1. Android Central Question's Avatar
    So I was going to reset my old s7 and wanted to backup the phone before I erased everything. I kept coming across wondershare Dr fone. I was tried and seemed fairly simple and since there were no obvious scam/Hack alerts to be found just Quickly browsing. I thought i'll give it a whirl. Should have not ran it apparently.

    So I connected via usb to Windows and started the program - > Phone instantly gone to download mode and apparently the software is trying to root or set some firmware to gather data - > Software doesnt work and phone stuck in endless bootloop - > recovery mode gives no command but starts after hanging a few seconds 10 or so - > Do a factory reset from recovery and Log back into previous Google Account required so I Do it and do a normal reset - > Reset goes in normal but when setting up clean phone it gives me a Security alerts "unauthorized activity noticed" and deviCe Security guides me to restart phone to reset changes.

    Really spooky not knowing what the software did! Can you guys please help me figure out? Didnt find anything on web that indicates Dr fone stealing data or hacking, just ripping Off payments.

    - How do I know I'm on stock ROM and nothing suspicious was left on the phone?
    - Should I flash stock ROM just in case?
    - Can my personal data, passwords etc be compromised if I dont use the phone?
    - Could the Windows app itself have gathered personal info somehow. Can I check it out from Logs? I have the Logs in AppData

    I found out that after factory reset Im getting a Security alert even though firmware and everything else seems original. Could this be knox efuse that triggered when software tried to root? Can I check the firmware some how for possible flaws/changes?

    Seems like there are plenty people in trouble with Dr fone gone bad, maybe we Could help others too. Tell me if you need photos. Thanks in advance!
    01-28-2018 05:28 AM
  2. Rukbat's Avatar
    Can it be compromised? Of course. Was it compromised? I don't know enough about Wondershare to be able to answer that. But with backing up being so easy (see Backing up an Android Device), there's no reason to use Dr. Fone.

    - How do I know I'm on stock ROM and nothing suspicious was left on the phone?
    Back it up, then reflash the firmware (see [Samsung] How to flash Stock ROM via ODIN).

    - Can my personal data, passwords etc be compromised if I dont use the phone?
    If they got them, and use them, sure. As I said, I don't know enough about them to say. (I'm retired now, but I spent decades with my nose [and my computer] in other people's data - and nothing was ever "compromised". But if a client in Chicago had a customer in NYC, and the customer's phone number began with 312, I'd change it. Then forget it as soon as I went to the next record.)

    - Could the Windows app itself have gathered personal info somehow.
    Of course.

    Can I check it out from Logs? I have the Logs in AppData
    I doubt that, if they were stealing your data, they'd log that. (You may have logs that show that their program ran, but you have no logs showing what they did with your data,)

    I found out that after factory reset Im getting a Security alert even though firmware and everything else seems original. Could this be knox efuse that triggered when software tried to root?
    Could? Yes. Did? Most likely not. Reboot to Download (Volume Down/home/Power) and look at your fuse listing (it's listed at the top - Knox Warranty Void: 0x0 is not tripped, otherwise the number after 0x is the number of times it's been tripped).

    - Can I check the firmware some how for possible flaws/changes?
    Not easily - just reflash it.
    01-28-2018 04:31 PM
  3. Ollie321's Avatar
    How exactly does the knox counter check work?
    Do I need adb for that?

    If it's not triggered then flashing stock would mean the phone is again valid for normal use, especially if done in a licensed shop? Thinking reflashing stock in a shop wont really cost much..

    Digged into the info I could find on my pc and nothing seems out of the ordinary. Ran pretty much everything Rkill -> Malwarebytes -> Bitdefender and there is nothing that suggests any harmful files with dr fone. Event viewer only shows normal activity any legit program would do, only 1 error from that time:

    .NET Runtime Optimization Service (clr_optimization_v2.0.50727_32) - Tried to start a service that wasn't the latest version of CLR Optimization service. Will shutdown

    So nothing currently implies any kind of theft. No alerts of unauthorized logins or active sessions in other devices. I mean the phone in question is my old phone so I haven't used it at all after the procedure. I just want to make sure. Is there anything else I can do except change passwords to be sure? I would assume changing password revokes tokens with google, facebook, instagram etc..?
    01-29-2018 03:31 AM
  4. Ollie321's Avatar
    Status update, Checked odin mode and showed:

    CURRENT BINARY: Samsung Official
    SYSTEM STATUS: Custom
    WARRANTY VOID 0x0000

    Reflashing (had to do it twice) Stock ROM fixed it and now normal:


    CURRENT BINARY: Samsung Official
    SYSTEM STATUS: Official
    WARRANTY VOID 0x0000

    So Either I got a security alert because the download mode was interrupted and didn't reach the point of efuse triggering but left something in a wrong state or.. because something actually found it's way to the system. Only difference I noticed application-wise was that custom had "a" Game optimization service and official didn't. Might have missed something and of course if there was something disguised I wouldn't know just by browsing through. Lesson: stay the **** away from all this easy fix kind of crap and actually study

    Windows itselft shows absolutely clean status even after running every check in safe mode. Haven't checked with the big guns yet because there's no implication on having the need to use them. Nothing out of the ordinary. I currently believe my main concern is logging into google to reset FRP lock after factory reset with custom OS? This ought to be taken care of by changing passwords and checking account security settings are up to date?
    01-30-2018 07:13 AM

Similar Threads

  1. I can not receive any SMS in my Galaxy Trend II
    By Android Central Question in forum Ask a Question
    Replies: 8
    Last Post: 01-31-2018, 10:12 AM
  2. Why cant i boot after flashing any custom rom?
    By Android Central Question in forum Ask a Question
    Replies: 1
    Last Post: 01-30-2018, 02:00 PM
  3. Trying to reset back to factory
    By Android Central Question in forum Ask a Question
    Replies: 2
    Last Post: 01-29-2018, 12:58 AM
  4. Replies: 1
    Last Post: 01-29-2018, 12:57 AM
  5. How to remove counter cash in home screen
    By Android Central Question in forum Ask a Question
    Replies: 2
    Last Post: 01-28-2018, 10:47 AM
LINK TO POST COPIED TO CLIPBOARD