Galaxy S3 owners, please help! Is this normal, or have I been hacked?

[rv2012]

Alright, so I was browsing some potentially murky/unsafe websites on my Galaxy S3 when I had a horrible system crash, and ever since this crash I've noticed some strange things going on on my phone:

1. Everything is noticeably slower, and there are occasional 3-5 second freezes.

2. If I use OS Monitor to examine system activity, I always see a process listening on a bunch of ports like 55555 and 55556, but the name of this process is different every time I look.

3. If I go into Settings -> Application Manager -> All, click on the current name of the app listening on the ports above, and check its permissions, it always turns out that the app happens to have permission to do about 100 things, from "add or modify calendar events and send email to guests without owners' knowledge" to "directly call phone numbers", you name it -- way more permissions than even a typical system-level process.

SO, Galaxy S3 owners, I'd be eternally grateful if someone could go into Settings -> Application Manager -> All on their phone & check permissions on a few apps (listed below). Do they have 100+ permissions to do everything under the sun on your phone too?

Lcdtest
DttSupport
TMServerApp

I know these are legitimate names of system processes that are supposed to be present, but I'm paranoid that on my phone they might've been replaced with hacked versions. If someone could reassure me that they really are supposed to have permission to do literally everything to my system, I'd be grateful!

 

[Musky]

On my phone they seem to have permission for everything, but I can't tell for sure because I don't know all of the permissions and some may not be listed.

But, I only have the first two you listed. I do not have "TMServerApp"

 

[bigsmokefarmer]

I don't have Lcdtest, I do have DttSupport and it has lots of permissions, I also have TMServerApp, but it's not running.

Hope that helps, do you have anti-virus on your S3?

 

[GoldenDiamond]

get some anti-virus software on your phone (then obviously scan your phone) or factory reset.

 

[thahim]

I have all three of them with lots of permissions.

 

[Yatezy]

I have all three and they all have an insane amount of permissions but I don't have any problems here, or none that are noticeable anyway.

 

[sherlock5545]

If you aren't rooted, these system applications cannot be modified, so it's unlikely that you've been hacked. Tryba factory reset if your phone crashes a lot. By the way, what website did you visit?

 

[Uppal007]

I also have all 3 with lots of permissions, must be normal then.

 

[Deleted User]

Try installing Fast Reboot from the play store and running it

 

[dportal2006]

Oh man. Do you mind telling me what website did you visit? I would like avoid it. Try downloading and anti virus and then factory reset the phone.

 

[Rxpert83]

Do a factory reset immediately. Its the only way to know its safe.

 

[rv2012]

Thanks so much to everyone who replied! I feel better knowing that it's normal for these processes to have crazy permissions, but I did a factory reset anyway just to be extra safe.

Question, though: a factory reset doesn't re-install the core operating system, right? It just deletes user-downloaded apps + app data? I guess I'm just wondering whether it protects against the situation where the OS itself has been compromised. Is it even possible for there to be a "privilege-elevation"-type exploit where a process gets root access through some security vulnerability and then overwrites core system binaries with hacked versions? Or is it not possible for even a process that gets root access to do this?

To those who asked what site it was that caused my original crash: I don't have the exact URL, but it was some weird Russian image host that I got linked to from a forum.

 

[davidmanvell]

Alright, so I was browsing some potentially murky/unsafe websites on my Galaxy S3 when I had a horrible system crash, and ever since this crash I've noticed some strange things going on on my phone:

1. Everything is noticeably slower, and there are occasional 3-5 second freezes.

2. If I use OS Monitor to examine system activity, I always see a process listening on a bunch of ports like 55555 and 55556, but the name of this process is different every time I look.

3. If I go into Settings -> Application Manager -> All, click on the current name of the app listening on the ports above, and check its permissions, it always turns out that the app happens to have permission to do about 100 things, from "add or modify calendar events and send email to guests without owners' knowledge" to "directly call phone numbers", you name it -- way more permissions than even a typical system-level process.

SO, Galaxy S3 owners, I'd be eternally grateful if someone could go into Settings -> Application Manager -> All on their phone & check permissions on a few apps (listed below). Do they have 100+ permissions to do everything under the sun on your phone too?

Lcdtest
DttSupport
TMServerApp

I know these are legitimate names of system processes that are supposed to be present, but I'm paranoid that on my phone they might've been replaced with hacked versions. If someone could reassure me that they really are supposed to have permission to do literally everything to my system, I'd be grateful!

LCDTEST 17 permissions
DTTSUPPORT 16 permissions
Do not have the third one.

Those core files should be safe. Shouldn't have to worry about them.