[Q] malware in ROM download - Thinkpad Tablet General

Hi
Today i downloaded a ICS ROM from a link here in the xda-forum. As i started to extract the zip my avira antivirus screams that there is a Trojan.
it says that the linv3p.dll is the trojan tr/atraps.gen and i had to move it into quarantine.
could that be? And what can i do if this is a mistake of the antivir programm?
All the other people seems not to have this problem.
thx
friedolino

All roms have some kind of a virus that isnt a virus. Even for other devices but thats only detected harmful to the computer im not sure but i can tell you that it wont effect the phone at all.
Sent from the phone of Gamers

This is called a false positive. If it were malware, it would probably be targeting your computer as opposed to your Android device. As I am doubting Avira isn't scanning for Linux/Android threats.

ok. thank you.
then it seems i have to deactivate my antivir cause it don't let me do anything with this file.

I've made it a habit to turn off antivirus when flashing anything thru odin/adb.

Related

VIRUS CHECKER

Can anyone recommend a good virus checker for the XDA 1?
Thank you.
as far as i was aware you dont need one due to the fact that there are very few virus's written for windows pocket pc. could be wrong though
Try this: http://airscanner.com/downloads/av/av.html

[Q] HSPL file AVG Virus Report

Hello
Self confessed Noob here.
Have been looking at flashing my 512MB HTC HD2 Leo Win Mobile 6.5 phone to Android Jelly Bean (probably PACman). Have read many of the threads and viewed YouTube videos and it seems clear enough, once I have backed up the phone data.
However, one issue I would like clarification on please.
I believe I need to start with HSPL2.08 for the Boot Loader (from the HSPL4 file), but my AVG Virus checker doesn't like this file and deletes it/'cleans up' the alleged infection. AVG reports a Win32 type virus. Have downloaded the file from XDA and elsewhere, but it always seems to report a virus.
Is this a false report or do I have to just use it and clean the PC after using the file?
Many thanks for any assistance
knotlob
Knotlob said:
I believe I need to start with HSPL2.08 for the Boot Loader (from the HSPL4 file), but my AVG Virus checker doesn't like this file and deletes it/'cleans up' the alleged infection. AVG reports a Win32 type virus. Have downloaded the file from XDA and elsewhere, but it always seems to report a virus.
Is this a false report or do I have to just use it and clean the PC after using the file?
Many thanks for any assistance
knotlob
Click to expand...
Click to collapse
if the file you downloaded wasn'treported by someone else, then you can say screw AVG and continue what you're doing
I had the same sort of thing with Norton and an RUU recently, I sent a link to the file to Norton and within a day or so they sent me an email back saying the file was clean and that they would update their database. I don't think antiviruses are keen on .exe files, and err on the side of caution. If you are the cautious type too, you could do the same as above

All-In-One Tool got malware in it?

