1. Download our Official Android App: Forums for Android!

Viciously virulent virus caught through SD card in New York

Discussion in 'Android Lounge' started by gschadow, May 7, 2019.

  1. gschadow

    gschadow Lurker
    Thread Starter
    Rank:
    None
    Points:
    6
    Posts:
    3
    Joined:
    May 7, 2019

    May 7, 2019
    3
    1
    6
    My wife has had a Samsung Galaxy J7, and one fine day we were visiting New York City, where, to make more photos, we went into a pretty solid looking phone store and bought what seemed like a genuine SanDisk SD card. It was not some cheap crap from a sidewalk sales scam. Once she inserted that card, it gave problems, never worked well, some fraudulent fake. But worse yet, it infected her phone with a viciously virulent virus which we could never again get removed. Brought it to several technicians already, but they were unable to fix it. Factory reset, of course, several times, and every time the virus is there. I am almost certain that these technicians tried to flash the firmware also, yet the virus crap keeps coming back.

    What could this be? I am flabbergasted. Is there really some corner of memory that is completely unreachable by factory reset and flashing the firmware? Could be that it somehow hooks itself into the thing that is used to lock the phone onto a specific provider, that too doesn't go away by flushing firmware. So, what is the approach to get rid of this virus, or is it that one must write off that phone as a total loss?

    IMO this is a reason not to buy mainstream brands of phones. I bet with my Xiaomi phone this could never have happened. Right?
     

    Advertisement

    peter kim jin woo likes this.
  2. Dannydet

    Dannydet Android Expert
    Rank:
     #31
    Points:
    818
    Posts:
    4,472
    Joined:
    Jan 16, 2016

    Jan 16, 2016
    4,472
    2,483
    818
    Male
    Graphics Manager / Sales
    USA
    Factory reset the phone
     
    KBU2 likes this.
  3. ocnbrze

    ocnbrze DON'T PANIC!!!!!!!!!
    Rank:
     #12
    Points:
    1,983
    Posts:
    24,745
    Joined:
    May 13, 2010

    May 13, 2010
    24,745
    15,159
    1,983
    Male
    being a flashaholic sponsor, helping others gettin
    los angeles
    just curious as to how you know that it is infected by a virus? i doubt that it was because of the sd card.

    i have had both htc and samsung, since the dawn of android, and never had any virus or anything.

    what is exactly going on?
     
    KBU2 likes this.
  4. mikedt

    mikedt 你好
    Rank:
     #5
    Points:
    3,238
    Posts:
    26,114
    Joined:
    Sep 22, 2010

    Sep 22, 2010
    26,114
    15,158
    3,238
    Teachaaa
    Jinan, China
    Fake news.
     
    KBU2 likes this.
  5. gschadow

    gschadow Lurker
    Thread Starter
    Rank:
    None
    Points:
    6
    Posts:
    3
    Joined:
    May 7, 2019

    May 7, 2019
    3
    1
    6
    Thanks for the reply. I am quite sure that it is because of that SD card. I know because she never got a virus and on that day she did not have any Internet connection anyway, so no downloading of shady stuff was possible. The problem started right after this SD card was installed.

    The symptoms were that photos were not stored right, that even without that SD card (which had of course long been removed) photos are damaged, either file read errors / blank or sometimes cut up half of one photo and half of another.

    There are also weird ads appearing, like a Facebook ad that appears from the top status bar like a Christmas tree ornament ball. (She doesn't use the Facebook App). Really weird stuff. Also, the phone sucks battery power like it was constantly churning and sometimes becomes unresponsive.

    Like I said, factory reset did not work. That has been tried several times.
     
  6. lvt

    lvt Android Expert
    Rank:
     #63
    Points:
    333
    Posts:
    2,336
    Joined:
    Jan 30, 2013

    Jan 30, 2013
    2,336
    926
    333
    Male
    Paris <--> Taipei
    14230710-cinismo-ilustrado-apple-650-a542d8629a-1494423893.jpg

    I thought only iPhones can be infected :)
     
    bcrichster and Jfalls63 like this.
  7. dontpanicbobby

    VIP Member
    Rank:
     #16
    Points:
    1,563
    Posts:
    13,901
    Joined:
    Dec 31, 2011

    Dec 31, 2011
    13,901
    8,762
    1,563
    Male
    Boston MA USA
    I think your wife's phone may be a malware victim. Malware infection is different from Virus infection but I'm not sure how to explain it...
     
  8. gschadow

    gschadow Lurker
    Thread Starter
    Rank:
    None
    Points:
    6
    Posts:
    3
    Joined:
    May 7, 2019

    May 7, 2019
    3
    1
    6
    I can believe that.

    I am myself an gadget hacker, I proudly replaced a hacked firmware on my Motorola V600 clamshell phone, to put a different screen background on (just "a few" years ago). :D

    I would like to understand what the issue is here, and perhaps get to the point where I might clean out that garbage and either sell the phone in a completely working clean condition or use it to play with modified Android versions. Such as Google spyware free Android setups. Something I don't easily get to do with my Xiaomi and other weird Chinese brands that I normally use.
     
