The Associated Press reports that new virus and trojan sources
are coming out of China via all the new electronic gadgets we
becoming addicted to.
They say that the source is at the manufacturing level coming
from either malicious intent or infected test computers on
manufacturing lines.
When you hook infected device to your host PC that's when
the virus/trojan enters into play,they name TomTom gps
as one of the sources of the problem devices along with
plethora of mini music devices.
actually treat my reply as a very serious notification.
there are a hell lot of viruses and trojans coming from china these days.
my pc is infected with something which actually seems to be an adware but has:
1. hijacked my browser
2. always downloads a trojan (no matter what i try to download, i always end up downloading a file setup.exe 139 kb)'
3. no antivirus has detected anything in my system.
4. lan connection is lost (ping becomes >300ms)
when i not knowingly clicked the exe file it did the following:-
1. disabled kaspersky av(infact avp.exe was running with 100% cpu)
2. infected all the exe files on my pc.
3. infected all sytem processes (kept running under 'system')
4. disabled boot in safe mode
5. infected all .htm files
it all starts as the followin: (notice the 2 small chinese windows in webpage which popup with any site including xda-dev)
Guys, before you start a scare and alienate and entire nation how about some facts?
bigstr: do you have a link to any specific articles / news reports / security warnings concerning specific products?
To my knowledge there has been one occurrence so far where a virus accidentally included in a ROM of a nav device and if I recall correctly the manufacturer provided a fix.
mariner_hart: with all due respect, if you click on an exe without knowing where it came from or scanning it with an AV software you have only your self to blame.
I suggest you download a software called HijcakThis (using another PC), run it and post the resulting log on an appropriate forum (not here).
I am sure someone will point out what you need to remove to solve your problem.
Finally, it is a good idea to disable the autoplay function in windows to prevent any CD / DVD / removable disk from running any software before it is scanned for viruses.
I don't have a link as I read it in the Hamilton Spectator and as
I said it was an Associated Press source article and named
TomTom as one of the sources.
I believe it may be possible to research either the Spectator
or AP via net to find source.
I read on the Tech blogs that Samsung put keyloggers on their notebook computers.
I am wondering, do they do that on their tablets too?
Read more. Samsung has already explained how it's false.
mbazdell said:
Read more. Samsung has already explained how it's false.
Click to expand...
Click to collapse
The admitted doing it...... Check slashdot...
-Sno
Snocrash7 said:
The admitted doing it...... Check slashdot...
-Sno
Click to expand...
Click to collapse
No, the guy who made the allegations *claims* that they admitted it.
It has since been shown to be false!
Regards,
Dave
So some "independent" security consultant runs his software to see about spyware or whatever, gets a false positive, news runs rampant and then Samsung gets an independent body to buy product from a retailer and test. The independent body confirms it is a false positive but I don't see any "breaking news" with apologies.
That pisses me off.
fragdagain said:
So some "independent" security consultant
Click to expand...
Click to collapse
This "so called" consultant ran an off the shelf virus checker, known to produce a false positive, and published his "results" without even a modicum of research into the cause.
He looks incredibly retarded and incompetant now, and I can't see why anyone would ever again utilize his services.
Regards,
Dave
well samsung might not be putting keyloggers. But they sure install rootkits for drm purposes (i have known that since i first got my samsung mp3 and installed media studio as a syncing program).
Dont believe me? Open your kies folder or program files folder on your hard drive. You will find it. Its called content safer.
As our great spacemoose dev said why does samsung have to do everything in backwards ass possible.
DarkPal said:
Dont believe me? Open your kies folder or program files folder on your hard drive. You will find it. Its called content safer.
Click to expand...
Click to collapse
I don't have such a folder, but the existence of a folder doesn't imply the existence of a rootkit. I've tried googling "samsung kies rootkit" and found nothing.
Regards,
Dave
Its there. Contentsafer folder search it and google. A nosy intrusive piece of software. Search program x86 folder. Came with kies.
www.bleepingcomputer.com/forums/topic77076.html
DarkPal said:
Its there. Contentsafer folder search it and google. A nosy intrusive piece of software. Search program x86 folder. Came with kies.
www.bleepingcomputer.com/forums/topic77076.html
Click to expand...
