I copied the contents of my HTC One's SD card to my hard drive, in order to backup it up, and when I ran a virus scan of the files I found 2 viruses.
One virus was a compression bomb, and it indicates that it's from the Simpsons game.
The other file was labeled a Google Translate file. It was marked a HIGH level threat by Avast. Googling reveals it to be Win32 virus.
Should I be worried?
Thank you.
Try Airpush Detector. It may do the trick. There are also antivirus apps in Market that may or may not offer a solution. These may be a big deal, and they may not. I have gotten quite a few win32 'bugs' on my laptop system over the years, mostly from using programs that have 'cracks' and password generators. These issues seem like they'll end up being adware pushes from free video game installs, but I could be wrong.
You can get false triggers sometimes too. The Virus Scanners are looking for patterns and can be tripped up.
And some legit tools, do break security rules that can be caught by scanners. Depends on the source of where you got them from if you trust them.
They could be real and got on the phone the instant the phone went on the air hoping they would eventually make their way to a windows PC.
And just because it found them, doesn't mean they are active either.
Related
What is the best program to clean them all away! I am afraid to log into anything essential. I need help ASAP, I have disabled the suspicious .exe's running.
Also my google searches get redirected. . . what else should I do?
heyy Tilto,
a quick and simple way is to backup ur data and reload your os
i to would recommend as tpam says, to reload your os, that way no viruses and you will have a much faster cleaner system if you bought a machine in the last few years i would have thought it would have come with a recovery disk, just stick that in and it will load all the drivers as well.
have fun
I could do that, but I just recently reloaded Windows 7, and I don't have the time to reorganize and re-do everything.
I would highly recommend you use another computer to download Malwarebytes Anti-Malware (free) and the latest virus database for use with Malwarebytes onto a USB flash drive. Then, boot into safe mode on your machine, and install Malwarebytes and the latest database (in that order). Run a full scan through Malwarebytes on all your hard drives, and delete/repair any infected files, and that should be it (though you can always run another scan for good measure). While you're at it, you might try finding a better antivirus than the one you're using so you don't get infected again. Microsoft Security Essentials, Avast!, and AVG Free are all decent free ones, with Avast! being my favorite. Kaspersky is also a good paid antivirus.
Most of my friends and family are computer illiterate, and get infected every so often, but I've never come across malware on their machines that couldn't be removed with Malwarebytes.
I am using Both Malwarebytes, and Microsoft Security Essentials right now.
AVG Free is the sh*t man!
Although I no longer use t due to the fact that I play MMOFPS, and sometimes like to hack
I am also using Spybot Search and destroy.
I use THENON antivirus
And FORMAT antivirus
Both free
Are these types of apps worth having on your phone? Like is there even a moderate chance you could get a virus (especially if you dont do lots of downloading)? I currently have the AVG free app and I find it kind of annoying having it scan everything I download and having it say protected by AVG on my screen, etc.
I have never heard of anyone getting a virus on their smartphone so I', leaning towards removing the AVG app. Would this be a mistake?
The only malware that are on Android affects Android versions < 2.3.3. You're fine.
As long as you're getting trustworthy apps on the market with a lot of downloads and not from a 3rd-party unauthorized website/app market/whatever. You're fine.
I personally use Lookout for the GPS feature, the Anti-Virus is just a sidebonus. I disable scheduled scanning because its not worth it.
It's much harder for malware to worm its way onto your Android than on a desktop OS. Generally it happens when people hide malicious activity in seemingly harmless apps. The only way to protect against that is to look at the requested permissions when you install things are make sure it is only using things it needs. Also, check the comments and use reputable developers from the Android Market.
Even these antivirus tools can't protect you from a malicious app though cos they have no way of knowing what you meant to allow the app to do and what it's doing without telling you.
i'm using Lookout it's free, and non memory resident if you choose not to
but still works when you install something new, it tells you if it's safe or not
I m using AVG as well as Lookout.. actually jsut trying them out. Thinking should I keep or Uninstall ? :/
there are also Symantec Antivirus, and McAfee both also "free" for basic features just like Lookout
but no where near as good and easy to use as Lookout
and there are a whole slew of new comers go the Antivirus industry for smartphones which i don't even recognize their names
a simple search for antivirus on market comes out with 3+ pages of well known and not so well known results
https://market.android.com/search?q=antivirus&c=apps
I don't use an antivirus on my windows desktop, I always keep an eye in msconfig and task manager (I know most of the processes), services.msc, unusual behavior, etc, once a year I run an antivirus scan never found anything, I have been clean for more than 3 years.
