1. Are you ready for the Galaxy S20? Here is everything we know so far!

I'm not tech savvy. Spyware,malware??

Discussion in 'Android Devices' started by 1vryfrustratedwoman, Jan 2, 2020.

  1. 1vryfrustratedwoman

    Thread Starter

    This is my first post.
    Well let's get down to business,
    Help me someone!!
    I think my phone has spyware or malware embedded into settings and hidden in my Samsung apps.
    Calendar has a ton of apps inside like;
    dsparser mode.
    Fido something
    Knox but not the Samsung kind, this is blocking Knox from allowing security updates.
    Live broadcast app

    My phone is brand new like less than 2 weeks old.
    My settings are greyed out and there are times I feel I do not have control of my device.
    My chrome browser is redirecting me to God knows what website.
    my Google playstore works some times, other I get an error message that says must create and download a browser???
    I've all but given up and just allowed the mess to run amuck.
    My Gmail's are hijacked, I don't get notifications at all and all of my Google photos gone 3 fbs are unaccessible and there is so much more.
    I have some weird smart view thing that turns on and then the screen dims. I hear in the speaker of my phone all download noises. ugh

    The first 4 screen shots are of applications installed on my device. I absolutely didn't install a bootloader!?
    The second set is my preloaded phone app through Samsung and the apps inside.

    There are almost 400 applications and I've only got this one device. My bf let me borrow his Samsung Galaxy j7crown for 1 week and his Galaxy S7 edge. And he purchased this Galaxy a10e last Friday, coincidence I'm praying so, either way he is up to no good or I'm absolutely batcacà!
    (I apologise in advance for grammatical errors and punctuation this has been going on for almost 2 months.)
    Please help me make sense of this.
    Thank you all for listening to,

    Attached Files:

    1. Download the Forums for Android™ app!


  2. Hadron

    Hadron Smoke me a kipper...
    VIP Member

    Welcome to the forum - sorry it's in these circumstances.

    I'm afraid that Samsung do load their phones up with a lot of apps, probably more than any other manufacturer. I don't have a recent Sammy to compare with, but nothing in those screenshots looks obviously wrong to me (of course any sensible malware author would try to disguise it as something harmless).

    All Android phones have a bootloader. That actually won't show up in this list, so I guess you are referring to "bootagent", but there is a genuine Samsung app of that name so as I say "not obviously wrong".

    Fido is a Canadian mobile service provider. Are you in Canada? The most obvious reason for a "Fido something-or-other" to be on the phone would be that it's a Fido handset (service providers tend to add their own apps - and sometimes other third-party apps - to the phones they sell).

    The most important thing is the hijacking of gmail accounts. If someone has access to the primary GMail account of that phone then they have a backdoor into the phone, so securing that account is vital. Obviously don't use a phone that you think is compromised to do this. When you have access to an account, change passwords, enable 2-factor authentication, and go through your settings and de-authorise any device that you don't recognise or don't want to access the account.

    I'm not expert on recovering FB accounts, but if you can do it I'd suggest 2 factor authentication for those as well.

    For the phone, I see that you have malwarebytes active: has it found anything?

    From the list of issues you describe I'd be tempted to suggest backing-up any important contacts or photos, removing the Google account from it and factory resetting. Removing the account first avoids problems with "factory reset protection": if you change the account password and reset the phone too close in time, in either order, you can end up locked out for a couple of days because the anti-theft system thinks this is suspicious (as one thing people commonly do if a phone is stolen is change the account password, and one thing thieves often do is reset the phone, so the 2 happening close together is a common sign of a stolen phone). Be very careful about reloading app backups, as if there is malware there you may reload that. In the extreme case you can download new official firmware from sammobile.com and reflash the phone completely, but unless the ROM itself has been corrupted that shouldn't be needed (this is unlikely but not impossible: if Knox is genuinely blocking updates it might be because the system has been modified). You will need access to Settings to remove an account, but can reset from recovery mode (so no Android malware can stop that). But securing the hijacked account would be my first step (and then not letting the suspect phone access it until I'd dealt with the phone).
    MrJavi, Neeter and ocnbrze like this.
  3. Neeter

    Neeter Lurker

    Same thing with my phone. They are manipulating your sim card, for starters. Installing Enterprise and running your phone like a managed device. I'm not even able to use a legit PlayStore... so undoubtedly all apps are probably imposters. They have taken over administrator privilege on my phone and have manipulated everything. Using Google International edition of Play store...An out dated version, as well! I cannot even factory reset the damn thing. IMO hackers have run amuck and nobody's data is safe anymore.
  4. dontpanicbobby

    dontpanicbobby 100% That Guy
    VIP Member

    So which phone are we talking about?
  5. Mark Dugan

    Mark Dugan Lurker

    The situation you have described is the common problem of all Samsungs that I've seen. The manufacturer tends to overstuff the device with dozens of unnecessary apps that soon use all storage and the device starts to glitch. As a result, you see no other way than to buy a new and more efficient device. Just do not forget to delete the apps you don't use and clear cookies and downloaded data.
    As for the spyware, you can check, for instance, this site https://tryspyapp.com/catch-cheating-spouse/, to find out how the spyware works. It is unlikely that you will understand at once that your phone has spyware on it, as such apps are designed in such a way to make them as stealthy as it is possible.
  6. tgm1024

    tgm1024 Well-Known Member

    Are you thinking of the apps that load up from the carrier branded phones? I didn't compare mine to the OP's pictures, but I have an S10+ bought and shipped directly from Samsung and it didn't come loaded to the gills at all. It was refreshing to see compared to what Verizon put into my Note II...
  7. Hadron

    Hadron Smoke me a kipper...
    VIP Member

    Carriers add more crap, but my Samsung tablet and my daughter's S8 still both came with a hell of a lot more stuff than say my Pixel did. In fact the S8 allocates more space to the /system partition than the Pixel does despite the S8 having a single system partition and the Pixel having 2. Of course some of it is to support loads of system "features", rather than stuff that appears in the app drawer, but I've yet to see a Samsung that I'd consider "lean". And to be clear, nobody in my family ever buys carrier-branded devices.

    Though to be fair, they have improved: my tablet's original ROM had a number of commercial apps (stuff like Evernote) not only pre-installed but set so you couldn't even disable them (so they'd still use space with updates - or else clutter your app update list permanently - and sometimes run in the background even if you never used them). Thankfully a lot - though not all - of that was removed by later system updates. Of course whether that was because Samsung realised this was hostile to customers or because the companies decided it wasn't worth paying Samsung to do this I don't know ;).
    MrJavi likes this.

Share This Page