SM-T719 is this app a virus or malicious - Galaxy Tab S2 Q&A, Help & Troubleshooting

I have a Galaxy Tab S2 SM-T719, running Android 7, not rooted
I am generally pretty careful about the sites that I visit, but yesterday, a BBC app appeared, see attached screenshot
I am concerned about this because:
1) I do not recall installing it
2) I already have the official BBC app - which has a red background
3) When I select the App, there is no uninstall option
4) It does not appear in my list of Apps under Settings
5) It does not appear in 'My Apps and Games' in Playstore
6) I can not find this via a search on Playstore
Can anyone shed any light on this or suggest how I can remove it
Thanks for reading and any help

Search Google for that image.
Malicious jpeg that are downloaded can cause mischief in the folder they are in. They must be deleted! They will corrupt a database.
Don't move anything out of the download folder for now! Check for changes and any downloads you didn't do. Scan with Malwarebytes; it may find something but not necessarily all of what's there.
Treat all data on the device as infected for now; backup data but quarantine it from other Androids* and backup drives. Place backups on preferably on standalone OTG flashsticks or hdds.
Backup all critical data, NOW if not already done!!!
It may be a malicious app or trojan preloader manage to breach the browser. If the right conditions were met it may have install a rootkit or virus. If so it must be completely erraticate.
Again check the download folder. If in doubt delete entire it's content.
If you can't find and purge the infection, factory reset. Change all passwords after the reload.
Don't goof around if an infection is suspected. Take the device offline, now.
No time to dilly-dally Mr Wick, tik-toc...
After the reset if done be careful when adding your old data as it may be laced with a malicious file. Install only trusted apps. Keep trashware like WhatsApp, FB, Twitter, etc off of it.
*it's unlikely to cross infect a Windows system but best to isolate the data as much as possible to avoid rude surprises. Treat as infected until proven clean.

Blackhawk
Thanks for your suggestions
This may just spur me onto doing a LineagOS installation if I can resolve a couple of queries - posted here
LineageOS Installation queries
I would like to prolong the life of my Tab S2 SM-T719 (8 inch LTE, 2016), which is running Android 7, not rooted I have done a fair bit of reading through the various threads, but I have a couple of questions about the install - apologies if...
forum.xda-developers.com
It sounds like it might be best to do the factory reset and then do the installation

You're welcome.
If you're running Android 8 or lower a reflash may be needed if it got infected with that "immortal" rootkit that can hide on multiple partitions.
Apparently there is now a way to remove the dreaded Xhelper.
Be aware of this little nasty... check for it.
Android 9 and higher are immune to this one.

Related

how would you look for viruses?

