without system-level privileges).

But getting back to flashing the ROM, be sure to back up everything that needs to be saved first. Flashing a Samsung device using the Odin utility won't wipe the data partition when done properly but just in case something goes wrong. Plus you should always have a backup solution implemented anyway. You might want to use Samsung's Smart Switch to do a full backup (and it will makes things less of a hassle if you do need to do a restore of the user data).
https://www.samsung.com/us/smart-switch/
Go here to download the appropriate ROM. Using the exact model I.D. (i.e. SM-J7xxxx) and her carrier:
https://updato.com/firmware-archive-select-model?q=galaxy+j7&exact=1&r=&v=&rpp=100
It's important to choose the matching ROM, don't substitute as ROMs are not interchangeable. Every model has a different, internal hardware configuration and its matching ROM has to have the appropriate drivers/firmware/software to work with that specific hardware.
There are detailed, step-by-step instructions on the flashing process here:
https://updato.com/how-to/how-to-install-an-official-samsung-stock-firmware-using-odin
If you don't have access to a Windows PC, there's an Open Source alternative to Odin called Heimdall, and available for Linux and OS X:
https://glassechidna.com.au/heimdall/
It's not an exact imitation to Odin but functionally very, very similar so while those links refer to the Odin utility, if you're flexible enough the exact naming and menus aren't that different.
 
@gschadow @svim explained that very well.
I did say most, not all. :)

There used to be a site that specialized in free Samsung stock ROMs exclusively but after they monetized I lost track.

I'm.very sure with tbe help you got here tou can fix her phone. I mean...
Dude! You hacked a flip-phone? You have skills.
 
Always check into your browser settings then site settings. There, look to see what sites was visited. Some has a tendency of connecting notifications to the device it was logged in from.
All you have to do is clear delete any site that you may feel that compromises your device because some will connect with your device.
 
Back
Top Bottom