Related
Over the last few weeks, I have been consistently getting low space warnings. I have deleted a number of apps, music, voice mails, but it keeps coming back. I have no idea what is building up to cause this. I don't find anything when I look for things. Any suggestions as to where I should look? My phone is stock, by the way.
notinkeys said:
Over the last few weeks, I have been consistently getting low space warnings. I have deleted a number of apps, music, voice mails, but it keeps coming back. I have no idea what is building up to cause this. I don't find anything when I look for things. Any suggestions as to where I should look? My phone is stock, by the way.
Click to expand...
Click to collapse
If you have a custom recovery, try wiping cache and dalvik. You might lose cached data in a few apps (such as Google Maps), but it usually clears up tons of crud.
No custom anything. I have an "optimizer" that I use to clean the cache, but nothing I do really solves the problem for long, and I'm pretty sure it is just old crapola somewhere being filled.
I am not sure what was referred to in the original reply, by the way. I'm not technical with smartphones (my tech work is elsewhere) so I am really still trying to figure this out.
I have deleted a bunch of stuff. Made ZERO difference just now.
I will have to just rebuild it, I suppose, since there seems to be no suggestions. Caches are empty, but it doesn't matter.
"Disk usage" from play store is by far the best in my opinion for seeing everything on your phone in terms of size. You will quickly know what's hogging your space.
Sent from my EVO using Tapatalk
---------- Post added at 06:01 PM ---------- Previous post was at 05:50 PM ----------
You should also be aware of the space you have allocated for you. It's in the storage tabs for you to see. 2GB for apps. 10GB internal storage for music, media, photos and whatnot. Ive never had to delete apps from the jewel..
Sent from my EVO using Tapatalk
"Disk Usage" is GREAT! I cleaned a bunch of stuff I didn't know about. I'll see how it goes.
just noticed today a file, .tcookieid (33 bytes in length, dated yesterday, opened file, about 30 characters of Hex), has appeared on my M8 in every folder on my SD card, and is also on the root dir. anyone know what it is?
Have you recently installed ifonts app?
I saw that I also had this file throughout my sdcard.
The only thing I can think of is that it has something to do with how ifonts deals with replacing and/or backing up your current Fonts.
I found your post after a google search about it. But there is not much info about it (that I can find)
It may be that everyone knows what these .tcookied files are and me and you are a pair of idiots lol.
But I figured I'd post just so you wouldn't feel on your own!
I'm gonna keep searching for answers and if I find anything I'll let you know.
All the best rich
whoamigriffiths said:
Have you recently installed ifonts app?
I saw that I also had this file throughout my sdcard.
The only thing I can think of is that it has something to do with how ifonts deals with replacing and/or backing up your current Fonts.
I found your post after a google search about it. But there is not much info about it (that I can find)
It may be that everyone knows what these .tcookied files are and me and you are a pair of idiots lol.
But I figured I'd post just so you wouldn't feel on your own!
I'm gonna keep searching for answers and if I find anything I'll let you know.
All the best rich
Click to expand...
Click to collapse
there could have been an update to ifonts recently, in the past few days, cant really remember as i have so much stuff getting updated daily. but ifonts makes sense as to what is making this small file. its harmless anyway, just wondered why it was appearing. surprised no one else has picked up on it here on XDA (apart from ourselves)...
Hello there,
Even i stumbled upon this post from the Google keyword query, my SD card was displaying as being damaged, so i was closely examining the contents of my SD card and i found this newly created file.
It was only in the root path of the SD card, nowhere else.
Even i think that this file might have belonged to iFonts, i have uninstalled the app and removed the file after iFont messed up my factory font restoration pretty badly.
same here
On every folder on my sdcard appeared a file called .tcookieid with a strange code inside
I just installed some new application this afternoon, i am 100% sure that i hadnt it some hours ago.
If someone know what is the cause or what is this please let me know.
I cant find nothing on google
Just found it myself..delete some of it..i hope it doesnt affect my files.....curious?????
Sent from my LG-D802
Well iFont has never even been near my device, I hadn't even heard of it until this thread. So either something else creates it too or it's nothing to do with iFont.
