1. Are you ready for the Galaxy S20? Here is everything we know so far!

Can I replace the bootloader (fastboot)? I think mine's got malware!

Discussion in 'Android Help' started by LozHensel, Apr 11, 2016.

  1. LozHensel

    LozHensel Newbie
    Thread Starter

    After my trials and tribulations reported in this thread and this thread I think I may have found the cause of the problem and it's not pretty!

    This article suggests there is a new breed of malware that, if I'm reading it right, can infect the bootloader itself! I don't think I've got one of the three mentioned there specifically (though I might have) but I think I've got something similar


    Just to reiterate my specs, if they're relevant, I have an iNew L4 running Android 5.1 on Giff Gaff (which always detects as O2 for some reason) in the UK. it's not a phone supported by CyanogenMod... well... anything really, so compiling CyanogenMod or Android Open Source Project (AOSP), or Ubuntu Touch or something like that is by no means a certainty! The Manufacturers unhelpfully do not have a pubicly downloadable rom either.

    So can I somehow flash fastboot (I'm expecting it'll be a scary dd command to a usb port...)? If I compile CyanogenMod or something will it compile fastboot for the device or just for the desktop? Is it even possible?

     


  2. Best Answer:
    Post #4 by Hadron, Apr 11, 2016 (1 points)
  3. El Presidente

    El Presidente Beware The Milky Pirate!
    VIP Member

    You can't get malware that infects bootloaders so it's not that.

    Are you absolutely sure the firmware you're trying to install from the needrom site is legit?

    You're rooted yeah? Have you tried using a system file manager (root explorer) to remove the infection manually?
     
    Hadron likes this.
  4. LozHensel

    LozHensel Newbie
    Thread Starter

    I'm not 100% certain it's legit, but the virus scanner (AVL - other scanners don't seem to scan /system and don't detect anything wrong at all) is reporting the same virus name as before (android.waps.a) and the symptoms are the same. This happened before I rooted it*.

    It is rooted now though (well it has been, I've flashed it again since then!) The problem is the apk that is showing as infected is LQLauncher3.apk, which from what I can figure out basically runs the user interface, so removing that is unlikely to be helpful. I haven't tried digging around inside the apk, actually. That's an idea. Is that what you meant?

    Actually, if I were to install another launcher, and then delete the default one...

    If that doesn't work then I probably *do* need to roll my own just to be sure, don't I?

    * I suspect it happened when I enabled installing apks from other sources for some android games I bought of Humble Bundle, but I don't really know - another article on the same topic suggest some infected apps made it into the Play store!
     
  5. Hadron

    Hadron Smoke me a kipper...
    VIP Member

    As El Pres says, you can't infect the bootloader. There are rootkit trojans that can infect the ROM though, which is what that article is about (unlikely to meet these if you install apps from the Play Store, but tread carefully if you go to random download sites). Frankly if the built-in launcher is infected I'd think it more likely it was infected out of the box than then Humble Bundle contained malware.

    So replacing the ROM would fix one of these, but don't underestimate the effort needed to build CM for a device nobody else supports. Also fastboot isn't something you flash to the phone or compile, it's a utility that can be used to flash images to partitions on the phone (if you have an unlocked bootloader).

    GiffGaff don't have a network of their own, they just buy airtime off O2 and resell it. So my guess is that your device just doesn't know about GiffGaff and so is just identifying the network that they are piggy-backing on instead.

    As for replacing the launcher, I'd advise you to install the new one as a system app (e.g. use Titanium Backup to change it to a system app) and make sure it is working (including after a reboot) before you think about removing the existing launcher. If you just install a new launcher, remove the old one, and then do a factory reset for any reason you'll find yourself with no launcher at all.
     
    LozHensel and El Presidente like this.
  6. El Presidente

    El Presidente Beware The Milky Pirate!
    VIP Member

    Which Humble Bundle did you get? They're something I always pick up and I've never had any issues with any of them.

    The install files are also directly from the game developers so it's unlikely they're infected.
     
    LozHensel likes this.
  7. LozHensel

    LozHensel Newbie
    Thread Starter

    It looks like it was called "Humble PC and Android Bundle 13"

    edit: I apparently got it around August the 19th 2015. I don't think I ever disabled the options to install third party apks though, so that could have been the contamination vector even if it wasn't Humble Bundle its self.
     
  8. El Presidente

    El Presidente Beware The Milky Pirate!
    VIP Member

    I'll check and see if that one is in my catalogue. I'm rooted with a custom recovery and can easily restore to stock if Humble is the problem (tomorrow though, it's kinda late) :)
     
  9. LozHensel

    LozHensel Newbie
    Thread Starter

    That's brave! It is kinda late, I should probably go to bed too
     
  10. LozHensel

    LozHensel Newbie
    Thread Starter

    It works!

    Replacing the launcher worked! I've gone with Buzz Launcher because I have, mostly, and deleted LQLauncher3. it seems to be gone. Let's hope it stays that way!

    Huge thanks to everyone - you've all be a huge help!
     
    El Presidente and Hadron like this.
  11. El Presidente

    El Presidente Beware The Milky Pirate!
    VIP Member

    Nova is another very popular (and very good) alternative if you want to give that a go.

    I also liked Smart Launcher 3.

    Glad you're sorted though! :)
     
    LozHensel likes this.
  12. LozHensel

    LozHensel Newbie
    Thread Starter

    I'll take a look at them. Thank you.
     
Loading...

Share This Page

Loading...