  9. Mikestony

    Mikestony ~30% Carbon Black ±
    Moderator
    Rank:
     #3
    Points:
    4,218
    Posts:
    30,144
    Joined:
    Sep 10, 2010

    Sep 10, 2010
    30,144
    25,256
    4,218
    Male
    Next to you
    I'm working on trying to move this thread out of the Android News forum so if I click the wrong button and your thread disappears @gschadow , I'm sorry but I will message you :D
     
    dontpanicbobby and ocnbrze like this.
  10. svim

    svim Android Expert
    Rank:
     #33
    Points:
    708
    Posts:
    4,330
    Joined:
    Dec 19, 2013

    Dec 19, 2013
    4,330
    3,377
    708
    Illinois
    Since a Factory Reset didn't fix your problem, it's likely that whatever exploit is on her J7 is something that installed itself into the Android operating system itself. There's a common misconception that a Factory Reset will wipe everything but that's only partially true. The internal storage media in her phone is divided into several partitions, most are dedicated solely to the operating system and one is the set aside as the user's data partition. That data partition is where all a user's data, saved files, app config/settings reside, and it's just that data partition that gets wiped clean during a Factory Reset. The operating system partitions are left as is, the OS does not get wiped away, it's just that data partition. The installed OS cannot wipe itself, nor can it magically reinstall itself even if it does get deleted by other means. This also means that after a Factory Reset, just as an example if her phone was originally running Marshmallow and later upgraded to Nougat, it will remain running Nougat after the Reset. Again, the Factory Reset does not affect the OS itself.
    Most Android exploits will only be limited to that user partition, the system partitions have restricted privileges. Some exploits however, are more cleverly crafted and are able to compromise the OS. Once an exploit resides in one of the system partitions, a Factory Reset won't make any difference. In that case you need to replace the OS. There is no master install image for consumer phones where you can just manually install a clean Android OS onto her phone, it's a matter where you need to flash a stock, Samsung ROM.
    Another thing to keep in mind is 'if' there is some exploit that's in the installed OS, even if you try using an anti-virus/anti-malware app the odds are it won't help. This goes back to that permission level/privileges issue -- installing one of those utilities will be done by the user and will have user-level privileges so for the most part while it will have full control over everything in that data partition, that utility will only have limited abilities to do anything involving direct access to any of the system partitions (it's essentially a user-level app without system-level privileges).

    But getting back to flashing the ROM, be sure to back up everything that needs to be saved first. Flashing a Samsung device using the Odin utility won't wipe the data partition when done properly but just in case something goes wrong. Plus you should always have a backup solution implemented anyway. You might want to use Samsung's Smart Switch to do a full backup (and it will makes things less of a hassle if you do need to do a restore of the user data).
    https://www.samsung.com/us/smart-switch/
    Go here to download the appropriate ROM. Using the exact model I.D. (i.e. SM-J7xxxx) and her carrier:
    https://updato.com/firmware-archive-select-model?q=galaxy+j7&exact=1&r=&v=&rpp=100
    It's important to choose the matching ROM, don't substitute as ROMs are not interchangeable. Every model has a different, internal hardware configuration and its matching ROM has to have the appropriate drivers/firmware/software to work with that specific hardware.
    There are detailed, step-by-step instructions on the flashing process here:
    https://updato.com/how-to/how-to-install-an-official-samsung-stock-firmware-using-odin
    If you don't have access to a Windows PC, there's an Open Source alternative to Odin called Heimdall, and available for Linux and OS X:
    https://glassechidna.com.au/heimdall/
    It's not an exact imitation to Odin but functionally very, very similar so while those links refer to the Odin utility, if you're flexible enough the exact naming and menus aren't that different.
     
  11. LV426

    LV426 I say we take off and nuke this place from orbit
    Moderator
    Rank:
     #11
    Points:
    1,988
    Posts:
    8,959
    Joined:
    Oct 16, 2015

    Oct 16, 2015
    8,959
    13,402
    1,988
    Male
    Software developer
    South West of England
    I found the move option Mike. Wasn't in an obvious place.
     
    Mikestony and ocnbrze like this.
  12. dontpanicbobby

    VIP Member
    Rank:
     #16
    Points:
    1,563
    Posts:
    13,901
    Joined:
    Dec 31, 2011

    Dec 31, 2011
    13,901
    8,762
    1,563
    Male
    Boston MA USA
    @gschadow @svim explained that very well.
    I did say most, not all. :)

    There used to be a site that specialized in free Samsung stock ROMs exclusively but after they monetized I lost track.

    I'm.very sure with tbe help you got here tou can fix her phone. I mean...
    Dude! You hacked a flip-phone? You have skills.
     
    ocnbrze likes this.
  13. KBU2

    KBU2 Android Expert
    Rank:
     #77
    Points:
    253
    Posts:
    1,550
    Joined:
    Apr 17, 2018

    Apr 17, 2018
    1,550
    653
    253
    Male
    CommScope grounding cable engineering.
    Massachusetts
    Always check into your browser settings then site settings. There, look to see what sites was visited. Some has a tendency of connecting notifications to the device it was logged in from.
    All you have to do is clear delete any site that you may feel that compromises your device because some will connect with your device.
     
    ocnbrze likes this.

Share This Page

Loading...