I'm new here coming over from an HTC phone. Now have the Verizon Samsung Galaxy S5. I wanted to use Sharpie603's All-In-One Tool, but Norton Anti-Virus keeps removing the .exe file after I extract it. Says it has malware. I wanted to post at Sharpie603's thread, but I haven't been around in this forum long enough to post in dev threads. So I'm putting this here. Hopefully, someone can pass this on to him. I hope it gets fixed soon. Thanks to anyone who can help.
Android to my knowledge doesnt use .exe files. I think Norton does a right job if the exe file came through an illegal download/download manager
Sent from my SM-G900F using XDA Premium 4 mobile app
BatCavedIn said:
I'm new here coming over from an HTC phone. Now have the Verizon Samsung Galaxy S5. I wanted to use Sharpie603's All-In-One Tool, but Norton Anti-Virus keeps removing the .exe file after I extract it. Says it has malware. I wanted to post at Sharpie603's thread, but I haven't been around in this forum long enough to post in dev threads. So I'm putting this here. Hopefully, someone can pass this on to him. I hope it gets fixed soon. Thanks to anyone who can help.
Click to expand...
Click to collapse
Just turn off your protection when downloading/extracting the file because it does not have malware. Norton is just being overly cautious as is the case too many times.
thkroes said:
Android to my knowledge doesnt use .exe files. I think Norton does a right job if the exe file came through an illegal download/download manager
Sent from my SM-G900F using XDA Premium 4 mobile app
Click to expand...
Click to collapse
The toolkit is a program that runs in the Windows environment to automate a lot of tasks for a new-ish user. It does not run on Android itself. And the file isn't illegal or anything like that.
It is the Towelroot application that trips the antimalware due to the fact that it is an exploit. It is safe to run.
DarkMidnight said:
It is the Towelroot application that trips the antimalware due to the fact that it is an exploit. It is safe to run.
Click to expand...
Click to collapse
It's a Trojan more like. Does what it is designed to do, and no more. Once rooted, remove TowelRoot.apk
got a note from Sharpie603
BatCavedIn said:
I'm new here coming over from an HTC phone. Now have the Verizon Samsung Galaxy S5. I wanted to use Sharpie603's All-In-One Tool, but Norton Anti-Virus keeps removing the .exe file after I extract it. Says it has malware. I wanted to post at Sharpie603's thread, but I haven't been around in this forum long enough to post in dev threads. So I'm putting this here. Hopefully, someone can pass this on to him. I hope it gets fixed soon. Thanks to anyone who can help.
Click to expand...
Click to collapse
got a note from Sharpie603 =
The toolkit has a number of phone hacking programs (towel root, SuperSU, and busy box) that yes, some anti virus applications flag a malicious. I can assure you there is no malware in this tool. Also, the way I converted the. Bat file to a. Exe can sometimes be flagged as well because its not a signed executable application by Microsoft. You got nothing to be worried about my friend. Here to help, not infect.
Thank you all for your comments
final solution
BatCavedIn said:
got a note from Sharpie603 =
The toolkit has a number of phone hacking programs (towel root, SuperSU, and busy box) that yes, some anti virus applications flag a malicious. I can assure you there is no malware in this tool. Also, the way I converted the. Bat file to a. Exe can sometimes be flagged as well because its not a signed executable application by Microsoft. You got nothing to be worried about my friend. Here to help, not infect.
Thank you all for your comments
Click to expand...
Click to collapse
Got Toolkit working with Norton Antivirus turned off.
For a more permanent fix:
Opened Norton 360 Antivirus section and went to settings then "scans and risks" tab. Configured "Exclusions/Low Risks" section to ignore the Toolkit (extracted) folder in both "Items to Exclude from Scans" and "Items to Exclude from Auto-Protect, SONAR and Download Intelligence Detection"
Now Norton does not auto delete the toolkit.exe file.

[Q] spy virus in tab

hey friends I have iball 3G 7271HD70, and I installed kespersky antivirus that shows me that android os has been hacked and shows a spy virus I have formatted and reflashed two times but it still shows the same after fresh installation.When I format there are two options one auto second manual, but for manual sp flash tool shows a warning that -if starting address is 0x00000000 then calibration data will be erased is this data important and How to remove this virus permanently.
Manoj Sehgal said:
hey friends I have iball 3G 7271HD70, and I installed kespersky antivirus that shows me that android os has been hacked and shows a spy virus I have formatted and reflashed two times but it still shows the same after fresh installation.When I format there are two options one auto second manual, but for manual sp flash tool shows a warning that -if starting address is 0x00000000 then calibration data will be erased is this data important and How to remove this virus permanently.
Click to expand...
Click to collapse
uninstall the kespersky app, then forget about it. those android antivirus apps are worthless, all of them. as i have known many android users that kespersky found viruses on.. but none of their devices actually had a virus. those apps are pure junk.

Adware warning Lgroot tool.

