Extreme malware problem

Blrichard87

Member
Nov 4, 2018
8
0
0
My phones (multiple phones) since May 7th, have been infected cross devices. No i I didn't use anything related to Facebook Gmail or any social media. Thought I would be okay. This malware has been sticking as around still on my Note 9, if I put PIP on YouTube there is always another window thats not there. VPNDialogs, Settings window, Package Installer, etc. If I try to pull up the window to go half screen. Whatever the window and name of window may be, itll say unable to open app. It has been stealing personal information and has invaded ans ruined my social life theough Facebook, emails, numerous things....Inhave pics of the random windows if needed...

Is there any solution, I've been doing an extreme amount of research fixing this and some places say that I have to replace the phones completely. Change number. Etc. Due to IMEI being "taken" and used. It will stay theough Factory reset and will install everything on a factory reset.
 
Posting the pictures of the window/app would be useful. Be sure to cover any personal information before posting the pictures here.
 
Okay. Thank you let me pull up some random pics now. Sometimes its make it look like a windowed program with another copy of same screen inside (like looking at a mirror in front and behind you getting smaller and smaller) if that makes sense...
 

Attachments

  • Screenshot_20181104-005740_YouTube.jpg
    Screenshot_20181104-005740_YouTube.jpg
    155 KB · Views: 12
  • Screenshot_20181104-070827_Samsung Experience Home.jpg
    Screenshot_20181104-070827_Samsung Experience Home.jpg
    130.8 KB · Views: 12
  • Screenshot_20181104-070842_null.jpg
    Screenshot_20181104-070842_null.jpg
    152.3 KB · Views: 10
  • Screenshot_20181104-070927_YouTube.jpg
    Screenshot_20181104-070927_YouTube.jpg
    59 KB · Views: 11
  • Screenshot_20181104-071005_null.jpg
    Screenshot_20181104-071005_null.jpg
    92.4 KB · Views: 10
  • Screenshot_20181104-071012_Google.jpg
    Screenshot_20181104-071012_Google.jpg
    95 KB · Views: 10
  • Screenshot_20181104-071023_YouTube.jpg
    Screenshot_20181104-071023_YouTube.jpg
    83.1 KB · Views: 11
If you have an Android, you have a Google account (it's needed to setup the phone and use things like the Play store). And if you don't use Facebook, how could it use Facebook to ruin your social life? Photos of what's going on are definitely needed, because what you've said so far isn't making a lot of sense.

It's rather hard to get malware on an Android as long as you are using common sense. Usually things people think are malware are really just bugs and defects in the phone. IF this is determined to be actual malware, I wouldn't jump to replacing the phone. Usually they can be dealt with once you figure out the culprit. In the meantime, start your phone in safe mode and see if it still happens. If it does, then there's about a 99.9999% chance it's not malware because safe mode only runs the stock system and apps. If it does keep happening, I'd assume it's a bug until proven otherwise. That is, of course, assuming you're not visiting questionable sites, downloading apps from untrusted sources (especially pirating), clicking random email links, etc.
 
I can get more technical. K was somewhat sarcastic on the social life part, lol. Short story short. Apps that I closed out of when I see some of the windows in PIP like i just posted in last reply, just shows Google aa previous opened app from... last night. Sometimes its be a system file called package installer, vpndialogs, etc... it's been very troublesome on all our devices through Verizon. Is there a way I can get a log of everything in the phone to where it lists everything and (hopefully) if there is... could this Malware possibly hide itself? I'm clueless when it comes to this....but me going
...bipolar guess you could say....over this.... it's been a major pain. Yall are probably aware of a malware that can first take your facebook... and because of your number or same email it can link through web data and cause a domino effect through Instragram, Facebook,, Gmail accounts. If it gets gmail accounts it can branch out pretty fast from there.....I'm not smart in this kind of area at all.. dont get me for a smart person please, lol. That's why I'm hoping you guys can help. If anything else goes weird I'll keep you guys posted. But like in the last reply with the pictures... it's crazy man....if there's maybe a hint of what you guys might think it is would be great lol.....I appreciate the quick replies. This is the first time I've posted about it. Oh also... after a period of time, I restart phone at least once a week. It will sometimes stay same or it goes back to a, restore point, that's the best in an put it....back to an old theme and certain settings. That's from a simple restart. Also sorry for the misspelling from the message last night. Was trying to send something before going to sleep..:(
 
As far as Google accounts and such. When I switched to a different phone, I didnt use anything similar, including my name on Google account and didnt use any Facebook at all. It makes an account when it self installs Facebook AMD whatever Google Account is there it will immediately make one....its repetitive. Idk if it is attached to my phone number solely or what. I've made very complicated passwords since this has happened back in May. I heard of a webitsite....www....youvebeenpwned....idk what it is...something for hackers to have fun with leaked accounts....
 
