Related
Ok, maybe I'm in the wrong place. But here goes.
My phone is trying to send text to paid numbers behind my back. I'm using prepaid so it doesn't work. I get a "You have insufficient funds to send this text" message daily, at random times.
I have no pirated apps. Everything on my phone came straight from the market. However, I've not installed a single one of the apps that was on the recent list all over tech sites.
I'm planning on reflashing with a different rom and changing all the passwords that were stored on my phone.
BUT.
Before I do this, I want to find out which app is causing this behavior. Any Ideas on how to find out what is sending random text from my phone (they don't show up in the messaging app)
viogrep said:
Ok, maybe I'm in the wrong place. But here goes.
My phone is trying to send text to paid numbers behind my back. I'm using prepaid so it doesn't work. I get a "You have insufficient funds to send this text" message daily, at random times.
I have no pirated apps. Everything on my phone came straight from the market. However, I've not installed a single one of the apps that was on the recent list all over tech sites.
I'm planning on reflashing with a different rom and changing all the passwords that were stored on my phone.
BUT.
Before I do this, I want to find out which app is causing this behavior. Any Ideas on how to find out what is sending random text from my phone (they don't show up in the messaging app)
Click to expand...
Click to collapse
Install a android antivirus and firewall like Lookout.
Sent from my GingerBread Eris using XDA App
lookout finds nothing. All the other AV software fails to install. "Unknown error -18"
i have plenty of free space.
viogrep,
I wrote a novel, but then thought I should just ask a few preliminary questions:
Q1) does the error message contain any useful "hints", such as the destination number ?
Q2) if you use a logcat - capturing app, does anything show up in the logcat right around the time the message is generated which might provide some further clues?
There's a lot of different techniques you can use, but they require a bit of effort - not only to perform, but to explain, too.
Q3) Are you willing to post up the output of the "ps" command to a pastebin?
Q4) What apps on your phone request "SEND_SMS" privileges? You can find out with
Code:
strings /data/system/packages.xml > /sdcard/strings-pkgs-xml.txt
and then poking through the "strings-pkgs-xml.txt" file. When you see (for instance)
name="android.permission.SEND_SMS"
the immediately prior package is what requested it. Either that or you can do something tricky like
Code:
strings /data/system/packages.xml | awk '/<package name/{pkg=$2;}; /_SMS/{print pkg, $2;}'
bftb0
1. No destination number in the error. Sorry.
2. Also, no clues in logcat from what I've seen.
3. PS > http://pastebin.com/iUAfP9Yb
4. Besides the default gapps, the only other app with SEND_SMS priv. is Koxx Pure Messenger. (Purchased from the market, Have had for awhile, the sms sending is new)
Going to try to call my provider and see if I can get the number that's been denied because of funds.
*edit* No luck with provider.
I'd really like to know whats doing it so I don't install the same app once I flash. Luckily I keep nothing important on my phone. Its gmail account is actually a duplicate with my original forwarding to it. I'm a tiny bit overprotective over my email(address). :x
viogrep said:
4. Besides the default gapps, the only other app with SEND_SMS priv. is Koxx Pure Messenger. (Purchased from the market, Have had for awhile, the sms sending is new)
Click to expand...
Click to collapse
I know that it isn't necessarily this simple, but if that really is the only other app besides the GAPPs with SMS priveledges, especially coupled with the knowledge that the SMS capability is new, I think you have your answer.
If you tried a new ROM and restored all but that one app, and the problem never happens again then you can be 95% sure. Only way to be 100% sure is that after a certain length of time without a problem (a week?) you reinstall Koxx and then if the problem starts happening again.
I looked through your "ps" listing.
Didn't see anything too obvious sticking out at me; there were a couple of non-market apps running though. I know that there is no theoretical reason why non-market apps would be malicious - on the other hand, I sort of wonder why they are not on the market... you know what I mean? What is stopping them? (In the case of Tubemate - which was actually kicked off of Google's market, my suspicions are even higher. I realize it was not kicked off because of malware; but still...)
These were the only processes that were either not on my phone, or I didn't really recognize.
Code:
com.dylan.tube = [Non-Market App] Tubemate
com.gau.golauncherex.notification = GO Launcher EX (READ SMS)
com.levelup.beautifulwidgets = Beautiful Widgets (LevelUp)?
com.revsodev.volumecontrol = [Non-Market App] Volume Control (Cyrket?)
com.swype.android.inputmethod = Swype?
com.tencent.research.drop = QQPlayer (no perms req'd?)
net.bajawa.battery = BattStatt (no perms req'd?)
org.sipdroid.sipua = Sipdroid VoIP + video
The Road Warrior has an idea which is sort of useful; but I'll modify it to use binary division.
