Page 1 of 2 12 LastLast
Results 1 to 25 of 28
Like Tree1Likes
  1. Thread Author  Thread Author    #1  

    Exclamation My first phone virus

    Today I just finished making a call to one of the people in my contacts, when I suddenly was presented with the screen in the attached image.



    I got my EVO 3D back in September and I've never set a lock code or anything like that. In fact, I usually use No Lock so I don't have to lock it.

    This lock screen persisted through a hard boot, even through a battery pull and reboot. Because of the sudden nature of its appearance, the bad grammar (10 attempt remains), and the explicit threat to delete my data, I have to assume that this lock screen is the product of a virus, or some other form of bad-behaving malware. The techies at the Sprint store had never seen this lock screen before, which lends credence to my belief. I find it near impossible to believe that a legitimate app would threaten to "delete my device data" simply because of incorrect password entries.

    I never thought I'd get bitten like this so of course I'd never installed Lookout, and of course I allowed app installation from sources other than the Android Market. I'm betting that an app I installed from some other source than the Market is the culprit.

    Needless to say I didn't attempt to enter any passwords...I wouldn't trust such a malicious lock screen to allow me 10 attempts. I just took it to my local Sprint store and they wiped it for me (they insisted there was no other way to get by the lock screen).

    Now I have to reinstall all of my apps, contacts, and messages...and this time I'll install Lookout or something similar, and limit my app installs to Market, Amazon, and GetJar.

    Has anyone else seen this malicious lock screen? Do you know what causes it? If it truly is caused by a "legitimate" app, please let me know so I can direct my b*tching productively.
    Attached Thumbnails Attached Thumbnails My first phone virus-10attemptremains.jpg  
    Thanked by:
    benny3 
  2. #2  

    Default Re: My first phone virus

    That is awful! I hope you find out what caused it and if nothing else, your post will remind us to be careful.
    Please thank me if I have helped!

    Member E3DOC since 6/23/2011 Lovin' my new NS4G as well!
  3. #3  
    Stelv's Avatar

    Posts
    271 Posts
    Global Posts
    278 Global Posts

    Default

    I don't think it is a virus because Android is based on linux. It may be malware. It would most likely be from something you download and/or accepted. Check permissions and reviews carefully. I would NOT use Getjar...only download apps from Android market, Amazon or a trusted developer. Malware prolly will not damage phone but its object is to steal data. Most likely wanted to steal a password...probably would have unlocked with anything you typed in and assumed it was a password it could on one of your accts.

    Sent from my DROID BIONIC using Tapatalk
  4. #4  

    Default Re: My first phone virus

    Quote Originally Posted by Stelv View Post
    probably would have unlocked with anything you typed in and assumed it was a password it could on one of your accts.
    This is a very good idea.


    Good Job to OP for not falling for it too!
    -Greg
  5. #5  
    cgardnervt's Avatar

    Posts
    2,671 Posts
    Global Posts
    2,048 Global Posts
    ROM
    None Yet...

    Default Re: My first phone virus

    That sucks! I hope you can figure out what it is. Wonder if its something that lives on your SD card or just the space on the phone. May have to hard reset to find out!
    HTC One (ATT GSM)
    Palm Pre- > HTC Evo 3D > HTC One X (White) > Samsung Galaxy S3 (White) > HTC One (Silver)
    If any of my posts help you don't forget to thank/like it!!
  6. #6  
    Stelv's Avatar

    Posts
    271 Posts
    Global Posts
    278 Global Posts

    Default

    Yea good idea. You may want to format sdcard too.

    Sent from my DROID BIONIC using Tapatalk
  7. Thread Author  Thread Author    #7  

    Default Re: My first phone virus

    I don't know which app the malware was, but the app I last installed from a source outside the Market was from here:



    Yep, Android Market 3.3.11. I don't know if that is the culprit, and it probably wasn't (I'm still going through my (poor) records), but the lock screen took over less than a week after I installed it.

