Archives for

malware

What to do if your Samsung Galaxy S9 keeps showing the virus infection error (easy steps)

When your new Samsung Galaxy S9 starts popping up the ‘virus infection’ error or notice, most likely there’s an app or two that carries a malware, not necessarily a virus. And you know what? The error itself is the malware or at least, the app that it’s embedded in. For popups like this to show, they should be activated or triggered and more often than not it’s an app that does it. Find out what that application is and you’ll fix this issue.

In this post, I will walk you through in finding the app that’s causing this problem. Once you find it, you must uninstall it so that it won’t be able to cause any more problems to your phone. If you’re one of the owners of this device and are currently bugged by this issue, then continue reading as you may find this article helpful.

Before going further, if you found this post because you were trying to find a solution to your problem, then try to visit our Galaxy S9 troubleshooting page as we’ve already addressed most of the commonly reported issues with the phone. We’ve already provided solutions to some of the problems reported by our readers so try to find issues that are similar with yours and use the solutions we suggested. If they don’t work for you and if you need further assistance, fill up our Android issues questionnaire and hit submit.

How to remove the virus infection message in your Galaxy S9

It is important that you act immediately the moment you get notified about a ‘virus infection’ in your Galaxy S9 because first, apps from good developers don’t have any issues with official Android ROMs; second, your phone’s performance will be affected sooner or later. Don’t worry though, this problem is pretty minor and you can get rid of the app that brings along a malware to your phone in no time. With all that being said, here’s what I suggest you do about this problem…

Reboot your Galaxy S9 in Safe mode

All third-party apps are temporarily disabled in safe mode and all malware are attached to these kinds of apps. Running your phone up in safe mode will contain the virus or malware as its trigger is disabled. This is how you run your S9 in safe mode:

  1. Turn the device off.
  2. Press and hold the Power key past the model name screen appearing on the screen.
  3. When SAMSUNG appears on the screen, release the Power key.
  4. Immediately after releasing the Power key, press and hold the Volume down key.
  5. Continue to hold the Volume down key until the device finishes restarting.
  6. When Safe mode appears in the bottom left corner of the screen, release the Volume down key.

While in this environment, find out which app serves as the trigger of the malware and uninstall it. Go after the app you used when the error popped up and here’s how you uninstall it from your device:

  1. From the Home screen, swipe up on an empty spot to open the Apps tray.
  2. Tap Settings > Apps.
  3. Tap the desired application in the default list.
  4. To display preinstalled apps, tap Menu > Show system apps.
  5. Tap UNINSTALL > OK.

Running the phone in safe mode and uninstalling an app are pretty easy to do but the challenging part here is determining which app is causing the problem. You may have to uninstall more than one app to get rid of the virus infection error. After uninstalling some apps, reboot the phone in normal mode to know if the pop up would still show up and if it does, then you have no other choice but to do the next procedure.

RELEVANT POSTS:

Backup your important files and data and then reset your phone

The problem is actually just in the app level but since we don’t know which app is causing this problem, then we have to bring the phone back to its factory default settings by doing the master reset. However, make sure that you make a backup of files you don’t want to lose because you may never be able to retrieve them after the reset.

After the backup, disable your Galaxy S9’s Factory Reset Protection by removing your google account from your phone so that you won’t be locked out after the reset. After this, feel free to reset your phone:

  1. Turn off the device.
  2. Press and hold the Volume Up key and the Bixby key, then press and hold the Power key.
  3. When the green Android logo displays, release all keys (‘Installing system update’ will show for about 30 – 60 seconds before showing the Android system recovery menu options).
  4. Press the Volume down key several times to highlight ‘wipe data / factory reset’.
  5. Press Power button to select.
  6. Press the Volume down key until ‘Yes — delete all user data’ is highlighted.
  7. Press Power button to select and start the master reset.
  8. When the master reset is complete, ‘Reboot system now’ is highlighted.
  9. Press the Power key to restart the device.

After the reset, don’t install apps that have bad reviews or those that mimic the names of popular apps.

I hope that we’ve been able to help you with this post one way or another. If you have other concerns you want to share with us, then feel free to contact us anytime or leave a comment below.

Connect with us

We are always open to your problems, questions and suggestions, so feel free to contact us by filling up this form. This is a free service we offer and we won’t charge you a penny for it. But please note that we receive hundreds of emails every day and it’s impossible for us to respond to every single one of them. But rest assured we read every message we receive. For those whom we’ve helped, please spread the word by sharing our posts to your friends or by simply liking our Facebook and Google+ page or follow us on Twitter.

Posts you may also like to check out:

Almost 900 million Android devices supposedly affected by ‘QuadRooter’ bug

Android Malware

According to a new revelation, nearly 900 million Android devices are affected by a newly found bug called “QuadRooter“. This major malware was uncovered by security firm Check Point. These folks have also released an app to detect whether your smartphone/tablet is vulnerable to the bug. If your device uses a Snapdragon made chipset, the chances are that it is indeed impacted by this new bug.

The bug manages to creep inside the device in the form of an app (downloaded from outside the Play Store) which requires no permissions on the device, allowing it to freely conduct its business and potentially sell your device data to third parties. Although Qualcomm already knows about this particular bug, the onus is now on the manufacturers to send out patches containing the fix as Qualcomm has seemingly patched the bug on its end.

The name QuadRooter emerges from the fact that it’s a set of four vulnerabilities. While Qualcomm and manufacturers have fixed three of the vulnerabilities with the July security update, the last vulnerability will supposedly be fixed with September’s Android security update.

Make sure you download the QuadRooter Scanner app to check if your Android device is vulnerable to this particular bug.

Source: Check Point, Play Store

Via: GSM Arena

Galaxy Note 5 can’t receive SMS, other issues

We give you another post that covers five different #GalaxyNote5 problems. As usual, these issues are taken from messages we receive from some Galaxy Note 5 users.

