1. Download our Official Android App: Forums for Android!

Root Picked up a virus when I installed cynogenmod 7

Discussion in 'Android Devices' started by alextop30, Oct 12, 2011.

  1. alextop30

    alextop30 Android Expert
    Thread Starter
    Rank:
    None
    Points:
    93
    Posts:
    798
    Joined:
    Oct 5, 2010

    Oct 5, 2010
    798
    123
    93
    Male
    security and surveillance and finance
    Windy City of Chicago
    Since I did not find any similar threads I thought I would ask this. last weekend I rooted my eco and put cynogenmod 7 on it it seemed to had picked a virus by downloading the files. My antivirus on my computer did let me know there was something funny but i ignored it because i thought that my anti virus passified it. Well what happened aparently was that i loaded infected files that hijacked my email and attempted to send random contacts emails about some online farmacy. The problem is some if those contacts ar my professors and i really do not want anything like that to be sent to them of course. Fortunatelly google blocked my account and the emails did not get sent.

    The question that i have is is there any place that i can grab the files for cynogenmod that include the htc evo 4g radio update so that i can get access to 4g and the best and fastest mod? I like cynogenmod and i would really like to put it on so any help would be awesome. I rooted my phone with the guide from these forums and it was root for dummies or something like that.

    Again also I really appreciate any help.


    Thanks very much
     

    Advertisement

  2. argedion

    argedion The TechnoFrog
    Rank:
     #29
    Points:
    953
    Posts:
    6,360
    Joined:
    Jun 20, 2011

    Jun 20, 2011
    6,360
    6,292
    953
    The Infernal Swamp
    Where did you download CM7 from? Did you follow the link from ROMs and Kernels? If not follow that link Delete the copy you have do a complete wipe of your phone and flash that copy.

    As far as your emails go nothing you can do about emails already sent. Just go through your account and try to clean things up from the infection. Also make sure nothing else is infected. Computer, Phone, and Gaming Systems.
     
    alextop30 and ocnbrze like this.
  3. mikem0269

    mikem0269 Android Expert
    Rank:
    None
    Points:
    213
    Posts:
    1,094
    Joined:
    Aug 15, 2011

    Aug 15, 2011
    1,094
    844
    213
    Male
    Illinois
    Yea some times a virus will sit dormat untill a triger puts it in action. It could have come from anywhere. I would def clean any device u use as stated above.
     
  4. alextop30

    alextop30 Android Expert
    Thread Starter
    Rank:
    None
    Points:
    93
    Posts:
    798
    Joined:
    Oct 5, 2010

    Oct 5, 2010
    798
    123
    93
    Male
    security and surveillance and finance
    Windy City of Chicago
    Emails did not get sent out because google blocked my account before they were sent so the only thing is that is got a mailer demon about those emails. I followed the links from the root for dummies page however i also downloaded the radio update to fix the 4g and an updte that enabled me to download the market into cynogenmod. As for the mod itself i got from cynogen's official page. I dont believe that it was the mode itself but maybe the supporting files with it. So essentially i want to find some way to get all the files i need from a legitimate source so i can get cynogen running on my evo.

    A reference to the other post i backed up the current htc android system through th recovery console and factory wiped the data from the recovery console too so i believe i followed all directions to a t except the non existent one about the 4g radio and the fact cynogen does not have the android market installed.
     
  5. 9to5cynic

    9to5cynic Android Expert
    Rank:
    None
    Points:
    633
    Posts:
    4,873
    Joined:
    Feb 20, 2011

    Feb 20, 2011
    4,873
    1,766
    633
    /home/
    You are pretty lucky that you're using google for your email. It'd be pretty embarrassing to send a professor emails regarding particular little blue pills ;)

    Also, I've downloaded several roms, never once found anything like this. I would almost think that the virus came from somewhere else, and you somehow triggered it.

    Also, are you using outlook or something like that? I wouldn't think a virus could get into gmail (web). Unless it infected your browser...

    May I suggest Firefox with the No-Script plug in?
     
    alextop30 and ocnbrze like this.
  6. alextop30

    alextop30 Android Expert
    Thread Starter
    Rank:
    None
    Points:
    93
    Posts:
    798
    Joined:
    Oct 5, 2010

    Oct 5, 2010
    798
    123
    93
    Male
    security and surveillance and finance
    Windy City of Chicago
    You are so right especially about the blue pills the worst part was that it somehow picked the exact professors which i will be needing letter of recomendation for lawschool from. As to the other part i am gong to try cynogen again definatelly. The only thing i will use different computer this time and triple scan all the files. I wonder if kaspensky has a free version i can install for the time being. Or a better idea might be just using linux to install?
     
  7. Rxpert83

    Rxpert83 Dr. Feelgood
    Rank:
     #12
    Points:
    1,953
    Posts:
    17,921
    Joined:
    Aug 30, 2011

    Aug 30, 2011
    17,921
    13,145
    1,953
    Male
    Graduate Student
    MN
    Most of the major antivirus companies have an online version of their antivirus where you can either submit files for scanning or have them scan your entire system.

    Also, I don't remember the website but there is one available that you can submit files to and it scans them using a bunch of the major companies if your really paranoid.
     