    I'll keep checking...
  8. #8  

    Default Re: My first phone virus

    Quote Originally Posted by Thrillhouse617 View Post
    This is a very good idea.


    Good Job to OP for not falling for it too!
    i bet a ton of people fall for it too. great job OP and sorry that happened to you. any idea where it might have come from?
  9. #9  

    Default Re: My first phone virus

    Quote Originally Posted by Mustachio View Post
    Today I just finished making a call to one of the people in my contacts, when I suddenly was presented with the screen in the attached image.



    I got my EVO 3D back in September and I've never set a lock code or anything like that. In fact, I usually use No Lock so I don't have to lock it.

    This lock screen persisted through a hard boot, even through a battery pull and reboot. Because of the sudden nature of its appearance, the bad grammar (10 attempt remains), and the explicit threat to delete my data, I have to assume that this lock screen is the product of a virus, or some other form of bad-behaving malware. The techies at the Sprint store had never seen this lock screen before, which lends credence to my belief. I find it near impossible to believe that a legitimate app would threaten to "delete my device data" simply because of incorrect password entries.

    I never thought I'd get bitten like this so of course I'd never installed Lookout, and of course I allowed app installation from sources other than the Android Market. I'm betting that an app I installed from some other source than the Market is the culprit.

    Needless to say I didn't attempt to enter any passwords...I wouldn't trust such a malicious lock screen to allow me 10 attempts. I just took it to my local Sprint store and they wiped it for me (they insisted there was no other way to get by the lock screen).

    Now I have to reinstall all of my apps, contacts, and messages...and this time I'll install Lookout or something similar, and limit my app installs to Market, Amazon, and GetJar.

    Has anyone else seen this malicious lock screen? Do you know what causes it? If it truly is caused by a "legitimate" app, please let me know so I can direct my b*tching productively.
    now was this a remanufactured if so it could of been the other persons who had thought their phone was lost or stolen and reported it to sprint as that sprint probably didnt take the block off and if u get the passwords wrong so many times it automatically bricks the phone its a security issue sprint feels is a customer satisfaction if u cant use ur phone then they cant either i only say this bc my phone was stolen and i called it in and they said that if i lock it up they will need to know my password if they do it too many times my info would be locked in the phone never to be retrieved literally forever locking the phone and erasing sd card thats what i was told by sprint thats all i thought i let u know so u could find out if it was a remn u need to let them know so they can unlock the phone for u
  10. #10  
    gonk24's Avatar

    Posts
    39 Posts
    Global Posts
    161 Global Posts

    Default Re: My first phone virus

    Quote Originally Posted by Stelv View Post
    I don't think it is a virus because Android is based on linux. It may be malware. It would most likely be from something you download and/or accepted. Check permissions and reviews carefully. I would NOT use Getjar...only download apps from Android market, Amazon or a trusted developer. Malware prolly will not damage phone but its object is to steal data. Most likely wanted to steal a password...probably would have unlocked with anything you typed in and assumed it was a password it could on one of your accts.

    Sent from my DROID BIONIC using Tapatalk


    You wouldn't use Getjar based on what? From everything I've found, it's a legitimate app market and should be perfectly safe. When Cut The Rope was released for Android it was an exclusive to Getjar for the first week. That wouldn't happen if it wasn't trusted. Getjar has been around for a long time.

    From the Getjar site:

    About GetJar

    GetJar is the worlds largest free app store with more than 1.5 billion downloads to date. The company distributes more than 150,000 mobile applications across a variety of operating systems including Android, Blackberry, Java, Symbian and Mobile Web. In 2010, GetJar was named a Technology Pioneer Award Winner by the World Economic Forum and listed by TIME magazine as One of the 10 companies that will change your life. GetJar is headquartered in Silicon Valley with offices in the UK and Lithuania. For more information, please visit and follow us @GetJar.


