1. Android Central Question's Avatar
    Ok so I've had android phones my whole life but never have gotten into rooting or anything dealing with development. I got my current phone for christmas 2017 and got it activated on at&t a few days after, the phone was bought as a unlocked phone from walmart.com and I didnt do any modifications to it or download any apps from outside of google play. About 5-7 days ago my desktop computer got hacked and had a remote access administrator user account downloading all my information and monitoring my activities, it changed my user account to non administrator and then did some altering to the boot sequence file but i dont know what, I just saw it open the file and change the code and the computer said it had to restart to confirm changes; whenever it began to restart I unplugged the power cord and everything else from the computer and havn't touched it since.

    The same night that happened I realised i had a remote access program on my phone changing settings and setting up auto call-forwarding and could close out my windows and controll my screen. I did a factory restart and created a new google account but the malware was still on my phone, sometimes taking longer than others to show but When looking in the geeky stats inside of the developers settings it shows a bunch of random apps running with administrative permissions that cannot be disabled or uninstalled. I have since done atleast 7 factory resets including in safe mode and I can still see the apps running background processes. I tried to do it in recovery mode but it says it was missing the files. the factory reset sets it at android version 5.0.2 Lollipop

    my bootloader says this:
    *** Software Status: Official ***
    *** LOCKED ***
    M8_UL_CA PVT SHIP S-ON
    HBOOT-3.19.0.0000
    OpenDSP-V47.2.2-00564-M8974_FO.1024(rest covered by broken screen)
    OS-4.28.502.8
    eMMC-boot 2048mb
    Mar 4 2016, 18:56:55.1781

    The recovery screen says this at the bottom when I open it:
    E:missing bitmap oem_unlock_bg
    (Code -1)
    E:missing bitmap oem_unlock_bg_yes
    (Code -1)
    E:missing bitmap oem_unlock_bg_no
    (Code -1)
    handle_cota_install: install cwpkg to /data/data/cwtemp/cwpg.zip
    handle_cota_install: install cwprop to /data/data/cwtemp/cwprop
    Write host_mode success
    handle_cota_install: Can’t mount /sdcard, 1 times
    handle_cota_install: Can’t mount /sdcard, 2 times
    handle_cota_install: Can’t mount /sdcard, 3 times
    handle_cota_install: Can’t mount /sdcard, 4 times
    handle_cota_install: Can’t mount /sdcard, 5 times

    How do I fix my phone and get the malware out of the factory reset files?
    03-25-2018 12:24 AM
  2. Rukbat's Avatar
    The malware is installed as a system app, so a factory reset won't do anything to it. ("Factory reset" is more like "user addition reset" - it removes anything you've done. Since the malware is installed as part of the system, it's not touched.) About the only way to make sure you get rid of it is to reflash the ROM. (You'll also lose any data you don't have backed up, but that can't be helped.)

    As for the PC, it needs about the same treatment - reinstall Windows from scratch. And, again, you'll lose any not-backed-up data.
    03-25-2018 03:05 PM

Similar Threads

  1. SD card not inserted?
    By tcdude in forum Samsung Galaxy S8 & S8+
    Replies: 7
    Last Post: 10-16-2018, 04:33 PM
  2. This may sound crazy but the Pixel 2XL seems small
    By Mike Dee in forum Google Pixel 2 & Pixel 2 XL
    Replies: 17
    Last Post: 03-27-2018, 08:50 AM
  3. Exodus not working on kodi
    By Android Central Question in forum Ask a Question
    Replies: 1
    Last Post: 03-25-2018, 05:15 PM
  4. my galaxy 9+ group messening doesnt work.... why
    By Android Central Question in forum Samsung Galaxy S9 & S9+
    Replies: 2
    Last Post: 03-25-2018, 03:42 PM
  5. How to restore my camera view to vertical? It seems stuck on horizontal view.
    By Android Central Question in forum Ask a Question
    Replies: 1
    Last Post: 03-25-2018, 03:40 PM
LINK TO POST COPIED TO CLIPBOARD