Jump to content
Posted 21 November 2018 - 02:15 PM
Posted 22 November 2018 - 11:05 PM
It's hard to determine if your phone has or hasn't been compromised just through a help forum.
But if you do suspect this issue is more than just some pop-up crap:
-- Go into your Settings >> Apps menu, locate the Facebook app entry and open it. Now tap on the 'Force stop' button, then go into 'Storage' and tap on the 'Clear data' button. This wipes all the app's settings and configuration data, and its cache, essentially returning it to its original, first-time used status. Reboot your phone.
-- You mentioned having Eset installed so do a full manual scan and while that's going on log into your Facebook account on a trusted PC and change your account password. If you don't have two-factor login enabled give some serious thought into enabling it.
-- Hopefully if the Eset scan does find anything it will be able to take of the problem but another utility to try is Malwarebytes. Either way, start up the Facebook app and you'll have to re-enter your user name and your new password since had earlier wiped the Facebook app settings. (If you made any changes to the app's settings menu you'll have to re-do those too.)
-- Or another option, if you're not a heavy Facebook user, is to avoid using the Facebook app entirely and just use your phone's web browser app to log into your Facebook account.
Posted 26 November 2018 - 05:34 PM
Posted 27 November 2018 - 04:44 PM
Still wondering if the Facebook app is the source of the problem, or if it's just being affected by some bigger problem. I'd still strongly recommend you at least reset your password. If you check your FB Activity Log does it reveal anything that doesn't seem to be directly related to your usage?
Regarding your phone, if you have all those anti-virus/anti-malware apps concurrently installed that's going to have a direct affect on general performance. Better to rely on one of them, or not even have one installed at all -- while there are now countless exploits and compromises for all of us to worry about, there still isn't an actual Android 'virus' on record. Filtering out all the references to any problem being tied to a 'virus' will make it easier to diagnose what is actually going on.
Another very significant issue to keep in mind is all of those anti-virus apps you tried will have to be installed as typical, general user apps. On your J7 the phone's internal storage is divided into several partitions, with most of them being dedicated only to the operating system and only one being a general user data partition. You only have free, unfettered access to that user data partition, with only very limited access to any of those OS partitions (unless you root your device). And that's the most important aspect, an Android a/v utility will only have full access to that data partition, and will only have read-only at best access to any of the those permission-protected system partitions. So when there is an actual 'virus' that resides on your data partition, than one of those a/v utilities should be able to find and hopefully fix the problem. But there are some exploits now that are able to install themselves into the operating system itself. In this instance an Android a/v utility, having only user-only permissions, won't have read/write access to the installed OS itself. The most common solution in this case is to just re-flash the stock ROM, essentially replacing the OS with a clean one. But that's a last-resort option and it's still not definitive what the source of the problems actually are.
Try doing some basic maintenance on your phone to see if that makes any improvement.
-- Uninstall any apps you just don't use or need. And when you do an uninstall, don't just use that 'Uninstall' button. When you're removing an app go into 'Storage' and tap on that 'Clear data' button before tapping on 'Uninstall'. This will more likely result in clear off all that apps data from your phone. When you use just the 'Uninstall' button, that often leaves any settings/configuration files behind. (More often than not, when just use 'Uninstall', if you later decide to re-install that same app, it will just pick up the previously left-behind settings/configuration data so you don't even need to re-enter things like your user name/password). For those pre-installed apps, you won't be able to uninstall them, but most you can at least disable them. Taking steps to have less active processes you have running in the background, this frees up system resources for things you do want to have active.
Another thing to look into is Battery Optimization feature that's already a part of Nougat, Android's integral power and memory management gets better with each version. Check your Settings >> Battery menu and be sure its enabled and set your apps accordingly.
-- Go into your phone's Settings >> Storage menu, find the app's cached data option and wipe them. Generally you just leave app caches alone, any app relies on its own cache to function so when you wipe them they just get rebuilt the next time you use the app. But just doing occasional maintenance and clean up, wiping them at least eliminates a possibility -- i.e. a lot of browser based pop-ups and crap can be cleared by wiping the browser app's cache.
-- Try wiping the system cache partition too. The system cache has its own dedicated partition and to clear it you need to restart your J7 into its Recovery Mode. Also, the system cache is completely separate from the user data partition so none of your saved data will be affected. Anyway, to get into Recovery Mode you need to power off your phone, then start it up while simultaneously holding down the Volume Up, the Home, and the Power buttons. Once its running in Recovery Mode it'll be in a text-only interface so you need to use the indicated (on the screen at the bottom) to navigate through the different menus. See here for more a more detailed guide:
The actual wiping process only takes a few seconds, and it's generally a good thing to do especially after something like applying an OTA system upgrade. (Also note that all cache files are basically just temp files -- necessary but not vital. Anything 'permanent' won't be stored in a cache.)
