Folder called .skynet - Atrix 4G Q&A, Help & Troubleshooting

Hey, anyone knows what is this?
I don't know how, but there's a persistent folder /sdcard/.skynet
I can erase it, but after a restart, there is, the folder is back.
Already scanned for viruses with a lot of apps and airpush... I have no idea what this can be.
Suggestions?
Edit: Folder contents:
/sdcard/.skynet/.service/
- service_ad_start_point
- skynet.db

http://youtu.be/_Wlsd9mljiU?hd=1
So it has begun!

eSu.Matix said:
http://youtu.be/_Wlsd9mljiU?hd=1
So it has begun!
Click to expand...
Click to collapse
Believe me or not, but the first thing that I've thinked when I saw the folder, was this scene too! :laugh:

Hi,
Any of these applications : https://play.google.com/store/apps/developer?id=skynet+Inc. ?

jisse44 said:
Hi,
Any of these applications : https://play.google.com/store/apps/developer?id=skynet+Inc. ?
Click to expand...
Click to collapse
The search gives me an error. But manually searching at playstore for "skynet".. and no, I haven't none installed here.
Funny thing is my apps are the same for a long time. The only thing that I installed recently here is Airpush detector and the antivirus apps such as Avast, Lookout and Zoner.

data shipped to china
Haven't found all details yet, but enough to reply. Hopefully this helps others.
.skynet folder is related to china company idreamsky. Data captured, that i know of so far: As you launch any app on your phone, package name is added to db as a new row. Suspected but yet unverified, that info is shipped to idreamsky via TLS.
I was working on MITM to see what is shipped but hit a snag...it all quit when i upgraded to ICS. It was collecting and transmitting something when i had 2.3.6 on my razr.
The actual problem child in my case was found to be jet pack joyride from halfbrick. I didn't check to see if fruit ninja was also doing this. However, from my research, it looks like any other apps could also be the culprit if those devs also teamed up with idreamsky.
If halfbrick is not the issue in your case, a simple check of apps running after reboot will likely bear fruit (pun intended).

I have just bought a used tablet myaudio 7 and i also found this wierd skynet file, I thougt this is some kind of a backdoor or some malware so I did a
hard reset on my tablet
but after the hard reset the hidden .skynet folder is still there, and there are two batch files named secure.bat and securenew.bat with a hexadecimal string in the secure.bat.
the other file is some kind of a long version number. 2367r796n............_..................
mobgi and pictures folder? WTF?
what is this? is it take a screenshot from your face and sending to NSA?
or to the chinese nsa