    McAfee thinks it's fine:





    Here's a link to the Cut The Rope exclusive article on Endgadget:

    Thanked by:
  11. #11  
    Stelv's Avatar

    Posts
    271 Posts
    Global Posts
    278 Global Posts

    Default Re: My first phone virus

    Yes you are right. I guess I don't know much about GetJar. I was just saying that the Android Market or trusted developers are the safest route.

    Here is some more info on GetJar
  12. #12  
    cgardnervt's Avatar

    Posts
    2,671 Posts
    Global Posts
    2,048 Global Posts
    ROM
    None Yet...

    Default Re: My first phone virus

    I haven't installed any AV on my phone. I just download apps that I know. Then again I am looking into it to see if I really need it.

    Plus I think the virus came from the market apps. Google found a few apps that had the virus's in the app. So people did download them from a known source. So maybe I do need one lol. I dunno. I don't download a ton of apps but it only takes that ONE download sadly.
    Last edited by cgardner; 12-21-2011 at 11:03 AM. Reason: Adding to the post...
    HTC One (ATT GSM)
    Palm Pre- > HTC Evo 3D > HTC One X (White) > Samsung Galaxy S3 (White) > HTC One (Silver)
    If any of my posts help you don't forget to thank/like it!!
  13. Thread Author  Thread Author    #13  

    Default Re: My first phone virus

    Story recap:

    The malware took over my phone, and to fix it the Sprint tech had to reset it back to factory defaults, erasing all of my data. However, the reset did NOT touch my SD card. Everything there was intact, and I didn't make any changes to it. I then reinstalled all of my apps, both from Android Market and from Amazon Market. I did NOT reinstall any of the apps from GetJar.

    Story Update:

    Today the malware took over my phone again. SIGH. This time I decided to experiment with it.

    First I entered a password that was imaginary but well-formatted: Hold58# (used a Capital letter, a number, a punctuation mark, and had more than 6 characters total). The malware said the password was wrong.

    Next I entered garbage characters, whatever was beneath my fingers at the time. Again it said it was wrong. I quickly continued, and after the 5th time rejection it told me I was entering them to fast and that I should wait 30 seconds. It wouldn't let me enter more passwords.

    I pulled the battery, removed the SD card, waited, and then restarted it. When the desktop finally displayed the malware prompted for a password. After the 10th rejection malware cycled the power on the phone.

    When the desktop returned following the reboot, the malware prompted me again for a password. The message saying I had 10 attempts to left was still displayed.

    Again it rejected my (fake) password, and again it cycled the power. But this time when the phone came back, all of my data was gone and the phone entered the first-usage configuration screens.

    At least it saved me a trip to the Sprint store.

    NEXT STEP:

    This time I plan to format the SD card and reinstall only my Android Market apps.

    I bet the culprit is something I downloaded from there, but I'm just guessing. Or it might be something dormant on my SD card. Which might be more likely? I dunno.

    I'll keep you posted.
  14. #14  
    cgardnervt's Avatar

    Posts
    2,671 Posts
    Global Posts
    2,048 Global Posts
    ROM
    None Yet...

    Default Re: My first phone virus

    Quote Originally Posted by Mustachio View Post
    Story recap:

    The malware took over my phone, and to fix it the Sprint tech had to reset it back to factory defaults, erasing all of my data. However, the reset did NOT touch my SD card. Everything there was intact, and I didn't make any changes to it. I then reinstalled all of my apps, both from Android Market and from Amazon Market. I did NOT reinstall any of the apps from GetJar.

    Story Update:

    Today the malware took over my phone again. SIGH. This time I decided to experiment with it.

    First I entered a password that was imaginary but well-formatted: Hold58# (used a Capital letter, a number, a punctuation mark, and had more than 6 characters total). The malware said the password was wrong.

    Next I entered garbage characters, whatever was beneath my fingers at the time. Again it said it was wrong. I quickly continued, and after the 5th time rejection it told me I was entering them to fast and that I should wait 30 seconds. It wouldn't let me enter more passwords.

