[Q] SuperSU - [email protected] - Sprint HTC EVO 4G LTE

I rooted my phone last month and it's been running just fine. Today I began seeing a SuperSU message "Binaries need updating..." Selecting update reboots the phone. Cancel and the app will not run. Booting into recovery, wiping the cache then reinstalling SuperSU restored SuperSU app but security app, "TrustGO" virus scan states "[email protected]" infection in Supersu. Also, SuperSU began new message recommending an upgeade to the "Pro" version.
Is "[email protected]" a problem and if so is there an alternative?
(AVG & Norton virus scans report nothing.)
Thanks!
?)

What I think is the case is that by receiving the prompt to upgrade to pro it may have triggered your security app.
"I think" Do you have an add blocker software app installed ?? If so check for an update to your host files. If not then hit the play store and download one. I use Add free. It's free and it's a good app "imo" After your device is add free the security alert should go away. If not try uninstalling the security app, reboot and reinstall it. But if avg and Norton scanned and reported nothing then more than likely your ok. But if you prefer the app that had the alert then you can try the above steps to see if it helps your issue at all.
#Root-Hack_Mod*Always=SG3

To stop message to upgrade from showing, click setting, scroll all the way down, uncheck nag about upgrading.
Sent from my lair.

laie1472 said:
What I think is the case is that by receiving the prompt to upgrade to pro it may have triggered your security app.
"I think" Do you have an add blocker software app installed ?? If so check for an update to your host files. If not then hit the play store and download one. I use Add free. It's free and it's a good app "imo" After your device is add free the security alert should go away. If not try uninstalling the security app, reboot and reinstall it. But if avg and Norton scanned and reported nothing then more than likely your ok. But if you prefer the app that had the alert then you can try the above steps to see if it helps your issue at all.
#Root-Hack_Mod*Always=SG3
Click to expand...
Click to collapse
Thanks for the response.
I am using Ad Free and updating HOST file says I have the latest. Viewing the HOST file shows a blank page? I uninstalled TrustGO, rebooted and reinstalled. Scan still identifys "[email protected]" infection. "This app is able to gain full access by exploiting a well known weakness on the Android platform".
I like TrustGO because it does all security in one app. (Lost phone locator, remote data wipe, web browsing malware protection, virus detection, etc.)
I guess if SuperSU really had began misbehaving some of you smarter folks out there (smarter than me!) would detect that and recommend alternatives. Unless I hear otherwise I guess I'll flag it as IGNORE.

SuperSU/Superuser by their nature are a security risk, that's a false warning though.

Micro Maniac said:
Thanks for the response.
I am using Ad Free and updating HOST file says I have the latest. Viewing the HOST file shows a blank page? I uninstalled TrustGO, rebooted and reinstalled. Scan still identifys "[email protected]" infection. "This app is able to gain full access by exploiting a well known weakness on the Android platform".
I like TrustGO because it does all security in one app. (Lost phone locator, remote data wipe, web browsing malware protection, virus detection, etc.)
I guess if SuperSU really had began misbehaving some of you smarter folks out there (smarter than me!) would detect that and recommend alternatives. Unless I hear otherwise I guess I'll flag it as IGNORE.
Click to expand...
Click to collapse
Well viewing the host file should not be blank "afaik". If you want, try running it again. And/or uninstalling add free and then rebooting. Hit recovery and wipe cache & dalvik cache. Then reinstall add free and update. Also yea I'm gonna lean towards the hit on the su app as a false one. Also which version are you using ??
#Root-Hack_Mod*Always=LTE

Version 1.04
Sent from my EVO using xda app-developers app

AddFree still shows blank TCP dump. Logon and update says I'm up to date. I reinstalled it after wiping cache same time as SuperSU...
Sent from my EVO using xda app-developers app

Were are you viewing your host file from?? Also have you tried to a earlier ver of super su ??
#Root-Hack_Mod*Always=LTE

There really is no nice way to say this, aside from "TrustGO are a collection of dumb ****s who don't know their job". They're not alone, though.
SuperSU and/or its native binary are installed by many exploits that gain root automatically. Those are indeed security risks. Due to this, it appears the su binary itself has been (wrongly) classified as an exploit by several virus companies, instead of the binaries actually performing the exploit.
There is nothing "exploiting" about su, if there was, a lot of binaries on a lot of computing devices could be classified as exploit now

Micro Maniac said:
AddFree still shows blank TCP dump. Logon and update says I'm up to date. I reinstalled it after wiping cache same time as SuperSU...
Sent from my EVO using xda app-developers app
Click to expand...
Click to collapse
Well the Man himself said it. Ya can't get a better answer than the one chainfire gave you.
#Root-Hack_Mod*Always=LTE

Thanks! I fully agree..
I was able (finally) to get the host file working...
Sent from my EVO using xda app-developers app

Glad you got it worked out.
#Root-Hack_Mod*Always=LTE

Related

Chinese virus?