Note 5

Below are the topics we tackle in this material:

  1. Unable to receive Gmail messages on Galaxy Note 5 email app
  2. Galaxy Note 5 camera produces noisy and grainy pictures
  3. Galaxy Note 5 can’t receive SMS
  4. Galaxy Note 5 keeps shutting down | Galaxy Note 5 won’t turn on
  5. Galaxy Note 5 keeps freezing and lagging | How to fix malware infected Galaxy Note 5

If you are looking for solutions to your own #Android issue, you can contact us by using the link provided at the bottom of this page, or you can install our free app from Google Play Store.

When describing your issue, please be as detailed as possible so we can easily pinpoint a relevant solution. If you can, kindly include the exact error messages you are getting to give us an idea where to start. If you have already tried some troubleshooting steps before emailing us, make sure to mention them so we can skip them in our answers.


Problem #1: Unable to receive Gmail messages on Galaxy Note 5 email app

In addition to the Gmail app, I have gmail on the email app. I was recently advised by google that someone had tried to log on to my gmail account with my password in another country so I changed my password and consequently couldn’t receive gmail via the email app. The same occurred on my computer but this was rectified by allowing less secure apps. I uninstalled the gmail account for the app then reinstalled it being very careful to apply the settings as recommended by google. I still can’t receive or send Gmails via the email app. Before I reinstalled it I was getting an error message that it was unable to authenticate when trying to send a test email out. I am unable to find a setting on the Note 5 to permit less secure apps. Any ideas how I might rectify this problem?

Many thanks for any advice you can offer.

best regards. — Barry

Solution: Hi Barry. Sometimes email’s security settings can create authentication problems so make sure that you disable your Gmail account’s sign-in and security features first before you attempt to reconfigure it to the email app. Log-in to your Gmail account in a computer and remove whatever security layer you’ve employed and see if it will change anything. If that won’t work either, contact Google for direct assistance.

Before you contact Google, you can also make sure that the issue is not phone related by doing a master reset. For reference, these are the complete steps to do that:

  • Turn off your Samsung Galaxy Note 5 completely.
  • Press and hold the Volume Up and the Home buttons first, and then press and hold the Power key.
  • Keep the three buttons pressed and when ‘Samsung Galaxy Note5’ shows, release the Power key but continue holding the other two.
  • Once the Android logo shows, release both the Volume Up and Home buttons.
  • The notice ‘Installing system update’ will show on the screen for 30 to 60 seconds before the Android system recovery screen is shown with its options.
  • Use the Volume Down key to highlight the option ‘Yes — delete all user data’ and press the Power key to select it.
  • When the process is complete, use the Volume Down key to highlight the option ‘Reboot system now’ and hit the Power key to restart the phone.
  • The reboot may take a little longer to complete but don’t worry and wait for the device to become active.

Problem #2: Galaxy Note 5 camera produces noisy and grainy pictures

Hi. I used to have an S4 which had an amazing camera both front and rear, especially the rear one which gave result like DSLR for pictures and videos. I was geting too very sharp accurate colors and no matter how much I zoom, picture quality was awesome. I sold it. now I bought a Note 5. Now the problem is it’s way better in all aspects like smooth fast but it has terrible rear camera. I don’t even want to talk about front camera — too much noisy grainy.

I just wonder whv I gotten a bad piece. is there something wrong with my Note 5 camera? i was expecting better result than that of the S4 but it is not even anywhere near my S4 camera. Pictures taken by the Note 5 have so much noise and blurry.

Also, i was recording video with my Note 5 and noticed that if i moved my camera from different light conditions, there are some lines appearing,  even with flash on.

The only reason I sold my S4 was it was hanging and overheating. Now I don’t want to sell the Note 5 because its working very good but I definitely want some cure for its camera problem.

Sould I buy new camera, both front and rear and replace them on my Note 5?

Android on my S4 was Kitkat and then Lollypop but performance was the same which was awesome. But the Note 5 came with Marshmallow.

Waiting eagerly for your reply. too much noise and grainy pictures with Note 5.

What might be causing this? i tried every software solution possible like changing modes and HDR stabilisation on and off but there is very little effect kind of useless problm. is it somewhere in hardware? — Shahzaib

Solution: Hi Shahzaib. Your last question should be your starting point in finding out the true nature of the problem. Normally, a hardware problem sticks around no matter how much you’ve already done in terms of software solution. If nothing changes after, say a factory reset, you can very much assume you have a hardware issue at hand.

To know if your phone’s camera has a hardware issue, make sure that you reset all your camera settings to default first. You can do that by visiting camera options. The default camera settings of the Note 5 already produces high quality photos and videos. If the photos remain blurry or grainy even on default settings, that’s a clear signal that something’s wrong. At this point, you can consider doing a factory reset.

Keep in mind that resetting camera settings to default and performing factory reset can only address glitches due to software. As we’ve been repeating, if nothing positive comes out of factory reset, it’s time that you seek help in fixing the hardware trouble. In this case, we recommend that you call Samsung to ask for a replacement instead of a hardware repair as the latter won’t guarantee a resolution. Replacing the camera yourself is a big no-no, unless you are a Galaxy Note 5 technician, or has sufficient electronics knowledge and tools to do the job.

The Galaxy Note 5 is supposed to have a much improved camera compared to older Samsung Galaxy models. If you are not satisfied with the camera output, seek a phone replacement.

Problem #3: Galaxy Note 5 can’t receive SMS

 A while ago, I’ve taken it to people and still don’t know what the problem is. It started when I was trying to get back some photos from my SD card that I’d deleted by accident which I now know that you can’t get back. But anyway, I downloaded this app on my laptop called Dr. Fone to get my photos back. So I connected my phone, did what it said, and basically the app rerouted my phone. but it got stuck. I tried everything and it was just stuck on the loading screen for this app. Nothing would happen so I had to take it too a technician that got it fixed but since I’ve had this problem my phone, hasn’t been the same.

