OpenVPN from Friedrich Schäuffelhut and NQ Mobile Security virus alert - Galaxy Note GT-N7000 Q&A, Help & Troubleshooting

Is anyone using OpenVPN app? I've been using it for several months with no problem, downloaded it from the market.
Yesterday I installed NQ (for no particular reason, searched for spyware within the market and that was one of the first options) then ran a system test, it only detected OpenVPN as a thread with the virus a.remote.legacy.something (don't remember exact type)
Now, I am very paranoid when it comes to something from China. NQ, as I later checked, is a chinese company, and the description of that virus only comes from NQ website itself, other sources call it LeNa.
Can anyone with OpenVPN run that test and report results? I think it's a false positive to force people to remove OpenVPN from their phones. Avast doesn't show any thread.
I don't know what I pretend with this post, maybe reinforce my "paranoia"

Related

[Q] Antivirus for Gtablet - Experiences/Preferences

I am aware that Android being Linux based doesn't suffer from all the malware of other devices but with so much personal information being kept in our smart devices it is only a matter of time before less than savory individuals attempt ways to separate us from ourselves so..
I am interested in your experiences with FREE antivirus products. Personal opinions.. ones you have tried.. how secure you think they are. I am only interested in the anti-virus portion of these apps. Not really interested in the backup portions. Perhaps if they offer free secure remote data wipe that would be of interest in the future.
I currently use Lookout Mobile Security but not totally secure with it due to such a limited amount of threats. It is why I am asking for personal opinions and personal preferences so more of us can make better choices to protect our favorite toy.
Of interest would be NetQin due to their experience and experience with other phones.. mostly Symbian.
AVG's version due to their experiences with anti-virus but I have heard of issues where their desktop version failed to identify virus or malware.
And also BluePoint Antivirus and their entry into protecting Android OS. BluePoint seems to be a solid antivirus provider but the reviews for the android device have been less than favorable.
There is also Dr.Web and MyMobile Protection of which I have no clue
Antivirus Free by creative apps appears to have built and designed by an individual an not a company so I am not sure of the trustworthiness of this app although alot have downloaded it.
I would expect them all to scan as apps are downloaded and installed. Most seem to be cloud based scanners.
Your opinion is appreciated..
Thanks
Amazing - 254 views
254 views and no opinions or preferences.. surely someone is using antivirus software on their gtablets?
There are no know viruses for Linux in the wild. So what would it be scanning for? You really should be more worried about the permissions that are given when you install an app. If you rooted your device (and who hasn't), this would provide access for any malware.
wasserkapf said:
There are no know viruses for Linux in the wild. So what would it be scanning for? You really should be more worried about the permissions that are given when you install an app. If you rooted your device (and who hasn't), this would provide access for any malware.
Click to expand...
Click to collapse
One of the things I like most about it the android platform is the permissions it presents when installing apps. There has been malware reported that exploits sms sending your bill threw the roof and lining the pockets of some foreign company. There is also reports of a Trojan that is designed for Android. It collects personal info on the phone and sends to remote servers. I completely understand that the threat is very limited but with the opportunity to collect personal data I believe it is only a matter of time before the threats increase. I am only trying to stay ahead of the curve. While most threats at the moment require a user to allow they will get more sophisticated with time. Thanks for your reply!
i second your worry but i think mainly we must watch on apps. maybe a sandboxing app would be nice?
I use DroidWall on my G Tablet. That way I can whitelist what apps have internet access and what one's don't. Best way I've found for protecting my information and malware. I've used it with pershoots kernal on vegan and on BitTrix's CM7.
For virus scan's I've used both AVG's pro version and Lookout for my tablet and my phone. AVG's did detect some settings, like it warned when it detected root, warned on some programs that use root access, and on my phone would flag some SMS's. But the tracking on AVG is pretty worthless. On my phone setting it at lost would start it tracking, but every time I tried it it would be somewhere around 5-6 miles from where I actually was. The phone lock and wipe don't work either, at least with moto droid.
Lookout's scanning only seems to report based on the permissions. The tracking on lookout is much better. The couple times I've tried reporting lost on my phone it would have a very accurate reading in a matter of 3-4 minutes.
But can't say how well they work in virus's or malware as I've never ran into any yet.
Thanks for the input.. what I was curious about.. which ones are actually looking for malware and which ones are just scanning permissions. Off to search for droidwall.. thanks!
lordgodgeneral said:
I use DroidWall on my G Tablet. That way I can whitelist what apps have internet access and what one's don't. Best way I've found for protecting my information and malware. I've used it with pershoots kernal on vegan and on BitTrix's CM7.
For virus scan's I've used both AVG's pro version and Lookout for my tablet and my phone. AVG's did detect some settings, like it warned when it detected root, warned on some programs that use root access, and on my phone would flag some SMS's. But the tracking on AVG is pretty worthless. On my phone setting it at lost would start it tracking, but every time I tried it it would be somewhere around 5-6 miles from where I actually was. The phone lock and wipe don't work either, at least with moto droid.
Lookout's scanning only seems to report based on the permissions. The tracking on lookout is much better. The couple times I've tried reporting lost on my phone it would have a very accurate reading in a matter of 3-4 minutes.
But can't say how well they work in virus's or malware as I've never ran into any yet.
Click to expand...
Click to collapse
Unable to use Droidwall with TnT ver4.2 due to an error I receive "can't initialize iptables table 'filter': Table does not exist (do you need to insmod?) Perhaps iptables or your kernel needs to be upgraded.
This error message unfortunately means that your kernel does not support iptables/netfilter, so DroidWall will not work.
There is nothing I can do on DroidWall to make it work, and the only possible solution is to flash a customized ROM with netfilter support."
Kind of a disappointment - was looking forward to it