I have noticed these chinese apps some how self installing on my S2.
Any idea how to get to the source of these unauthorized installs? (Lookout & AVG & NetQin don't detect them as malicious or find any reason for how they are getting on there).
Currently using KH3 + CFRoot.
Why do people give so little information when they post?
What Chinese apps? (Please provide a screen shot if the app name is in Chinese) .
This sounds really really bad.
Has this happened to any one else?
It should not be possible for this to happen.
Does your phone have any connection with China or have you installed any Chinese software?
If this is happening then you must have done something yourself to start the process. Nothing can install itself without your consent, unless there's malicious software that's bypassing the system and installing for you, but you would have had to install that first.
So, as above, a lot more information is needed. Personally, I'd just do a complete wipe and hard reset and never install anything from untrusted sources again, including warez, 3rd party app stores and the Chinese Market, which is known to have had dodgy software before now.
My friend got an S2 from China and it was preloaded with all those Chinese apps. Examples include QQ Security Suite and some other apps. I used Titanium Backup to uninstall but after each restart, the app re-appears!
I was surprised that Titanium couldn't uninstall. It says it uninstalled successfully but it just re-appears. The only thing I could do is to do a re-flash to a Hong Kong firmware without all those pre-loaded Chinese apps.
But before you wipe everything, please help us try and find out how it happened?
Again has this happened to any one else? Because I want to know if this could happen to my phone!
Mine also did this on stock rom i would uninstall samsung apps reboot and it would reappear on my menu. Is it possible the rom comes with an auto install script for the preloaded apps?
Sent from my GT-I9100 using XDA App
otester said:
I have noticed these chinese apps some how self installing on my S2.
Any idea how to get to the source of these unauthorized installs? (Lookout & AVG & NetQin don't detect them as malicious or find any reason for how they are getting on there).
Currently using KH3 + CFRoot.
Click to expand...
Click to collapse
If you have CF-Root, you have super user installed. Review your permissions. You can also install LBE privacy guard and set permissions for all apps as well, including many system apps (you'll need to 'untrust' them first).
Sent from my GT-I9100 using XDA App
Sorry for the little information guys, was 5am and very tired
I deleted the second incarnation of the app as soon as I saw it (worried about personal details being taken etc.) however it if it reappears again then I will screenshot it.
Virus scanners don't detect them as malicious, when the program opened (after stealth install) I went through it, albeit in Chinese it looked like a legit program and the menu worked etc.
I have market 3.1.3 installed (got the apk off the internet) and a few apps that got removed from the market place (torrent clients and certain games I couldn't find etc.) so it could well have been put in them.
I'm thinking about a hard reset, not using titan backup to avoid it coming back and a re-flash.
Also my phone has no connection with China (purchased in the UK), this has only happened recently.
Is there any more info needed before reset etc.?
Looks like the suspect apps removed from the market may have been the cause.
Does anybody know if running as root alows all download apps to run with root permissions?
LouisJB said:
Looks like the suspect apps removed from the market may have been the cause.
Does anybody know if running as root alows all download apps to run with root permissions?
Click to expand...
Click to collapse
Issue is the damage seems to have been done, looks like I have no choice but to reflash etc. Need a virus scanner that has root so it can do a deeper scan.
Superuser is a lot like UAC on Windows Vista/7, it will popup and ask you to allow/deny.
Also is there any way to wipe the device while re flashing to ensure this gets removed?
I found a folder on my Internal Storage "QinqiQuan" (Google Image search pinpoints this as one of the apps) which translates in Chinese to English as "Infringement", however the app itself appears to be a legitimate Chinese social app so I'm not sure of my original concern regarding "Infringement" being copyright related etc.
Another few suspicious folders were "the9GameCenter" & "waze".
In future I'll be sticking the Market and official sites, even if that means doing without certain apps that aren't available on my handset/region
Isnt waze a community based sat nav app?
poults said:
Isnt waze a community based sat nav app?
Click to expand...
Click to collapse
The apps themselves appear legitimate, but I didn't authorize the installs which is what worries me.
I wiped internal storage, wiped data and then re-flashed + CFRooted.
Hopefully what ever it was, won't come back
And how about the security in your computer? As we know, you can install an app in your phone via your market account using your computer. Perhaps someone is playing around with your market account. If this is the case, changing your password would be a good idea.
Sent from my GT-I9100 using XDA App
angelomaldito said:
And how about the security in your computer? As we know, you can install an app in your phone via your market account using your computer. Perhaps someone is playing around with your market account. If this is the case, changing your password would be a good idea.
Sent from my GT-I9100 using XDA App
Click to expand...
Click to collapse
Yeah I have changed my password and turned on all the Google security settings, albeit a bit of pain, does give peace of mind
Sent from my GT-I9100 using xda premium