Click to collapse
OK, I have it under "C:\Program Files (x86)\MarkAny\ContentSafer".
However, I wouldn't exactly call it a rootkit - it's just installed as part of the Kies installation, doesn't try to hide itself and when you remove Kies it is uninstalled.
To me, that doesn't meet the definition of a rootkit.
Regards,
Dave
I hate this malware bundled in Samsung softwares
foxmeister said:
OK, I have it under "C:\Program Files (x86)\MarkAny\ContentSafer".
However, I wouldn't exactly call it a rootkit - it's just installed as part of the Kies installation, doesn't try to hide itself and when you remove Kies it is uninstalled.
To me, that doesn't meet the definition of a rootkit.
Regards,
Dave
Click to expand...
Click to collapse
I can now confirm that this is effectively acting as a rootkit. I noted that this malware was actually monitoring ALL your media files that are in some known formats (MPEG, OGG... and even JPEG images), in order to MODIFY them on the fly, storing a personnally identifiable tracking ID in them, within some obscure extension subtags permitted in these formats.
MarkAny describes this process as "watermarking". This behaves like a rootkit because once the malware is running, it then attempts to HIDE this watermark to the normal OS I/O operations, in order for these files to appears as if they were still clean of any alternation.
BUT....
This watermarking process not only has a very intrusive effect (no this is not a keylogger process, but a process that will report to some internet server in Korea all media files that contain any other watermark inserted by "MarkAny ContentSAFER" from another PC/user. The watermark is personnally identifiable because MarkAny ContentSafer is installed SILENTLY as a REQUIRED bundle with other softwares requiring an online registration (for example when installing Samsung Kies, you need to register an account at Samsung, and this registration includes this personal data which is sent SILENTLY to MarkAny to associate your generated UUID which will be stored in YOUR media files, with YOUR identity).
Later, if ever you use a media shared LEGALLY on your local network (suppose you have several PCs including for backups, or several virtual OS installations) and you play the shared media file, as it will not match your current personal UUID in the currently running instance of "MarkAny Content SAFER", the two UUIDs will be sent and compared online (as soon as you get an internet connection), to track how you use that media file. In addition, the existing remote watermark will be replaced by the new one (or added) in your media file.
And here comes the effect of the ROOTKIT ! This silent modification of your mediafiles is completely stupid. It effectively alter these files even if they are in fact NOT true media files.
One bad effect: you legally download a new ISO for installing Windows, and want to copy the content of tyhe mounted ISO to an USB key in order to install a PC. The installer will FAIL (missing or corrupted files), just because it runs WITHOUT the MarkAny rootkit being active to restore the expected content that the OS should see.
I had a lot of troubles just trying to figure out why all my attempts to create a bootable USB key for installing Windows on another PC constantly failed (the USB key refused to boot), until I cleaned my PC from this spyware BEFORE attempting to create the USB key (no my ISO download was NOT corrupted, but all files copied from the ISO to the USB key were immediately corrupted on the fly by this malware during the copy, if I was not connected to the Internet when creating the USB key as the watermarks supposed to be there temporarily were not in fact removed before they were checked online with the spying Korean server).
Such silent modification of media files is stupid, it breaks applications and it adds supplementary trafic to the internet each time a media file is checked (and reported to companies trying to track illegal copies, even if YOUR copies are perfectly legit).
Blame Samsung from installing this component silently (now it is no longer installed in a separate program, but directly within the installation of Kies, and it is extremely difficult to remove from there, and if it's not running, Kies will not even recognize correctly your Samsung Smartphone (and you won't be able to perform a legal firmware update to the current version for your Samsung smartphone or tablet).
I cannot understand why antimalwares do not classify this "MarkAny ContenSAFER" software as a real rootkit, it is really one because it silently modify your files, corrupts them, and logs to Korea any new media files you would have even created yourself, sending some extracts of them on request from the Korean server, so that they can check what it is. MarkAny is effectively monitoring ALL your media files (and this is also a severe privacy breach).
