Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Received random baidu.com link on Samsung Galaxy S5


  • Please log in to reply
9 replies to this topic

#1 HighTide1

HighTide1

  • Members
  • 75 posts
  • OFFLINE
  •  
  • Local time:07:10 PM

Posted 03 January 2018 - 07:05 PM

Hello everyone. About an hour ago, I received a notification on my phone of a GroupMe message from someone whom I had not chatted with previously. Now, I opened up the notification, which brought me to their chat, which said something along the lines of "Look HighTide: INSERT_RANDOM_BAIDU_DOT_COM_LINK_HERE". Now, I didn't click on this link at all, but I'm concerned about possible infection due to the fact that GroupMe tries to pre-render web pages in the chat, and from previous issues with an old Skype account sending out baidu links. Since receiving the notification, I've blocked the person on GroupMe, which seems to have cleared the previous chat, as well as removed GroupMe from my phone entirely. I also changed the password on my GroupMe account as well. I've also scanned it with ESET and MalwareBytes, both of which have not detected anything. Is there anything else I should do to determine if the phone is infected, or to mitigate any damage? I'm just a little concerned as this is the phone I use for 2FA, so I don't want anything to be wrong with it.

 

EDIT: Just for further information, in case it helps, this is on a Samsung Galaxy S5 running on Android 6.0.1, which was the last major version update given for the phone. The phone is not rooted.


Edited by HighTide1, 03 January 2018 - 07:21 PM.


BC AdBot (Login to Remove)

 


#2 jeye91

jeye91

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:03:10 PM

Posted 03 January 2018 - 10:36 PM

Got a similar message from two people on groupme, one whom I frequently chat with and one whom I barely know. Almost certainly a virus of some sort. Fortunately I was on groupme web so am likely safe from any reprecussions of just opening the chat, but I didn't click on the link



#3 HighTide1

HighTide1
  • Topic Starter

  • Members
  • 75 posts
  • OFFLINE
  •  
  • Local time:07:10 PM

Posted 03 January 2018 - 11:27 PM

Did this happen to you today as well, or just recently? I've had something eerily similar happen on Skype in the past, which resulted in me closing an old account and opening a new one instead (in the previous incident, my Skype account sent out alot of goo.gl links to my contacts without me doing so, but other people reported baidu links or other sorts). In that case, though, I don't believe the issue was malware but rather some mass break of Skype accounts on Microsoft's end. In that case, though, no one was infected by malware, but it was just spam instead. For that matter, GroupMe is owned by Skype. To reiterate a previous point, I didn't click on the link, but on the app GroupMe seems to try to pre-render web pages, and that's what has me concerned here. Given that this was on an Android device, though, I'm not even sure if it would become infected it it were meant to do so. I just want to check on here as things like this always leave me stressed out thinking of worst case scenarios, like breaking my phone and then hacking into my email to steal all my accounts information, and so on.



#4 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,528 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:06:10 PM

Posted 07 January 2018 - 02:22 PM

Hello appears to be an Adware...