Oh the safe mode, it still acts crazy man. Itll still change passwords and go ham on me....I made another reply below these 2 to you explaining a little more...if in could talk to someone and tell someone about it. Man. There's so much more I could say. Just that its Sooo sooo much.....I also tried to back up or simply transfer some stuff to keep before a reset and it prevents the adaptor for a USB drive that comes with the Galaxy note 9 and will not let me stop it from trying to transfer files...like it starts on its on....if I started the Samsung up and look at logs...if I took a screenshot of all that....would you be able to detect the coding where it establishes itself and loops right back in? Also I've only been installing from Google playstore and do not visit questionable websites. At around 11pm CST, it almost seems like it's being watched and when watching YouTube or Hulu, it seems its being controlled and random apps come up to prevent me from watching something or playing one of my games I've downloaded from Google Play. I've tried all the antivirus programs. Oh. I did a Android Viewer to check files too. There's a file named Root/ with tons of files and stuff that it will not let me delete. I have never rooted my Note 9. Ever. If that's supposed to be there, please tell me, for what can be deleted in there, it comes right back...
 
Yall are probably aware of a malware that can first take your facebook... and because of your number or same email it can link through web data and cause a domino effect through Instragram, Facebook,, Gmail accounts. If it gets gmail accounts it can branch out pretty fast from there.
This is why it's important to use different passwords for every account and to enable two factor authentication whenever possible. If you were to get my Facebook password, I'd get an alert asking if it was me. If I decline it, you don't get in. And that password is not used anywhere else, so no way to "branch out" to my offer accounts. I also suggest the use of a password manager to help you keep track. If expanded on that topic here:

https://forums.androidcentral.com/showthread.php?t=899430

Oh also... after a period of time, I restart phone at least once a week. It will sometimes stay same or it goes back to a, restore point, that's the best in an put it....back to an old theme and certain settings. That's from a simple restart.
That's definitely a bug and shouldn't be happening. If you are using third party apps to set themes and such, I'd try contacting those developers to see if they can advise you. If it's the stock theme, there may be little you can do. You could try searching the app manager list for theme related apps (you may need to use the option to view system files) and clearing their cache or data. That may work, but also possibly make you have to set the themes up again. If that doesn't work, you may have to go with a factory data reset. It'll be a pain to set it all up again, but may be worth it to start with a clean slate when dealing with multiple issues like you seem to have. Just make sure everything is backed up first (this will delete all of your data) and you know the Google account login info. Factory reset protection requires you to sign in to a phone to set up again after a reset. If you don't know it, sign out of it BEFORE resetting the phone to prevent FRP from kicking in, but this also means you no longer have access to anything associated with your current Google account and will have to create a new one.
 
I really appreciate your time with helping me on this matter. I really do so just want you to know I'm very thankful for you taking your time to help. Now. When I Favtory reset. I've done it quite a few times now. After so many attempts. I started looking into those logs from the wipe cache and cle and clear partition. Then re mounting the device before and after a complete wipe. Still to encounter the same issues of password being changed or it taking over. Even 2 step authentication through anything for call or texts, its able to either listen to it or capable of reading the texts.... Then it instantly will go into the settings for two step and change it to where I cant authenticate, due to it changing something in the verification settings, whatever it may be. It's a very complex malware. My mother went flash hers when she was in Niagra Falls and changed the number on her Note 9 while I was at home in Arkansas. SHE still had things going on. Not LINKING anything.even similar to before.

Makes me wonder..

Is there a new malware that once it takes THE IMEI of phone and is able to establish itself as the device I.D. of the phone, then simply get the phone number linked to it right off and .... ransomware or steal its "identity".....possibly?
 
It is possible to spoof an IMEI number, but I don't think the rest of that (getting your phone number, intercepting two factor authentication, etc.) is likely in your case. Possible? Anything is possible, but that would be a pretty advanced bit of programming and such a developer would've likely hidden his tracks and you wouldn't know anything is going on. If you had a clone or knockoff device, were pirating apps, visiting things like random adult and gambling websites, etc, then I may suspect an infection. Since you're not doing any of that, it's going to be virtually impossible to get infected.

I think at this point it would be a good idea to let a repair store or someone at your carrier's store get their eyes on it so they can see exactly what is happening. Or even just a tech savvy friend.
 
honestly it's an app that you downloaded. stock apps dont carry malware. I've seen it a TON of times and have to tell guests NOT to download apps they see in advertisements because usually they're too good to be true and they usually carry malware. I can't tell you how many phones I have had to factory reset because of this issue
 
I never have is the thing. I only downloaded games that O know are legit and look st permissions. I just dont understand how it is able to latch over to a new phone with a different IMEI and have a different number. I, in no way, acted learning, did I ever put emails or accounts associated to me at all.... I really don't see what's going on....:(....maybe through My Verizon App.....? That's the last thing I can think of.....
 
We are having the same issues with a S9 and Note 9. Carrier is at&t. Done everything possible and still having same issues. If you find a solution please post and let us know. Thanks.
 

Forum statistics

Threads
958,683
Messages
6,977,443
Members
3,164,119
Latest member
vinod681