Stock ROM? Malware persists after factory reset. - Moto G5 Plus Questions & Answers

Somehow I have received malware on my stock, untouched G5 plus. I've performed a wipe of user data and performed factory reset from the boot option (power and volume key at startup) Still, the malware exists and redirects webpages to pop-ups even with fresh install.
Does anyone have an untouched factory ROM, that will receive all OTA updates ? Lenovo will not provide! Help very much appreciated.

https://forum.xda-developers.com/g5-plus/how-to/stock-firmware-npn25-137-67-5-fastboot-t3694738 here

vantastic415 said:
Somehow I have received malware on my stock, untouched G5 plus. I've performed a wipe of user data and performed factory reset from the boot option (power and volume key at startup) Still, the malware exists and redirects webpages to pop-ups even with fresh install.
Does anyone have an untouched factory ROM, that will receive all OTA updates ? Lenovo will not provide! Help very much appreciated.
Click to expand...
Click to collapse
If you have a stock, untouched Moto G5 then there is something else going on... It is not possible for malware to infect the system after a factory reset, unless it is coming from an app you are reinstalling or your SD card.

acejavelin said:
If you have a stock, untouched Moto G5 then there is something else going on... It is not possible for malware to infect the system after a factory reset, unless it is coming from an app you are reinstalling or your SD card.
Click to expand...
Click to collapse
That's not quite true. There have been a number of vulnerabilities (like the Dirty Cow one) that can be used to get root, and then cause havoc on your system. In general, if you just get regular apps from the Play Store you'll be fine, but if you get external sources, who the hell knows.
You might want to contact Motorola support and see if they have steps. I would think flashing the stock rom would solve it.

I also didn't believe this to be possible, but unfortunately that's the situation.
I barely even install apps on my phone, or use my phone for much. I'm one of those weird people that stay largely disconnected from tech. I have whatsapp, color note, good budget, swype, and Amazon music. That's it. All from the play store.
The virus had to originate from the web. Occasionally I click on ads or "news" with interesting looking content. You know, the sort with 20 pages to click through and ads everywhere. I know better, but that's where it came from.
First virus in 31 years of computing. I guess now I get to learn about rooting Android and flashing ROMs. :good:
Thank you for the replies and link to a clean ROM. Very appreciated!
Edit: No SD card in the phone, and I've factory reset from within Android, and during boot. Erase cache, data, everything. Virus persists. =( oh well, no biggie now.

You have not got the dodgy whatsapp, should be removed from playstore now, but that was a advertising machine.

Perhaps I'm not understanding. In the provided link I don't see many ROM, just 4.
I have the standard G5 Plus (non Amazon) on T-Mobile. Model: XT1687. Build number NPN25.137-83. Any idea where I could get a stock ROM for this and get my phone back to virus free?
I've searched but can only come up with a TWRP flashable ROM, and I've no idea what TWRP means, but I see that for some reason it doesn't receive OTA updates, so that's unfortunately a no-go.
Thanks so much for the help! You all rock.

vantastic415 said:
Perhaps I'm not understanding. In the provided link I don't see many ROM, just 4.
I have the standard G5 Plus (non Amazon) on T-Mobile. Model: XT1687. Build number NPN25.137-83. Any idea where I could get a stock ROM for this and get my phone back to virus free?
I've searched but can only come up with a TWRP flashable ROM, and I've no idea what TWRP means, but I see that for some reason it doesn't receive OTA updates, so that's unfortunately a no-go.
Thanks so much for the help! You all rock.
Click to expand...
Click to collapse
If your phone is stock and with a locked bootloader, you need to contact Lenovo/Moto customer support and send it in for repair or replacement.
If your bootloader is unlocked, your warranty is void and you might as well learn about TWRP, root, and flashing ROMs.