Firstly, I can’t receive texts at all. I can send texts, I can call people and people can call me but I can’t receive texts.

At first I thought that it would be my phone network but after doing lots of tests I’ve found out that’s it’s the phone that won’t receive texts because everything was fine when my SIM card was in another phone. And I did ask the technician about it and he doesn’t know what it is and he’s the only technician in my town. And also, since he’s fixed it after it had been rerouted, it isn’t the same as it used to be. Half the functions don’t work like the fingerprint swipe. It comes up with error and things like that and when I turn on my phone and it comes up with the Samsung Galaxy Note 5 screen at the top left there’s written in yellow set warranty bit: kernel which wasn’t there before. So I’m basically stuck and I don’t know what to do. — Ellie

Solution: Hi Ellie. We don’t know for sure what’s happening on your phone but we think that the technician who “fixed” the phone may had been too heavy-handed with his/her method. The phone’s software may had been modified in order to boot it back normally. In other words, the technician may had installed an unofficial operating system just so your phone can be brought back to life. While that’s not bad in most times, doing incorrectly may result to glitches like the ones you’re experiencing right now. Or the problems may actually be caused by Dr. Fone’s software. Again, there’s no way we can know with high degree of certainty what the problem might be. Right now, your options are very limited to the software troubleshooting you can do at your level. The first thing that we would like you to try is to see if you can boot the phone in Recovery mode. If you can go to recovery mode, you’ll have the option to wipe the cache partition and do a factory reset. We’d like you wipe the cache partition first to see what happens. Here’s how:

  • Turn off your Samsung Galaxy Note 5 completely.
  • Press and hold the Volume Up and the Home buttons first, and then press and hold the Power key.
  • Keep the three buttons pressed and when ‘Samsung Galaxy Note5’ shows, release the Power key but continue holding the other two.
  • Once the Android logo shows, release both the Volume Up and Home buttons.
  • The notice ‘Installing system update’ will show on the screen for 30 to 60 seconds before the Android system recovery screen is shown with its options.
  • Use the Volume Down key to highlight the option ‘wipe cache partition’ and press the Power key to select it.
  • When the process is complete, use the Volume Down key to highlight the option ‘Reboot system now’ and hit the Power key to restart the phone.
  • The reboot may take a little longer to complete but don’t worry and wait for the device to become active.

As usual, if the procedure won’t change anything, do a factory reset (steps provided above).

As regards your SMS problem (being unable to receive text messages), make sure first that the contacts you’re expecting to receive SMS from are not blocked or included in your spam list. Once that’s taken care of, your next step is to do self check. This can be done by sending a text message to your own number. If you will not receive your own text, your phone may have been damaged for good. Make sure that you contact your network provider for a possible phone replacement.

Problem #4: Galaxy Note 5 keeps shutting down | Galaxy Note 5 won’t turn on

OK so my phone likes to just shut off. Battery fully charged and it just won’t turn on. I’ve done a factory reset. I’ve not installed apps that I thought might have caused the problem. My phone will work fine then I will just close the screen and put it down and in just a few seconds pick it up and it won’t come on. I then have to pull the battery out and leave it for a few minutes. If I put it in in like a few seconds sometimes nothing happens and sometimes I will get the vibrate that it makes we it powers on then nothing. Other times it will go to a downloading OS screen and in the top left corner it says, bare with me here because I can’t remember the right letters, “mmc failed” and some other stuff. Like I’ve said I’ve backed my phone up and wiped it. I cleaned the cache. I’ve even done a factory reset just to clean it off like new. Please help if you can. I appreciate what you all do for the android community. — Sean

Solution: Hi Sean. Like what we said above, if software troubleshooting like factory reset (which is the ultimate software troubleshooting for an average user) has been done without positive result, you must be dealing with a malfunctioning hardware. Since the phone can’t stay on for long, any form of software installation or flashing is out of the question, which means the only remaining options are either repair or replacement. If your device is under a warranty, you can still, most likely get it replaced.

Problem #5: Galaxy Note 5 keeps freezing and lagging | How to fix malware infected Galaxy Note 5

This past weekend my phone was multitasking some Google Play apps (WAZE- navigation  and Sprizilla – music app). Suddenly it powered off with battery life left to spare. Then a trickle down affect started, it kept freezing and the navigation /swiping performance was lagging. First, I performed the factory reset, that didn’t resolve the restarting issues. so I purchased a PRO Micro SD card. it seemed to work for 30 min. I uninstalled the Sprizilla music app. However the phone continues to get hot fairly quickly, freezes and shutdown more frequently. Could the battery be the issue?  Or do you recommend taking it back to the Verizon store to perform the firmware update you mentioned in an earlier post? If I somehow contracted malware or virus how do I rid it from my phone?  Or could malware or a virus make my phone behave in this manner that I’ve mentioned?  I’m running out of options, please assist.

Thank you for your support. — Tia

Solution: Hi Tia. Malware or smartphone viruses are spread through apps so the most effective way to clean your phone is by doing a factory reset. That also means that factory reset won’t do anything if, after doing it, you simply re-install the same set of apps.

To know if the issues mentioned above are due to a third party app, you must observe how your phone works after a factory reset for at least 24 hours.  Make sure that you don’t install anything during this period so you can see the difference. If the phone continues to behave erratically even with clean operating system and without apps, that’s a sign that the cause is hardware trouble. Contact your network operator and ask for a replacement phone.

 


Engage with us

If you are one of the users who encounters a problem with your device, let us know. We offer solutions for Android-related problems for free so if you have an issue with your Android device, simply fill in the short questionnaire in this link and we will try to publish our answers in the next posts. We cannot guarantee a quick response so if your issue is time sensitive, please find another way to resolve your problem. 