Be very careful when downloading the new lg root app. When you are taken to the hosting website you have 2 choices "download" and "download now". I mistakenly clicked "download" and i am in an adware removal marathon. Not sure how i feel about this.
Edit: Officially *******d off!
Edit2: Installs malware too. May have to nuke my computer.
Sent from my VS986 using XDA Free mobile app
Yeah I nearly made that mistake too. As it was installing, I got a bad feeling and stopped the installation process halfway. Seems okay, but yeah - it's a zip file with no installation necessary. So if you find yourself installing stuff, then you clicked wrong.
Sent from my LG-H815 using Tapatalk
Yea, I did that initially and finally got rid of all the adware. That **** was annoying.
Where is the root tool? This make it so you don't have to do it all manually I take it?
In the original android development section.
Sent from my VS986 using XDA Free mobile app
Yeah I did that too, but when I extracted the zip it was just an exe called "LG G4 Root", and did not contain the send_command and adb files the OP talked about, plus BitDefender threw warnings at me.
gsxcorey said:
Where is the root tool? This make it so you don't have to do it all manually I take it?
Click to expand...
Click to collapse
It's part of the manual root process.
It happened to me too. Download malwarebytes and it will stop the installation of more malware and it will completely remove all the crap that got installed in the first place
DITTO
AVAST went nuts and killed most of them and a registry watchdog caught one trying to write an auto start on boot. I hate download sites.
I can tell you that as soon as DEV Host sold themselves out with that CRAP download button ****t, I made sure i never visit their site again! That's the worst thing a company can do to make a few bucks and I loath any company that does not care about their traffic like DEV host has done. Plenty other legit sites to get that root tool and/or just use decent Antivirus/anti-malware tools and that download button won't even show up, nor will it allow ANY type of installs or changes to your registry.
On those download websites, I always look at the link first to see where it's going to take me before I click on it. If you look, the "Download Now" button takes you to a URL with the correct file in it.
I tried downloading it a few times and kept getting the .exe file, so I decided to download it in a VM and take a snapshot before running it.
I ended up not actually getting the .zip file from the executable even when it went through the motions, then I noticed someone saying to use the "download now" button instead.
dlscott1111 said:
Be very careful when downloading the new lg root app. When you are taken to the hosting website you have 2 choices "download" and "download now". I mistakenly clicked "download" and i am in an adware removal marathon. Not sure how i feel about this.
Edit: Officially *******d off!
Edit2: Installs malware too. May have to nuke my computer.
Sent from my VS986 using XDA Free mobile app
Click to expand...
Click to collapse
I noticed the first link was named .jre microsoft security caught it when download finished. That host is always like that with the fake links.
Malwarebites saved me but my system files got damaged ended up having to reinstall windows sadly.
Sent from my LG-H811 using Tapatalk
Go Offline. Use another PC to download ComboFix to a USB drive. Boot affected PC into safe mode (offline), run Combo Fix. Boot into normal mode, and rerun ComboFix.
Install SpyBot and do its immunity. It adds like 800,000 known bad sites to a HOSTS files redirect (blocks).
ComboFix:
http://www.bleepingcomputer.com/download/combofix/dl/12/
the_scotsman said:
On those download websites, I always look at the link first to see where it's going to take me before I click on it. If you look, the "Download Now" button takes you to a URL with the correct file in it.
Click to expand...
Click to collapse
Common sense, you have it.
Seems others in this thread simply don't. The file that had to be downloaded was a 4+GB file that was compressed (tar.gz), not an exe. I really don't understand the confusion here.
munkypoo7 said:
Common sense, you have it.
Seems others in this thread simply don't. The file that had to be downloaded was a 4+GB file that was compressed (tar.gz), not an exe. I really don't understand the confusion here.
Click to expand...
Click to collapse
Usually i am pretty Good at avoiding malware. May have seemed like common sense but it got me. I think i made the assumption that the file was necessary for something because of how it was named.
Sent from my VS986 using XDA Free mobile app
What got me was that the instructions said to use the send_command file from the LG root zip, when I extracted it and only saw a single exe I knew something was wrong.
Got me too. I terminated the process when it occurred to me that nowhere in the root instructions did it say to run anything hopefully there's not something lurking that got plopped in there before I quit it.
Mine didn't even unzip. I didn't have any issues downloading and my PC didn't yell at me but when I tried to unzip the file 7Zip kept telling me the file wasn't a valid archive. I ended up getting the send_commands elsewhere.
Also, to the guy who listed ComboFix above....you sir know what you're doing . I came across ComboFix years ago I was working as a desktop support tech and that's my first GoTo app for virus/malware cleanup. If it doesn't find it, nothing will.
munkypoo7 said:
Common sense, you have it.
Seems others in this thread simply don't. The file that had to be downloaded was a 4+GB file that was compressed (tar.gz), not an exe. I really don't understand the confusion here.
Click to expand...
Click to collapse
No this is the to, which is linked from another thread not the image and it nearly got me too. Luckily in size to Dev hosts terrible site. Have requested the op post an antennae link for the tools.

Categories

Resources