  8. 9to5cynic

    9to5cynic Android Expert
    Rank:
    None
    Points:
    633
    Posts:
    4,873
    Joined:
    Feb 20, 2011

    Feb 20, 2011
    4,873
    1,766
    633
    /home/
    You could try any of the free virus scanners (AVG, Avast!), or linux. I guess you really could just download the file to you SD card an install directly from there, no computer at all.

    1. Make sure you are getting the download from the official site, otherwise I *suppose* someone could alter it to send rouge emails....

    Also, I think the site is called TotalVirus or virustotal or something like that, it scans files against several signatures (dozens).
     
    ocnbrze and Rxpert83 like this.
  9. alextop30

    alextop30 Android Expert
    Thread Starter
    Rank:
    None
    Points:
    93
    Posts:
    798
    Joined:
    Oct 5, 2010

    Oct 5, 2010
    798
    123
    93
    Male
    security and surveillance and finance
    Windy City of Chicago
    I downloaded kaspensky the free trial is a full functioning software scanned like crazy didn't find anything so I will let you know what will happen tonight when I install it.
     
  10. 9to5cynic

    9to5cynic Android Expert
    Rank:
    None
    Points:
    633
    Posts:
    4,873
    Joined:
    Feb 20, 2011

    Feb 20, 2011
    4,873
    1,766
    633
    /home/
    Is it at all possible that you have no viruses, but your account was compromised (phishing or some other means)?
     
  11. alextop30

    alextop30 Android Expert
    Thread Starter
    Rank:
    None
    Points:
    93
    Posts:
    798
    Joined:
    Oct 5, 2010

    Oct 5, 2010
    798
    123
    93
    Male
    security and surveillance and finance
    Windy City of Chicago
    Update: Ok here is where I am at and what I have figured out. I have successfully installed cynogenmod and phone is working pefectly on 3g, wifi, and 4g (works way better than the stock rom on 4g). On the cynogenmod 7.1 the radio update is not necessary I am guessing since the developers at cynogenmod rewrote the code for the 4g and included it in the update which was awesome!!! A big thank you to them for that!!!

    Before I installed the ROM I made a second gmail account (yes I had only one which was my main). I got the gapps (the most downloaded one (filter by downloads)). I patched that through the recovery console install zip file and so on. At the screen which comes up to add a google account I punched in my main gmail account but purposely with the wrong password while logged in on my computer which I was sitting in front at the time. As gapps was trying to log into my account a red field showed up on top of my email inbox telling me that someone from indonesia was trying to log into my account (that has not shown up before when I had the htc sense just S-OFF system). I logged in with my newly made account and everything went through just fine I was able to install the market and 2 other apps such as gmail and google maps (even though I think it was quite old version of google maps). I added some contacts of my closest friends which had an email and I have been monitoring my phone but 5 hours later now it has not sent out any fake emails about blue pills and so on. I still have not added the emails of my professors because of paranoia, or just in case something does happen.

    With these findings at hand I am king of confused why cynogenmod does not include the app market or google account sync to its inner workings in order to make the process a bit easier and quite a bit more secure. I don't think I will be able to trust my main email account to my phone but I have the samsung galaxy tab 10.1 and I am able to access my email pretty much every time I have it tethered to the phone so that compensates. I hope that would be something cynogen would incorporate because it will make the entire process very, very easy and safe.

    Thank you guys for the help and watch out (I do not want to put it all on gapps but I am fairly certain that there is something fishy that happens why you try to add a google account to the phone at the start up screen after patching gapps.
     
  12. ocnbrze

    ocnbrze DON'T PANIC!!!!!!!!!
    Rank:
    None
    Points:
    1,923
    Posts:
    23,595
    Joined:
    May 13, 2010

    May 13, 2010
    23,595
    14,436
    1,923
    Male
    being a flashaholic sponsor, helping others gettin
    los angeles
    the main reason why cm7 will never get gapps included in their roms is because google sent them a cease and desist letter telling them that they cannot have any of the googles apps included in their roms. now this was when android was still very young coming out. unless google says its ok for cm7 to include gapps again, you will not see it in their roms.
     
    argedion likes this.
  13. alextop30

    alextop30 Android Expert
    Thread Starter
    Rank:
    None
    Points:
    93
    Posts:
    798
    Joined:
    Oct 5, 2010

    Oct 5, 2010
    798
    123
    93
    Male
    security and surveillance and finance
    Windy City of Chicago
    Hmm that is interesting information which i did not know. Is the android market considered a google app too. At this time i am guessing so since it is not on cynogenmod it is property of google. It would be nice if they would embrase the freedom of open source and let cynogenmod developers distribute them. :)
     
  14. 9to5cynic

    9to5cynic Android Expert
    Rank:
    None
    Points:
    633
    Posts:
    4,873
    Joined:
    Feb 20, 2011

    Feb 20, 2011
    4,873
    1,766
    633
    /home/
    It's weird about the whole attempted log in from Indonesia. I posted a question months ago wondering if it was possible or likely for devs to grab any confidential information (IE: login info) from users, but that wasn't something anyone really thought was a big issue. I'm not sure if it is a big issue, I'm just paranoid.

    Did google give you the IP address of who in Indonesia was trying to log in? If so, is there any chance that your attempted log in was just routed through Indonesia?

    If you would have successfully logged in with your main account, would google have told you that a successful log in occured (in the option where you view latest activity) from Indonesia.

    Very curious.
     
Tags:

Share This Page

Loading...