How to remove keyloggers and other malicious spyware from an Android device?

[Daniel223]

I have downloaded and ran the programme Rootkit Hunter on my Macbook Pro 10.8.3 and got the following results:


For "Checking LD_LIBRARY_PATH variable", it says in yellow "skipped".

For "Checking for hidden processes", it also says in yellow "skipped".

I also have red warning notices in relation to system configuration file checks and filesystem checks alerting me to the following:

"Checking if SSH protocol v1 in allowed The SSH configuration option 'Protocol' has not been set";

"Checking if syslog remote logging is allowed Syslog configuration file allows remote logging: install.* .0.1:32376"

"Checking /dev for suspicious file types Suspicious file types found in /dev: /dev/fd/6: MS Windows icon resource"

"Checking for hidden files and directories Hidden file found: /usr/share/man/man5/. rhosts.5: troff or preprocessor input text".


I am working on getting rid of this nasty stuff, but I also have a Galaxy Tab 10.1 and a Samsung S4 phone as well which I believe are also infected.

The individual who has been infecting me with malware via malicious email targeted an iPhone 4 which I owned (which I have now gotten rid of and replaced with a Samsung S4); and from there broke into my house Wifi network and quickly wormed their way into my Macbook and Galaxy Tab too (I know this for sure: the individual has been taunting me with information stolen from the devices), and most likely my brand new Samsung S4 too now (although this has yet to be confirmed; I'd appreciate it if someone could tell me how I can do check for sure) as well as the other devices in my house belonging to family members.

I have posted on other forums and been told to "nuke" the Macbook drive. However I do not know how to get rid of this stuff from my Android devices. Doing a restore to factory settings does not work.

Any advice on how to do this would be much appreciated. As would any advice on how to prevent reinfection, as it seems very easy for someone to use one machine to infect another on a network - mine is WAP2, protected with a strong password, and this posed no problem for an amateur hacker.

 

[Golfdriver97]

I have downloaded and ran the programme Rootkit Hunter on my Macbook Pro 10.8.3 and got the following results:


For "Checking LD_LIBRARY_PATH variable", it says in yellow "skipped".

For "Checking for hidden processes", it also says in yellow "skipped".

I also have red warning notices in relation to system configuration file checks and filesystem checks alerting me to the following:

"Checking if SSH protocol v1 in allowed The SSH configuration option 'Protocol' has not been set";

"Checking if syslog remote logging is allowed Syslog configuration file allows remote logging: install.* .0.1:32376"

"Checking /dev for suspicious file types Suspicious file types found in /dev: /dev/fd/6: MS Windows icon resource"

"Checking for hidden files and directories Hidden file found: /usr/share/man/man5/. rhosts.5: troff or preprocessor input text".


I am working on getting rid of this nasty stuff, but I also have a Galaxy Tab 10.1 and a Samsung S4 phone as well which I believe are also infected.

The individual who has been infecting me with malware via malicious email targeted an iPhone 4 which I owned (which I have now gotten rid of and replaced with a Samsung S4); and from there broke into my house Wifi network and quickly wormed their way into my Macbook and Galaxy Tab too (I know this for sure: the individual has been taunting me with information stolen from the devices), and most likely my brand new Samsung S4 too now (although this has yet to be confirmed; I'd appreciate it if someone could tell me how I can do check for sure) as well as the other devices in my house belonging to family members.

I have posted on other forums and been told to "nuke" the Macbook drive. However I do not know how to get rid of this stuff from my Android devices. Doing a restore to factory settings does not work.

Any advice on how to do this would be much appreciated. As would any advice on how to prevent reinfection, as it seems very easy for someone to use one machine to infect another on a network - mine is WAP2, protected with a strong password, and this posed no problem for an amateur hacker.

First off, you can change your password on your router. Can you give an example of the password that is similar? How many characters is it? Second, you can download AVG from Play and that should get rid of most malware from your device.
You can also encrypt your S4. That should also keep people out.

 

[Daniel223]

The password is 10 characters - the first 3 are letters, the other 7 numbers.

The individual infecting me is hundreds of miles away, so I assume she can't get on the network without getting onto some device near it first - she was able to break into my (when I say 'my' I mean my parents' house, and I am reluctant to cause them any distress by involving them in this headache, which would happen if I were to start tampering with the router) Wifi network via my iPhone 4 (I never used my house Wifi on it but she was able to remotely switch Wifi on on the iPhone and then get onto the network and my other devices that way) which I have very recently replaced with a new Samsung S4.

 

[Daniel223]

I had AVG Antivirus Security before restoring to factory settings and it did not pick up anything.

 

[Daniel223]

I downloaded AGV Antivirus for Tablets again and ran both the Deep File Scan and the File Scanner and both gave the all clear.

I am 100% certain that the machine is infected however. The person can even close my browser pages and redirect me to different pages, on top of seeing all activity on the machine, which she lets me know about indirectly by posting just enough information in profiles in chatrooms and dating sites so that I will know.

 

[Golfdriver97]

The password is 10 characters - the first 3 are letters, the other 7 numbers.