MiniToolBox
  • Please download MiniToolBox, save it to your desktop and run it.
  • Checkmark the following checkboxes:
    • Flush DNS
    • Report IE Proxy Settings
    • Reset IE Proxy Settings
    • Report FF Proxy Settings
    • Reset FF Proxy Settings
    • List content of Hosts
    • List IP conf[iguration
    • List Winsock Entries
    • List last 10 Event Viewer log
    • List Installed Programs
    • List Users, Partitions and Memory size.
  • Click Go and post the result (Result.txt). A copy of Result.txt will be saved in the same directory the tool is run. Note: When using "Reset FF Proxy Settings" option Firefox should be closed.
SXvL3ZF.pngTDSSKiller
  • Download TDSSKiller and save it to your desktop.
  • Extract (unzip) its contents to your desktop.
  • Open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is required, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory (usually C:\ folder) in the form of TDSSKiller_xxxx_log.txt. Please copy and paste the contents of that file here.
zcMPezJ.pngAdwCleaner
  • Please download AdwCleaner by Xplode and save to your Desktop.
  • Double click on AdwCleaner.exe to run the tool. Vista/Windows 7/8 users right-click and select Run As Administrator
  • Click on the Scan button.
  • AdwCleaner will begin...be patient as the scan may take some time to complete.
  • After the scan has finished, click on the Report button...a logfile (AdwCleaner[R0].txt) will open in Notepad for review.
  • The contents of the log file may be confusing. Unless you see a program name that you know should not be removed, don't worry about it. If you see an entry you want to keep, let me know about it.
  • Copy and paste the contents of that logfile in your next reply.
  • A copy of all logfiles are saved in the C:\AdwCleaner folder which was created when running the tool.
And finally I'd like us to scan your machine with ESET OnlineScan:
  • It is recommended to turn off your antivirus program. Click on the E5rfZI9.png button to see which antivirus is currently enabled:
c4VVzVO.png
  • Turn off your antivirus program. See here how to do this.
  • Check the option beside: Enable detection of potentially unwanted applications.
  • Now click on Advanced Settings and make sure that the option Clean threats automatically is NOT checked, and select the following:
Enable detection of potentially unsafe applications
Enable detection of suspicious applications
Scan archives
Enable Anti-Stealth Technology
  • Click on the Change button and select only Operating memory, Autostart locations and drive C:\ to be scanned.
yKulboi.jpg
  • Push the dtoGjAL.png button.
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
8L8IBHJ.png
  • When the scan completes a list of found threats will open automatically (if any malicious files are found).
imxEgHt.png
  • Push thecRhRYZ8.png button and save the file to your desktop using a unique name, such as ESETScan.txt. Include the contents of this report in your next reply.
  • Push the 9IjfdXq.png button.
  • Check the box beside RHzfZB1.png to uninstall the application when closed.
  • Push Vc3btaC.png and the close the application clicking the X in upper right corner.

How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#5 HighTide1

HighTide1
  • Topic Starter

  • Members
  • 75 posts
  • OFFLINE
  •  
  • Local time:07:10 PM

Posted 07 January 2018 - 05:13 PM

Thanks for getting back to me on this issue. The problem occurred on a Samsung Galaxy S5 Android smartphone, so I don't believe I can run any of the mentioned steps above. So far. I've tried running the ESET and Malwarebytes apps, both of which come up with nothing so far.



#6 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,528 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:06:10 PM

Posted 07 January 2018 - 09:46 PM

You can enable downloading from sites other than the Google Play Store by checking the Unknown Sources checkbox under Security in the Settings folder.

http://www.dummies.com/consumer-electronics/smartphones/samsung-galaxy/how-to-protect-the-samsung-galaxy-s-5-against-malware/


How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#7 HighTide1

HighTide1
  • Topic Starter

  • Members
  • 75 posts
  • OFFLINE
  •  
  • Local time:07:10 PM

Posted 08 January 2018 - 01:42 AM

I'm a bit confused by your previous post, as even enabling application downloads from unknown sources wouldn't allow me to run any of the listed steps. Since this is all on an Android smartphone, I simply can't run an exe, only apk files. I've done the equivalent to the ESET Online Scanner, though, and have run the ESET Google Play app. It detects nothing.

Also, with regards to the issue, I think it was connected to the possible GroupMe spam hack earlier last week. I don't think it was malware that sent the link, but I just want to know what I should check, other than running ESET and MalwareBytes apps, to make sure my device is okay.

#8 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,528 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:06:10 PM

Posted 08 January 2018 - 10:14 AM

Ok, I thought that was the way around it. I have no other ideas. Other than if you can go to Uninstall apps. look for any thing Baidu and uninstall that.. They Have a Baidu browser.

 

 

  • DU Speed Booster.
  • DU Battery Saver.
  • Facemoji Keyboard.
  • Photo Wonder.
  • ES File Explorer.
  • DU Caller.
  • MoboMarket.

How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#9 HighTide1

HighTide1
  • Topic Starter

  • Members
  • 75 posts
  • OFFLINE
  •  
  • Local time:07:10 PM

Posted 08 January 2018 - 06:55 PM

I've looked into my history of installed apps and have gone to the Application Manager, but I can find no trace of the apps you listed. So, other than just running the ESET and MalwareBytes apps on my smartphone, do you think everything is good? My concern was just that, by GroupMe trying to display the page in a little window in the chat, that it would somehow download and install something malicious on my phone, despite me not clicking on the link in question.



#10 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,528 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:06:10 PM

Posted 09 January 2018 - 11:17 AM

It may be a little pop associated to another app ( GroupMe ) perhaps.. Last item look in your Browsers Addons for something. I don't think its infection.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users