1. DroidMagnet's Avatar
    So my home PC is very jacked up. I am almost sure the AV software itself has been modified. I did some searching on my Bionic instead of using the PC then, about some strange 'NPF' driver possibly related to modem "cloning" it sounded.

    I had merely used google, then went to a forum post and started reading. I life the page on the Bionic and a little while later I hear a notification. I look at Bionic drop-down menu and see "URL.HTM complete".

    So now I'm a little freaked. Did my Bionic download something from this site? It took me here, beware! Browse Google, search string: 'winpcap-users problem with packetgetadaptername gianluca'. That will yield the site as the first result. (No, I am not a spammer.)

    I'm not sure anything went wrong, just does not look right that something is "complete" via browsing only. Allows me to view the file which just appears to be that link.

    Is there a "good" must-have, antivirus or anti malware for Bionic users? Thanks
    10-25-2011 06:26 AM
  2. viper8315's Avatar
    I use lookout; their premium version (which I'm going to buy) protects you while browsing the internet. Otherwise, it scans apps after they're downloaded. As far as the other specifics of what was downloaded, I don't know. Just helping you with the antivirus side of your post...
    10-25-2011 12:10 PM
  3. Averix's Avatar
    Where did you go when this message popped up? What search did you enter in Google to find it?
    You don't need Lookout if you're smart. Always keep the "Unknown Sources" in Application settings checkbox unchecked unless you know what you're downloading outside the Android Market.
    10-25-2011 12:51 PM
  4. DroidMagnet's Avatar
    Here's what I remember.

    I was looking at these suspicious processes on the PC. I searched one called "NPF driver" or something like that. It took me to the page I described, which is really just a forum post.

    After a little while of the phone being on desk, I noticed it said "URL.HTM complete". I was too curious so I clicked on it, it said open with browser or HTML viewer. I used the HTML viewer, and what I saw was a copy of the page I was previously at in the browser.

    I didn't know if my phone had DL'd something just by visiting a forum post. The stuff I was researching seemed malicious in its own right, like things maybe used to use a computers internet connection. But I have been paranoid on the subject lately, because of the viruses and backdoors found on the PC, which all seemed to stem back from a Droid X having connections via PDANet and PhonemyPC.

    Maybe I'm just being too paranoid. lol. But once you think you have AV/FW software that works, and you then find multiple backdoors on a handful of networked PCs, well, you get suspicious about everything from that point forward.
    10-25-2011 11:33 PM
  5. Averix's Avatar
    I've never seen anything like what you're describing in all my surfing on my phone. So, not sure what to tell you.
    10-26-2011 12:46 PM
  6. DroidMagnet's Avatar
    It's a virus. I found the log file after a long hunt. I have had a trojan that is on some storage device keep coming back. Well I finally found it. It gets the bionic to talk to your wifi network, talk to a PC running the controller software, then the PC grabs contacts, passwords and data from the phone and the PC forwards the data. I watched it all occur. Crazy stuff. The bionic even listed a local IP change while wifi was turned off.

    I basically have to reformat the pc, and get all Comodo rules configured before the bionic can come near. Then I basically have to reformat or restore the bionic. It will just recycle back if not done right.
    10-26-2011 01:05 PM
  7. Averix's Avatar
    It's a virus. I found the log file after a long hunt. I have had a trojan that is on some storage device keep coming back. Well I finally found it. It gets the bionic to talk to your wifi network, talk to a PC running the controller software, then the PC grabs contacts, passwords and data from the phone and the PC forwards the data. I watched it all occur. Crazy stuff. The bionic even listed a local IP change while wifi was turned off.

    I basically have to reformat the pc, and get all Comodo rules configured before the bionic can come near. Then I basically have to reformat or restore the bionic. It will just recycle back if not done right.
    So your PC infected the Bionic? Do you have a link to any info on this virus? Any idea how it got on your device in the first place?
    10-27-2011 12:09 PM

Tags for this Thread

LINK TO POST COPIED TO CLIPBOARD