We should campaign immediately against Samsung for delivering MarkAny contentSafer and installing it WITHOUT your permission and for spying on every media files you use (MarkAny contentSAFER is effectively running as a DLL linked to ALL applications that start, and it will activate itself if it detects this is a known media player, including the basic Media player built in Windows with the Sound applet when you logon and a sound is played, or when your PC just wants to play a "beep" sound with the associated sound file (visibly, MarkANY ContentSAFER is silently modifying a LOT of media formats, including MP3, WMA, WMV, RA, Flash video, MPEG4, and even the most basic WAV files, if ever its file size or play diuration is above some threshold; it also alters your own JPEG photos or videoa taken with your OWN cameran, and ALL photos and videos taken with YOUR Smasung smartphone or tablet, as soon as you synchronize them to your PC, and sometimes this causes the modified media file to be corrupted and unplayable or showing some extra "garbage" pixels along the image borders) !
You can easily detect that the media files are corrupted if you start Windows in safe mode, and attempt to compute their checksum with a strong secure hash algorithm (at least MD5 or SHA1) : they no longer match the data signatures you find when running Windows in normal mode, even if their filesize is apparently unchanged.
We cannot tolerate silent watermarking of media files (notably when their security is asserted, for example for default sound files that are part of the standard Windows distribution and which are digitally signed by Microsoft, but that Markany sometimes will alter as well, when it should NEVER modify any media file which is already digitically signed : it's not the job of Samsung to verify the authentificty of Windows components, only Microsoft has a right to do that to check "genuine" Windows installations).
Let's ban MarkAny, it is a malware, causing system corruptions, and a spyware, and a software which also has its own bugs (causing other programs to hang, and even some system drivers to fail and Windows stopping with BSOD, for example when performing system backups, because it also corrupts some SCSI commands needed to control I/O access to your drives within filesystem drivers like NTFS).
I hate those illegal spiers.
Thanks!
verdy_p said:
I can now confirm that this is effectively acting as a rootkit. I noted that this malware was actually monitoring ALL your media files that are in some known formats (MPEG, OGG... and even JPEG images), in order to MODIFY them on the fly, storing a personnally identifiable tracking ID in them, within some obscure extension subtags permitted in these formats.........
Click to expand...
Click to collapse
Thanks for the full explanation, verdy_p. Much appreciated:good:
---------- Post added at 07:19 PM ---------- Previous post was at 07:13 PM ----------
Found a suggestion on how to remove this. I'm going to try this method - but if anyone can suggest a better way, please describe?
Boot into Safe Mode, Make sure if the program has icon in the System Tray by the clock that is disabled. Use the CCleaner/Tools/Uninstall option to uninstall the program. Once it is completed, boot into Safe Mode again and in CCleaner Search for ContentSafer. Delete any instances of the file. Then do another search for MarkAny. Delete any instances of the file
Click to expand...
Click to collapse
acuxda said:
Thanks for the full explanation, verdy_p. Much appreciated:good:
---------- Post added at 07:19 PM ---------- Previous post was at 07:13 PM ----------
Found a suggestion on how to remove this. I'm going to try this method - but if anyone can suggest a better way, please describe?
Click to expand...
Click to collapse
wow thank you for that explanation. that is pure evil time to boot into safe mode and eradicate this plague.
JeremySeven said:
How to remove mobile spy without losing the data?
Click to expand...
Click to collapse
I have since redone my system and flat out refused to install Kies. you can install the usb drivers separately and not get this spyware installed on your systems. as to removing it once you installed it it's just a matter of booting your desktop/laptop into safemode finding it renaming it and running a reg cleaner like ccleaner. you will however lose the ability to use Kies to install signed firmware updates etc but it's a small price to pay for peace of mind. after all your could always use Odin for flashing. the data is not actually encrypted etc just watermarked so you will not lose access to any files it touched but if you did a bit for bit comparison on them you might see the changes the watermarking did to them in a hex editor. what worry's me most about this spywear is it digitally watermarks every single media file on your computer and talls some random server in god knows what country the checksum in short nasty nasty nasty form a privacy perspective.
so, is it true that they place keylogger in KIES?
fauzanfirefox said:
so, is it true that they place keylogger in KIES?
Click to expand...
Click to collapse
Keylogger no root kit yes.
Sent from my SAMSUNG-SGH-I547 using xda app-developers app
verdy_p said:
I can now confirm that this is effectively acting as a rootkit. I noted that this malware was actually monitoring ALL your media files that are in some known formats (MPEG, OGG... and even JPEG images), in order to MODIFY them on the fly, storing a personnally identifiable tracking ID in them, within some obscure extension subtags permitted in these formats.