    I pulled the battery, removed the SD card, waited, and then restarted it. When the desktop finally displayed the malware prompted for a password. After the 10th rejection malware cycled the power on the phone.

    When the desktop returned following the reboot, the malware prompted me again for a password. The message saying I had 10 attempts to left was still displayed.

    Again it rejected my (fake) password, and again it cycled the power. But this time when the phone came back, all of my data was gone and the phone entered the first-usage configuration screens.

    At least it saved me a trip to the Sprint store.

    NEXT STEP:

    This time I plan to format the SD card and reinstall only my Android Market apps.

    I bet the culprit is something I downloaded from there, but I'm just guessing. Or it might be something dormant on my SD card. Which might be more likely? I dunno.

    I'll keep you posted.
    Thank for the update! Sorry it deleted all of your stuff. I know I would be pissed. Oh well maybe its best to just start over fresh. I hope it will fix your issue.

    Are you gonna format VIA your PC or let the phone do it?

    Good luck with the virus!
    HTC One (ATT GSM)
    Palm Pre- > HTC Evo 3D > HTC One X (White) > Samsung Galaxy S3 (White) > HTC One (Silver)
    If any of my posts help you don't forget to thank/like it!!
  15. #15  
    scrosler's Avatar
    ROM Developer

    Posts
    1,574 Posts
    ROM
    Many

    Default Re: My first phone virus

    Have you ever tried booting into safe mode?


    Donations are accepted but not expected!
  16. Thread Author  Thread Author    #16  

    Default Re: My first phone virus

    Another quick update. I forgot to mention earlier that I had installed Lookout after the factory reset, and even that didn't help because Lookout didn't stop the malware from taking over the second time.

    Here's the weird thing: as I mentioned before I removed the SD card (so I could format it on my PC) and rebooted the phone without it. After the malware wiped my data, I rebooted into the HBOOT menu (had to turn off Fastboot before it would recognize the Down Volume+Power button combo) and there I performed a manual factory reset. (I didn't trust the malware's reset.)

    When the phone booted back up and went through the new user configuration, I entered my Market ID and started resyncing the apps recorded in my Android Market app library. About a half hour later the malware TOOK OVER AGAIN! With no SD card in the phone, even!

    I'm convinced that either this is some Sprint or HTC security app, or one of the apps in my Android Market library is a malware app.

    Now I have to weed through the library...sigh. lots of apps there and not much way to determine which is the culprit.

    BBL folks.
  17. Thread Author  Thread Author    #17  

    Default Re: My first phone virus

    Quote Originally Posted by scrosler View Post
    Have you ever tried booting into safe mode?
    Is there a safe mode on the HTC EVO 3G? Can I get into it on a non-rooted phone? How? Bad thing is, the malware doesn't let me access the HBOOT menu (VolDown+Power doesn't work), so if a safe menu is there, I can't get to it.
  18. #18  

    Default Re: My first phone virus

    I installed tje barcode scanner just called "Barcode Scanner" from the Android market, and right after that, my Google account was accessed from Thailand.
  19. #19  

    Default Re: My first phone virus

    Oh, and safe mode is vol up+power. You shouldn't have to be rooted to do it. You can't access non-factory apps in safe mode, tho, I don't think.
  20. Thread Author  Thread Author    #20  

    Default Re: My first phone virus

    Oh...well "safe mode" is what I've always thought of as the HBOOT menu. That menu/mode doesn't support running any apps (that I know of). If there's a way to use it to get rid of the malware app I don't know about it.
    Isnotfunny likes this.
  21. Thread Author  Thread Author    #21  

    Default Re: My first phone virus

    I went to the Sprint store and they couldn't tell me whether the malware was from HTC or Sprint, but they did show me the following:



    This is the default unlock screen that you get if you specify a password when you go into Settings > Security > Set Up Screen Lock > Password. You will notice that it is identical to the malware unlock screen except that the latter has the grammatically-challenged threat message below the entry field. IMO the hackers purposely want you to think this is the HTC/Sprint password unlock screen.