These little buggers are all over my SD card and internal storage.
I have the same issue on my LG G3.
I've never heard of iFonts, So why there are so many .tcookieid files all over my Internal AND External SD cards?!
krashd said:
Well iFont has never even been near my device, I hadn't even heard of it until this thread. So either something else creates it too or it's nothing to do with iFont.
These little buggers are all over my SD card and internal storage.
Click to expand...
Click to collapse
+1
Totally same
i have it all over my sd card
+1, Z2, no IFonts ... weird ...
find . -type f -name ".tcookieid" -exec rm -f {} \;
Not sure what it is. I found one website which gave information stating that it's recognized as a form of a Trojan virus that collects info and sends it somewhere. Can't verify that, however, if you want to remove them all then open up terminal, change directory to root of internal sdcard and copy paste the command above. Do the same for external sdcard as well.
I haven't seen them come back yet, but if it does, then best believe I have every intention of wiping my device out and restoring with a pure stock Rom.
EDIT: I noticed that it's not just the internal and external storage. Its everywhere on the device. However, I still have not seen it come back on my device since I have removed them.
same issue, not that alarming
I believe they are a direct link to a cookie on websites to keep track of your browser traffic, lots of websites use them, some more aggressively than others, I just delete them through 7zipper 2.0. If you stay on top of it, check once a week, it doesn't get too out of hand.
Read this article; type in your browser "what is a cookie?' And click the link, ".... All about cookies" I can't post links yet, sorry.
Correct me or add to if you find anything else
simes6600
simes6600 said:
just noticed today a file, .tcookieid (33 bytes in length, dated yesterday, opened file, about 30 characters of Hex), has appeared on my M8 in every folder on my SD card, and is also on the root dir. anyone know what it is?
Click to expand...
Click to collapse
It's more of a headache than a threat, its a file that allows websites to keep up with browsing history on websites to give suggestive sites on your mobile browser through their cookies. Read this article and put 2&2 together. Type in "All about cookies" in your browser, I can't post links yet, sorry. I just monitor my files closely and it doesn't get out of hand checking once a week, but that would depend on how much you surf and what sites you go to. Hope this helps!
Fill me in on any extra details
krashd said:
Well iFont has never even been near my device, I hadn't even heard of it until this thread. So either something else creates it too or it's nothing to do with iFont.
These little buggers are all over my SD card and internal storage.
Click to expand...
Click to collapse
Me too never had that app but many others have come and gone. I have this file and many others stored in "miscellaneousfolder" or whatever on my Samsung Galaxy s5. I'm going on a deleting spree and still the numbers don't add up and oddly enough the bar reflecting the slices of memory shows a larger, I believe more accurate, slice of free space than my phone is telling me. Ugh I'm just gonna get a bigger SD card it'll probably solve everything.
How do I remove .tcookieid files?
I also have this problem. The files are all over my internal SD card and I need to get rid of them. Are they dangerous files?
I'm pretty sure it is caused by games that offer all sorts of in-app free stuff if you watch videos and such. As the name suggests it's a tracking cookie.
Sent from my LG G3-D855
.tcookieid
I too have found this file, it came from xmodegame which i had install for clash of clan. I think the file contain some kind of ID, for further exchange of data, this app get root permision and voilate privacy by tranmiting other data too. I have install in rooted device, my suggetion to refresh the ROM. Rest phone works only with non rooted device with root and also granted root, my guggetion is that refersh your ROM asap. 5his is leach (worm).
It is a kind of permanent marking. For each directory, the file has the same contents. After installation Xposed with xprivacy and refusal to provide android id, my device has been so marked. It is best to install the new clean rom.
Is it anyhow lethal to my data or my sd card .? should i worry about it .? help will be appreciated
Greetings!