If you find this post helpful, please help us by spreading the word to your friends. TheDroidGuy has social network presence as well so you may want to interact with our community in our Facebook and Google+ pages.

New Android malware called “HummingBad” unearthed

Android Malware

Security researchers have found a new #Android malware called “HummingBad” which was seemingly developed by Chinese developers. It is said that this bug comes from an advertising analytics agency known as Yingmob, which has been accused of deploying malware for iOS before. The company is seemingly involved in the development of ad platforms. Well, that’s what they claim to do anyway.

In reality, the HummingBad malware supposedly puts in a rootkit on devices that can allow administrative access to attackers. This will then aid in the installation of the apps that they desire. All this without any knowledge or notice to the user. The security firm that brought this particular malware to the fore, Check Point, claims that the company might even use the device and user information they have and sell it to third parties, making this a massive security risk as well.

We haven’t heard much about this malware from Google as of yet, but it is said that it mostly impacts devices in China, India etc, so it could be limited to the Asian markets. Only 288,000 devices were supposedly found to be infected in the U.S., while close to 1.5 million devices were affected by Hummingbad in China and India respectively.

Source: Check Point

Via: Android Headlines

How to recover photos if Galaxy S6 is stuck in boot loop, other issues

s6

Hello everyone! Welcome to another post that covers some of the #GalaxyS6 issues reported by our community. Don’t forget to visit other related articles by following this link.

  1. How to recover photos if Galaxy S6 is stuck in boot loop
  2. Active Sync feature not working when Galaxy S6 is on Wi-Fi
  3. Verizon Galaxy S6 unable to receive calls from certain numbers
  4. What to do with water-damaged Galaxy S6
  5. How to make Galaxy S6 secured from malware

If you are looking for solutions to your own #Android issue, you can contact us by using the link provided at the bottom of this page, or you can install our free app from Google Play Store.

When describing your issue, please be as detailed as possible so we can easily pinpoint a relevant solution. If you can, kindly include the exact error messages you are getting to give us an idea where to start. If you have already tried some troubleshooting steps before emailing us, make sure to mention them so we can skip them in our answers.


Problem #1: How to recover photos if Galaxy S6 is stuck in boot loop

Hi, sorry if this has been answered already but I’ve limited access to internet. My wife s Samsung S6 has got stuck in a boot loop. Just the Samsung logo screen, then reboots.

We think it was part way through an update when she grabbed the phone to go out. We are on holiday hence limited web. Unfortunately the phone has on it holiday photos not yet backed up. We have tried clearing the cache partition. No improvement. We can’t get it to safe mode.

Is there any way to get the data (photos) off prior to a full reset?

I’ve seen the menu option for the ADB and do have a laptop with me. I’m comfortable with Command line if that’s what’s needed. (Dos, Linux etc)

The phone is not rooted and had a Three branded Rom if that’s important.

Please can you help get our anniversary photos back?

Most greatful for any help. — Kris

Solution: Hi Kris. Boot loop can be a product of a variety of things. At its most basic level, what happens during a boot loop is that the boot sequence is interrupted by incomplete command or corrupted system set of files. Boot loops happen when a user tries to modify core operating system files like in rooting or romming, or if installation of critical system files fails for some reason. We don’t know the full history of the device in question so we can only speculate as far as the cause of the problem is concerned.

Now, when it comes to solutions, there’s little to nothing that a user can do. The most effective solutions available for you includes wiping the cache partition, doing a factory reset, and installing custom/stock ROM. The first one is harmless while the last two means deleting or reformatting the device in a way.

To give you a frank answer, there’s no way recover your photos back unless the phone reboots normally to normal mode after wiping the cache partition. We don’t know how you come up with using ADB as a solution but it’s not recommended for average users as it requires advanced coding knowledge and tricky to do at best. On top of that, the chance of success is very low. We’ve tried doing it to at least 3 Samsung S devices before and we couldn’t make it to work. Using ADB as a solution is a very device specific procedure and critical steps can vary from one phone to another, even if they are of the same model. If you are intent on doing it yourself though, try to research online for reputable guides.

Problem #2: Active Sync feature not working when Galaxy S6 is on Wi-Fi

Hi. Ever since I upgraded the firmware, I can no longer active sync with my Office365 Microsoft Exchange server over Wi-Fi. As soon as I disable Wi-Fi and go onto mobile data (4G) only, then everything works fine. There is also nothing wrong with my Wi-Fi as I can conduct all other internet related activity (eg browse the web, download apps etc).

I have seen on the Internet that I am not the only person who has this problem so it is not specific to my phone. I know the problem will be solved if I factory reset my phone and in doing so go back to an earlier software version but this is hugely inconvenient.

I don’t believe that this can be fixed by a settings change on the phone or on my Wi-Fi (which works fine). I think the only answer is a firmware patch upgrade from Samsung. If this is not available, I know I will have to live with this problem until Samsung releases a firmware upgrade (I am on the latest one now).

If you can suggest something that will help, I would greatly appreciate this. Thank you.

Kind regards. — Dennis

Solution: Hi Dennis. This issue keeps happening year in and year out in a wide variety of smartphones. It’s been observed in both iOS and Android platforms so it’s definitely not platform-  or device-specific. The thing is, there is no blanket solution for the problem as well. If you have the time to go over other forums that cover this issue, you will easily realize that a solution for one user may not work on another. This tells us that though the symptom may appear identical — smartphone unable to use Active sync while in Wi-Fi connection — the cause for each one may not be the same.

In that sense, we find it effective if you do your own research for a solution that will work in your case. You can start by checking the forums in this Google search page result.

Problem #3: Verizon Galaxy S6 unable to receive calls from certain numbers

I hope you can help! My daughter’s phone is from Verizon and it is making us all nuts.

