[Patch] Malware block [3/6/11] (froyo only)

mmmark111

Well-known member
Jan 27, 2011
178
130
0
Visit site
If you haven't read this, please do so.

The Mother Of All Android Malware Has Arrived: Stolen Apps Released To The Market That Root Your Phone, Steal Your Data, And Open Backdoor | Android News, Reviews, Apps, Games, Phones, Tablets, Tips, Mods, Videos, Tutorials - Android Police

Who is affected? All phones pre-gingerbread
Who should act? Users and developers using pre-gingerbread roms
What if I think I was infected? Completely wipe your device, format sdard, go back to stock and re-apply rom, then flash the attached .zip (before installing any apps)

The offending apps from publisher Myournet:

* Falling Down
* Super Guitar Solo
* Super History Eraser
* Photo Editor
* Super Ringtone Maker
* Super Sex Positions
* Hot Sexy Videos
* Chess
* Falldown
* Hilton Sex Sound
* Screaming Sexy Japanese Girls
* Falling Ball Dodge
* Scientific Calculator
* Dice Roller
* Advanced Currency Converter
* App Uninstaller
* PewPew
* Funny Paint
* Spider Man

More information can be found here.

The exploit has been patch in 2.3 so if you're running GB then you are safe.

DOWNLOAD
 
Last edited:
  • Like
Reactions: blacksecond

vee

Well-known member
Feb 17, 2011
283
14
0
Visit site
Can we apply this at any time or only at fresh flash? Are there any signs to know if you're infected
 

mmmark111

Well-known member
Jan 27, 2011
178
130
0
Visit site
Can we apply this at any time or only at fresh flash? Are there any signs to know if you're infected

Yea you can flash it at any time unless you have installed any of the apps listed.

Then check your /system/bin/ for a file named "profile" (unless you have already flashed the zip) If it's there you're most likely infected.

You guys should give the xda thread a read through. A lot of it is speculation but they know that this will fix this particular type of malware.
 

r00t

Well-known member
Feb 10, 2011
171
13
0
Visit site
Awesome work, really appreciate this.

I think the list was larger, about 50 something apps. Lookout antivirus seems to detect the root kits.
 

denshigomi

Well-known member
Feb 14, 2011
117
12
0
Visit site
The Droid Dream virus relies on the Rage Against The Cage exploit.
I thought that exploit was patched in 2.2.1.
If so, the virus can't infect the Optimus V.
 

denshigomi

Well-known member
Feb 14, 2011
117
12
0
Visit site
Is this an apply once and forget, or do you need to apply this after each rom flash?
It's just a blank file named /system/bin/profile with permissions set to 644. If your ROM flashes /system (which I assume it does) then you'll need to recreate the file after flashing.
 

KSmithInNY

#winning
Oct 7, 2009
3,538
1,441
0
Visit site
Moved this over to the root/hack/rom section because of it's requirement to be rooted to use (flash through custom recovery). I think non-rooted phones can grab droiddream cleaner from lookout labs free from the market.
 

Forum statistics

Threads
944,555
Messages
6,923,358
Members
3,159,621
Latest member
wadeharper