The possibility of someone to code a virus that persists through complete flashing of the stock rom is not very likely... When you flash stock rom (correctly, via fastboot) you are completely wiping your phone and either erasing (formatting) each partition or flashing that partition back to its original factory image. If you are experiencing webpage redirects after flashing, it is far more likely that you are connecting to a network that has been in some way compromised. It is not uncommon for malware to redirect traffic in a network, and trivial to implement such redirections if you have privileged access. Think about how a business/hotel WiFi network redirects all traffic to their login page when you try to connect to a website. Just my 2 cents, but it's highly unlikely that someone targeted you with such a specific, sophisticated virus that it somehow found a way to survive when the entire phone is flashed, only to redirect you to ad sites.
---------- Post added at 06:15 AM ---------- Previous post was at 06:11 AM ----------
As for flashing, if you really want to return to stock you should relash stock images with fastboot instead of Twrp images. This will COMPLETELY wipe your device (user data, etc). When I read your first post I had thought you had already done this. If not, it should fix your problem. Here is a guide with links to firmware images: https://forum.xda-developers.com/g5-plus/how-to/stock-firmware-npn25-137-67-5-fastboot-t3694738

Related

[Q] Evo and Metro- oil and water?

Hi there, new guy here. Last week I bought an evo from a guy and that same guy flashed over the evo to metro for me. So just like a lot of people here I am having some problems and I'm also looking for some advice.
First of all I don't know what rom he used... I know that I have superuser on the phone. The version of phone I have I believe I have is 2.2 (?)
Is superuser a flash, root, or rom? How would I find out which root I have? He didn't mention it to me. All he said was don't download any apps that require "superuser permissions"
Here is what is working-sms, youtube app, wifi, internet w/ and w/o wifi, market, email, gmail and yahoo, receive photos
And here is what is not - voicemail notification, mms, can't send photos, gps forces the phone to reset many times, so navigator/ maps causes reset. Not to mention that the phone will reset several times throughout every other day. Also getting the data error.
Called the guy and he said that he would reflash the evo for free this time. He also suggested doing a factory reset, that might fix the constant resetting I am having. I read online that some task manager apps can cause the phone to reset when gps is on.
Any help in all of the above is appreciated. Should I have him reflash it? Should I attempt this myself? Not knowing what rom I have right now is the hardest part for me right now.
Again thanks for the help.
ROM info is in the settings/about phone/software
To factory reset: settings/sd & phone storage
Superuser just let you give an app permission to access root or block it.
I would do the factory reset if your having reboots. More ROM info would probably help us out with your problem.
http://forum.xda-developers.com/showthread.php?t=795182
Im not 100% sure of.metro.pcs hack or wtv that they do for the Evo but that rom.has everything working download the metrodroid (latest version ) , put it in your sd card , go to recovery mode and wipe , data, dalvik, cache (this will erase all your data ) and then go to.choose flash zip, look for the zip flash and hopefully the works, root ia only one it should be fully root to run it in metro pcs and I recommend you to read different topics about what root is, have fun
Sent from my PC36100 using Tapatalk
phatmanxxl said:
ROM info is in the settings/about phone/software
To factory reset: settings/sd & phone storage
Superuser just let you give an app permission to access root or block it.
I would do the factory reset if your having reboots. More ROM info would probably help us out with your problem.
Click to expand...
Click to collapse
ok thank you. I just did what you stated and found out that my rom is bugless beast to0Mod V0.1
Any other info is appreciated, I am thinking about installing the metrodroid rom like jgalan suggested however I am plum terrified about bricking my phone. As I have never done anything like this on a phone. Only xboxs etc.
Does anyone out there know about this romthat I have If it's truly V0.1 I'm assuming its hellllla old, but I dunno. Thanks again for all of the input.
One last question how full proof is the metrodroid rom? I was doing some reading about people still having issue with stuff that I already have working currently (sms, web etc). I just don't want to open another can of worms if I can avoid it. Thanks again.

[Q] Did I f* up my Play?