The rest of us have iPhones and when we try to call her, we often get this message that it can’t complete the call and to call Verizon. They say they don’t know why.

We call other people with Androids and don’t get this and no one else we know has that issue with calling her.

This is her second phone as the first quit charging. The first one did this, too.

Worse, this thing is eating data even though it has the limit on it. She has it on wifi, etc. She used 8 GB in a month where it was out of operation for two weeks. This occurred suddenly with the previous one and now for three months with this one. Verizon has looked at the settings twice and said they’re right, and we looked as well.

We are so upset, broke, and worried since we can’t contact her to leave even voicemails most of the time.

Please help!

Thank you so much! — Michelle

Solution: Hi Michelle. Did you consider the possibility that your daughter may have blocked your phone numbers by accident or intentionally? If you’ve already checked this angle, then the next thing that you want to do is get your daughter’s phone so you can do a factory reset on it. This may sound drastic but it’s the only effective solution that we can think of in this case. Now, the important thing about this procedure is to check whether or not there’s something blocking your calls like a third party app she may have installed and forgotten. Because factory reset will restore all settings and software to its initial state, it should tell you if our hunch is right or not. Make sure that you don’t install any app after the factory reset so you can see the difference. To factory reset an S6, kindly follow the steps below:

  • Turn off your Samsung Galaxy S6.
  • Press and hold the Volume Up, Home and Power keys together.
  • When the device powers on and displays ‘Power on logo’, release all keys and the Android icon will appear on the screen.
  • Wait until the Android Recovery Screen appears after about 30 seconds.
  • Using the Volume Down key, highlight the option, ‘wipe data/factory reset’ and press the Power key to select it.
  • Press the Volume Down button again until the option ‘Yes — delete all user data’ is highlighted and then press the Power key to select it.
  • After the reset is complete, highlight ‘Reboot system now’ and hit the Power key to restart the phone.

After the factory reset, try to call the phone again to see if it will now receive your call. If the issue remains, that’s a sign that you will not be able to fix the issue on your level. Contact Verizon and ask them for direct assistance.

Problem #4: What to do with water-damaged Galaxy S6

On Thursday night I dropped my phone in the toilet. Woops. I placed my phone in a bag of rice and became impatient about 12 hours later and took it out to see how it was going. It was acting glitchy so I turned it off immediately. The following day I kept it in the bag and today (Saturday) I took it out. I did a hard factory reset on the phone and cleared all information.  It was charging earlier in the day when I tried but after the factory reset it is not recognizing the charge.  BOO!  I don’t think this is a repairable issue, but I thought I would ask.  Anything else I should try?  I have it in the bag of rice again hoping the little Asians will fix it. — Erin

Solution: Hi Erin. The purpose of leaving the phone inside a bag (of little Asians) is to allow moisture inside the device to be adsorbed to rice. It’s usually recommended to leave the device in the bag for several days before attempting to power it back on. And even doing so will not guarantee that a soaked up device will work normally afterwards. Apparently, your device is not working properly anymore. Depending on the amount of water that found its way inside, the motherboard may or may not be a total mess at this time. If you’re lucky and no critical component is damaged, a repair may save it. Otherwise, just suck it up and get a new device.

Problem #5: How to make Galaxy S6 secured from malware

Twice I have received a message on my screen telling me that I have visited too many porn web sites, I have a virus, and I need to install something from Samsung in order to resolve it. I have never visited a porn site on any device that I own, and I doubt I ever will. My phone vibrates when I hit the back arrow to remove the post from my screen and I end up having to hit the home button to get it off my screen. Both times this has happened, I have been accessing Google. I believe it may be some type of spam or malware, but I am not sure how to check and remove it. Hope you can help me with this. Thank you in advance. — Elaine

Solution: Hi Elaine. If you suspect that your device may be infected with a virus or malware, the best thing that you try includes doing a factory reset first (steps provided above), then making sure that you don’t re-install the same set of apps again. Some forms of malware are transmitted by other apps so the old school mentality of preventing infection is more effective than simply installing an antivirus app.

More advanced malware may be able to evade the systems being used by generic antivirus applications so having an antivirus is not a guarantee that your device remains clean.

After you factory reset your S6, make sure that you leave apps you don’t use or anything that you’re not familiar with. If you are concerned with phone security, the lesser the apps you have, the better. In that sense, you’re minimizing the potential source of malware infection from happening. Try to stick to official apps and avoid games from unknown or dubious developers. The same holds true for all types of apps you install. Be sure that you visit the review page of an app before you install it to see if other users have unhealthy concerns about it.

Most types of phone malware today are designed to steal information rather than ruin a user’s phone or experience. These malware can stay hidden for a long time and may not be easily detectable so it’s all the more important that you secure your phone by making sure that you don’t let potential sources of malware from being installed. Your phone security is your responsibility.

 


Engage with us

If you are one of the users who encounters a problem with your device, let us know. We offer solutions for Android-related problems for free so if you have an issue with your Android device, simply fill in the short questionnaire in this link and we will try to publish our answers in the next posts. We cannot guarantee a quick response so if your issue is time sensitive, please find another way to resolve your problem. 

If you find this post helpful, please help us by spreading the word to your friends. TheDroidGuy has social network presence as well so you may want to interact with our community in our Facebook and Google+ pages.

 

Popular Chinese Android Smartphone Has Malware Pre-Installed

One of the biggest threats to the Android platform is malware. Earlier this year a report was released that showed the platform to be the target of 97% of all mobile malware in 2013. This is a significant increase from its record of 79% from the previous year. Most of the time malware enters an Android device through apps installed from unofficial sources. However, a new method has been discovered for this threat to infect a device and it is done from the factory.

star n9500

The Star N9500, a popular Galaxy S4 clone in China, comes pre-installed with the Uupay.D trojan straight out of the factory. The Trojan disguises itself as a Google Play service but then collects data from the device without restrictions. It can record phone conversations without the user knowing about it. The microphone of the device can be activated remotely so that anyone can listen to conversations within range of the phone. It also sends out SMS to premium services which leads to a higher bill for the user.