Start with a freshly installed, clean ROM, and only install half of your apps. (I would put all of your most frequently used apps in the first half, and delay any non-market apps as long as possible). Here's how this goes:
- if the "half" you put on the phone is trouble-free (long enough to know the SMS popup thing is not going on), then, install half of the remaining apps, and wait again to see if there is a problem.
- if the "half" you put on the phone develops trouble, then you know that the problem app is in that group. Wipe the phone and re-install all prior "halves" (that caused no trouble), but split the current half (the group containing the suspect app) in half, and only install that. Proceed in this fashion until you are down to the app which causes the trouble.
If you have 128 apps on your phone, and you wait 1 day between installations, it will take 7 days to find the malicious app. (And if you don't get a failure within the first two days, your phone will have 3/4s of it's apps installed - that's not too bad).
The thing is though, even if you had an app compromise your phone, it might not be an "app" that is doing the dirty work any longer. For example, the most recently discovered malware ran rooting exploits against the device, and once successful, downloaded and installed "other stuff". That "other stuff" could be native binaries. So, examining permissions in the system manifest doesn't necessarily guarantee that you have exhaustively looked at your phone, or discovered all possible means of interacting with the SMS system.
It might be "just an app", though - and if it were me, the first ones that I would suspect are non-Market apps, or apps that *cough* got downloaded from "freeware" sites.
Thanks for the responses. I actually did a fresh flash last night. First thing I installed was tubemate (running through non market apps) and it did it. Ironically I added some money to my account to see if I could get the number it was trying to text. Apparently it still couldn't go through.
Sent from my FroShedYo V10-ERIS using XDA App
I had a game from a Chinese developer that stole my gmail. Log into yours from the website and see if you get a red warning.
Sent from my GSBv1.9 ERIS using XDA App
viogrep said:
Thanks for the responses. I actually did a fresh flash last night. First thing I installed was tubemate (running through non market apps) and it did it. Ironically I added some money to my account to see if I could get the number it was trying to text. Apparently it still couldn't go through.
Sent from my FroShedYo V10-ERIS using XDA App
Click to expand...
Click to collapse
I'm always amazed when something I suggested actually works. LOL. It's just that I'm used to things being more complicated than I hope.
Glad you figured out the trouble!
Thanks bt and RW for the help.
As far as the gmail thing... I use a different gmail address on my phone with email forwarded (different pass)...
If it gets taken I just stop the forwarding and make a new one. Makes things a more simple. Sure, they can see past emails, but they cant request passes/info from other sites... (I also monitor the login IPs in gmail, religiously. Just a habbit.)
viogrep said:
Thanks bt and RW for the help.
As far as the gmail thing... I use a different gmail address on my phone with email forwarded (different pass)...
If it gets taken I just stop the forwarding and make a new one. Makes things a more simple. Sure, they can see past emails, but they cant request passes/info from other sites... (I also monitor the login IPs in gmail, religiously. Just a habbit.)
Click to expand...
Click to collapse
You're welcome. You could just change your password from the web if your phone gets stolen.
Especially since it's the gmail address you use on your phone that everything is sync'd to, not the one that's forwarding to it. So if you got another Android phone you'd lose all your contact info and bought and installed apps info, calendar and such. Unless you sync them manually which is so much harder in my experience.
Or you could use one of the many free apps out there that would let you remotely do many things to your phone. Turn the GPS on, triangulate your phone, make your phone scream, do a factory reset to erase everything...
Just a suggestion.
My Roger EVO 3D came pre-installed with an app called "Wi-Fi Calling". Does anyone know what this is?
I think it may be a Rogers app (the icon is red and white), but I can't tell for sure. It doesn't appear on the market from what I can tell.
I'm asking because despite the fact I have turned the app off (via a checkbox within the app itself), the app regularly account for around 5% of my battery usage.
saltorio said:
My Roger EVO 3D came pre-installed with an app called "Wi-Fi Calling". Does anyone know what this is?
I think it may be a Rogers app (the icon is red and white), but I can't tell for sure. It doesn't appear on the market from what I can tell.
I'm asking because despite the fact I have turned the app off (via a checkbox within the app itself), the app regularly account for around 5% of my battery usage.
Click to expand...