I have previously installed lookout on my Note but found it to slowdown the system a little bit, so I removed it, and now I don't have any antivirus but I keep an eye at the running proccesses, but I'm unsure if that's the way to spot a running background virus in a linux system
what do you guys do or advise doing to look out for viruses on android?
Are you rooted? If not then don't worry about Viruses.
If you are rooted don't install any shady apps outside from the Android market or make sure any non market apps are from trusted sources.
Also read this:
https://plus.google.com/u/0/1147650...dDLPv#114765095157367281222/posts/ZqPvFwdDLPv
Actually, even the apps on the Android market, approved by Google, are not safe. There have been couple incidents of rogue apps show up in market last year. Good thing is Google are proactively plugging those OS exploits that these rogue apps use (they will auto-root your phone). So, if you're on latest Gingerbread OS (2.3.4 or later), most of those exploits no longer work. But there is now a new exploit now been used here on XDA to root the phone (search ZergRush). Not sure if this will be used in next wave of rogue apps. Remember, just because you installed an app from market, doesn't mean it is safe. Google made zero effort to review those apps.
thanks a lot for the article, it is a lot like I suspected, specially about companies bullshitting us to get to buy their antivirus software
about web based virus, from that I'm 90% safe because I only access the same websites every day, unless one of them gets attacked I'm sure I won't get a virus from them
and yes, I'm rooted... two things I wonder are:
1 - shouldn't an infected app show the permission pop up asking for root access? I'm not exactly sure but I think there are ways to circunvent that and force root access without permission
2 - if I'm infected and perform a full wipe (cache, dalvik, factory reset) and change roms, can I still be infected? I ask this because I noticed that some folders aren't affected when performing a full wipe, the rom goes into /system, and the factory reset only cleans /data. So there is no way to completely clean a system I guess.
As someone who works in internet security, I have to tell you that you really should be running anti-virus on your desktop.
Yes, there's a lot of marketing and fear-mongering from some companies to buy their products. But it doesn't matter if you think you're tech-savvy and that you check task manager and only visit "safe websites". Any website can deliver drive-by downloads that infect your computer without you knowing. Rootkits are completely undetectable from simply checking your listed processes and services.
And your websites might be safe and legit, but all sorts of malware and exploits are delivered through ads. Even visiting Google search recently infected users.
Anti-virus is a crappy technology (there's better alternatives), but stop being so idealogical and just install the damn thing.
---------- Post added at 03:32 PM ---------- Previous post was at 03:24 PM ----------
inurb said:
Also read this:
https://plus.google.com/u/0/1147650...dDLPv#114765095157367281222/posts/ZqPvFwdDLPv
Click to expand...
Click to collapse
Thanks for the link. That's a terrible, terrible article though that completely misses the point.
It's a typical viewpoint from a large company like Google. Their interest is in what % of their users are affected by X and Y.
There is certainly no "widespread problem" with viruses on Android or indeed Linux. But the vulnerabilities are HUGE. The only reason they're not exploited more is because of the size of the userbase. Android (and to a lesser extent Ubuntu) is growing to such an extent that it is going to become a very serious problem, very soon.
As to the now: there is very little chance of being infected out of millions of normal users. But if you're doing sensitive work, then it does make sense to seek extra protection, as the Linux and Android vulnerabilities are so big that if someone actively targets you, it will be easy.
If you're not using sensitive data on your Note, then sure, don't worry about it.
edanfalls said:
As someone who works in internet security, I have to tell you that you really should be running anti-virus on your desktop.
....
Anti-virus is a crappy technology (there's better alternatives), but stop being so idealogical and just install the damn thing.
Click to expand...
Click to collapse
Your advise is sound but just one tiny flaw:
As you posted, AV softwares are crappy technologies. They rarely ever catch anything, especially worthless towards the browser plugin based malwares. And yet, they DO make every PC installed with them 10x slower. So, in the end, installing AV software doing more damage to your PC on daily basises.
Use 'LBE Safety Master' (root required) and you will be fully protected.
lbe doesn't protect with reboot. Wonder if apps can make use of that flaw, logg and send when API or connection becomes available.
Better alternative, if you can get a patch would be forum.xda-developers.com/showthread.php?t=1357056
I guess one must take into mind the shift of definition from virus/malware to user approved info gathering through permissions lmao.