[Q] xposed, VPN, ICS & Auto VPN Dialog Confirm

I read the module FAQ and the code page and tried out module & xposed code and I was not able to get around my problem. I'm not sure that it was supposed to get around my problem though, but I was hoping to get your take on things. I can't find much data, though I can find a few people asking the same questions as I.
I installed an android 4.3 ROM (http://forum.xda-developers.com/showthread.php?t=2121063) on my phone and tried to connect to an OpenVPN based VPN provider. I got an error and contacted their support. Part of that process was to try another app, so we tried the OpenVPN COnnect app, the official OpenVPN app. I got a different error with that app.
One says that "your android firmware does not support the VPNService API("
OpenVPN Connect says "Sorry, due to a known issue in this version of android, it is not possible to gain permission to open a VPN tunnel"
There seems to be a few problems popping up with OpenVPN based VPNs in various Android 4.x OSs, but none complaine about 4.3 specifically. Usually they complain about 4.4 or back when 4.0 and 4.1 were new. I found this article talking about it on OpenVPN, and they're just pointing the finger, but I can't find the actual bug referenced:
https://forums.openvpn.net/topic13772.html
I came across your code on this page:
https://code.google.com/p/ics-openvpn/wiki/FAQ
And decided to try loading xposed and your module after emailing OpenVPN Connect and receiving a response right away. The guy who replied seemed to think the error is related to the fact that the confirmation acknowledgement dialog is not able to be summoned. I figured maybe the ROM wasn't bypassing it properly or missing some part of it, so I tried your way of bypassing it.
After loading xposed and your module, and selecting the 2 VPN apps, I still get the same results.
What are your thoughts? Should I give up and find a new ROM?
What are you talking about? If you're asking about a specific module (looks to me that way,) you should do that in the appropriate thread.
After some more research and experimentation yesterday, it's looking more like those OpenVPN clients that "support" the VPNServiceAPI actually *require* it, and that annoying/nasty little dialog that google enabled to "protect" the user just serves to piss off advanced users like me. This is my hypothesis at this point, though I have not confirmed this. I suspect this because I just tested on Jelly Bomb, a 4.1 based ROM and see the same results so far.
As far as what I was talking about in my OP, I copy/pasted an email to the author of the xposed module here and tried to reformat it to fit the message board, and apparently I missed a few pronouns. By far not the most egregious use of the English language I've seen on these boards, so what's with the attitude? I don't see specific sub forums for each and every module, so I don't get what you're implying. I only saw the one xposed board, so where else was I supposed to post?
No attitude, I honestly didn't understand how your issue was related to the Xposed framework. I just searched the repo for "VPN" and now see what you're talking about.
The Auto VPN Dialog Confirm doesn't have a thread here on XDA. Reading your post again, you're trying to use Xposed to fix a bug with the app if I'm not mistaken? I'd first try checking the logcat and forwarding that to the author of the VPN app if you haven't already.
I can't answer the rest of your questions since that's up to the module's author. That being said, it looks like a module specific question/request, not a framework query.
My understanding of the issue described here is different, probably because I'm trying to solve the same problem On the other hand, I'm not on ICS anymore, but am using Sammy 4.1.2 stock with DorimanX Kernel 8.43 at the moment.
OpenVPN should be usable for establishing a connection on boot. Out of the box, this creates a dialog to trust this application. Even though I trust it and confirm, there is no way of saving that preference permanently. It seems to be kept for a while (disconnect / reconnect doesn't trigger it again at least ) Therefore, it always reappears each time I boot.
The only possible solution I could find was the Xposed Module "Auto VPN Dialog Confirm" - the same module mentioned by the OP.
I used it together with the OpenVPN Client by colucci.web.it (paid version in my case, because I also wanted TAP support and auto connect functionality as well as the option of controlling it via Tasker).
After installing "Auto VPN Dialog Confirm" it recognized the installed OpenVPN client and offered to allow VPN API connections from it without confirmation. The VPN client also has an option to automatically create connections when Wifi is up and allows to be triggered either when seeing a specific SSID or when connecting to a network which does not have a specific SSID. The latter one is the typical condition for untrusted networks.
Therefore, it achieves what I wanted - being able to route my traffic via OpenVPN in case I'm not connected to my home WiFi
Regarding the issue encountered on ICS - maybe getting in touch with the Developer of the Xposed module might be the best option, unless someone else has already found a solution for it. It could also be good to exactly specify the OpenVPN client used as clearing the Xposed logfile and having "AutoVPN Dialog confirm" run as the only Xposed app (and fail). Afterwards, the log hopefully contains useful feedback for the developer to investigate further (Support URL listed for the module)