MarkAny describes this process as "watermarking". This behaves like a rootkit because once the malware is running, it then attempts to HIDE this watermark to the normal OS I/O operations, in order for these files to appears as if they were still clean of any alternation.
BUT....
This watermarking process not only has a very intrusive effect (no this is not a keylogger process, but a process that will report to some internet server in Korea all media files that contain any other watermark inserted by "MarkAny ContentSAFER" from another PC/user. The watermark is personnally identifiable because MarkAny ContentSafer is installed SILENTLY as a REQUIRED bundle with other softwares requiring an online registration (for example when installing Samsung Kies, you need to register an account at Samsung, and this registration includes this personal data which is sent SILENTLY to MarkAny to associate your generated UUID which will be stored in YOUR media files, with YOUR identity).
Later, if ever you use a media shared LEGALLY on your local network (suppose you have several PCs including for backups, or several virtual OS installations) and you play the shared media file, as it will not match your current personal UUID in the currently running instance of "MarkAny Content SAFER", the two UUIDs will be sent and compared online (as soon as you get an internet connection), to track how you use that media file. In addition, the existing remote watermark will be replaced by the new one (or added) in your media file.
And here comes the effect of the ROOTKIT ! This silent modification of your mediafiles is completely stupid. It effectively alter these files even if they are in fact NOT true media files.
One bad effect: you legally download a new ISO for installing Windows, and want to copy the content of tyhe mounted ISO to an USB key in order to install a PC. The installer will FAIL (missing or corrupted files), just because it runs WITHOUT the MarkAny rootkit being active to restore the expected content that the OS should see.
I had a lot of troubles just trying to figure out why all my attempts to create a bootable USB key for installing Windows on another PC constantly failed (the USB key refused to boot), until I cleaned my PC from this spyware BEFORE attempting to create the USB key (no my ISO download was NOT corrupted, but all files copied from the ISO to the USB key were immediately corrupted on the fly by this malware during the copy, if I was not connected to the Internet when creating the USB key as the watermarks supposed to be there temporarily were not in fact removed before they were checked online with the spying Korean server).
.......
Click to expand...
Click to collapse
Thanks for the information, but can you provide some proof, please? I'm interested in seeing the connection to the server in particular. Do you by chance have a wireshark capture of this?
1.9 Are there things I can’t do on the Services? You must not use the Services to harm others or the Services. For example, you must not:
•Use unauthorized software or hardware to access the Services or modify an Authorized Device in any unauthorized way (e.g., through unauthorized repairs, unauthorized upgrades, or unauthorized downloads). You agree that we have the right to send data, applications or other content to any software or hardware that you are using to access the Services for the purpose of detecting an unauthorized modification and/or disabling the modified device; or
•Attempt to disassemble, decompile, create derivative works of, reverse engineer, modify, further sublicense, distribute, or use for other purposes the Services, any game, application, or other content available or accessible through the Services, or any hardware associated with the Services or with an Authorized Device. If you do, we may cancel your account and your ability to access the Services, and pursue other legal remedies. We may take any legal action we deem appropriate against users who violate our systems or network security, this Agreement or any additional terms incorporated or referenced in it. Such users may also incur criminal or civil liability.
Click to expand...
Click to collapse
Source : Xbox Live Terms of Usage
I'm getting a popup that I should accept the new end users agreement when trying to install a new app or check my Xbox Achievements, I have however a few questions about this paragraph above (I have honestly never seen this before) :
- Is it safe to accept if I have interop-unlocked my Samsung Ativ S, installed the BootStrapper.xap and EnableAllSideLoading.xap, WP8Tools and WP Tweaks from -W_O_L_F- and GoodDayToDie and jessenic.
- I'd used proxies provided by reker and others on XDA-Developers to access some manufacturing exclusive apps (like Nokia apps)
- Should I be worried if I accept that they can block and/or delete my Xbox account, I have saved a fair amount of temporally free store apps and I don't want to lose them.
If so, should I be better off to switch back to Android because they "allow" (turning a blind eye to) rooting your phone or tablet?
Please help me guys, I'm starting to freak out (I haven't accepted the new version of the EULA yet).