You can install droidwall and check it's logs for connections. Setting it up can be tedious due to dependent stuff.
Sent from my GT-N7000 using Tapatalk
i was just downloading the newest CM7 release.. my anti-virus kept saying there were viruses in the zip... is that normal ?
false positive i got the samething too, only thing is my antivirus took all the files and kill the zip so i had to redownload in a safe enviroment
also sometimes when I'm just reading android forums , my anti virus kicks in too. do android files just get recognized as virus on a windows computer?
ilostchild said:
false positive i got the samething too, only thing is my antivirus took all the files and kill the zip so i had to redownload in a safe enviroment
Click to expand...
Click to collapse
They are not viruses. What anti virus are you using?
Sent from space
it "disinfected" the cm7 zip... virus name is trojan-sms.androidos.jifake.a and also deleted some files in the zip.
koopakid08 said:
They are not viruses. What anti virus are you using?
Sent from space
Click to expand...
Click to collapse
optimusv45 said:
i was just downloading the newest CM7 release.. my anti-virus kept saying there were viruses in the zip... is that normal ?
Click to expand...
Click to collapse
Where did you download it from? I would stick to well-known sources for anything. If you got the file from CyanogenMod directly, I wouldn't worry.
Here, in the android development.
bobstro said:
Where did you download it from? I would stick to well-known sources for anything. If you got the file from CyanogenMod directly, I wouldn't worry.
Click to expand...
Click to collapse
Kaspersky internet security.
koopakid08 said:
They are not viruses. What anti virus are you using?
Sent from space
Click to expand...
Click to collapse
optimusv45 said:
Kaspersky internet security.
Click to expand...
Click to collapse
In my opinion thats one of the best antivirus out there. I would have not figured. Still it is one known to give false positives.
Sent from my NookColor using XDA App
I am pretty intense about checking what i put on my device, and I haven't had any problems with the ROMS posted here. (Unfortunately, apps are more likely to be the work of a single individual and are therefore less reliable).
Can you be more specific about which ROM you downloaded? If it was an official release, then so may eyes have been through that code, you basicallybhavebto have had a false positive. I would like to see the offending file, is there a way to quarantine and save the "disinfected" file through kapersky?
i downloaded the ROM from this http://forum.xda-developers.com/showthread.php?t=1344873 My anti virus give me very little freedom as far as modifying identified virus. i can only give location of the "virus" in the zip. on the report it shows "encore cm72-mirage-01262012.zip//system/framework/android.policy.jar//classes.dex" second one" encore cm72-mirage-01262012.zip//system/app/phone.apk//classes.dex"
mateorod said:
I am pretty intense about checking what i put on my device, and I haven't had any problems with the ROMS posted here. (Unfortunately, apps are more likely to be the work of a single individual and are therefore less reliable).
Can you be more specific about which ROM you downloaded? If it was an official release, then so may eyes have been through that code, you basicallybhavebto have had a false positive. I would like to see the offending file, is there a way to quarantine and save the "disinfected" file through kapersky?
Click to expand...
Click to collapse
Okay, i pulled the two classes files out of the zip. I ran them through a couple custom scans on some standard antivirus software and they came back clean. I expect that they are.
I have found problems hidden in classes.dex files before, but those were with user apps. It was easy to see the traffic they were sending (in those specific cases it was packets to ad sites and bogus http sites for keystroke capturing). Any traffic that could be sent through the associated .jar and .apk files would show up in my firewall/packet monitors as coming from the kernel or root (i believe, if anyone knows better on any of this, please chime in) which has traffic, especially in the kernel's case, coming from multiple sources. It would just be hard to pinpoint what, if anything, these specific packages are associated with.
/deep breath
However, I personally am insane and totally paranoid. A week or two ago i posted screenshots showing my kernel was communicating with an IP associated with Amazon, basically going straight down the rabbit hole. The person who responded just pointed out that it was Amazon Web Services and that the traffic could be anything and was nothing to worry about. I accept that to be almost certainly true, but it doesn't solve my curiosity. So i intend to take it out on your presumptive false positives.
To be clear: You are almost certainly fine. I do these things driven by mental illness!
I am going to attempt to run both classes.dex files through a dexdump Java script on Terminal IDE and repost the output. I then hope to have the data interpreted by some indulging soul familiar with the Jasmine syntax the program will hopefully output.