I don't use an antivirus on my windows desktop, I always keep an eye in msconfig and task manager (I know most of the processes), services.msc, unusual behavior, etc, once a year I run an antivirus scan never found anything, I have been clean for more than 3 years.
I have previously installed lookout on my Note but found it to slowdown the system a little bit, so I removed it, and now I don't have any antivirus but I keep an eye at the running proccesses, but I'm unsure if that's the way to spot a running background virus in a linux system
what do you guys do or advise doing to look out for viruses on android?
Are you rooted? If not then don't worry about Viruses.
If you are rooted don't install any shady apps outside from the Android market or make sure any non market apps are from trusted sources.
Also read this:
https://plus.google.com/u/0/1147650...dDLPv#114765095157367281222/posts/ZqPvFwdDLPv
Actually, even the apps on the Android market, approved by Google, are not safe. There have been couple incidents of rogue apps show up in market last year. Good thing is Google are proactively plugging those OS exploits that these rogue apps use (they will auto-root your phone). So, if you're on latest Gingerbread OS (2.3.4 or later), most of those exploits no longer work. But there is now a new exploit now been used here on XDA to root the phone (search ZergRush). Not sure if this will be used in next wave of rogue apps. Remember, just because you installed an app from market, doesn't mean it is safe. Google made zero effort to review those apps.
thanks a lot for the article, it is a lot like I suspected, specially about companies bullshitting us to get to buy their antivirus software
about web based virus, from that I'm 90% safe because I only access the same websites every day, unless one of them gets attacked I'm sure I won't get a virus from them
and yes, I'm rooted... two things I wonder are:
1 - shouldn't an infected app show the permission pop up asking for root access? I'm not exactly sure but I think there are ways to circunvent that and force root access without permission
2 - if I'm infected and perform a full wipe (cache, dalvik, factory reset) and change roms, can I still be infected? I ask this because I noticed that some folders aren't affected when performing a full wipe, the rom goes into /system, and the factory reset only cleans /data. So there is no way to completely clean a system I guess.
As someone who works in internet security, I have to tell you that you really should be running anti-virus on your desktop.
Yes, there's a lot of marketing and fear-mongering from some companies to buy their products. But it doesn't matter if you think you're tech-savvy and that you check task manager and only visit "safe websites". Any website can deliver drive-by downloads that infect your computer without you knowing. Rootkits are completely undetectable from simply checking your listed processes and services.
And your websites might be safe and legit, but all sorts of malware and exploits are delivered through ads. Even visiting Google search recently infected users.
Anti-virus is a crappy technology (there's better alternatives), but stop being so idealogical and just install the damn thing.
---------- Post added at 03:32 PM ---------- Previous post was at 03:24 PM ----------
inurb said:
Also read this:
https://plus.google.com/u/0/1147650...dDLPv#114765095157367281222/posts/ZqPvFwdDLPv
Click to expand...
Click to collapse
Thanks for the link. That's a terrible, terrible article though that completely misses the point.
It's a typical viewpoint from a large company like Google. Their interest is in what % of their users are affected by X and Y.
There is certainly no "widespread problem" with viruses on Android or indeed Linux. But the vulnerabilities are HUGE. The only reason they're not exploited more is because of the size of the userbase. Android (and to a lesser extent Ubuntu) is growing to such an extent that it is going to become a very serious problem, very soon.
As to the now: there is very little chance of being infected out of millions of normal users. But if you're doing sensitive work, then it does make sense to seek extra protection, as the Linux and Android vulnerabilities are so big that if someone actively targets you, it will be easy.
If you're not using sensitive data on your Note, then sure, don't worry about it.
edanfalls said:
As someone who works in internet security, I have to tell you that you really should be running anti-virus on your desktop.
....
Anti-virus is a crappy technology (there's better alternatives), but stop being so idealogical and just install the damn thing.
Click to expand...
Click to collapse
Your advise is sound but just one tiny flaw:
As you posted, AV softwares are crappy technologies. They rarely ever catch anything, especially worthless towards the browser plugin based malwares. And yet, they DO make every PC installed with them 10x slower. So, in the end, installing AV software doing more damage to your PC on daily basises.
Use 'LBE Safety Master' (root required) and you will be fully protected.
lbe doesn't protect with reboot. Wonder if apps can make use of that flaw, logg and send when API or connection becomes available.
Better alternative, if you can get a patch would be forum.xda-developers.com/showthread.php?t=1357056
I guess one must take into mind the shift of definition from virus/malware to user approved info gathering through permissions lmao.
You can install droidwall and check it's logs for connections. Setting it up can be tedious due to dependent stuff.
Sent from my GT-N7000 using Tapatalk