Related

[Q] Side Loading an App

I read the whole section forum and people are side loading uncompatible apps, but no where does anyone explain "how to" side load an app can somenoe tell me, I have apps on my Galaxy 7in and they are not compatible with the Sony S running Android 3.2.1.
I want my Amazon app store, Pinger texting, words with friends and I have others too!
This is a new toy for me but disappointed that I cannot get these apps
Any help is appreciated!
It's easiest if you have ADB knowledge so you can pull apps from the galaxy tab and push them to the tablet s, but you can get the amazon appstore by going to amazon's website and it'll email you a link to the download. Also, I have words with friends on my tablet which I downloaded from the market no problems. Maybe with the latest tablet s update it is no longer marked as compatible, in which case we'll have to wait for the ICS update for a lot of the fragmentation problems to go away.
Put the .apk file from your Tab on your sd card, then you go into a file explorer type application on the Sony to find the file. Click on it and it should ask you if you want to install.
You should be able to download the amazon app store directly from amazon.com.
Also a nice program that will backup all your settings/files/apks is MyBackup Root, which will put all the apk's in one folder. However looks like the sony still hasn't been rooted?? I'm still waiting for mine in the mail.
Thank you
I am sure some of this is out of my league but I am going to take a shot at it. This is all new to me. I am technically challenged LOL.
I am going to go get the Amazon App Store though.
Thank you for the extra help
Sandy
spoilingpets said:
I am sure some of this is out of my league but I am going to take a shot at it. This is all new to me. I am technically challenged LOL.
I am going to go get the Amazon App Store though.
Thank you for the extra help
Sandy
Click to expand...
Click to collapse
If you use Astro File Manager (I know plenty do) on your Tab, you can use Astro's built-in App Manager to backup the apk files from every installed app to a folder on your SD Card. Then just copy this folder to your Sony like any other file, then using Astro (or some other file manager) to click on the individual apps in that folder and choose install.
I backed it up
AGC 93
I really am technically challenged here, I downlaoded the Astro File system, and I backed up the programs I want but I don't know where I backed them up to, it didn't give me a choice as to where to back them up.
Then I dont know how to transfer them from one device to the other. I wasn't kidding when I said technically challenged!
Thank you
Sandy
you could also save apps on a shared drive and install from there using file manager or the same via dropbox, etc
Maybe?
Maybe one of you would be willing to walk me through this procedure from beginning to end and then I will learn it, but right now it is all a mumbo jumbo to me.
We can do it through PM if we don't want to clog up the forum or maybe there is someone else who needs the same help as myself
Thank you
Sandy
Would it not be easier to just use the normal Amazon web page rather than mess about trying to get an app to install? If it's anything like the Amazon iphone app, it's pretty useless anyway - certainly nowhere near as good as using the web page.
I should explain better
I really need to text so I need a texting program that works well with at least some options. Chompsms and Handcent do not work without a phone number and getting an answer from tech support from either of those is like pulling eye teeth,(sorry)
I found a texting program on my galaxy 7 inch that works wonderful and does have some options for larger fonts, a local phone number bubbles so you know who is talking blah blah blah, it is not compatible with Android 3.2.1 which is on my new Sony tablet,
I am trying to side load that and Have no idea what I am doing,
Plus when we get ICS does that mean some of the things that are not compatible now will be when we get that update?
thank you in advance for all the help
Sandy
spoilingpets said:
AGC 93
I really am technically challenged here, I downlaoded the Astro File system, and I backed up the programs I want but I don't know where I backed them up to, it didn't give me a choice as to where to back them up.
Then I dont know how to transfer them from one device to the other. I wasn't kidding when I said technically challenged!
Thank you
Sandy
Click to expand...
Click to collapse
Sorry for the slow reply. By default, the apps we be backed up to a folder called Backup on the SD card. In there, there should be your apk's.
Hope that helps

[HINT] Accessing inaccessible APK files.