Hey guys. I hate making my first post a really noobie question but here it goes.
I just updated my rooted Xperia Play to 2.3.3 and it erased and/or re-wrote all of my system apps. I stupidly converted some of my downloaded apps into system apps using Titanium (because system apps turn red on the list. It helped me quickly figure out what was external and what was internal. Stupid, yes, and more trouble then it was actually worth.) so those apps were lost. Didn't matter, I had backups but I lost my root so I couldn't access them.
Forgetting what I used to root my phone originally I decided to use z4root after reading about it somewhere. The site I got it from is usually trust worthy but when I downloaded the file my OfficeScan (its a school bought computer) warned me of a potential virus threat. I wrote it off as just the pop-up ad and un-zipped and transferred the file to my phone. I still am not sure if it was a virus or not... Running z4root it got up to "acquiring shell root..." or something like that before kicking me back to the home screen with no change. I, again, stupidly, re-ran it several times without rebooting between each attempt. Giving up I then realized to reboot. Strangely rebooting was A LOT faster then it was usually is and I don't know if that was z4 or 2.3.3.
Anyway I remembered that I used Gingerbreak last time and re-installed that. I made several attempts with that with no change either. Too many to count, but at least more than 8. Several attempts I got a call or a text and, checking them, ended the process. 2 attempts I left running for about half an hour (I know that the instructions say it will never take more then 10 minutes) and some I ended with a battery pull after more then 10mins(as per instruction).
So I guess I have several questions:
1. How bad did I f* up, If I did so?
2. Any suggestions on how to re-root/fix it?
3. Will switching to an empty SD card, successfully rooting it, and switching back to the full card still keep the root?
4. Does an in phone factory reset work the same as flashing the same rom or will I need to actually flash that new rom?
5. If I do need to flash, where can I find a regular Play rom? Or do you have suggestions about a better rom?
6. Is the fast reboot the work of the half done, possibly a virus, z4root process or just the 2.3.3 update?
7.Lastly Was this tl and you ;dr?
Normally, I wouldn't care if there was no fix; My phone boots much faster, I didn't lose all my apps and only some apps launch a little slower then before. But I made tons of progress on Zenonia 2 and I want my back ups for that... lol.
Any help appreciated. Also thanks for putting up with a noob that's writing way to formally
1. Messing with the system apps, and not backing them up probably caused you to not have an OTA update. I'm guessing you flashed it? Not restoring anything and not doing an OTA was mistake number one. Trying to use z4root was mistake number 2.
2. Get the generic UK firmware from here http://forum.xda-developers.com/showthread.php?t=1097591
-Flash that with Bin4ry and Androxhyde's flashtool
-Put in your carrier's APN settings, configure your google account, wifi etc. etc.
-Get Gingerbreak 1.2, run it(I used Astro to open the apk, and you need uunknown sources enabled).
Gingerbreak only worked for me when I formatted an SD card right before running it. I used a spare that was lying around, not the usual one with all my data, and I suggest you do the same if you kept your titanium backups. Hopefully you'll get rooted after about 3-5 minutes. Do not mess with any apps/bloatware after you have the root.
-After you have root, go into the settings menu and start an OTA update.
You should now have 2.3.3 WITH root.
-Once the phone is updated, install Titanium Backup and start backing up your old apps from before you messed up the phone and lost root.
-At this point feel free to remove the bloatware, but make sure you back it up in titanium for later.
3. Switching SD cards won't affect root at all.
4. A factory reset will reset whatever ROM was installed last. In other words, you can't revert back to 2.3.2 with a reset, it'll just reset 2.3.3 - It's really just for wiping data and settings.
5.The regular play ROM is the UK generic I posted above. The only "better" roms are customs that you need an unlocked bootloader to install. Currently they're still buggy and in development and not worth getting unless you like incomplete ROMs with bugs, and wanna lose the ability to update normally. Both OTA updates and the Sony Ericsson Update Service will brick your phone once the bootloader's unlocked.
6. My phone was booting a bit faster after updating to 2.3.3, and became even faster after removing some bloatware.
-Root doesn't speed up the boot process.
-I highly doubt an Android phone would have a virus that makes it boot faster, it's probably just from the update.
7. No, it wasn't. No, I didn't.
Thanks for the (semi-)quick response. Been browsing around the web with this tab open, constantly refreshing like a creep. I'll try your advice soon but its like 3am, just wanted to say thanks and love your Stocking pic.
Btw is there a difference between A US, UK or CAN rom or do those even exist?
The only real differences are carrier specific apps, and some versions have different games installed.
Sent from my R800
Seems like I was to late to flash and the link to the rom you gave me may have been updated to 2.3.3 as well. I was looking for a Canada/Rodgers rom anyway but the forum search isn't turning up anything and google seems to hate me...
Help anyone?
The link was for 2.3.2 in the generic.
The only rogers rom available is for 2.3.3 so you won't be getting root without an unlocked bootloader with that one.
Just follow the directions and it should be fine.
The rogers apps are available in the android market separately.
Sent from my R800

S7 Edge - Unfortunately, <app> has stopped.