-- If you do decide to do a Factory Reset, be sure to back up all your saved data first. Install Samsung's 'Smart Switch' utility on a computer to do a full backup of your phone, then use its restore function on restore your files after the Reset.
Something to keep in mind is doing a Factory Reset will NOT fix something like an exploit that has infected the operating system. Again, a compromised Android OS will have to be flashed over with a new, clean ROM. All a Factory Reset does is wipe that general user data partition. It does not affect any of those system partitions. It's an unfortunate but common misconception that a Factory Reset will wipe the phone's entire storage media clean, but that's jut not true. Doing a Reset on a rooted phone won't return it back to its original non-rooted state, nor will a Reset return a phone that's been upgraded with Nougat back to its original Marshmallow. The phone's OS will remain the same as it was after a Reset as it was before the Reset, it cannot delete the running operating system and magically reinstall a clean, new one. (Phones running Oreo and above have a different partitioning scheme that involves more modularity where the base Android OS is its own entity and the carriers and manufacturers having access to other inter-related but system partitions. But this is a fundamental change in the file structure so it applies only to phones initially set up this way, not for phone's getting OTA version upgrades.)
But the bottom line is, if there actually is some kind of exploit on your phone (that's still to be determined) than if it's in your data partition a Factory Reset will fix that. If it's in the OS however, that requires flashing the ROM, a more involved task.
Posted 27 November 2018 - 10:21 PM
Posted 29 November 2018 - 12:12 AM
Once I reset my password, should I not log back in on the device with the issues?
Well depending on how many shortcuts you take, you may or may not have to. However if you did a) 'clean' the Facebook app and reset your password on another device or computer than you would have no choice but to re-enter your user name and new password.
..... seems like it isn't as effective as it is on Windows OS. Hypothetically, saying there is some kind of exploit on my OS running malicious software, and it got through a security hole, how can I detect it if a/v can't? Like I can do a clean OS install, or even get a new device, but I would have to be sort of sure that the OS is compromised. What should be my next step here? If an exploit or malicious process was rooted to the OS, would I be able to see it in the list of system apps through settings? I know I wouldn't be able to uninstall any of them until I rooted, but as far as detection goes...would that help? Or is it that all processes running on system aren't visible until the device is roote
It's a different situation completely. With Windows, out of the box a general user is running with administrative privileges, a somewhat backwards practice that's a long-standing and much debated security issue. When you get an Android device, the default user account is always a restrictive-privilege account. To get root access, you have to do so intentionally. It's not that something like an a/v utility is more or less effective one way or the other, it's the underlying issues involved with two different platforms that have contrasting user scenarios. (If you were running your Win PC in a non-admin account and you could get an a/v utility to even run without admin privileges, it wouldn't be able to do squat on the base Windows OS either.)
But getting back to your phone, if the OS is compromised (that's still to be determined as this tends to sound more like a Facebook account issue and not necessarily a phone issue) one of those utilities you tried will often be able to detect such problems but it 'might' but probably cannot actually fix them. And its still a matter where most Android malware issues are still But the most prudent thing to do is flash your phone with its stock ROM. Flashing a ROM is essentially the same as using a Restore disc/image on a Win PC, the OS gets overwritten with a 'clean' copy. Flashing a stock ROM does not require you to root your phone either, rooting is only required when you're going to use a custom, third-party ROM (i.e. Lineage). It's also important you use a ROM that matches your exact model I.D. and your carrier. Don't just use any ROM, that could soft-brick your phone or at best result in a quirky stability and loss of some features. Go here and search for your model (a J7 Prime should be something like SM-G610x with the x varying to identify your locale and/or carrier):
For more details on the actual flashing process:
Posted 29 November 2018 - 01:05 AM
Posted 30 November 2018 - 01:56 AM
I understand. Well, I'm taking the phone to a person I know who works in the security field, just so he can take a look at it, but honestly, it doesn't seem like if something was running in the system partition, he would be able to do or detect anything either unless he rooted or used something like adb, so...If I want peace of mind, without rooting or anything, I'll just have to go for a clean install. It's easier that way.
I have two questions regarding the clean install and the backup that I have to perform.