I hope this proves useful to someone, but especially noobs like myself! I've searched high and low for a a way to access and install apps that are either restricted by country (I'm in Vancouver, BC) or by device type of and up to now was only able to find references here at XDA that involve using VPN. If the following tip is already common knowledge and I somehow overlooked it, I apologize in advance.
Yesterday I ran across this article handy applet that so far has worked flawlessly for me:
Clearly I can't post URLs yet but the applet "Real APK Leacher" can be downloaded at:
www[dot]mediafire[dot]com[slash]?5vibfddvxmh98y
No need to install anything, but just unzip the DL into any new folder and run it directly from there. It does require Java Runtime Environment 1.5.0 or later. First time the tool is launched it prompts you for a DeviceID and associated account and P/W for the device. I used the DeviceID for my Galaxy S2.
(To find the DeviceID on a phone, enter [*#*#8255#*#*] (not including the brackets), and find the lines that begin with "JID="and "DeviceID-".
When I first ran the tool, I ran a search and got no results.. Found that the trick is to enter the search term(s) and then select the "custom" radio button. I've used the tool to successfully DL and install 1) Google Currents, 2) Onlive Desktop, 3) USAA Mobile Banking, 4) HBO GO, 5) Canada Post App, 6) UPS app, 7) Fedex 8) Hulu+ 9) all Amazon apps, 10) Realtor.ca, and many others. Till now I haven't run across any app I wanted that I haven't been able to install using the tool. Hope you have as much luck as I have with it.
After downloading the APKs to your computer desktop, simply transfer to the Prime via you're method of choice and install.
VancouverIngo said:
(To find the DeviceID on a phone, enter [*#*#8255#*#*] (not including the brackets), and find the lines that begin with "JID="and "DeviceID-".
Click to expand...
Click to collapse
And how do you propose we do that on our tablets?
leppie said:
And how do you propose we do that on our tablets?
Click to expand...
Click to collapse
or use the device ID app
https://play.google.com/store/apps/details?id=com.redphx.deviceid&reviewId=03899096149324352534
leppie said:
And how do you propose we do that on our tablets?
Click to expand...
Click to collapse
I tried to be as detailed as possible in my post (it was late, I was tired, perhaps I wasn't) which is why I went to the trouble of pointing out how I used my smartphone (the GS2) to carry out the procedure myself. I certainly don't claim to know exactly how the tool works behind the scenes, but I think it most likely needs to "fool" the source it accesses to DL the requested APKs into thinking the DL request is coming from a phone rather than a tablet.
In any case, there are probably many ways in which to retrieve a DeviceID. The method I went to the trouble of describing just happens to be the only way that I know how to do so. If you know of another... GREAT... use it. If not, then well, I think anyone frequenting these forums is probably clever enough to figure out/search for other ways.
In this day and age, I don't think that there are many tablet owners out there that don't also own or have access to a phone as well. In light of this fact, I assumed (perhaps unwisely) that readers of this thread don't require the same level of handholding/specificity that less tech-savvy members of the population might.
For those who've found other work-arounds to achieve the same end and are happy with their method, well, this post isn't meant for you. For others, like me, who've been seeking a simpler way, I truly hope you find the tool as useful as I have.
Running an unknown executable from a poster with no track record...can I just give you my CC# and SSN now and simplify things?
e.mote said:
Running an unknown executable from a poster with no track record...can I just give you my CC# and SSN now and simplify things?
Click to expand...
Click to collapse
Just googled the tool and seems it's getting quite a bit of attention; certainly not unknown. Favourable reviews/mentions from well known and respected sites. I In fact, I seems like someone here at XDA beat me to the punch in extolling its virtues ... found link to an active thread in the General Section.
While there are ways to check out executables of questionable provenance (particularly a Java applet on a PC) without endangering/in a secure environment, particularly when link to said executable comes from a noob poster such as myself, you are wise indeed to be cautious! For the adventurous among you, check it out at your own risk.
Searching on "real apk leecher" (note the correct spelling), it looks like this tool came out a week ago. It wants your email acct, password, and device ID. At least to start out.
From the screenshot, the apparent dev, Nhat Cuong Mobile, is a Vietnamese outfit with website here: http://nhatcuong.vn/. However, it's a mobile phone sales & repair site, and I can't find any info on software development (I can speak Viet).
If you do try this out, be extremely wary.
If you're rooted try Market Enabler (in the market), change to code to whatever network in whatever country, force close the market app (drag it to App info, and force close from there), then open it again, and voila Access to all the apps you couldn't access before.
adancau said:
If you're rooted try Market Enabler (in the market), change to code to whatever network in whatever country, force close the market app (drag it to App info, and force close from there), then open it again, and voila Access to all the apps you couldn't access before.
Click to expand...
Click to collapse
Will the Market Enabler app also open apps that are device specific? I. E., phone-only apps for tablets?

Why Remix OS spy my life ?