Trojan.AndoidOS.Jifake - Rezound

Zoner anti-virus identified the Trojan.AndoidOS.Jifake trojan and targetted the HTC Scan app (not clear on why the app?) but is unable to remove it. Kaspersky did not. Normally I'd ignore this but my phone apparently has been sending out advertising emails to some of my contacts...which sort of fits the Jifake behavior.
Help anyone?
You could locate the file and try removing it via terminal emulator.
HTC Rezound
Freeze it in TiBu?
Zoner
Zoner doesn't ID a file....it does an app, part of the device original firmware, i.e. cannot review unless root. There is a lot of references to this trojan on the web...just no solutions
From what I have found, the trojan is hidden in a QR code that gets scanned by a smartphone scan program. Once scanned, it will download the trojan and install it on your phone. Trend Micro claims to be able to remove it and is available in Google Play. Might be worth a try. It can't hurt and is a free installation
Edit... I just tried downloading it and keep getting an error
I'd RUU and call it a day.
HTC Rezound
luis86dr said:
I'd RUU and call it a day.
HTC Rezound
Click to expand...
Click to collapse
that's what i would do, and have another reason to test out the new cm9 release we got today

[Q] Help Leadboltads virus on Galaxy S4

Hi All
Since a day I have a sort of leadbolt virus that opens my browser and shows the website like below:
ad.leadboltads.net with Top Apps/Offers of the Day
This happens when I download something from the playstore or when I delete apps.
It Makes crazy and I have tried some things alrdy so fix it without any succes.
- Downloaded and installed virusscannen, no succes
- Downloaded and installed ad detector, found a app with leadbolt, deleted it but didn't solve the problem
Hopefully someone can help me too fix this annoying problem
Me too!!!
This is so annoying! My browser keeps opening to the leadbolts site with a bunch of apps on it....Please someone help!
+1. From where come this shlt ?
Shaundiesel said:
Me too!!!
This is so annoying! My browser keeps opening to the leadbolts site with a bunch of apps on it....Please someone help!
Click to expand...
Click to collapse
I'm also having the problem and have not found a solution yet.
The only difference for me is I have adaway installed so the webpage never gets to display. Just opens the browser.
I've tried different ad detector apps from google play, but nothing is fixed this problem. Almost ready to reflash the rom and start from scratch.
UPDATE: I fixed the problem.
When the browser hijacking occurred, it happened after installing or updating a program from any source. Google Play, Amazon or a standalone APK. That meant the virus had control over my installer.
Using Lookout's Ad Detector, I identified some potential culprits (Go Launcher EX being at the top of the list) and uninstalled them. That didn't work.
What actually fixed the problem was resetting the defaults for all the apps. Settings > More > Application Manager. Hit the menu key and choose Reset app preferences.
You don't loose any data. You just get prompted for choosing a default app when you run certain applications. I choose to use Lookout's installer instead of the default android installer when I got prompted to install updates.
Haven't had the issue since. Hope this helps.
markmi300 said:
What actually fixed the problem was resetting the defaults for all the apps. Settings > More > Application Manager. Hit the menu key and choose Reset app preferences.
You don't loose any data. You just get prompted for choosing a default app when you run certain applications. I choose to use Lookout's installer instead of the default android installer when I got prompted to install updates.
Haven't had the issue since.
Click to expand...
Click to collapse
Hi everybody. (First sorry for my english but I speak french)
This is a solution but it workn't very good.
After the downloading and installation from a update or a program, Androîd ask me if I want to finish the task with the default browser or Chrome ? So I can't see this f*cking page more but I must always put my choice between the 2 browsers.
I thank you for your solutions....
+1 to lookout fixing. Had the same problem, ripped it right out.
Sent from carbon note 2 on XDA premium app
shbaldw said:
+1 to lookout fixing. Had the same problem, ripped it right out.
Sent from carbon note 2 on XDA premium app
Click to expand...
Click to collapse
Glad I was able to help.
See the solution at
http://forum.xda-developers.com/showthread.php?t=2525965
#@!%&#! 'ad.leadboltads.net' Malware
shbaldw said:
+1 to lookout fixing. Had the same problem, ripped it right out.
Click to expand...
Click to collapse
Lookout Security & Antivirus found mine in ChargeBar Free Edition,
ChargeBar came embedded in the NottachTrix 2.3.0 ROM.
I installed it (NottachTrix) and it (ChargeBar) didn't update for 3 months, then, BANG.
I've deleted ChargeBar's update, moved it from system apps to apps, deleted it, and the browser pop open 'ad.leadboltads.net' still persists.
Lookout Security & Antivirus can not find the new location of the malware, they do not have a forum.
By the very definition and behaviour, this is malware, and, ChargeBar (Asgard Casino Apps) is involved in the distribution of malware.
Asgard Casino Apps distributes 34 apps that behave this way.
They are using Google to distribute this malware, abet, that app is benign in its origin, its a pipeline, or conduit for malware.
Sneaky F##kers aren`t they.........
#1) I would like to get this crap off my phone.
#2) I need to bring this to Google's attention, and have the developer and apps banned from the Play store.
Sooo, starting with #1,,,how do I get this crap off my phone!
NOTE:
I will be linking to this post in the NottachTrix post, I'm asking the developers to to move ChargeBar from the ROM zip.
My MBAM forum post: https://forums.malwarebytes.org/index.php?showtopic=138306#entry764184