I recently received a replacement refurbished Nexus 4 from my carrier. All went well until I discovered some rather disturbing images that I did not care to see. Now these images were not listed in the gallery app or folder structure by any means. I discovered them by trying to change my wallpaper by Long pressing the home screen and selecting "Pick Image" and it would bring up this browser window. Said images showed up under "Recent" section. So I figured, ehhh the phone must have not been factory wiped the way it should have. Did a factory wipe through settings. They still showed up under this "Recent" section after the reset. Upon further investigation, they seemed to somehow link to Google Drive. While I was sure I did not have these images in my drive, I was concerned. Anyhow I selected one of these images and checked its info, it has modify dates of earlier this year, under permissions and activity it showed another individuals name / email address. Weird Some of these file seemed to have a naming scheme, so I did a search in the Google Drive App and found tons of junk. All which have the same owners name under it.
So LOLLIPOP for nexus 4 released today and I went ahead and flashed it hoping it would clear this junk/cache out? Nope.
I decided to open up the wallpaper browser thing before even mapping MY DRIVE and sure enough this garbage is still showing up.
I even went as far as removing ALL FILES from my Google drive on the desktop to ensure this junk was not on my drive. Still shows up.
I suspect that there is some kind of cache stored on the internal storage that is not touched when flashing a new Image.
Anyone have some suggestions on how to clean this thing out?
So I have a s9+ snapdragon running the latest Android 9 pie. My files got wiped out after a factory reset and I wanted to get some closure. Can I get those files back? It was not backed up on Google or Samsung cloud. Nor was it on a sd card. It was in the internal phone storage.
I hear you can recover the data so long as you don't overwrite the data. Files aren't really lost and still technically in your phone. These are pics and video actually. It's all I care about. I hear people saying you have to root phone and do a deep scan of the phone to try to recover the data but I hear you can't root cause it doesn't work on my version of s9+. (Snapdragon and android 9) I also heard you gotta take it to forensics data recovery. I called them but they said nope files are gone. But I read on Google recoverable.
Please anyone, help me. I've been down since I lost my pics and video. I took vids and pics back to my homeland where I haven't been back in 10 years.
PS. I was on vacation when this happened. My company unfortunately has access to my phone and if you miss type your password a certain amount of times it triggers the factory reset and wipes it out. I decided to stop a certain amount of times and then my 20 month old son started pushing buttons and there you have it. Factory reset.
files are lost bud. Sorry
did you ever connect your phone to any cloud for backup purposes?
It's connected but I didn't back up photos or vids. Everything else I did. Is there a way to root this version of phone I have? Temp root at least without tripping Knox?
No you can't ...it's gone...
Factory reset wipes /data internal storage
Sent from my SM-N960F using Tapatalk
Asepriest said:
No you can't ...it's gone...
Factory reset wipes /data internal storage
Sent from my SM-N960F using Tapatalk
Click to expand...
Click to collapse
mostly correct. It wipes the table of contents of storage, but doesnt actually wipe(remove) anything. The issue is that it starts writing 1's and 0's wherever it wants to because as far as it knows, the internal storage is empty (which it isnt). It then starts unintentionally corrupting file after file as it writes system data and everything else it writes. Can he recover the data? Maybe. Is it likely? Not even remotely. The only way to recover it is to turn it off, like now and get it connected to a lunix instance, adb into it and see whats still there. Which is likely nothing usable.
Completely unrelated side note: Youre from Sibiu? I visited there about 2 years ago. Positively GORGEOUS place!! We saw the sun set over cobblestone right between two rows of buildings. It was surreal!
bluerogue85 said:
It's connected but I didn't back up photos or vids. Everything else I did. Is there a way to root this version of phone I have? Temp root at least without tripping Knox?
Click to expand...
Click to collapse
yes there is a way to root it, and thats probably your only hope. Turn the phone off, read up on the new-ish root methods, apply them to your phone and see what you can get via ADB. Dont hold your breath, but that is the only way to get there. Treat it like a recently wiped hard drive, because thats technically what it is. Its the "C: drive" of your phone essentially
Youdoofus said:
mostly correct. It wipes the table of contents of storage, but doesnt actually wipe(remove) anything. The issue is that it starts writing 1's and 0's wherever it wants to because as far as it knows, the internal storage is empty (which it isnt). It then starts unintentionally corrupting file after file as it writes system data and everything else it writes. Can he recover the data? Maybe. Is it likely? Not even remotely. The only way to recover it is to turn it off, like now and get it connected to a lunix instance, adb into it and see whats still there. Which is likely nothing usable.