EMUI update notification sent me to potential malware site

Hello!
I'm afraid my phone might have malware. Hopefully it's a false alarm but I would appreciate any insight into the behavior:
Yesterday I saw a notification with the EMUI icon (stylized red "UI") but when bringing up the notification panel all I saw was a green "down" arrow and no text. I've had apps with bugs creating broken notifications before so I tapped it to check. It sent me to a webpage flagged as a source of malware "d1.3gmimo.com/handpet/wallpaper/...<can't remember rest>". I closed the page and since Chrome showed the warning before loading the page I think it's safe to assume I didn't download anything.
I don't know the origin of the notification though so I'm afraid there might be some malware already present. It had the EMUI icon but that can be faked or may be the default when no icon is configured (not sure how it works).. The notification appeared over mobile data so no router redirect infection. Searches gave me only one hit I could make sense of - a forum thread with the poster describing a similar event. They got not explanation but see here for their screenshots: Google Translate on thread-5858387-1-1.html on club.huawei.com (can't post links yet it seems)
I am very careful with the apps I install, avoid all the copycat crap, and I only allow Google Play as a source. The phone was only ever used by me except briefly by a family member which I trust not to download anything sketchy. Still, I uninstalled the most recent 2 apps: Hashi and Nonogram Katana (has ads) , though these had been installed a week before. The list of installed apps shows nothing new/strange. I also installed AVL, Bitdefender, and Avast but they found nothing. (I know it's debated whether av/anti-malware apps are helpful but thought to cover everything.)
Any thoughts?
Thank you in advance!
Phone details:
Huawei P7-L10
Android 4.4.2
EMUI 2.3 (V100R001C02B129)
Branded by Vodafone and with their uninstallable apps - using it on different network though.
I know I should update but the update app doesn't find anything (I understand this may be due to modifications made by telecom companies) and I got lazy since I've had no compatibility issues. I guess I should think more about security.
After doing more digging and learning to use adb to look at the logcat, I think the notification might have been created by VLife, which is Huawei's wallpaper distribution service.
On my phone I have VLife 2.23.3 installed (seems to be stock) as a system app. The title is in Chinese but the icon is the EMUI logo. (I figured out which app it is by the icon and version number, after I found the app hosted on aptoide.com while googling for "vlife".)
I presume what happened is that VLife tried to download a new wallpaper (no idea why all of a sudden) and it went to 3gmimo.com, which might serve as a mirror for apps. The site is flagged as having malware. This might be a false alarm or the site might have been hijacked since my version of VLife came out.
So the app might be ok. Though I'm still worried why the sudden update. Maybe there's a central message that was sent to the app to update? (The logcat below mentions a receiver.) The only suspicious thing about the app otherwise is that it has the permission to record sound along with changing sound settings. The latter isn't so surprising since it provides multimedia wallpapers. Maybe recording comes with the rest of the sound permissions. I've disabled the app and disabled its notifications for now. It can't be uninstalled since it's a system app.
These lines come up quite often in my logcat:
I/am_proc_start( 604): [0,18761,10089,com.vlife.huawei.wallpaper:main,broadcast,com.vlife.huawei.wallpaper/com.vlife.receiver.PetMainReceiver] - the link I got referred to a "handpet"
I/am_proc_start( 604): [0,18907,10089,com.vlife.huawei.wallpaper:main,broadcast,com.vlife.huawei.wallpaper/com.vlife.receiver.InstallEventReceiver]
Does anybody know more about this app or service?
Thanks!

What is the number blocking app/service on the S20FE?