Hi all,
First time poster, so please excuse me if this is not the correct section.
I got the S7 Edge, absolutely love the thing. As a semi-experienced smartphone user, i have used a load of devices, and this one is my favourite!
Unfortunately, on Tuesday past it developed an issue. I receive an error that says "Unfortunately, <app> has stopped". Now the <app> can be Google Play Services, Camera, WhatsApp. You name it, any third party or system app, i get this message one after the other and then the phone reboots.
I proceeded with a factory restore, on the first screen of setup where i select my language, the errors started again. I noticed you could clear the cache from the boot screen so i done that, restored again, same problem.
I am now getting a replacement device, but i cannot for the life of me figure out what is causing this? Is it a corrupt memory module? Is this an issue experienced quite commonly? I'm really not sure, so i am here for expert advice.
Thanks,
Skyco
Yeah, questions go in the Help section. Not a big deal--a mod will move it there shortly.
Did you do the factory reset in settings or recovery? It shouldn't matter since either way should wipe the cache partition.
CafeKampuchia said:
Yeah, questions go in the Help section. Not a big deal--a mod will move it there shortly.
Did you do the factory reset in settings or recovery? It shouldn't matter since either way should wipe the cache partition.
Click to expand...
Click to collapse
I performed a factory reset through both ways, first i selected the factory restore options through settings. The second time, after i wiped the cache partition i booted the phone up and manually selected the factory restore.
The next thing I'd try is using Odin to re-flash the stock ROM, but that won't be necessary since you're getting a replacement device.
CafeKampuchia said:
The next thing I'd try is using Odin to re-flash the stock ROM, but that won't be necessary since you're getting a replacement device.
Click to expand...
Click to collapse
Out of curiosity, how would i go about doing that? What risks involved in flashing the ROM?
C.Skyco said:
Out of curiosity, how would i go about doing that? What risks involved in flashing the ROM?
Click to expand...
Click to collapse
First, go to http://www.sammobile.com/firmwares/ and get the firmware for your device and region. Dial *#1234# to find the firmware/CSC you're currently on.
Download Odin here and follow the instructions for flashing the ROM.
Since the ROM is made for your phone, there are no risks flashing it. If you try to flash the wrong ROM or do something wrong, it will simply fail.

Google Keep, Calendar and Reminders notifications not working on Android Oreo.