10193 10194 Android

I set a data usage limit in my phone, because I was using a lot of data. After doing it, it alerted me that my mobile data was about to go over and cut off. So scrolled down and discovered these 2 "Android " (looked like the little green Android robot ) and they are named "10193" & "10194" 10194 runs in the foreground all the time and 10193 runs in the background all the time. I was told these are "Kaspersky Mobile Security or Parental Control Monitor" I'm 34yrs old and my parents don't monitor me, please help...
Sent from my SCH-R530M using XDA Premium 4 mobile app
Do you have Kaspersky installed?
veeman said:
Do you have Kaspersky installed?
Click to expand...
Click to collapse
I do not think I did or ever had I looked at all the appsI have installed via play store under the all section of "my apps" and do not see it.
Why do you say it is Kaspersky? My phone has been having some really weird things happening to it. I went though 3 batteries in 2 months, its been using a ton of data. My data just reset on 10/29/13 and it is already at 5gb. Also we have been finding "duplicate processes" running in the application manager. I really don't know what to do, I have installed Avast, Look out, and some other antivirus apps nothing has helped. Reset a few times and it will help it for a little bit and then boom its right back
victhesunshine said:
I do not think I did or ever had I looked at all the appsI have installed via play store under the all section of "my apps" and do not see it.
Why do you say it is Kaspersky? My phone has been having some really weird things happening to it. I went though 3 batteries in 2 months, its been using a ton of data. My data just reset on 10/29/13 and it is already at 5gb. Also we have been finding "duplicate processes" running in the application manager. I really don't know what to do, I have installed Avast, Look out, and some other antivirus apps nothing has helped. Reset a few times and it will help it for a little bit and then boom its right back
Click to expand...
Click to collapse
I recommend wiping completely and start fresh with a new ROM. You could also install an app like Data Manager and see which app is using the most data and uninstall. Also, do not install apps that you download off the internet. Only download from reputable sources like the Play Store and Amazon app store.
veeman said:
I recommend wiping completely and start fresh with a new ROM. You could also install an app like Data Manager and see which app is using the most data and uninstall. Also, do not install apps that you download off the internet. Only download from reputable sources like the Play Store and Amazon app store.
Click to expand...
Click to collapse
this is going to sound crazy, but i just got that phone back up and running in January. But that is what I did,,,
The reason I said Kaspersky is because this guy I know said he "googled " those numbers and symptoms a
and deemed it that. IT did have a spy wear type thing on it but it was not Kaspersky. It was one that was
sent from a website and it has to be removed via the website. I don't remember the name. Anyhow I have
long since ditched that phone and on to bigger and better things. But w/ that phone it has sparked an interest
in this whole "development/modification" thing! Thanks for you help and advice and sorry it took me so long to
get back to you! Be blessed!:laugh:
Hi Everyone, I know this is a very old thread, but I want to give out a solution because I just encountered this 10194 app as well.
I would like to post this for future reference to other people who will encounter this since I've done searching around about this but I can't find any solution.
To remove this app you must:
1. Open Settings and tap [Security] or [Security and Finger Print] or any other name it might now posses.
2. Under this settings entry, you'll see [Device Administrators], tap that
3. Inside [Device Administrators] you'll see that there is a blank application containing a space as well and the indicator should be ticked, that means this app has administrator access to your phone, it has access to calls, messages, email accounts, etc. See: here
4. Tap this app and [Deactivate] or [De-authorize] it
5. Now go back to the main settings list and navigate to [Apps] or [Applications]
6. Tap the app and you can now uninstall it.
I highly recommend changing your passwords for any account that might have been on that phone, there is a high possibility that this app has gathered information on you.
This includes phone call lists, phone call recordings, your contacts, your messages, notes, emails, etc.
This is a speculation of course and will highly depend on the amount of data this application has passed to wherever it connected to but it is safe to assume that you have been infected by malware and your previous information has been compromised.