1) I'm backing up my data to Google Drive and a Usb drive, don't have access to a computer at the moment. However, due to the in-built auto backup feature that android 7 has or something else, when I plug in my usb via OTG cable, not just the personal data I am copying, but several app files (system ones too), like com.kmsfree (kaspersky's files), com.sec.android.gallery (I'm guessing my device's inbuilt gallery app), .nomedia, LOST.Dir, com.android.systemui, basically everything that's inside the Android > data folders visible in my Internal storage and SD card, just automatically get loaded onto the USB. Obviously I do not want to copy the app files, because I have no use for them, after the clean install, I'm just going to get the apps off of playstore again, but as of now, I haven't been able to stop this auto backing up. I'm worried that if I do have something malicious on the system, it might get backed up on the drive this way too, and thus when restoring the data back to my clean device, I'll just cause reinfection and back to square one. Even in Google drive, I have backups of App Data and call logs and default wallpapers and whatnot, and they all got backed up automatically, and will probably get restored automatically too. How can I either stop this auto backup, or at least stop the automatic restoration? I definitely do not want to restore anything related to the old OS, don't want to risk reinfection. I have tried in vain to find a solution online, trying for a couple days now since I thought I'd do a factory reset. Are my worries justified?
2) I realize once I flash the ROM, I'll lose all OTA system upgrades I've received and go back to the original OS my device came with at the time of purchase. But my device is old, so is my old OS version, and I have received several security patches, including a very recent upgrade to Android Oreo, and I'll lose all of that. Which then is a different kind of security issue, outdated software with lots of vulnerabilities. Will I be able to receive or reinstall the recent system upgrades again after the original OS is installed? I understand I can't just install Oreo on my phone because that's not the original one, but after the installation, will there be any way to get the security patches Samsung has issued once again?
1) Are you referring to the backup and restore option in your phone's Settings menu? If so, that's in no way any kind of comprehensive, full backup solution. All that menu option refers to is limited to only your settings preferences and the data from Google related apps and services. That stuff that's getting backed online in your Google account, and that's only what gets automatically transferred around. All your saved data (documents, photos, videos, music, etc.) is NOT a part of that. It's your responsibility to set up a real backup solution for your data. It's unfortunate you don't have access to a computer, using Smart Switch would make it much easier to backup and then restore. Doing it manually is a lot more involved, especially since it involves multiple services. One last point to keep in mind -- using Odin properly (follow documented instructions as is) you should be able to flash a stock ROM without losing your saved data. The ROM gets written into the system partitions, and the user data partition is just left untouched. (Note there is a 're-partition' check-box setting in Odin's config window -- always make sure that's not enabled.)
2) If you go to that updato page and there's more than one ROM that corresponds with the same model/carrier phone, that's often because there's newer, updated and older ROMs. The newer-dated maybe or maybe not having all the security patches depending on their creation date. Typically you want choose the newest-dated one to flash with. Then just let your phone receive and apply any OTA patches as needed. It's an official, stock ROM that you flashed, your carrier will pass along those security patches the same way as before. (If you were to use a custom ROM however, that's when the carrier updates don't apply, you'll get those from the ROM developer. Or if you just root your phone and leave it running its stock ROM, at that point you'll also have problems applying OTA updates from your carrier.)
Posted 30 November 2018 - 09:49 PM
Posted 02 December 2018 - 02:32 PM
Well in the event your phone does get 'infected' somehow, it's always a matter where there's a possibility something has compromised a file that you backup. So the more you backup (everything you can see as opposed to just your relevant data), this 'could' increase the chance of re-infecting your phone when you restore from your backup. It's a good practice to always scan your backup with a good a/v utility just for posterity if anything.
But I'd focus more on backing up just your personal files, relevant app data since any incidentals like those miscellaneous files and directories you listed aren't that vital anyway -- you can continue manually backing them up but you're going to waste a lot of time actually manually restoring them. Those will be re-created by the OS and/or when you reinstall your apps.
Posted 06 December 2018 - 03:32 AM
Posted 06 December 2018 - 01:25 PM
I was wondering, is there a autorun/autoplay feature for external drives in android like in Windows? Like, in Windows, you can get infected just by plugging in an infected drive due to its in-built autorun feature. Does that kind of thing happen for Android too, where you can get infected just by plugging in a drive? That way I can disable this feature and stop any reinfection from these system files when I plug in the usb to my clean phone, but I'm not sure such a feature actually exists on Android OS.
The Windows operating system and the Android operating system are very different so no. When it involves your example, something like a malicious .exe file hidden in a USB drive cannot do anything when you mount the drive on your Android device, neither automatically nor even if you attempt to manually execute it. But there are other issues involved with USB itself so you do need to at least be wary:
and it needs to be noted that any anti-virus utility you might be using isn't going to be able to fix something like a firmware exploit, nor will formatting the drive. Those are things you'd being doing at the operating system level, the firmware however is at a lower, fundamental level.
Plus there are other issues that are at the OS level:
the issue being even when newer versions of the Linux kernel are available, the number of Android devices running one of them is even less than those running the latest version of Android.
A lot of these issues are more about possibilities so it's not a matter where you should be freaking out about them, it's just that awareness is important.
0 members, 0 guests, 0 anonymous users