The individual infecting me is hundreds of miles away, so I assume she can't get on the network without getting onto some device near it first - she was able to break into my (when I say 'my' I mean my parents' house, and I am reluctant to cause them any distress by involving them in this headache, which would happen if I were to start tampering with the router) Wifi network via my iPhone 4 (I never used my house Wifi on it but she was able to remotely switch Wifi on on the iPhone and then get onto the network and my other devices that way) which I have very recently replaced with a new Samsung S4.

10 characters isn't that strong. My password is 26. Including symbols like ( ~ and [
As for getting rid of the spyware...I am not sure. Changing the router password and encryption type should help.

Sent from a SlimROM S3.

 

[Daniel223]

I see an app on Google Play called "Nuke my Tablet". Does anyone know if this would work?

It wouldn't be a big deal because I store anything of importance on external hard drives. There is no point doing it though unless I know I can secure the machine properly and prevent this nuisance from getting onto it again.

On other forums I'm reading that installing a brand new operating system is really the only way to get rid of malware of this nature.

 

[Scott Kenyon]

I see an app on Google Play called "Nuke my Tablet". Does anyone know if this would work?

It wouldn't be a big deal because I store anything of importance on external hard drives. There is no point doing it though unless I know I can secure the machine properly and prevent this nuisance from getting onto it again.

On other forums I'm reading that installing a brand new operating system is really the only way to get rid of malware of this nature.

Software of that nature would do less than a factory reset. Rooting and romming would do more. My two cents. Welcome to AC Daniel, I wish it were for a better reason!

 

[Daniel223]

Okay, thanks, and thanks.

 

[Daniel223]

What about prevention, so it doesn't happen again after doing the rooting and romming?

And is there a way I can check to see if malware is discreetly buried deep in the system in the future other than through my stalker confirming to me that it is herself? I don't like to feed this person, as she seems to enjoy any attention, regardless whether it be positive or negative. Her sick little game of dropping little pieces of information on chatrooms and dating sites that I was briefly describing above - knowing that I am on the lookout for them and will be annoyed when I see them - is what she derives her entertainment from. And the only reason why I check for them in the first place is because I want to know whether she has infected a certain device or not. If I had another way of confirming her insidious presence on my machines she would have no access to them and get zero attention from myself, and would have to just go and find someone else to cyberstalk.

 

[Golfdriver97]

What about prevention, so it doesn't happen again after doing the rooting and romming?

And is there a way I can check to see if malware is discreetly buried deep in the system in the future other than through my stalker confirming to me that it is herself? I don't like to feed this person, as she seems to enjoy any attention, regardless whether it be positive or negative. Her sick little game of dropping little pieces of information on chatrooms and dating sites that I was briefly describing above - knowing that I am on the lookout for them and will be annoyed when I see them - is what she derives her entertainment from. And the only reason why I check for them in the first place is because I want to know whether she has infected a certain device or not. If I had another way of confirming her insidious presence on my machines she would have no access to them and get zero attention from myself, and would have to just go and find someone else to cyberstalk.

The downside is, every device, every OS can be cracked. Question is, how long does it take?

You can encrypt the s4. That should also help, but there are downsides to that too. If you encrypt, then need to factory reset, you nerd to decrypt, then reset the phone.
I don't know what else to suggest.

Sent from a SlimROM S3.

 

[Scott Kenyon]

If you're really that paranoid about it you could unzip the rom and look around. Generally, 99% of the ones you can find are legit. Don't download from any untrusted developer or source. Always download directly from the OP.

 

[Daniel223]

Thanks for your advice.

It's more than a little on the technical side for me to be honest though.

And I am not just being paranoid - the person has pretty much unfettered access to every electronic device I own the way things stand at the minute. So obviously I am looking to change that.

I did a DOD defence standard wipe of my Mac drive yesterday (although I didn't wipe out the OXS Base System), and as soon as I got back online I re-installed Rootkit Hunter and every single one of the aforementioned problems are still there.

Just wiping the stuff out like that is the sort of thing I am looking to do - and Android devices don't even have a hard drive, so I am a bit lost for what to do at the minute. I encrypted my S4, but that doesn't seem to have done anything, save lumbered me with a tedious password which I have to enter every time I go to use my phone now.

 

[Golfdriver97]

Thanks for your advice.

It's more than a little on the technical side for me to be honest though.

And I am not just being paranoid - the person has pretty much unfettered access to every electronic device I own the way things stand at the minute. So obviously I am looking to change that.

I did a DOD defence standard wipe of my Mac drive yesterday (although I didn't wipe out the OXS Base System), and as soon as I got back online I re-installed Rootkit Hunter and every single one of the aforementioned problems are still there.

Just wiping the stuff out like that is the sort of thing I am looking to do - and Android devices don't even have a hard drive, so I am a bit lost for what to do at the minute. I encrypted my S4, but that doesn't seem to have done anything, save lumbered me with a tedious password which I have to enter every time I go to use my phone now.