Terms like that have traditionally been part of the XBL EULA, but in the past they've always related to cheating or piracy on the console itself. People certainly have gotten their accounts banned for that, which is part of why I have nothing to do with such things. As for whether it's "safe" to accept... eh. If they want to, they can easily argue that you broke the EULA (and forfeited your account) when you interop-unlocked your phone, but they haven't - so far as I know - ever tried to attack individuals or their devices. I'm pretty sure they wouldn't do anything so foolish, either. Both Google and Apple have disabled peoples' accounts in the past for EULA/TOS violations - Apple for iOS hacks, Google for incredibly stupid <REDACTED> like breaking the Real Name Policy on G+ - and so for that matter has Microsoft, for something almost as idiotic (if you want to take risqué photos with your phone, make damn sure auto-upload is off even if your SkyDrive profile is set to private; they've called it a TOS violation and suspended, though not quite completely disabled, peoples' accounts for that). Every single one I've heard of resulted in a flood of bad PR, and not in the "all PR is good PR" sort of way... more like calls for lawsuits, and accusing anybody who uses that platform of being an idiot.
If there's one thing Microsoft cannot afford to do with regard to Windows Phone right now, it's give people another reason *not* to buy it. We are probably safe.
Yes, but WP8 is gaining popularity so maybe they won't do it now but in the future they probably will. Was this clause also present at the time of the interop-unlocking of WP7? If so, you are probably right. But as a precaution is it possible to lock out Microsoft from checking if modifications are made to the system (like you did with the relock solution redirect the data to a different proxy)?
GoodDayToDie said:
if you want to take risqué photos with your phone, make damn sure auto-upload is off even if your SkyDrive profile is set to private; they've called it a TOS violation and suspended, though not quite completely disabled, peoples' accounts for that
Click to expand...
Click to collapse
Are you sure of that? It means they watch the photos we take? I don't think so... maybe they used it as an image hosting and shared the link everywhere in the internet...
It's supposedly automated scanning that recognizes anything that looks like it needs to be flagged for human review...
http://wmpoweruser.com/microsoft-monitoring-censoring-skydrive-uploads/
http://wmpoweruser.com/watch-what-you-store-on-skydriveyou-may-lose-your-microsoft-life/
http://www.neowin.net/news/microsofts-ban-of-nudity-on-skydrive-questioned
etc...
All,
I need help immediately..I'm not a developer or tech savvy type beyond corp correspondence and general reporting for project management. I've been hacked in the worst way by criminals I caught doing some very nasty things in my name and on my property. They used Bluetooth and Wifi/Wifi Direct to pair with everything but the toaster in my house. They are using OMADM protocol to send APKs and other apps directly into my devices with what appears to be permanent USB tethering embedded that I cannot breaK and every new device get the same data dump from some cloud or text or email and renders my devices slaves. They've used everything from remote desktop services to ALL legitimate apps DL from playstore Github and other places. These are not detected by malware spyware or antivirus. They install them in the system side via OTA root. It's taken me 9 months to learn this reading bits and pieces like reading 10 books at a time two pages from each book every tem minutes then trying to understand it and apply. Law enforcement is useless. Can YOU help me??! It's cost me my house my patience and nearly my life. If you can and are willing let me know how to contact you on secure platform. I even need your help to do this securely and safely. I'll PAY. I need help. Please. These are Linux and Java code writers and app writers. They KNOW how to attack. Who out there will help? I can provide phone number, email add etc and will contact you in anyway you prefer.
Victimized23322 said:
All,
I need help immediately..I'm not a developer or tech savvy type beyond corp correspondence and general reporting for project management. I've been hacked in the worst way by criminals I caught doing some very nasty things in my name and on my property. They used Bluetooth and Wifi/Wifi Direct to pair with everything but the toaster in my house. They are using OMADM protocol to send APKs and other apps directly into my devices with what appears to be permanent USB tethering embedded that I cannot breaK and every new device get the same data dump from some cloud or text or email and renders my devices slaves. They've used everything from remote desktop services to ALL legitimate apps DL from playstore Github and other places. These are not detected by malware spyware or antivirus. They install them in the system side via OTA root. It's taken me 9 months to learn this reading bits and pieces like reading 10 books at a time two pages from each book every tem minutes then trying to understand it and apply. Law enforcement is useless. Can YOU help me??! It's cost me my house my patience and nearly my life. If you can and are willing let me know how to contact you on secure platform. I even need your help to do this securely and safely. I'll PAY. I need help. Please. These are Linux and Java code writers and app writers. They KNOW how to attack. Who out there will help? I can provide phone number, email add etc and will contact you in anyway you prefer.