During a carving file on Remix OS usb key (persitent mode), I found screenshots of each window that I opened (panel settings, google chrome, play store, ...) no application is immune. Anyone have explanations ?
BlueMacaw said:
During a carving file on Remix OS usb key (persitent mode), I found screenshots of each window that I opened (panel settings, google chrome, play store, ...) no application is immune. Anyone have explanations ?
Click to expand...
Click to collapse
I don't have this on my system :-\
Is your "Print Screen" key pressed down?
This is quite concerning if true. I am however unable to reproduce this. Where are the screenshots located?
Ameris Cyning said:
Is your "Print Screen" key pressed down?
This is quite concerning if true. I am however unable to reproduce this. Where are the screenshots located?
Click to expand...
Click to collapse
internal storage/pictures/screenshots
More Details
*deleted*
This is about HFS+ and iOS but something similar might be happening with Android and NTFS.
sowilo said:
Hi !
I am a friend of the author of the topic and I discovered these troubling screenshots with him.
To start, we installed Remix OS on a new USB key, on persistent mode, and my friends used it during few days.
Today, by curiosity I launch a file carving operation with a tool called Foremost which is usualy used to recover deleted files.
Firstly plug the usb key to a Linux computer,
- Identify the key with the following command: #fdisk -l
- Then launch Foremost like this: #foremost -t png /dev/sdX
Now you can go to the output folder and explore the many .png files, there are mainly systems files, but among all these files we have found a lot a very small screenchots taken without our knowledge, I've put a few of them in attachments.
We can see tow types of screenshots,
- small part of the screnn 420*420px, <50ko
- full windows 420*420px, <50ko
I find it strange and I would like to know what you think and if you can reproduce this.
>> imgur.com/a/FuDgp
Thank you and sorry for my bad english
Click to expand...
Click to collapse
I still cannot reproduce it.
Tho the fact that Jide is in China is concerning.
What country are you from? Perhaps its a government spying op
Ameris Cyning said:
I still cannot reproduce it.
Tho the fact that Jide is in China is concerning.
What country are you from? Perhaps its a government spying op
Click to expand...
Click to collapse
I'm from France but i think it had nothing to do with where i live, it's the official image downloaded from the official website (the md5 is correct).
I just created a bootable usb key and i still found this type of screenshot.
Have you well checked among all images ?
The majority of them are just files system but there are some small screenshots of all actions that are done.
And I find it strange, I am not suggesting that is chinese spying but I just want to understand.
HypoTurtle said:
This is about books.google.co.uk/books.... HFS+ and iOS but something similar might be happening with Android and NTFS.
Click to expand...
Click to collapse
I don't think, there is no NTFS partition on Remix OS.
sowilo said:
I'm from France but i think it had nothing to do with where i live, it's the official image downloaded from the official website (the md5 is correct).
I just created a bootable usb key and i still found this type of screenshot.
Have you well checked among all images ?
The majority of them are just files system but there are some small screenshots of all actions that are done.
And I find it strange, I am not suggesting that is chinese spying but I just want to understand.
I don't think, there is no NTFS partition on Remix OS.
Click to expand...
Click to collapse
(I thought the usb you were using/scraping might have been ntfs)
File system doesn't matter I believe ; ( -- perhaps as long as it's journalled). Without seeing the full extent of the images; I/we can only guess - but as data recovery programs like the one you used just searches the raw data on the disk for everything that has valid header/data/footer i.e. hasn't been overwritten; all it would take is an image cache stored for perhaps graphics/animation purposes and as long as it hasn't been overwritten these will be scraped; also the sleep mechanism/some sort of swap file could also cache current screen contents to a file that would be scraped.
Again without seei g the full extent/location of the jpgs it's hard to say either way.
What this is is probably recent tasks. On any android device you will find images of recent tasks as a snapshot of everything.
Screen shots of my current device.
Missed one.
The XML files are of what task is currently running and which ones have stopped.
If you notice my recent apps correspond to the images in root/data. There is nothing suspect going on just android working. If you are worried use two step verification for you accounts.
lol its a recent task android system u guys..
Android uses screenshots of your tasks to show it on Recent Apps Panel. Those screens are not showed in gallery because in the same place there is a file named ".nomedia". Once you close one task or one another screenshot of the same app is taken, the old one is deleted automatically. Most of Android devices do that.
arts821 said:
lol its a recent task android system u guys..
Click to expand...
Click to collapse
lucasdeeiroz said:
Android uses screenshots of your tasks to show it on Recent Apps Panel. Those screens are not showed in gallery because in the same place there is a file named ".nomedia". Once you close one task or one another screenshot of the same app is taken, the old one is deleted automatically. Most of Android devices do that.
Click to expand...
Click to collapse
Isn't that what I said? With screen shots and everything :silly:
Orion116 said:
Isn't that what I said? With screen shots and everything :silly:
Click to expand...
Click to collapse
Yes, that's what you said, but with some other details. No need to be angry, tho. Calm down, man.
Here, many people try to help on many and different ways. 3 people helping is better than just 1. A info by 3 people is more reliable than a info by 1 which nobody else confirms. One more time, calm down.
Enviado de meu XT1095 usando Tapatalk
Are those images still there if you restart the device?