Click to collapse
the app is not stock on the Sprint version of the HTC EVO 3D.
some apps are coded poorly and will continue to run services in the background even though they coded the app to give you an option to turn the app off. if this is the case with the WiFi Calling app and you don't plan on using it, your best bet would be to move the apk out of the /system/app or /data/app directory to somewhere else like the sdcard.
the solution i present assumes you have root and are nand unlocked. removing the apk is the *safest* method, imo, to make sure the application is uninstalled and not consuming resources.
The android package manager, which manages all the devices applications, monitors /data/app and /system/app for application .apk files to be added/removed and will process the application .apk file as soon as it detects a new file or the removal of an existing file.
Hence, moving the apk file out of /system/app or /data/app to the sdcard will essentially cause the packagemanger to uninstall the application and the icon should be removed from your application launcher/tray.
If you ever do need the app again you can simply move the app .apk file back to /data/app or /system/app and the packagemanager will load it up.
i only have the sprint version of the evo 3d, so i'm unfamiliar with this app, but hopefully my suggestion solution and the description of how the packagemanager operates will help!
Thanks for the info.
Since I'm running the GSM version of the EVO 3D, I'll have to wait for a reliable root method before I can get rid of this app.
That's the one think I'm missing from my old X10 - root access (and Titanium Backup specifically).
saltorio said:
Thanks for the info.
Since I'm running the GSM version of the EVO 3D, I'll have to wait for a reliable root method before I can get rid of this app.
That's the one think I'm missing from my old X10 - root access (and Titanium Backup specifically).
Click to expand...
Click to collapse
i was hoping you wouldn't reply saying you're not rooting .. but since you did .. the only other solution i've heard of .. and it states in it's description, it doesn't require root, is an application which loads at startup and allows the user control over blocking/allowing other apps from starting up.
after a quick google search, i think this is the app i've heard about:
https://market.android.com/details?id=com.vesperaNovus.app.StartupAuditor
author thread: http://androidforums.com/application-announcements/54838-new-improved-startup-auditor.html
it does cost money and i have not purchased it but i've heard from some people that it works .. so take that for what its worth! i think the android market has a 15 min return period from app purchase to end of return period time allowance.
root would be the preferred method, but as a non root alternative, this is the best solution i can think of. good luck!
It's not that I don't want to root. It's that there currently isn't a root method available for the GSM variant of the EVO 3D.
I'll just wait and live with it until then.
Hi,
I came to the same conclusion that the WIFI-Calling app is still running even when turning offf the feature. And, yes, it doesn account for some batery usage when looking at battery stats.
I am trying to find a way to have the battery last for a full day of slight use. (doesnt last a full day for me with only 5 msg, 3 short calls and some internet browsing).
This app is unkillable with SystemPanel;(
wtf is rogers doing with its apps is crap.
Rooting the phone is not something I consider for the moment.
Will try the suggested app.
thanks,
StartupAuditor fails at preventing the WIFICalling app from starting
Same for Android Assistant
This WIFICalling app is still there eating a big chunk of the CPU time
;(
Here is the problem;
I have a mobile banking app on my phone. The app is in the store and can be downloaded, but it has to be activated in order to be able to use it. So every time time I change the phone (and I do that once or twice a year), I have to go to the bank to get the code. I understand that this is a security measure. However, I'm so sick of this, that I'd like to try solving it.
Now, I'd like to be able to transfer that app to another phone without going to the bank/getting the new code. Is there a way to do this?
Maybe with Titanium Backup!
No. I tried that some time ago. If I recall correctly, it just creates APK file from installed app, and this file can transfered to another device. There it installs like any other new APK. And in this case, it will ask me for an activation code. At least that's how it was last year when I tried to transfer the same app to my HD2.
So restoring data as well from TB does not work?
I'm thinking if there is any "loose" folder post activation on the sd card that isn't caught by titanium.
Sent from my GT-N7000 using Xparent ICS Tapatalk 2
I just tried. This time I used app+data. And I got behind the activation code point, but I'm stuck on PIN nr. First 2 times it said wrong pin, although I entered the same PIN I'm entering on my old phone. 3rd time it started to show various errors.
I guess it got locked somehow. It does happen if you enter the wrong PIN 3 times.
The interesting thing is that the app is still working on my old phone.
I guess they protected it well.
Just a noob here but maybe transfer the apk and the data file with Bluetooth file transfer I've used it for apks and zip files. hope this helps
Edit : and fix permissions ?
Sent from my SCH-I535 using xda app-developers app
I doubt there would be any difference in sending the files via bluetooth.
In the play store sign-in to the same email that you used. You can find all your apps synchronized and you can re-download and install on the new device.
Not true.
Not every app.
Sent from my GT-I9100 using Tapatalk 2
I don't think it would be possible because it looks that app code is linked with hardware. Whener you are going to change hardware you will need new code.