Hello guys,
I've noticed this issue this week. I'm not receiving any notifications from Google Calendar, Keep and Google Now reminders, and this is a pretty big problem for me, as I rely a lot on Calendars for my organization.
I formatted the phone after receiving the Oreo OTA and the phone is full stock.
Anyone know how to fix this issue?
Thanks!
VSTOLL said:
Hello guys, I've noticed this issue this week. I'm not receiving any notifications from Google Calendar, Keep and Google Now reminders, and this is a pretty big problem for me, as I rely a lot on Calendars for my organization. I formatted the phone after receiving the Oreo OTA and the phone is full stock. Anyone know how to fix this issue? Thanks!
Click to expand...
Click to collapse
Did you mean you did a factory reset from recovery instead of format? You have to be unlocked to fastboot format partitions... but it is the best way to wipe your phone if you are.
What is your build number under Settings>>About Phone (at the very bottom)? If you are indeed stock (including recovery), the only thing I can think of would be to first wipe the cache partition from recovery. If your build number ends with .017 then you can also sideload a full OTA of build .019, also from stock recovery. Options are limited unless you are unlocked and have a custom recovery. Note the process of unlocking the first time will factory reset your phone and wipe userdata, so make sure your stuff is backed up.
v12xke said:
Did you mean you did a factory reset from recovery instead of format? You have to be unlocked to fastboot format partitions... but it is the best way to wipe your phone if you are.
What is your build number under Settings>>About Phone (at the very bottom)? If you are indeed stock (including recovery), the only thing I can think of would be to first wipe the cache partition from recovery. If your build number ends with .017 then you can also sideload a full OTA of build .019, also from stock recovery. Options are limited unless you are unlocked and have a custom recovery. Note the process of unlocking the first time will factory reset your phone and wipe userdata, so make sure your stuff is backed up.
Click to expand...
Click to collapse
I just went into the recovery mode and did a data/cache wipe, like I always do after big updates.
My build number ends with .019
VSTOLL said:
I just went into the recovery mode and did a data/cache wipe, like I always do after big updates. My build number ends with .019
Click to expand...
Click to collapse
When you go into Settings>>Users and Accounts>>Google>>Account Sync ... are there failed or hung syncs? Now do a manual sync and see if any hang. If you see old time stamps there and they won't refresh manually, you can REMOVE ACCOUNT and then ADD ACCOUNT. I would try this regardless. Are you bootloader locked?
v12xke said:
When you go into Settings>>Users and Accounts>>Google>>Account Sync ... are there failed or hung syncs? Now do a manual sync and see if any hang. If you see old time stamps there and they won't refresh manually, you can REMOVE ACCOUNT and then ADD ACCOUNT. I would try this regardless. Are you bootloader locked?
Click to expand...
Click to collapse
There was no failed or hung syncs but I removed and added my account again anyway.
I'm afraid that this issue is bacause of the Doze feature. If I create a test event to notify in 5 minutes, it works, but I have to wait to see if it will notify my real events.
My bootloader is locked.
VSTOLL said:
There was no failed or hung syncs but I removed and added my account again anyway. I'm afraid that this issue is bacause of the Doze feature. If I create a test event to notify in 5 minutes, it works, but I have to wait to see if it will notify my real events. My bootloader is locked.
Click to expand...
Click to collapse
If what you suspect is correct, thousands of other users would be actively complaining of such a major issue, and not just N6P users.... every Nexus/Pixel phone running 8.0 already. That's a lot of phones. Doze works better than ever on 8.0 for 99.9% of regular users. Sometimes you just have to wipe the phone and start over from a clean slate. Unlocking your bootloader would allow you to use Google's purpose-based script and full image to restore your phone to a like-new state. That or you will have to live with it and wait until the next full OTA image is posted next month. I don't mean take the small incremental OTA, I mean sideload the full OTA image from Google's Dev site. They are about ~1 GB in size.
v12xke said:
If what you suspect is correct, thousands of other users would be actively complaining of such a major issue, and not just N6P users.... every Nexus/Pixel phone running 8.0 already. That's a lot of phones. Doze works better than ever on 8.0 for 99.9% of regular users. Sometimes you just have to wipe the phone and start over from a clean slate. Unlocking your bootloader would allow you to use Google's purpose-based script and full image to restore your phone to a like-new state. That or you will have to live with it and wait until the next full OTA image is posted next month. I don't mean take the small incremental OTA, I mean sideload the full OTA image from Google's Dev site. They are about ~1 GB in size.
Click to expand...
Click to collapse
My phone is already on the last OTA and I wiped it twice, is it going to make a difference just trying again?
I found this post: https://productforums.google.com/fo...utm_source=footer#!topic/calendar/FzD9Y6ojci4
Theres a reply by Mikel Rodriguez that says:
"The cause of the calendar notifications failure is a change in the architecture of the calendar provider module. It is a content provider located at the application framework layer. Supposedly they changed the architecture of the module because it wasn't compatible with the doze feature of Marshmallow. So, all phones running Marshmallow or higher are fully affected by the failure. The only solution is to root, install titanium backup, make a backup of package com.android.providers.calendar, then uninstall it, then download and install the same package for version 5.1.1 (Lollipop). Because that version is not compatible with doze, it is necessary to remove it completely. Download "Boeffla Doze Control", open it and turn on "disable doze at start up" and "show toast message", then reboot, then open it again and check that doze status is off. That means that doze is not working. Calendar notifications will work again if you follow all the steps."
I don't know how much of this is true, but there's quite a lot of people with the same problem. Maybe there's some app that is conflicting with the notifications?
VSTOLL said:
My phone is already on the last OTA and I wiped it twice, is it going to make a difference just trying again?....... I don't know how much of this is true, but there's quite a lot of people with the same problem. Maybe there's some app that is conflicting with the notifications?
Click to expand...
Click to collapse
Taking a 40MB incremental OTA over the air and then doing a factory reset of your device is not the same as sideloading a 1GB full OTA image. Both of which you can do locked with stock recovery, but you can only sideload a newer build OTA (without some editing of the install script). If the full OTA image doesn't correct your problem, there is no further recourse but to unlock the phone and use the Google tool to restore your phone. As I said earlier a locked bootloader severely limits your options. I'm not suggesting you root the phone, I'm saying unlock it so that you are then able to properly format the partitions and install a full image.
I read the post and maybe that would work as a kludge. Sounds reasonable for a guy already rooted and has TiBu like me.... but would probably be overkill for someone like you starting with a locked bootloader. If you put that forward to prove that tons of people have the same issue, it fell short. I say live with it until the next OTA image is posted, DON'T take the over the air incremental and sideload that full OTA. Then if it doesn't work, unlock and flash a full image.
v12xke said:
Taking a 40MB incremental OTA over the air and then doing a factory reset of your device is not the same as sideloading a 1GB full OTA image. Both of which you can do locked with stock recovery, but you can only sideload a newer build OTA (without some editing of the install script). If the full OTA image doesn't correct your problem, there is no further recourse but to unlock the phone and use the Google tool to restore your phone. As I said earlier a locked bootloader severely limits your options. I'm not suggesting you root the phone, I'm saying unlock it so that you are then able to properly format the partitions and install a full image.
I read the post and maybe that would work as a kludge. Sounds reasonable for a guy already rooted and has TiBu like me.... but would probably be overkill for someone like you starting with a locked bootloader. If you put that forward to prove that tons of people have the same issue, it fell short. I say live with it until the next OTA image is posted, DON'T take the over the air incremental and sideload that full OTA. Then if it doesn't work, unlock and flash a full image.
Click to expand...
Click to collapse
I'll wait for the next OTA then, and if it doesn't fix I'll try formatting and restore it with the Google tool you said.
By the way, I didn't received a incremental OTA. I live in Brazil, so the update arrived later here, I received it 2 weeks ago and was a 1GB download and I haven't received any security or incremental updates since that day.
I set an event and it'll remind me in 2 hours, I'll let my phone down and will not use it to see if the nofication will work, if it doesn't, I'll try this app: https://play.google.com/store/apps/details?id=com.github.quarck.calnotify&hl=en