Completely unrelated side note: Youre from Sibiu? I visited there about 2 years ago. Positively GORGEOUS place!! We saw the sun set over cobblestone right between two rows of buildings. It was surreal!
Click to expand...
Click to collapse
Can you please teach me step by step how to do that or point me to a link. Cause thats what i read about how its not really gone. Has to have data over write the existing that was supposedly deleted. Did you mean Linux or lunix?
bluerogue85 said:
Can you please teach me step by step how to do that or point me to a link. Cause thats what i read about how its not really gone. Has to have data over write the existing that was supposedly deleted. Did you mean Linux or lunix?
Click to expand...
Click to collapse
if i typed lunix, then i meant Linux, and if i typed Linux, i meant Linux. Either way, i meant Linux. So, step by step... eesh thats gonna be a lot. First thing is to turn your phone off if you havent already. Itll keep writing stuff to the internal storage even if it doesnt say its doing so. Thats jsut what it does and it doesnt know that you dont want it to do that while its powered on. If youre able to do so, you can just turn on USB debugging in developer options and connect it to your computer without rooting it but granting permissions for your computer to access the drive. All of this requires having your phone powered on. The most dangerous thing ive told you to do is turn on usb debugging since it will write to the internal storage that you now have access to dev options, and then usb debugging. When the phone is powered on, try to keep it on airplane mode to avoid giving it reasons to actually do stuff. Linux isnt really necessary either as most software recovery tools will recognize the device and storage just fine, but the likelihood of it being able to actually recover anything is slim. If that doesnt get you full access to the internal storage, then youll have to either root or use linux or both. Its been a while since ive attempted this, so forgive me if my steps are off. That being said, these are the progressive steps one would need to take in order to do what youre trying to do.
does it wipe the phone though? Or does the phone allocate the areas where data is as free? If it only installs system and sets the previously used memory as "available or free". it can be recovered
Edit : if your phone was encrypted it wouldn't matter. Did your phone use secure start-up? (required a pin or password etc) then it would show adblock opening.
Nigmea said:
does it wipe the phone though? Or does the phone allocate the areas where data is as free? If it only installs system and sets the previously used memory as "available or free". it can be recovered
Edit : if your phone was encrypted it wouldn't matter. Did your phone use secure start-up? (required a pin or password etc) then it would show adblock opening.
Click to expand...
Click to collapse
my company triggered the factory reset after failed attempts of putting password in. see it uses a thing called airwartch or vmware not sure what its called but yea..still hoping to recover vids and pics if i can root my phone and just do a deep scan just not sure how. esp for my version phone of s9+ snapdragon android pie. i have not taken pics or vids. just twitter, fb, email. some internet browsing. but not sure if those overwrite new data as well.
bluerogue85 said:
my company triggered the factory reset after failed attempts of putting password in. see it uses a thing called airwartch or vmware not sure what its called but yea..still hoping to recover vids and pics if i can root my phone and just do a deep scan just not sure how. esp for my version phone of s9+ snapdragon android pie. i have not taken pics or vids. just twitter, fb, email. some internet browsing. but not sure if those overwrite new data as well.
Click to expand...
Click to collapse
You can try an app called disk digger. It's your best bet. About the best on the market. If you root. Or reinstall the firmware in Odin. Kiss em good bye
The way this works is front to back. A file is normally written from front to back. Once it gets the end. It starts over. Then there goes old deleted files
Files are not deleted until over written. But actually marked for deletion. Not gone till next write cycle
If it can't then their gone. But every day you use your device the chance gets slimmer. Just cause your not downloading stuff. Cache and sick files are over writing.