German Tech website Heise reports that security researchers from G Data made the discovery saying that this is the first smartphone that “comes from the factory with an extensive espionage program“. The bad news is that it appears that this trojan has been pre-installed in Chinese smartphones as early as March when Kaspersky reported that devices which came with the Goohi service also had the Uupay.D trojan.

star n9500 2

Reports also say that the trojan is difficult to remove from the Star N9500 as it is included in the firmware of the device itself. One method that totally removes this malware is by using another ROM on the device but then this requires knowledge on rooting and flashing.

One member of the xda-developer forum said that he ran an antivirus scan on his newly received iNew i7000 Chinese Android smartphnoe and sure enough the Uupay.D trojan was detected. If this is going to be a growing trend then consumers will be avoiding unknown brands. Its already bad enough that most of these devices have low quality, now they even come with malware straight out of the box.

If you own the Star N9500 then try installing a mobile security app on it and have it run a scan on your device. To get rid of the malware you will need to root your device and use a custom ROM on it. The procedure for this can be found in several popular Android forums.

via heise

iBanking Android-Windows Malware Being Sold Complete With Updates, Technical Support For $5000

Last month we reported about the latest threat to hit the Android platform which targets Facebook users who regularly do mobile banking on their devices. Now Symantec has reported that the malware known as iBanking has been further developed to perform other nefarious activities and it is even being sold for $5000 which comes with updates and even technical support.

iBanking

The main culprits behind the development of the iBanking malware are powerful Russian cybercriminals who have enhanced its features to create various attacks on financial institutions. The individual or group of individuals involved in the sale of this malware is known as GFF. For those interested in buying the malware but can’t afford to pay the upfront cost of $5000 then a deal can be arranged where a lease can be made in exchange for a share of the profits.

How does his malware work? iBanking disguises itself as a legitimate social networking, banking, or security application and attacks outdated security measures being employed by certain banks. It can intercept the one-time passwords sent to mobile devices through SMS and it can be used as a mobile botnet which can conduct a covert surveillance on a target. Its more advanced features include toggling between HTTP and SMS control depending on the availability of an Internet connection.

iBanking gets into an Android device through social engineering techniques. Victims are being lured to install iBanking in their Android device. What happens is that a victim will most likely have their PCs infected first with the financial Trojan. They will then receive a pop-up message informing then to install a mobile app which it claims is an added security measure.

The victim will then be asked for his or her phone number and the operating system of their mobile device before a download link is being sent via SMS. Once installed in a device the hacker now has complete control over it.

Some of the new features of this malware now include

  • Stealing phone information –phone number, ICCID, IMEI, IMSI, model, operating system
  • Intercepting incoming/outgoing SMS messages and uploading them to the control server
  • Intercepting incoming/outgoing calls and uploading them to the control server in real time
  • Forwarding/redirecting calls to an attacker-controlled number
  • Uploading contacts information to the control server
  • Recording audio on the microphone and uploading it to the control server
  • Sending SMS messages
  • Getting the geolocation of the device
  • Access to the file system
  • Access to the program listing
  • Preventing the removal of the application if administrator rights are enabled
  • Wiping/restoring phone to the factory settings if administrator rights are enabled
  • Obfuscated application code

Symantec predicts that bot activity related to iBanking will increase in the coming months. GFF now even claims that it is has developed a BlackBerry version of the malware which it has yet to release.

via symantec

F-Secure’s Latest Mobile Threat Report Shows 99% Of Malware Targeted Android Devices

F-Secure, one of the world’s leading online security companies based in Finland, has just released its Q1 2014 mobile threat report which shows what threats are affecting which mobile devices. For the first quarter of this year there were 277 new mobile threats discovered all but two targeted Android devices. Of the two new threats detected not affecting the Android platform, one targeted the iPhone while the other targeted Symbian devices.

mobile threat

The report also showed a number of firsts for the Android platform. The first cryptocurrency miner has appeared for Android during the first quarter of this year. This malware uses a device to mine virtual currencies without the knowledge of the device owner. The first bootkit has also appeared which affects the early boot stage of a device and is more difficult to detect and remove. The first Tor Trojan and the first Windows banking Trojan that jumped over to the Android platform has also appeared.

According to Mikko Hyppönen, Chief Research Officer at F-Secure, “These developments give us signs to the direction of malware authors. We’ll very likely see more of these in the coming months. For example, mobile phones are getting more powerful, making it possible for cybercriminals to profit by using them to mine for cryptocurrencies.”

Of the countries that had the most number of malware incidence Great Britain topped the list with 15-20 malware files blocked per 10,000 users. The United States, India, and Germany were next with 10 malware blocked for every 10,000 users. Saudi Arabia and the Netherlands followed with 2-5 malware blocked for every 10,000 users.

What do these mobile threats do when they infect a device? Their most common activities are listed below.

  • Sending SMS messages to premium-rate numbers
  • Downloading or installing unsolicited files or apps onto the device
  • Silently tracking device location or audio or video to monitor the user
  • Pretending to be a mobile AV solution but actually having no useful functionality
  • Silently connecting to websites in order to inflate the site’s visit counters
  • Silently monitoring and diverting banking-related SMS messages for fraud
  • Stealing personal data like files, contacts, photos and other private details
  • Charging a ‘fee’ for use, update or installation of a legitimate and usually free app

In order for Android device owners to protect themselves from mobile threats it is very important to get apps only from authorized sources such as the Google Play Store. It also helps if a security software is installed on a device which can scan and protect it from known threats.

via f-secure

Latest Google Play Services update will keep the ‘Verify Apps’ feature running at all times

Verify Apps

Verify Apps

A new leak reveals that Google could be planning to keep the ‘Verify Apps‘ feature running at all times to constantly check for any malicious apps that might make its way through the defenses of your Android device. The current security system allows apps to be security checked via Google’s ‘Bouncer‘ feature when they are being installed. But with the Verify Apps feature running in the background, users can be assured that apps don’t spread malicious content after the installation.

