1. Hot New Devices! HTC One M9 | Samsung Galaxy S6 | LG G4

Galaxy S3 owners, please help! Is this normal, or have I been hacked?General


  1. rv2012

    rv2012 New Member

    Alright, so I was browsing some potentially murky/unsafe websites on my Galaxy S3 when I had a horrible system crash, and ever since this crash I've noticed some strange things going on on my phone:

    1. Everything is noticeably slower, and there are occasional 3-5 second freezes.

    2. If I use OS Monitor to examine system activity, I always see a process listening on a bunch of ports like 55555 and 55556, but the name of this process is different every time I look.

    3. If I go into Settings -> Application Manager -> All, click on the current name of the app listening on the ports above, and check its permissions, it always turns out that the app happens to have permission to do about 100 things, from "add or modify calendar events and send email to guests without owners' knowledge" to "directly call phone numbers", you name it -- way more permissions than even a typical system-level process.

    SO, Galaxy S3 owners, I'd be eternally grateful if someone could go into Settings -> Application Manager -> All on their phone & check permissions on a few apps (listed below). Do they have 100+ permissions to do everything under the sun on your phone too?

    Lcdtest
    DttSupport
    TMServerApp

    I know these are legitimate names of system processes that are supposed to be present, but I'm paranoid that on my phone they might've been replaced with hacked versions. If someone could reassure me that they really are supposed to have permission to do literally everything to my system, I'd be grateful!

    Advertisement
  2. Musky

    Musky Well-Known Member

    On my phone they seem to have permission for everything, but I can't tell for sure because I don't know all of the permissions and some may not be listed.

    But, I only have the first two you listed. I do not have "TMServerApp"
  3. bigsmokefarmer

    bigsmokefarmer Well-Known Member

    I don't have Lcdtest, I do have DttSupport and it has lots of permissions, I also have TMServerApp, but it's not running.

    Hope that helps, do you have anti-virus on your S3?
  4. GoldenDiamond

    GoldenDiamond Well-Known Member

    get some anti-virus software on your phone (then obviously scan your phone) or factory reset.
  5. thahim

    thahim Well-Known Member

    I have all three of them with lots of permissions.
  6. Yatezy

    Yatezy Well-Known Member

    I have all three and they all have an insane amount of permissions but I don't have any problems here, or none that are noticeable anyway.
  7. sherlock5545

    sherlock5545 Well-Known Member

    If you aren't rooted, these system applications cannot be modified, so it's unlikely that you've been hacked. Tryba factory reset if your phone crashes a lot. By the way, what website did you visit?
  8. Uppal007

    Uppal007 Member

    I also have all 3 with lots of permissions, must be normal then.
  9. Spaceprobe

    Spaceprobe Well-Known Member

    Try installing Fast Reboot from the play store and running it
  10. dportal2006

    dportal2006 Well-Known Member

    Oh man. Do you mind telling me what website did you visit? I would like avoid it. Try downloading and anti virus and then factory reset the phone.
  11. Rxpert83

    Rxpert83 Dr. Feelgood Moderator

    Do a factory reset immediately. Its the only way to know its safe.
  12. rv2012

    rv2012 New Member

    Thanks so much to everyone who replied! I feel better knowing that it's normal for these processes to have crazy permissions, but I did a factory reset anyway just to be extra safe.

    Question, though: a factory reset doesn't re-install the core operating system, right? It just deletes user-downloaded apps + app data? I guess I'm just wondering whether it protects against the situation where the OS itself has been compromised. Is it even possible for there to be a "privilege-elevation"-type exploit where a process gets root access through some security vulnerability and then overwrites core system binaries with hacked versions? Or is it not possible for even a process that gets root access to do this?

    To those who asked what site it was that caused my original crash: I don't have the exact URL, but it was some weird Russian image host that I got linked to from a forum.
  13. davidmanvell

    davidmanvell Well-Known Member


    LCDTEST 17 permissions
    DTTSUPPORT 16 permissions
    Do not have the third one.

    Those core files should be safe. Shouldn't have to worry about them.

Share This Page