Are you getting the terraclicks ad virus?

I think I have got a virus in my phone. Sometimes when I open any link in Chrome, a random popup opens which usually redirects to the play store somewhere. Once I opened 9gag.com and it opened 9gag's play store link. It even happened with android authority blogs that when I interact with the page i.e touch or scroll anywhere, a random ad link just pops up. Not only this but the original page is replaced by a facebook page whose URL contains something about a campaign i.e its ID etc. History shows a website terraclicks.com and google search on terraclicks shows that it's a PC virus.
Not only with Chrome, I even got the same popup while opening a link using facebook's own default internal browser.
I used Avast to scan for viruses including all files but it found no virus. The same thing is also happening in my brother's phone and we don't share anything between phones. There's a laptop in my home which also shows terraclicks in its history. So I think the virus is spread over all the devices, but I am still unsure as to how to remove it while mobile's antivirus detects nothing.
ad virus
Yes i have the same problem.Please help.
well I installed ccleaner and cleared three things:
All apps cache, chrome history and empty folders. It disappeared for some days but last night it came again to me. Now I have repeated the process again, let's see what happens now..
Usman i have factory restored my phone but it is still there. I dont know what to do now
khan khan said:
Usman i have factory restored my phone but it is still there. I dont know what to do now
Click to expand...
Click to collapse
which internet are you using? I am using PTCL
Do you also have this on another mobile or on computer?
no, there is only one mobile and it is only happening with it.
It's most likely a simple ad that is displayed when they detect your device and want you to download their app I stead. Use an ad blocker and you will be fine.
zelendel said:
It's most likely a simple ad that is displayed when they detect your device and want you to download their app I stead. Use an ad blocker and you will be fine.
Click to expand...
Click to collapse
It's also appearing on computers. And I can say it's not coming from the website's owner because I personally work on a website and one time clicking on its logo triggered the ad. That website would never put an onClick ad on its logo.
terraclicks ad virus
You should install a new window on your computer which will definitely remove these ads but what to do with this in the android. I have installed every antivirus , antimalware and have performed a reset too but no effect.
OMG, I was also infected with Terraclicks. All I can find is removal guides that have nothing to say about Android system.. Can I just reinstall by browser or reset my phone to factory settings? I would prefer the second option because I have lots of photos that are important to me on my device. thanks
It's almost a year since the original post on this thread, and still searches for info on this insidious malware, Terraclicks shows just non-android solutions and generic adware removal info.
Like several other posters I have tried dozens of AV and anti-malware apps but nothing works so far.
Has anyone found a solution??
Clear all apps cache, browser cookies (it will log you out of all websites in the browser), and browser history (only if needed).
Try the above steps one by one and give some time between them to see if the problem goes away without doing the other steps.
It probably comes from visiting cheap websites like those sharing apk files or songs etc. They don't give a damn about the users.
For me this was solved by making uTorrent pro inactive, the adds stopped.
Once I uninstalled it they never came back.
Assuming you have cleared your Chrome cache etc, I suspect you have an app which has been installed which is causing this. In my case it was an .APK which I had downloaded externally (because I couldn't get it from the Play Store). As it happened, this particular app made itself a device administrator (you can check by going into Security, Device Administrators) and it also had greyed out the ability to uninstall it. The app was also running as a background process which is how it keeps spawning those ads. Nothing picked it up as Malware (Malware Bytes, Trend, CCleaner). That was the giveaway to me, that something wasn't right with this app. This would also explain why a phone reset wouldn't remove it, because that typically reinstalls all your apps (except in your case) the app would have probably come from the Play Store. Since removing the app, I've had no problems and the dreaded problem has gone away. Now I am a lot more careful about which APKs I loaded. Good luck
I had this issue and it ended up being one of the apps I downloaded. Once in uninstalled the correct app the problem ended. If you do factory reset, then redownload all your apps, then the problem would come back because you redownloaded all the apps you originally had. This is especially true if you use an app that's not in googles playstore so what he is saying sounds almost exactly the same as what happen to me.
Thank you that fixed it. I downloaded showbox of a site. N it messed up my phone.

Categories

Resources