In some cases it is noted that even though the app clears Google’s initial security gateway, it starts spreading malware and attacks the system after being installed. This new Play Services update is basically a remedy to that. The update should go live in a few weeks as a standard Play Services update across all Android devices. While the users will not be affected by this change directly, it should be reassuring to know that your device is safe from potential malware attacks.

Source: Computer World

Via: Android Police

RiskIQ Reports 400% Increase Of Malicious Apps In Google Play Store

Android device owners know that the safest way to get an app is from official sources such as the Google Play store or even the Amazon Appstore. Getting an app from unofficial sources just increases the chance of malware infecting the device. What happens when even the official sources are not safe anymore?

android malware

RiskIQ, an Internet security company, recently released a report showing that malicious apps in the Google Play store have increased by 388 percent from 2011 to 2013. The company also says that the number of malicious apps that Google has removed has decreased from 60 percent in 2011 down to only 23 percent in 2013. The most common malicious apps available are those that allow personal customization of a device.

RiskIQ got this data by monitoring mobile application stores for suspicious activity. For this report the company counted Android apps in the Google Play store as being malicious if they satisfy any of the conditions listed below.

  • Collect and send GPS coordinates, contact lists, e-mail addresses etc. to third parties
  • Send SMS messages to premium-rate numbers
  • Subscribe infected phones to premium services
  • Record phone conversations and send them to attackers
  • Take control over the infected phone
  • Download other malware onto infected phones

According to Elias Manousos, CEO of RiskIQ, “The explosive growth of mobile apps has attracted a criminal element looking for new ways to distribute malware that can be used to commit fraud, identity theft and steal confidential data. Malicious apps are an effective way to infect users since they often exploit the trust victims have in well known brands and companies they do business with like banks, insurance companies, healthcare providers and merchants. Our unique visibility directly into App Stores allows us to shine a light on this problem and prevent attackers from impersonating brands to exploit their customers.”

The RiskIQ report also states that 12.7 percent of apps in the Google Play store for 2013 are malware. The top app categories that contain malware include personalization, entertainment, education/books, media/audio video, and sports.

Google on the other hand has implemented its scanning feature since 2012 called the Bouncer program which catches malware before the app reaches the Google Play store. Apps are also not able to do an update unless it comes from the Play store.

Android malware has become a growing concern lately as hackers are coming up with newer ways to infect a system. If you’re concerned about the security of your mobile device even if you are getting your apps from official sources then you might want to consider installing an anti-virus program on your deivce.

via riskiq

Linksys Router Malware “The Moon” Could Make Browsing On Your Android Device Slow

Are you suffering from slow browsing issues on your Android device while connected to your Linksys home router? There’s a huge possibility that the problem isn’t on your mobile device but on your router itself. A new malware has just been discovered called “The Moon” that affects Linksys routers. The affected models include E300, E900, E1000, E1200, E1500, E1550, E2000, E2100L, E2500, E3000, E3200, E4200, WAG320N, WAP300N, WES610N, WAP610N, WRT610N, WRT400N, WRT600N, WRT320N, WRT160N, and WRT150N.

linksys

Linksys has released a statement regarding this issue saying that “Linksys is aware of the malware called The Moon that has affected select older Linksys E-series Routers and select older Wireless-N access points and routers.  We will be working on the affected products with a firmware fix that is planned to be posted on our website in the coming weeks.”

The Moon was first discovered by the SANS Institute’s Internet Storm Center which issued a public notification about the threat last February 12. What this malware does is that it bypasses the authentication of the router by logging in even without the username and password. Once it is able to enter the router it floods the network with traffic on ports 80 and 8080. This results in heavy activity and will slow down the Internet connectivity across all devices.

To avoid getting this malware, users who own any of the affected Linksys products should patch their devices and disable the remote admin interface. It is also better if firewall rules to block inbound connections are set.

Linksys has also released several steps that consumers can tale to prevent The Moon from infecting the home network.

  • Access the router’s web-based setup page.
  • Verify if your Linksys router has the latest firmware.  The current firmware version can be seen in the upper-right corner of the web-based setup page.  If your router doesn’t have the latest firmware version, update it through the Linksys Support Site.
  • Once you have verified that the router has the latest firmware, click the Administration tab.
  • Make sure that the Remote Management option under the Remote Management Access section is set to Disabled.
  • Click the Security tab.
  • Make sure that the Filter Anonymous Internet Requests option under Internet Filter is checked.
  • Click Save Settings.
  • Powercycle the router by unplugging it from the power source then plugging it back in.  This should clear the cache and remove the malware if your router has been infected.

via linksys

Complex Malware “The Mask” Spreading Since 2007, Could Affect Android Devices

An advanced malware that has existed since 2007 has been detected by Kaspersky Lab’s security research team. The malware called “The Mask” comes from the Spanish slang “Careto” (meaning ugly face or mask) and is named so because of the inclusion of the word in some of the malware modules. It comes with a sophisticated set of tools such as a rootkit and a bootkit which affects 32 bit/ 64 bit Windows systems, Mac OS X, Linux, and possibly Android and iOS.

The Mask

The targets of this malware are diplomatic offices and embassies, government institutions, research organizations and activists, energy, oil and gas companies. It has already been detected in 31 countries including China, the US, France, the UK, and Germany and has claimed more than 380 unique victims.