TheMadScientist said:
You can try an app called disk digger. It's your best bet. About the best on the market. If you root. Or reinstall the firmware in Odin. Kiss em good bye
The way this works is front to back. A file is normally written from front to back. Once it gets the end. It starts over. Then there goes old deleted files
Files are not deleted until over written. But actually marked for deletion. Not gone till next write cycle
If it can't then their gone. But every day you use your device the chance gets slimmer. Just cause your not downloading stuff. Cache and sick files are over writing.
Click to expand...
Click to collapse
Is there a way to root my phone without wiping it out first? Really trying this as my last option. To at least get some pics and or vids back.
bluerogue85 said:
Is there a way to root my phone without wiping it out first? Really trying this as my last option. To at least get some pics and or vids back.
Click to expand...
Click to collapse
Probably not.
Which link can you guys point me to to root? I have s9+ snapdragon. What are all my choices? Thank you.
I think I found one but link is broken. Syndicate. I really need this so I can at least do a deep scan of my phone. I need root!
You're right that it's possible to recover the data as long as it hasn't been overwritten. However, it can be difficult to do so without rooting your phone and doing a deep scan, as you mentioned. Unfortunately, it sounds like you can't root your phone due to its version.
You might want to consider reaching out to managed IT services that specialize in data recovery. They might have more advanced techniques and tools to recover your data. It's worth a shot since the pictures and videos mean a lot to you.
Good luck, and I hope you're able to recover your memories!
I have done the following in attempt to get rid of this spyware:
flashed Havoc os
stock roms from official Miui using xiaomi flash tool and using twrp
erased partitions using adb before flashing (boot, system, recovery, data, cache)
It seems like it doesnt even touches it. I know its still there because he can control my phone (play notifications sounds from messenger i dont even have installed, closing/freezing my browser, freezing my screen, lockscreen goes on i dont even touch the phone).
What else can i do? Is there a way to erase every bit of data from the phone? What remains after flashing a stock rom?
edited//
Is there any way i can find Qualcomm Snapdragon 439 firmware and flash it? Can anyone help me pls?
I saw chimera tool can do firmware update but it costs 120 euro and idk if its gonna work
Can you explain more about the spyware?
Its like a windows bios malware or maybe its in some partition that doesnt flash when installing new OS.
I talked to xiaomi support and they told me to take it to service but there is none in my country. I asked for help on Malwarebytes forum, sent apps report and they scanned it with VIrusTotal... nothing found.
I also did a logcat at boot time, i dont know if anything can be seen there.
https://raw.githubusercontent.com/pulshar18/mylog/main/mylog.txt
The guy that did it hes messing with me like... telling me your wifi its not gonna work anymore, then it doesnt. O you have 5000 mah battery? my phone its charged 99% next day its empty and the phone just sits on the table... stuff like that so im pretty sure its hacked there is no doubt about that.
pulshar18 said:
Its like a windows bios malware or maybe its in some partition that doesnt flash when installing new OS.
I talked to xiaomi support and they told me to take it to service but there is none in my country. I asked for help on Malwarebytes forum, sent apps report and they scanned it with VIrusTotal... nothing found.
I also did a logcat at boot time, i dont know if anything can be seen there.
https://raw.githubusercontent.com/pulshar18/mylog/main/mylog.txt
The guy that did it hes messing with me like... telling me your wifi its not gonna work anymore, then it doesnt. O you have 5000 mah battery? my phone its charged 99% next day its empty and the phone just sits on the table... stuff like that so im pretty sure its hacked there is no doubt about that.
Click to expand...
Click to collapse
How did you get get infected by this ?
He got physical access to my phone.
pulshar18 said:
He got physical access to my phone.
Click to expand...
Click to collapse
That wasn't too clever. Lol, rootkit from hell.
You need to wipe the internal memory 100% as well the SD card if any.
If it has a sim card I'd replace that as well.
Or make the perp fix it... legally.
Any associated Google accounts reset the passwords... now.
Internal memory was wiped, sd card wiped, sim card none (i read some articles about sim card viruses thats just little scripts to call numbers, send texts and stuff maybe in another 50 years they will make malware that can do whats happening to me).
"Or make the perp fix it... legally." What?