Strange semi-stealthy malware that hides itself

Hi all,
So here's the situation: I have a Pixel 1 with stock (read: overbloated verizon) android. Whatever, I'm lazy and I haven't gotten around to rooting it. I installed a firewall recently for giggles. I'm going through the system apps and merrily blocking verizon junkware when I come across this thing (bear with me for the complete description, as XDA's spam filters are blocking my image links)
It's a system process called 'nobody' with a version number of 10. The Netguard app also gives a number above the name (i don't know what it's supposed to mean) that for most apps seems sort of random, but for this app is 9999.
I try to find this thing in my system app manager, and it's nowhere to be found.
So I keep on keeping on, thinking 'weird, but whatever', and then I come across another app called 'root' with a version number of 10 and (maybe it's a process id?) of 0.
Also, nowhere to be found.
And here's the thing; there's a gear icon in Netguard, that for _every other app_, opens up the system app manager page for that app. For these two? Nothing.
Now, I am not super proficient in android stuffs. My questions for you smart and pretty people are these:
1. How can I go about digging around in my phone to find the files that are running this thing?
2. What's the best way to get more information on what this is? (and yeah, I tried googling 'nobody' and 'root'. It went predictably).
3. How can I prepare a report / who would I send this to? There's gotta be security researchers who could use logs pertaining to this ****.
Yeah, I know that I need to nuke & pave the device. I will. I want to try and recon a little first. So, what do you got?

I think I found a virus in an apk I downloaded here, I need some help

Yesterday I downloaded an apk from this thread https://forum.xda-developers.com/showthread.php?t=714116, I thought it should be relatively safe as it was from 2010 and no one said anything in that thread regarding it, but as soon as I installed it I received a confirmation code from Google for authentication on another phone as this wasn't my main phone.
The apk I downloaded was the one posted by "kokenjr" on 18th October 2010, the 5th reply on that page, for "extracting the full shazam database of tags".
Could anyone investigate that apk and see what is actually inside it? I didn't know it was possible for it to get the password for the account on the phone, but it seems it instantly got it and sent it somewhere and a login was immediately attempted. And a lot of people downloaded that apk. I tried scanning the file online for viruses but it returned nothing so I think it may be something undetected.
Also what was strange is that I received a Duo voice call about half an hour later from "[email protected]" which I'm fairly confident is related to this as I never received duo calls from unknown sources.
Another question I would have is, should a factory reset of the phone clear it out or could it still be there? Also, if someone investigates it, I'm interested in what it was able to do and if I should be worried about it getting in the google cloud stuff.
I'm not really sure how severe this virus is, but as it's still there on the page and someone is listening and trying to hack accounts with it and maybe many others, someone should look into it
Thank you very much
p.s. I used this account to post as I created it a long while ago to download something from here.
@Thisthename
I looked inside the APK
The app in question is just a SQLite database viewer: the database it works on is stored as
/data/data/com.shazam.android/databases/library.db - I think
jwoegerbauer said:
@Thisthename
I looked inside the APK
The app in question is just a SQLite database viewer: the database it works on is stored as
/data/data/com.shazam.android/databases/library.db - I think
Click to expand...
Click to collapse
@jwoegerbauer I really don't expect the cause to be anything else, as I mentioned above, the minute I saved the app on the phone and installed it, that is when I received the Google verification code and I didn't do anything regarding my google account or something like that, only browsing some websites to see how to extract the shazam tags, nothing shady and nothing else that I think could have an impact on this. And the coincidence is just insane.
Also, technically, even if it was something a factory reset should have most likely solved it right?

Categories

Resources