That's a good security measure, you should be grateful to your bank.
Sent from my LG-P500 using xda
Your app download history is saved to your Gmail account, so when you sync that to your new phone, all the apps will be there.
OR
Store
APK Extractor
Short press
Share
options email/bluetooth
I rooted my phone last month and it's been running just fine. Today I began seeing a SuperSU message "Binaries need updating..." Selecting update reboots the phone. Cancel and the app will not run. Booting into recovery, wiping the cache then reinstalling SuperSU restored SuperSU app but security app, "TrustGO" virus scan states "[email protected]" infection in Supersu. Also, SuperSU began new message recommending an upgeade to the "Pro" version.
Is "[email protected]" a problem and if so is there an alternative?
(AVG & Norton virus scans report nothing.)
Thanks!
?)
What I think is the case is that by receiving the prompt to upgrade to pro it may have triggered your security app.
"I think" Do you have an add blocker software app installed ?? If so check for an update to your host files. If not then hit the play store and download one. I use Add free. It's free and it's a good app "imo" After your device is add free the security alert should go away. If not try uninstalling the security app, reboot and reinstall it. But if avg and Norton scanned and reported nothing then more than likely your ok. But if you prefer the app that had the alert then you can try the above steps to see if it helps your issue at all.
#Root-Hack_Mod*Always=SG3
To stop message to upgrade from showing, click setting, scroll all the way down, uncheck nag about upgrading.
Sent from my lair.
laie1472 said:
What I think is the case is that by receiving the prompt to upgrade to pro it may have triggered your security app.
"I think" Do you have an add blocker software app installed ?? If so check for an update to your host files. If not then hit the play store and download one. I use Add free. It's free and it's a good app "imo" After your device is add free the security alert should go away. If not try uninstalling the security app, reboot and reinstall it. But if avg and Norton scanned and reported nothing then more than likely your ok. But if you prefer the app that had the alert then you can try the above steps to see if it helps your issue at all.
#Root-Hack_Mod*Always=SG3
Click to expand...
Click to collapse
Thanks for the response.
I am using Ad Free and updating HOST file says I have the latest. Viewing the HOST file shows a blank page? I uninstalled TrustGO, rebooted and reinstalled. Scan still identifys "[email protected]" infection. "This app is able to gain full access by exploiting a well known weakness on the Android platform".
I like TrustGO because it does all security in one app. (Lost phone locator, remote data wipe, web browsing malware protection, virus detection, etc.)
I guess if SuperSU really had began misbehaving some of you smarter folks out there (smarter than me!) would detect that and recommend alternatives. Unless I hear otherwise I guess I'll flag it as IGNORE.
SuperSU/Superuser by their nature are a security risk, that's a false warning though.
Micro Maniac said:
Thanks for the response.
I am using Ad Free and updating HOST file says I have the latest. Viewing the HOST file shows a blank page? I uninstalled TrustGO, rebooted and reinstalled. Scan still identifys "[email protected]" infection. "This app is able to gain full access by exploiting a well known weakness on the Android platform".
I like TrustGO because it does all security in one app. (Lost phone locator, remote data wipe, web browsing malware protection, virus detection, etc.)
I guess if SuperSU really had began misbehaving some of you smarter folks out there (smarter than me!) would detect that and recommend alternatives. Unless I hear otherwise I guess I'll flag it as IGNORE.
Click to expand...
Click to collapse
Well viewing the host file should not be blank "afaik". If you want, try running it again. And/or uninstalling add free and then rebooting. Hit recovery and wipe cache & dalvik cache. Then reinstall add free and update. Also yea I'm gonna lean towards the hit on the su app as a false one. Also which version are you using ??
#Root-Hack_Mod*Always=LTE
Version 1.04
Sent from my EVO using xda app-developers app
AddFree still shows blank TCP dump. Logon and update says I'm up to date. I reinstalled it after wiping cache same time as SuperSU...
Sent from my EVO using xda app-developers app
Were are you viewing your host file from?? Also have you tried to a earlier ver of super su ??
#Root-Hack_Mod*Always=LTE
There really is no nice way to say this, aside from "TrustGO are a collection of dumb ****s who don't know their job". They're not alone, though.
SuperSU and/or its native binary are installed by many exploits that gain root automatically. Those are indeed security risks. Due to this, it appears the su binary itself has been (wrongly) classified as an exploit by several virus companies, instead of the binaries actually performing the exploit.