    Once the malware took over neither the Sprint rep nor I could access the HBOOT menu. Dunno how the Sprint tech did it the first time. But regardless both the second time and this time we simply entered 10 garbage passwords and let the malware reset the phone on its own. Then I could access HBOOT and make sure the phone was reset properly (by doing it myself).

    Since I'm convinced the malware is one of the apps in my Android Market apps list (the horror!) I'm sure that the malware will return the next time I sync the apps back onto the phone. So I told the Sprint rep to take the EVO 3D off my account, replacing it with my old EVO 4G. I've reset the password to my Android account so the EVO 4G cannot access Android Market, which will prevent the malware from getting onto it.

    I plan to use the EVO 3D to install the Market apps one-by-one, and when until the malware comes back I'll let you know which it was.

    Funny that Google set up the Market to be the only source of apps to prevent something just like this from happening. So much for trusting Google.

    Anyone know a phone number/email address at Google and/or the Market where I can report this?
    Last edited by Mustachio; 01-04-2012 at 05:45 PM.
  22. #22  

    Default

    That looks like a virus to me, but I haven't had that happen to me. I have antivirus software installed on my phone, which has caught viruses on my phone before they could cause problems. Its sad that we have to worry about computer viruses on our phones. I still remember reading about the very first computer virus used to attack Android phones. The first virus wasn't a major threat, but it left me wondering who would write such a virus. Was it Apple, or maybe one of the antivirus companies? Whoever wrote is a piece of trash though. Hopefully you don't encounter anymore AndroidOS computer virues.



    Posted Using My Sprint HTC EVO3D Using Tapatalk -
  23. Thread Author  Thread Author    #23  

    Default Re: My first phone virus

    OK, I finally have this resolved. It turns out the "rogue" app is Good For Enterprise, an app I installed from the Android Market so I could read my work emails on my phone. I had been using the app for years with no problems. I think there must have been some kind of change in my employer's security policies last month, because Good now requires that the entire phone be locked after a certain period of inactivity. And yes, not only does my employer require this, but they also require that the phone be wiped after 10 incorrect password entries. They'd rather wipe the data than let it get into the hands of hackers. But then this is MY phone, not theirs. SIGH.

    It looks like everything is working as designed, basically, with complications being my not being notified by my employer of this policy change, along with there being no identifying logo or other information on the lock screen telling which app was requiring the lock. The grammar error only made the problem more difficult to diagnose.

    So I think the responsible party in this case is my employer, not Good. I believe Good only does what their clients (my employer) require of them, similar to how HTC's phones can be limited--or not--in accordance with Sprint's requirements. I say this to reassure other users or prospective users of Good that they won't necessarily encounter this lock screen problem simply because they decide to use Good. You can't use Good unless your employer also uses it, and authorizes you to use it, after all.

    So in summary: this entire thread is basically a false alarm, created by a lack of communication.

    Android still doesn't have any virii of which I'm aware.

    As for me, I'm going to keep Good for the time being. It had been set to lock the screen immediately upon the screen going dark, but I was able to set it to not lock until 15 minutes of inactivity has elapsed. This is still annoying, since I don't want my phone locked, but I'll put up with it until I get fed up with entering the password (which I now know).
    Thanked by 3:
  24. #24  

    Default Re: My first phone virus

    Glad to hear you figured it out. What a nightmare!!
  25. #25  

    Default Re: My first phone virus

    Makes sense!

    I did not setup work exchange on my personal phone intentionally. Thats why I have a work phone and thats why I don't check it all the time. I am *not* giving my employer the right to wipe my phone if they feel fit!
    -Greg
Page 1 of 2 12 LastLast

Tags for this Thread

Posting Permissions

B