So in what appears to be yet more anti-consumer behavior, by trying foist yet more online-required services upon us into thier ROM's. In this instance it appears Samsung has replaced a local app/function that worked just fine (in thise case number blocking) with an online component.
Rant aside I am fairly sure and thought I had not removed any app that did local number blocking (isnt this part of the phone app), however I do remember seeing a number blocking service (which is an online service) - which of course I have no f-ing interest in using due security/privacy concerns.
So in order for me to try and troubleshoot and narrow down what app the the phone and messages app are trying to open when I want to block a number, can someone remind me what the blocking serevice app was called? I think its might be ' com.hiya.starcom.hiya.star ' (thats the online service I was referring to earlier)
a timely response of yes that's it from me lol
hah better late than never, but already figured it out. And I had already forcebly removed it from the rom and its causing the phone/contacts app to FC. So I have 2 choices atm, reflash the stock rom again and then just hide the ' com.hiya.starcom.hiya.star ' serivce and thats assuming it will hide.
or
Just wait for the custom rom thats being worked on atm to be released and then just flash that from twrp.
can you just find and push the apk ?

Question Why did MIUI Security (which is revoked on my phone) suddenly inform me that the Aliexpress app "may contain a virus, delete it"?

Hello. I don't like most of the BS built in apps on the Redmi Note 10 Pro. The Security app that scans everything is supposedly non-deletable (bricking MIUI if you try to forcibly delete it), so I did what was suggested and revoked its authorization. It still tries to scan newly installed apps but it asks for the revoked authorization whenever that happens, so I figured it doesn't do anything.
Well, I just unplugged the phone from the charger and that was the floating notification showing. Aliexpress is already installed for a while, so A. does that mean Security still runs periodical background scans without asking me? And B. where is that warning coming from all of a sudden? I even tried searching the "This app may contain a virus" phrase on Google and it seems no Xiaomi user has ever asked about it.
Any idea?
Trashware and major malware.
Why would you even use that site?
is the CCP.
Get it off the phone...
blackhawk said:
Trashware and major malware.
Why would you even use that site?
is the CCP.
Get it off the phone...
Click to expand...
Click to collapse
Well, it sells a bunch of crap for cheap and is one of the biggest online commerce websites. Besides, the phone itself is from a Chinese company and with its stock OS runs on Chinese software (which is why I try disabling stuff which isn't needed), and that doesn't really answer where's that notification coming from.
TLxda-d said:
Well, it sells a bunch of crap for cheap and is one of the biggest online commerce websites. Besides, the phone itself is from a Chinese company and with its stock OS runs on Chinese software (which is why I try disabling stuff which isn't needed), and that doesn't really answer where's that notification coming from.
Click to expand...
Click to collapse
The security app likely has internet connection and gets updated.
Pretty funny they flagged that app. Wonder if they will get in trouble for doing it?
Is it a ploy to gain trust or perhaps since the toy gun dragnet is now public, the cat is out of the bag... and in a high security prison it no longer matters to "detect" and flag it.
Lol, try disabling the security app too. I doubt it can be trusted and is likely mining your data.
Scan with free Malwarebytes instead.
Scan suspect apks with online Virustotal.
blackhawk said:
The security app likely has internet connection and gets updated.
Pretty funny they flagged that app. Wonder if they will get in trouble for doing it?
Is it a ploy to gain trust or perhaps since the toy gun dragnet is now public, the cat is out of the bag... and in a high security prison it no longer matters to "detect" and flag it.
Lol, try disabling the security app too. I doubt it can be trusted and is likely mining your data.
Scan with free Malwarebytes instead.
Scan suspect apks with online Virustotal.
Click to expand...
Click to collapse
It did get a couple of other system notifications when I opened the phone ("Enable Find My Device", "Mi Video updates"), but even if something updated with Security it shouldn't start scanning my apps.
Anyway, your answer is that both Aliexpress and the MIUI software should be viewed as Chinese malware?
TLxda-d said:
It did get a couple of other system notifications when I opened the phone ("Enable Find My Device", "Mi Video updates"), but even if something updated with Security it shouldn't start scanning my apps.
Anyway, your answer is that both Aliexpress and the MIUI software should be viewed as Chinese malware?
Click to expand...
Click to collapse
Draw your own conclusions.
I have zero faith in any Chinese electronics that have any potential for internet access.
One of the CCP's primary missions is clear; collect data by any and all means available.
TLxda-d said:
Hello. I don't like most of the BS built in apps on the Redmi Note 10 Pro. The Security app that scans everything is supposedly non-deletable (bricking MIUI if you try to forcibly delete it), so I did what was suggested and revoked its authorization. It still tries to scan newly installed apps but it asks for the revoked authorization whenever that happens, so I figured it doesn't do anything.
Well, I just unplugged the phone from the charger and that was the floating notification showing. Aliexpress is already installed for a while, so A. does that mean Security still runs periodical background scans without asking me? And B. where is that warning coming from all of a sudden? I even tried searching the "This app may contain a virus" phrase on Google and it seems no Xiaomi user has ever asked about it.
Any idea?
Click to expand...
Click to collapse
AliExpress is in play store so I'm confused why it detects as virus is that play store version or did you installed it from third party websites

Categories

Resources