"Any associated Google accounts reset the passwords... now." I didnt connect to anything cuz i know he has all my passwords, he clearly doesnt want that i can still use all my accounts.
I am in a similar situation.
I install YouTube vanced and WhatsApp Plus
in the latter case something deleted my entire data without asking me -I suspect it was clean master and my vanced applications were uninstalled all of a sudden.
I seem to know what cause that com.miui. securitycenter if you disable it it will boot loop if you to change and restrict access to various permissions then phone functionality is upset
I took out a separate thread on that here on xda Google com.miui. securitycenter draconian legitimate spyware from redmi
there is a thread on XDA I use havoc ~ two years or so but because it does not support VoLTE and trying to enable that has been in vain I am forced to come back to China ROM.
Did you install any apps after flashing ROMs / gapps?
pulshar18 said:
Internal memory was wiped, sd card wiped, sim card none (i read some articles about sim card viruses thats just little scripts to call numbers, send texts and stuff maybe in another 50 years they will make malware that can do whats happening to me).
"Or make the perp fix it... legally." What?
"Any associated Google accounts reset the passwords... now." I didnt connect to anything cuz i know he has all my passwords, he clearly doesnt want that i can still use all my accounts.
Click to expand...
Click to collapse
The malicious jpegs may be capable of doing that. I've had one the damages files in a folder but not files in folders, in the download folder.
It was confined to that folder unless one was to move it...
The trigger was viewing the jpeg.
They cure; simply delete it and repair or delete the damage files.
There are both Android and Windows variants of these. I've had a Windows variant too. Zero or minimum damage but only because I ID both quickly.
actually step back a little how do you conclude it's your phone that is affected you say he has access to our accounts and password maybe e is connecting on your Wi-Fi network IP address is the same and then trying to tinker with your accounts. what specifically makes you think that your phone is hacked as against something else
blackhawk said:
The malicious jpegs may be capable of doing that. I've had one the damages files in a folder but not files in folders, in the download folder.
It was confined to that folder unless one was to move it...
The trigger was viewing the jpeg.
They cure; simply delete it and repair or delete the damage files.
There are both Android and Windows variants of these. I've had a Windows variant too. Zero or minimum damage but only because I ID both quickly.
Click to expand...
Click to collapse
I have more than 30,000 from photographs and especially WhatsApp
how do I scan for malicious code in JPG is there a specific tool anti malware that has that capacity to go through JPG hexdump and then fish out
sieger007 said:
I have more than 30,000 from photographs and especially WhatsApp
how do I scan for malicious code in JPG is there a specific tool anti malware that has that capacity to go through JPG hexdump and then fish out
Click to expand...
Click to collapse
Jeeeesze, downloads from WhatsApp?
That's a great way to pick up creepy crawlers.
WhatsApp, FB, Instagram don't get on my devices. Ever.
They ruin lives, careers and more... they are spyware and malware by their very nature.
I never have had anything detect these little buggers, I'm not saying there aren't detectable, but don't count on it. The two I found I didn't even consider keeping them for analysis.
They wasted enough of my time as it was. Finding them in an ocean of jpegs could be problematic.
Rule #1, all downloads go to the download folder.
Choose what goes into your database after observation and at least scan it with Malwarebytes. Online Virustotal for any download remotely suspicious. Open jpegs at least once in the download folder and be aware of anything unusual afterwards... that may be the only clue you get.
If you really think one of these images has a malicious script, you need to isolate it. Scan with Malwarebytes and whatever else you want.
Try reloading, confirm the device is still clean then load the suspect database.
Problem being the trigger is opening the jpeg or some other related action to it like deleting the email it was associated with in Windows Outlook. If you get nailed again, reload and break/import your database in groups. You can see where this is going... it may take a while.
I've seen what they can do, I avoid downloading clickbait pics from untrusted sites, people and emails (email is kept in the cloud ie gmail).
My backups are also from different time periods on hdds completely isolated from each other and the PC. I could lose some of my database but not all of my it. With over 1 tb of data I'm not playing around.
The second and last(?) malicious jpeg I ran into was on Android about 1.5 years ago.