[Q] Whatsapp Backup

Hey,
Has anyone ever looked into how the Whatsapp Backup is stored? It can be used after reinstalling the app, but not after hard resetting/flashing/etc. So it should be stored on the phone, but not the normal isolated storage of the app since I can reinstall it and use the backup then.
Is there special access necessary or could other apps also access (and modify/export) this backup? I'm asking this because I hope to find a way to make a backup that really is useful, I almost only write via whatsapp because SMS cost way more than internet here. Thanks!
why do you think whatsapp isnt useing isolated storage? shure it is, but you still cant access it - unless you have a interopt unlocked device
the reason you can restore, is that the app id stays the same.. you could try to deploy an older (uncrypted) whatsapp xap to your phone, if the app id still stays the same (and im not shure it does! actually i think it doesnt..) you would gain access... again, thats total theory! i havent tryed this, and it has propably the potential to mess up your backup...
maybe GoodDayToDie has some more info about the app-id thing.. i'll also do a quick research
tfBullet said:
why do you think whatsapp isnt useing isolated storage? shure it is, but you still cant access it - unless you have a interopt unlocked device
the reason you can restore, is that the app id stays the same.. you could try to deploy an older (uncrypted) whatsapp xap to your phone, if the app id still stays the same (and im not shure it does! actually i think it doesnt..) you would gain access... again, thats total theory! i havent tryed this, and it has propably the potential to mess up your backup...
maybe GoodDayToDie has some more info about the app-id thing.. i'll also do a quick research
Click to expand...
Click to collapse
Thanks for the reply! I din't know files in the isolated storage keep being there after you uninstall the app..
I tried deploying an old Version (1.4) of Whatsapp and it replaced the current one, so it should use the same app id. I didn't find anything in the isolated storage, but the backup is still there when I reinstall it from the store. I'll try launching the deployed app first now.
have you checked out the IsolatedStorageSettings?
Let me have a quick look where this thing is on my harddrive... when i find it, i'll be able to tell you where / how it saves the backup
tfBullet said:
have you checked out the IsolatedStorageSettings?
Let me have a quick look where this thing is on my harddrive... when i find it, i'll be able to tell you where / how it saves the backup
Click to expand...
Click to collapse
Nope, I have no real clue how to do that, the only thing I can is deploying apps and watching their isolated storage thanks!!
they used "messages.sdf" & "contacts.sdf" before, but then at some version they started to migrate this files into a database.. not shure where it gets stored, or if you can access it with simply browsing the IsoStoreage... ill make a quick test project to test out how or if we could access it..
EDIT: actually i was talking **** the .sdf files are already databases, and the data still resides there... and forgot to mention: even if you couldn't see the database files, you should see the user-picture thumbnails that reside in "cphotos/" + some-sha1-hashed-userinfo...
IsoStore is cleared when an app is uninstalled. So far as I know, this is instant, as part of the app removal process, although I suppose I haven't actually checked that. However, apps can (and many do) implement a backup situation to cover this use case by using a unique identifier that survives a re-install. There are several places such IDs can come from. Since the one you have survives app installs but *not* OS reflashing (even though you presumably sign on with the same Live ID afterward), I'm guessing it's a value that uniquely identifies your OS install and is randomly generated the first time the OS boots. Re-flashing counts as a new install, I guess.
I'd have to investigate further to be sure. There could be other mechanics at play, such as the OS keeping the data around for a short time in case you re-install the app, or the app storing its data in some other (off-phone) location. It's not storing it in some special folder within the phone, though; there's nowhere else it could!
Backup history with Whatapp on Android. Then check the backup file on:
/sdcard/WhatsApp/Databases/msgstore.db.crypt
Or
/data/data/com.whatsapp/databases/msgstore.db and wa.db (root)
Coweri said:
Backup history with Whatapp on Android. Then check the backup file on:
/sdcard/WhatsApp/Databases/msgstore.db.crypt
Or
/data/data/com.whatsapp/databases/msgstore.db and wa.db (root)
Click to expand...
Click to collapse
Sorry, but this is Windows Phone, not android..
@GoodDayToDie so, there is no simple way like deploying an app with the same ID and trying to access the backup with it?
Since the data would have been deleted when the old app was removed (and since you can't sideload an app with the same Product ID as an existing Store app), no, that won't work (well, it didn't in WP7; I guess you could try again here; some things are somewhat less secure now than before).
th0mas96 said:
GoodDayToDie so, there is no simple way like deploying an app with the same ID and trying to access the backup with it?
Click to expand...
Click to collapse
Wait for a interop-unlock... thats the way to go in this case.
Until then, you can send your conversations to yourself by mail (option form the context menue)
GoodDayToDie said:
IsoStore is cleared when an app is uninstalled. So far as I know, this is instant, as part of the app removal process, although I suppose I haven't actually checked that. However, apps can (and many do) implement a backup situation to cover this use case by using a unique identifier that survives a re-install. There are several places such IDs can come from. Since the one you have survives app installs but *not* OS reflashing (even though you presumably sign on with the same Live ID afterward), I'm guessing it's a value that uniquely identifies your OS install and is randomly generated the first time the OS boots. Re-flashing counts as a new install, I guess.
I'd have to investigate further to be sure. There could be other mechanics at play, such as the OS keeping the data around for a short time in case you re-install the app, or the app storing its data in some other (off-phone) location. It's not storing it in some special folder within the phone, though; there's nowhere else it could!
Click to expand...
Click to collapse
GoodDayToDie, any news about this Whatsapp backup feature in Windows Phone? Is it possible to utilize this feature as an "ordinary" developer?
I would have to reverse engineer the app to see how its backup feature works. The most likely explanation - that it's storing the backup "in the cloud" using the device ID (which resets when you do a hard reset, I think) - is easily possible for any app so long as you provide the storage space...
GoodDayToDie said:
I would have to reverse engineer the app to see how its backup feature works. The most likely explanation - that it's storing the backup "in the cloud" using the device ID (which resets when you do a hard reset, I think) - is easily possible for any app so long as you provide the storage space...
Click to expand...
Click to collapse
That could be an explanation. But then the Whatsapp developers could easily offer a full backup, as on other platforms, linked to the phone number or something. Then you could restore the messages even after a phone exchange. But who knows what's in their heads ...
GoodDayToDie said:
I would have to reverse engineer the app to see how its backup feature works. The most likely explanation - that it's storing the backup "in the cloud" using the device ID (which resets when you do a hard reset, I think) - is easily possible for any app so long as you provide the storage space...
Click to expand...
Click to collapse
Nope, it doesn't seem to be online.. it backups pretty big chats extremely fast with 2 bars of GPRS, so it can't be via internet.. it even backups without connection at all. That's the weird thing.. how are apps even allowed to store files that keep being there after an uninstall?
There are a couple really sneaky ways you could do that; one that comes to mind is creating a fake "image" or "ringtone" or similar, serializing the data to it, and then looking for it the "first" time the app is run after installing. However, I'm definitely more curious now. There are folders which apps can request permissions to write to, but usually that's a trick limited to "second-party" apps (OEMs, etc.) and prohibited for third parties.
I've already looked into the code, as far as i can tell there is no online backup feature. it just stores the conversations in a database.
And to answer yout question schluff: no there is absolutley no way the usual developera to utilize this.
btw: @GoodDayToDie could you provide us the newest WhatsApp XAP (2.11.312.0)?
When I get the chance to extract it of my computer, yeah. It's really hard to get full FS access working these days, so I'm looking into other ways to access the install folders and storage of other Apps.
here you go
edit: I've changed nothing, so it's the whole install folder in this zip file
Thanks for the extraction! Obviously, I can't do anything with it
However, if anyone is interested in this too, in the following versions it seems to backup to the SD card, at least @Nazwzil8 reported so at twitter: https://twitter.com/Nawzil8/status/410486248156172288 he reported a lot about whatsapp, he seems a legit beta tester.