This is something that is far far beyond the skills I bring to the table, and has every chance of failing. If anyone out there knows an easier and/or softer way, feel free to stop me before i hurt myself. I only have access to the nook itself, hence all the hoop jumping, but i believe it is possible. Feel free to disabuse me of that in public or private.
At the very least, i hope i can learn something.
lol i have no idea what you are talking about but thanks !!
mateorod said:
Okay, i pulled the two classes files out of the zip. I ran them through a couple custom scans on some standard antivirus software and they came back clean. I expect that they are.
I have found problems hidden in classes.dex files before, but those were with user apps. It was easy to see the traffic they were sending (in those specific cases it was packets to ad sites and bogus http sites for keystroke capturing). Any traffic that could be sent through the associated .jar and .apk files would show up in my firewall/packet monitors as coming from the kernel or root (i believe, if anyone knows better on any of this, please chime in) which has traffic, especially in the kernel's case, coming from multiple sources. It would just be hard to pinpoint what, if anything, these specific packages are associated with.
/deep breath
However, I personally am insane and totally paranoid. A week or two ago i posted screenshots showing my kernel was communicating with an IP associated with Amazon, basically going straight down the rabbit hole. The person who responded just pointed out that it was Amazon Web Services and that the traffic could be anything and was nothing to worry about. I accept that to be almost certainly true, but it doesn't solve my curiosity. So i intend to take it out on your presumptive false positives.
To be clear: You are almost certainly fine. I do these things driven by mental illness!
I am going to attempt to run both classes.dex files through a dexdump Java script on Terminal IDE and repost the output. I then hope to have the data interpreted by some indulging soul familiar with the Jasmine syntax the program will hopefully output.
This is something that is far far beyond the skills I bring to the table, and has every chance of failing. If anyone out there knows an easier and/or softer way, feel free to stop me before i hurt myself. I only have access to the nook itself, hence all the hoop jumping, but i believe it is possible. Feel free to disabuse me of that in public or private.
At the very least, i hope i can learn something.
Click to expand...
Click to collapse
mateorod: another thing you might try is to upload those files to virustotal . com - that way you'd see what 40 or so A/V programs think of them.
Prob unrelated, but I've have gotten popups on the Cyanogen forums for supposed Javascript malware, alway seemed like a false positive. Running OS/X, Sophos for Mac, Firefox 10...
Ralf
I might try that. Currently, I am trying to use the smali editor to decompile the jar files through Terminal IDE, which has the Java toolset. When I try and run the command line, I get an I/o exception error, which is beyond my powers to diagnose/repair. I have sent the error to a couple people who may be able to help me figure out what my issue is. In the past, I have gotten that error set with apps that need internet access and cannot get it for some reason or another. I don't know why or how that would apply with this situation, but I am still looking at it. For something I consider to be a simple intellectual exercise, it has taken quite a bit of effort, but I haven't quit on it yet.
I am having a strange issue on my Galaxy S10e that I have never seen before. I have found that the antivirus app on my phone will, usually in the morning, perform a real-time scan on a few random Google Play apps on my phone that were not updated. I do not have an SD card , so nothing is remounting. I have auto update in the Play Store turned off. If I check these apps in the Play Store I find that they were not updated, also. Which antivirus I am using does not seem to matter, the same thing happens with both Sophos Intercept X and Avira. I currently have both of them on my phone and they will both report scanning the same apps. The same thing happened when I only had one of them installed. Why is this happening? Has anyone else ever seen this?
You don't really need an anti virus if you get the security patch updates. With that said, it seems like there might be a setting somewhere (either from within the app or phone settings) that needs to be adjusted so it scans your entire phone. Maybe the anti virus needs a certain permission you don't have set or needs updating. These are all my guesses.
StoneyJSG said:
You don't really need an anti virus if you get the security patch updates. With that said, it seems like there might be a setting somewhere (either from within the app or phone settings) that needs to be adjusted so it scans your entire phone. Maybe the anti virus needs a certain permission you don't have set or needs updating. These are all my guesses.
Click to expand...
Click to collapse
Thanks for your reply. Both of the apps will scan my whole phone either manually or automatically if I set it, but my understanding is that scanning the whole phone is a waste of time if you have the real-time scanning turned on, which is what I'm using and referring to. Only apps that are added or updated should be scanned automatically, but I have random other apps that show at being scanned at various times.
Thread closed as requested by OP and continued here - https://forum.xda-developers.com/android/help/antivirus-scanning-apps-werent-updated-t4100571