What this malware does is it tries to gather sensitive information from an infected system. The information could be office documents, encryption keys, VPN configurations, RDP files, and SSH keys just to name a few. It can intercept network traffic and even record keystrokes and Skype conversations.

Kaspersky first became aware of The Mask last year when it observed an attempt to exploit one of the vulnerabilities of its product which had been fixed five years ago. This vulnerability allowed a malware to remain invisible and undetected by their security software. This drew their interest which is why an investigation was started.

The security firm then discovered that Careto can be disastrous to systems that are infected. This is because the malware is able to intercept all communications channels and is extremely difficult to remove since it has a stealth rootkit capability.

The mode of infection relies on spear phishing emails. A link is included in an email and when the recipient clicks on the link it opens a malicious website that is designed to infect the visitor. According to Kaspersky “It’s important to note the exploit websites do not automatically infect visitors; instead, the attackers host the exploits at specific folders on the website, which are not directly referenced anywhere, except in malicious e-mails. Sometimes, the attackers use subdomains on the exploit websites, to make them seem more real. These subdomains simulate subsections of the main newspapers in Spain plus some international ones for instance, The Guardian and Washington Post.”

Questions such as where this malware originated from are now being asked. Kaspersky thinks that with a high-powered malware such as this it appears to be sponsored by a nation state and not of an individual.

Costin Raiu, the director of Kaspersky’s Global Research and Analysis Team, said that “Several reasons make us believe this could be a nation-state sponsored campaign. First of all, we observed a very high degree of professionalism in the operational procedures of the group behind this attack. From infrastructure management, shutdown of the operation, avoiding curious eyes through access rules and using wiping instead of deletion of log files. This level of operational security is not normal for cyber-criminal groups.”

via kaspersky

New Windows Malware Attempts To Infect Android Devices

Remember the good old days when a malware only threatened the operating system that it was infecting? Times have changed as hackers are finding devious ways to infect Android devices by first targeting the Windows operating system. The concept is that when an Android device is connected to an infected Windows computer the Trojan installs a mobile banking malware on the connected phone.

android malware

This is a new way of spreading malware on Android as the most commonly used methods are social engineering or fake apps hosted on third party markets.

Symantec researcher Flora Liu, said in a blog post that “We’ve seen Android malware that attempts to infect Windows systems before. Android.Claco, for instance, downloads a malicious PE [portable executable] file along with an autorun.inf file and places them in the root directory of the SD card. When the compromised mobile device is connected to a computer in USB mode, and if the AutoRun feature is enabled on the computer, Windows will automatically execute the malicious PE file.”

“Interestingly, we recently came across something that works the other way round: a Windows threat that attempts to infect Android devices.”

The latest threat discovered is called Trojan.Droidpak which drops a malicious DLL (also called Trojan.Droidpak) on a Windows computer and registers it as a system service which allows it to be active even if the system is rebooted.

Once the Trojan exists in a computer it then downloads a configuration file from a remote server which contains a malicious Android file called AV-cdk.apk. The Android Debug Bridge is also downloaded which is needed to execute Android commands connected to a PC.

The Trojan will then execute the command “adb.exe install AV-cdk.apk” repeatedly so that if an Android device is connected to the infected computer it will install the AV-cdk.apk file silently on the device.

The good news is that this malware has limitations as it can only infect an Android device that has its “USB Debugging” setting enabled.

USB Debugging is commonly used by Android developers or those who wish to root their device and install a custom firmware.

Symantec has identified the malicious Android file that is being installed as Android.Fakebank.B which tricks users into thinking that it is an official Google Play application. It even uses the name “Google App Store: and uses the same icon.

malware

Liu says that the malware targets online bankers in South Korea. “The malicious APK actually looks for certain Korean online banking applications on the compromised device and, if found, prompts users to delete them and install malicious versions. It also intercepts SMS messages received by the user and sends them a remote server.”

One of the best methods to protect against this malware is to turn off USB Debugging when not needed.

via symantec

Cisco Security Report Shows Android Targeted By 99% Malware Attacks In 2013

The popularity of the Android platform has made it a favorite target among malware makers. It’s a huge favorite that the Cisco 2014 Annual Security Report says that 99 percent of all mobile malware in 2013 targetted Android devices. This is an increase from the 71 percent reported in 2012.

Cisco

The report also points out that Android has the highest encounter rate (71 percent) among all forms of web delivered malware. This is significantly higher than the 14 percent rate encountered by iPhone users.

The bulk of the malware threat on Android devices comes from a malware called Andr.SMSSend. It is a Trojan that accounts for 98 percent of all Android malware while the remaining 2 percent is made up of other forms of malware.

An Android device will have a greater risk of getting the Andr.SMSSend malware if apps installed in it are taken from outside the Google Play Store. This kind of malware interrupts the normal operation of a device and gains access to private information.

Some of things that this malware can do are as follows

  • Steal contacts and pictures
  • Tracks your location
  • Logs keystrokes and passwords
  • Sends SMS to premium numbers which results in a higher bill
  • Fakes legitimate banking apps
  • Steals banking information

This report seems to be alarming but if we look closely at the problem there’s really nothing to be worried about. The bulk of the problem seems to point only to Andr.SMSSend which originates from Russia and enters a device through sideloaded apps. If consumers just get their apps from official sources such as the Google Play Store then there’s a very little chance that malware will enter a device.

Most Android users tend to download apps from third-party sites since they can often get paid apps for free. It’s really tempting to get an app for free but then you must also consider that it is being offered for free to lure Android users.

Some other proven methods to protect your device from malware are as follows

  • Always read the permissions of every app before installing
  • Avoid installing android apps from third-party websites or unreliable sources
  • Always protect your device with a password
  • Do not view or share personal information over a public wi-fi network
  • Choose an antivirus app for your phone
  • Use a backup or security application for the data stored in your Android device

via cisco