Rooted, now what?

I got a new wifi S2, installed the permissive kernel and rooted it. I installed TWRP and made a backup. Now I've got an uninstall app and I've removed a few things; primarily Knox and the security logger so that it quits whining at me. I have a strong desire to never ever use the cloud, create a Samsung account, or a Google account. I really just want to load some books onto it and DLNA some music and videos.
So I want to get rid of all the stuff that I'll never be able to use but it's not clear to me how to identify all that. I'm a long time Unix guy but not at all an android guy. If something prompts me to create an account I know I want to uninstall it, but damned if I can figure out how to identify what to uninstall from what icon I touched.
I've found bloatware lists but they're all somewhat old and not for the S2, so it's not clear to me if I should trust them. I'd like to avoid trial and error "uninstall and reinstall if something doesn't work" or the even more dreaded "uninstall and find out six months later that something doesn't work". Can anyone point me at a good list of what I can remove, or where I can figure out how to determine that for myself? Thanks.
Better start freezen apps instead of uninstalling them. I use titanium backup for that, but you can use whatever you like. Just be carefull freezing or uninstalling OS related apps, you can end in a bootloop, but you always have the odin flash method to reflash your system back to normal. Just don't play around with partitions or /dev .
Right now I using my tablet unrooted and untouched, so I can't be more specific which apps you can freeze without problems.
He doesn't need odin as he has a twrp backup.
I take it you are using System App Remover (root) to uninstall system apps? If so you are pretty safe as they are backed up and can be restored any time if something goes wrong.
Also are you aware without a Google account you will lose part of the functionality of an Android device?
Samsungs account you can do without. All that stuff related to it can be deleted, but don't advise removing any of the Google core services from the stock rom.
If you really want a GAPPless rom then you're better off with a non stock custom rom like CM or AOSP.
Not much in that area of development at the moment, but there are a couple of members working on it.
ashyx said:
He doesn't need odin as he has a twrp backup.
I take it you are using System App Remover (root) to uninstall system apps? If so you are pretty safe as they are backed up and can be restored any time if something goes wrong.
Also are you aware without a Google account you will lose part of the functionality of an Android device?
Samsungs account you can do without. All that stuff related to it can be deleted, but don't advise removing any of the Google core services from the stock rom.
If you really want a GAPPless rom then you're better off with a non stock custom rom like CM or AOSP.
Not much in that area of development at the moment, but there are a couple of members working on it.
Click to expand...
Click to collapse
Yes, thanks. If I lose functionality to avoid Google watching over my shoulder I'm all for it. I'm old and probably overprotective of what's my business and not theirs. In truth, I bought the S2 because I have a collection of chess book pdf's and djvu's that I want to be able to read while I'm sitting at my chess board. I got the 9.7 inch S2 because the old eyes aren't what they used to be. Anything I can do beyond that is icing on the cake.
I do have the app remover, and I've removed the stuff that was obvious to me (like the Microsoft Office stubs). But there are still lots of things that bring up a prompt for an account when I run them and it's not clear to me how to figure out what app to remove to get rid of that particular thing. On Linux I could use rpm -q to figure out what rpm contained a file I want to remove and I'd be good to go. I've tried googling some of the app names but the "descriptions" I end up finding are particularly unenlightening. And since this is definitely not my area of expertise I don't really want to operate in "let's remove this and see what happens" even if I can reinstall the app from its backup. I've been doing software development and sysadmin for more than 35 years now and that just doesn't seem like the way to approach this.
I was looking at CM, which seems like it might be what I'm looking for, but it's still in alpha and my skill level is probably not up to coping with that so I'm back with the problem of how to decide what to get rid of.