Click to expand...
Click to collapse
Hi Victimized23322
XDA is not the right platform for such request and I'm compelled to warn our members that your request may be malicious in itself. Playing the victim is a very common practice used by phishers and con artists.
Therefore I recommend all members not to engage with @Victimized23322 about his/her problem. Any damages and/or losses resulting from engaging are entirely your own responsibility.
Thank you for understanding my concern, we have to take this into account. If what you explained is true, you need a specialized security firm that deals with these type of attacks.
Hi all, I'm interested in FOSS-related stuff and I believe this to be the proper forum (Stackexchange is a bit of a headache to use). I was looking for making an impenetrable network modeled after Tor that uses bogon addresses for websites instead of .onion or .i2p, and it also encrypts all your traffic over a cryptographic hash. I intend it to be for iOS as a developer IPA. You might have to back-up and store your key on a SD card and the only way you can unencrypt it is to have access to that SD. And it also spoofs your IP so ISPs cannot see your traffic. It works similar to a DDOS in that it uses BGP and martian addresses. Once downloaded via Torrent, you will be taken to a Firefox page of an adminlogin.php page, where you enter your credentials into. I'll call this an "open circuit". After you have set your username and password, you will be taken to a "closed circuit" which is basically what I'll call "Ghost Web". I'm assuming your traffic would be kinda slow, but as for how much, I have no clue. Does anybody have knowledge in this realm? And even if I got a few things wrong, anything close enough that'll make my custom idea for a perfect network work? I know Media Land LLC hosts these websites. Although I heard they're illegal. Is that true, because I don't have too much knowledge in the terms of IPs and all that ish.
Reason I ask is because nowadays privacy and free speech is getting destroyed by Big Tech monopolies. There are social media applications out there, some of which I might add are rather decent, like Rocket.Chat, Viber and Threema, but Tor and other forms of network technology always fall victim to the same problems they tried to address, and in many cases got abandoned (like CJDNS). Lokinet uses the Oxen blockchain, which, while it does make Sybil MITM attacks more expensive, however not impossible. I want censorship and privacy to be inevitable 100% with this app.
Spetsnazzzz said:
Hi all, I'm interested in FOSS-related stuff and I believe this to be the proper forum (Stackexchange is a bit of a headache to use). I was looking for making an impenetrable network modeled after Tor that uses bogon addresses for websites instead of .onion or .i2p, and it also encrypts all your traffic over a cryptographic hash. I intend it to be for iOS as a developer IPA. You might have to back-up and store your key on a SD card and the only way you can unencrypt it is to have access to that SD. And it also spoofs your IP so ISPs cannot see your traffic. It works similar to a DDOS in that it uses BGP and martian addresses. Once downloaded via Torrent, you will be taken to a Firefox page of an adminlogin.php page, where you enter your credentials into. I'll call this an "open circuit". After you have set your username and password, you will be taken to a "closed circuit" which is basically what I'll call "Ghost Web". I'm assuming your traffic would be kinda slow, but as for how much, I have no clue. Does anybody have knowledge in this realm? And even if I got a few things wrong, anything close enough that'll make my custom idea for a perfect network work? I know Media Land LLC hosts these websites. Although I heard they're illegal. Is that true, because I don't have too much knowledge in the terms of IPs and all that ish.
Reason I ask is because nowadays privacy and free speech is getting destroyed by Big Tech monopolies. There are social media applications out there, some of which I might add are rather decent, like Rocket.Chat, Viber and Threema, but Tor and other forms of network technology always fall victim to the same problems they tried to address, and in many cases got abandoned (like CJDNS). Lokinet uses the Oxen blockchain, which, while it does make Sybil MITM attacks more expensive, however not impossible. I want censorship and privacy to be inevitable 100% with this app.
Click to expand...
Click to collapse
Welcome to XDA,
Privacy is a big topic, sure you will find your way in this forums loaded with knowledge.