T330NU bricked? How to recover?

I followed the post at How to root Samsung Galaxy Tab 4 8.0 SM-T330NU on Android 5.1.1 [Guide] without checking the build number carefully enough. The rooting appeared to work, but I get a series of messages that some services have stopped, such as Unified daemon, Contacts, Touchwiz, etc. I can still log into the tablet, but nothing else works. Is there more to do to make it function again?
Can someone help?
AbleEng said:
Is there more to do to make it function again?
Click to expand...
Click to collapse
I'm not sure it was necessary to root your device. Where are you in the bigger picture of replacing the stock ROM with LOS? Have you replaced the stock recovery with TWRP? Once you do that, wipe the caches, system and data partitions, and flash LOS and the Google Apps. Reboot and your tablet will be a brand new device. Enjoy! We're here to help.
I don't know what to do next. The goal was to upgrade the tablet to an OS that let me install a Meetup app. The tablet at that time had Android 5.1.1.
The rooting was done under the instructions of the linked web page in the last post. How I got there is no longer clear, however, all the web pages I read seemed to need the tablet to be rooted. I did not install TWRP since I was not sure the rooting worked. Nor have I installed any ROM since I'm not sure if the LOS is a "ROM".
The problem may be that the rooting instructions were for a build number that I misread, and so rooting may not have worked.
Note that there doesn't seem to be many choices of tablet model to rooting versions, TWRP versions, Android versions, and ROMs. There are several tutorials. Many are overviews and not specific instructions, so its hard to know which to follow.
For example, I have no idea how to "wipe the caches, system and data partitions, and flash LOS and the Google Apps."
Can I use any TWRP version? Any LOS version, for SM-T330NU?
Let me add... If you are trying to help, then please suggest a specific web page/tutorial to follow. Something that works for my tablet. Otherwise it will continue to be trial and error without understanding the problems.
Well...I tried and succeeded with Factory Reset. It all came back and I have a very recent backup. The Android version is still 5.1.1, but the meetup app downloaded and installed properly so something must have changed. I am content for now. Thanks.
(PS: Still not sure what went on to allow this to work.)

Categories

Resources