P9 anti virus

Is the built in anti virus on the P9 sufficient or is it advisable to download another one.
Any advice please.?
1. There are no viruses on Android
2. Most of apps that call them self anitivirus are nothing more but crap that beside sucking memory and battery do nothing
3. Most of problems that people call "virus" is nothing more but some crappy made app that mess up phone performance or download few other crappy apps in background like lockscreen or cleaner.
4. Build in antivirus on Huawei is just icon that do nothing... because it dont have anything to do, BECAUSE look at point 1.
Im using android for almost... forever of it existing, I was rooting and giving free access to all apps i could, I once did test and clicked all ads and installed all shady apps I could find, give them root access... and beside few more crappy apps that they downloaded in background... NOTHING.
Even my router logs didnt show any weird data that was send/recived in phone.
All you can get on your phone is viruses that are made for PC, that will transfer them self to it when you connect it to PC, this is only example that I know that someone had related to "viruses", but it was not even made for android...
All you need to do, to keep your device in good shape and safe, is to keep it clean, use build in cleaner that is good for removing trash files, and keeping an eye on permissions of apps, if app dont need internet access or contact list, remove that permission.
Simple as that...
This is pretty much it. Don't be the user that installs 5 cleaning apps / anti-viruses and wonder why the phone is so slow. I see users every week that slow their phone down with this stuff.

magisk_debug.log taking up 1.4 GB

Non-developer here asking a potentially stupid question. You have been warned.
So, I noticed that my phone's free storage seemed lower than usual. DiskUsage showed about 4 GB of "System Data". I find factory resetting to be a huge pain because I have a few apps that are really hard to back up and restore (such as keepsafe), so I decided to look around and try to find the culprit. Turns out, there's a file in /data/adb/ called "magisk_debug.log" that takes up 1.4 GB and I'm not sure if it's safe to delete because, on the one hand, it's a log, but on the other hand, as I stated at the beginning of the post, I'm not a developer, which means there are a lot of things I don't know about Android's file system, plus I sometimes tend to do stupid things with my phone that cause me a lot of trouble. So, can I delete it or should I leave it be?
I'm using a Galaxy S8 with Android 7.0 if that's relevant for anything
Maybe you are using a debugging channel? Switch to a stable channel or a normal channel and delete the log file.
For anyone stumbling on this (it has been answered already in the Magisk General support thread):
The magisk_debug.log file has not been used in Magisk for a long time (Magisk v14.3, or so). If you still have it on your device it's perfectly safe to delete.

Categories

Resources