There is nothing "exploiting" about su, if there was, a lot of binaries on a lot of computing devices could be classified as exploit now
Micro Maniac said:
AddFree still shows blank TCP dump. Logon and update says I'm up to date. I reinstalled it after wiping cache same time as SuperSU...
Sent from my EVO using xda app-developers app
Click to expand...
Click to collapse
Well the Man himself said it. Ya can't get a better answer than the one chainfire gave you.
#Root-Hack_Mod*Always=LTE
Thanks! I fully agree..
I was able (finally) to get the host file working...
Sent from my EVO using xda app-developers app
Glad you got it worked out.
#Root-Hack_Mod*Always=LTE
I think I have got a virus in my phone. Sometimes when I open any link in Chrome, a random popup opens which usually redirects to the play store somewhere. Once I opened 9gag.com and it opened 9gag's play store link. It even happened with android authority blogs that when I interact with the page i.e touch or scroll anywhere, a random ad link just pops up. Not only this but the original page is replaced by a facebook page whose URL contains something about a campaign i.e its ID etc. History shows a website terraclicks.com and google search on terraclicks shows that it's a PC virus.
Not only with Chrome, I even got the same popup while opening a link using facebook's own default internal browser.
I used Avast to scan for viruses including all files but it found no virus. The same thing is also happening in my brother's phone and we don't share anything between phones. There's a laptop in my home which also shows terraclicks in its history. So I think the virus is spread over all the devices, but I am still unsure as to how to remove it while mobile's antivirus detects nothing.
ad virus
Yes i have the same problem.Please help.
well I installed ccleaner and cleared three things:
All apps cache, chrome history and empty folders. It disappeared for some days but last night it came again to me. Now I have repeated the process again, let's see what happens now..
Usman i have factory restored my phone but it is still there. I dont know what to do now
khan khan said:
Usman i have factory restored my phone but it is still there. I dont know what to do now
Click to expand...
Click to collapse
which internet are you using? I am using PTCL
Do you also have this on another mobile or on computer?
no, there is only one mobile and it is only happening with it.
It's most likely a simple ad that is displayed when they detect your device and want you to download their app I stead. Use an ad blocker and you will be fine.
zelendel said:
It's most likely a simple ad that is displayed when they detect your device and want you to download their app I stead. Use an ad blocker and you will be fine.
Click to expand...
Click to collapse
It's also appearing on computers. And I can say it's not coming from the website's owner because I personally work on a website and one time clicking on its logo triggered the ad. That website would never put an onClick ad on its logo.
terraclicks ad virus
You should install a new window on your computer which will definitely remove these ads but what to do with this in the android. I have installed every antivirus , antimalware and have performed a reset too but no effect.
OMG, I was also infected with Terraclicks. All I can find is removal guides that have nothing to say about Android system.. Can I just reinstall by browser or reset my phone to factory settings? I would prefer the second option because I have lots of photos that are important to me on my device. thanks
It's almost a year since the original post on this thread, and still searches for info on this insidious malware, Terraclicks shows just non-android solutions and generic adware removal info.
Like several other posters I have tried dozens of AV and anti-malware apps but nothing works so far.
Has anyone found a solution??
Clear all apps cache, browser cookies (it will log you out of all websites in the browser), and browser history (only if needed).
Try the above steps one by one and give some time between them to see if the problem goes away without doing the other steps.
It probably comes from visiting cheap websites like those sharing apk files or songs etc. They don't give a damn about the users.
For me this was solved by making uTorrent pro inactive, the adds stopped.
Once I uninstalled it they never came back.
Assuming you have cleared your Chrome cache etc, I suspect you have an app which has been installed which is causing this. In my case it was an .APK which I had downloaded externally (because I couldn't get it from the Play Store). As it happened, this particular app made itself a device administrator (you can check by going into Security, Device Administrators) and it also had greyed out the ability to uninstall it. The app was also running as a background process which is how it keeps spawning those ads. Nothing picked it up as Malware (Malware Bytes, Trend, CCleaner). That was the giveaway to me, that something wasn't right with this app. This would also explain why a phone reset wouldn't remove it, because that typically reinstalls all your apps (except in your case) the app would have probably come from the Play Store. Since removing the app, I've had no problems and the dreaded problem has gone away. Now I am a lot more careful about which APKs I loaded. Good luck
I had this issue and it ended up being one of the apps I downloaded. Once in uninstalled the correct app the problem ended. If you do factory reset, then redownload all your apps, then the problem would come back because you redownloaded all the apps you originally had. This is especially true if you use an app that's not in googles playstore so what he is saying sounds almost exactly the same as what happen to me.
Thank you that fixed it. I downloaded showbox of a site. N it messed up my phone.