I am curios if you went, bought a different router, and at a different location, set it up with a password to the router itself and a password for the internet. That should be saved, and then brought it home, and swapped routers.
This person has to be accessing your files via the net. Once you cut off their entry, they shouldn't be able to harass you anymore.
For a strong password, search for a hexadecimal generator, and replace some of the characters with rarely used ones. Shoot for a height number of characters to be used, like 26 or 30.

Sent from a SlimROM S3.

 

[Daniel223]

Yes, true. but they are hundreds of miles away. So they need access to some device I own first to use to attack the other ones. And I am reluctant to tamper with the router as it is a family one; and this is my problem, and I do not want to cause any other members of my family any distress.

An iPhone 4, which I have since gotten rid of, served that purpose for them - they first of all sent me a dodgy email and I opened it on my phone (I had previously thought that it was only dangerous to open links or click on attachments, but it seems just opening an email opens the door for them to any given machine). I had a brief look at it and deleted it and set my phone down. About half an hour later I picked the phone up again and it was asking me to enter my Wifi password. This set alarm bells ringing as I never use Wifi on it unless I am on holiday. I checked and it said Wifi was off. But when I actually tapped on Wifi on/off, I discovered that it was actually on, same with Bluetooth. So the person had up to half an hour to attack my other machines which were on but asleep. And they have definitely been able to break into them. Other family members' phones and computers are also compromised and I do not know how to tell them.

At the minute my plan is to isolate each machine one by one if I can, get rid of the stuff, and fortify them so this does not happen again. I'll be paying a visit to the Apple store with my Macbook - I am having to put black tape over the cameras on my devices at the minute because I can't even be sure that they aren't being used to spy on me sitting in my own house, it's disgusting - but I am not sure what I am going to do with the Samsung devices yet as there are no stores near me and I telephoned them yesterday and the guy on the other end had never even heard of root kits, rooting or roming.

 

[Golfdriver97]

Yes, true. but they are hundreds of miles away. So they need access to some device I own first to use to attack the other ones. And I am reluctant to tamper with the router as it is a family one; and this is my problem, and I do not want to cause any other members of my family any distress.

An iPhone 4, which I have since gotten rid of, served that purpose for them - they first of all sent me a dodgy email and I opened it on my phone (I had previously thought that it was only dangerous to open links or click on attachments, but it seems just opening an email opens the door for them to any given machine). I had a brief look at it and deleted it and set my phone down. About half an hour later I picked the phone up again and it was asking me to enter my Wifi password. This set alarm bells ringing as I never use Wifi on it unless I am on holiday. I checked and it said Wifi was off. But when I actually tapped on Wifi on/off, I discovered that it was actually on, same with Bluetooth. So the person had up to half an hour to attack my other machines which were on but asleep. And they have definitely been able to break into them. Other family members' phones and computers are also compromised and I do not know how to tell them.

At the minute my plan is to isolate each machine one by one if I can, get rid of the stuff, and fortify them so this does not happen again. I'll be paying a visit to the Apple store with my Macbook - I am having to put black tape over the cameras on my devices at the minute because I can't even be sure that they aren't being used to spy on me sitting in my own house, it's disgusting - but I am not sure what I am going to do with the Samsung devices yet as there are no stores near me and I telephoned them yesterday and the guy on the other end had never even heard of root kits, rooting or roming.

At the moment, I am out of suggestions.

Sent from a SlimROM S3.

 

[Daniel223]

The Macbook is actually worse now after doing the DOD standard wipe of the drive. For when I run Rootkit Hunter now the malware cuts it off before I can see the results and also shuts the machine down before it is finished its work.

The machine will also not let me do another reinstallation now - all the options to do one have vanished. So it's down to the Apple store with it.

 

[exsintexas2013]

Having the same problem, 3+ androids affected and 2 laptops, you are not being just paranoid. I confirmed Spyware programs such as SpyGenie, Watchdog ect. will allow this type of access. AVG or Zoner or Norton does not detect. Hard or Soft Factory Reset does not work. It's obviously in the OS and runs at startup. I am actively searching for a site that list ALL Android Factory Apps and their permissions. Basically all my permissions on most apps after factory reset have every possible access and permission to control Bluetooth, GPS, Camera, Audio Record ect. The phone has flashed and taken pics. I stop the processes running and they restart on their own until phone overheats or restarts. It's Ridiculous if you there is a way to remove I need it as well.[/FONT] Even the cell phone "Tech" I took one phone too wasn't up to speed and said phone was fine. I requested him to remove software and reload OS we'll see if he can do that, I don't know yet he didn't sound confident. He suggested rooting the phone so that I can access more and stop apps myself. Need any help I can get as well!

 

[moosc]

This is so so funny. I seriously doubt any of your Mobil devices are infected. And if when you run a virus type scanner most send out false readings to make u paranoid. And if your stalker is thus good she must be hacker for the nsa.

Sent from Bad Azz VZW LG G2 Cyan Tapatalk

 

[mimsical]

It's not funny when it happens to you. These 'love' type stalkers are obsessed by nature and some will stop at nothing. Do not go on dating sites - they are rubbish anyway - and definitely do not do social networking - which. let's face it, are also pretty rubbish too.