Ransomware on a Galaxy S4

Simian

Simian

Simian

Soldato
Joined
19 Oct 2002
Posts
8,075
Location
Swindoniantown
Now this is summut I've never seen!, and didn't know was possible!!!

But a work colleague asked me for some advice on his Galaxy S4, which seems to be telling him (or the Met Police are telling him apparently) he's been a naughty boy looking at Extremist websites/Kiddy Porn and will unblock him for £xxx... :o

He can't do anything with the phone!, the moment he opens anything, browses anywhere of even tries to get into the settings it pops up!, I've disabled mobile data for him, but it's not just popping up an 'Unable to Load' web page!

How on earth do you remove this junk?? he's getting very agitated now, as he's sans-phone until he can get it working!

He tried loading some 'Classic Games' from an .spk someone gave him, so had to change the 'Load from 3rd party' setting, which then basically stuffed his phone!

I didn't realise there was this problem in android!! Loads of people have said Anti-Virus/Malware programs (like Avast) aren't needed on android!!

Any (helpful) advice would be appreciated! :)

Another reason I'm picky with the software I install on my Nex4 and Nex7 ;)
 
Simian said:
Loads of people have said Anti-Virus/Malware programs (like Avast) aren't needed on android!!
Click to expand...

They're not, if you only install legitimate applications from legitimate sources. It's his own fault. Personally I'd re-flash the ROM back to a fresh install.
 
Boot into recovery and flash a clean ROM through KIES or ODIN, he'll lose everything on the phone but better safe than sorry.
 
What would that entail?

I've never fettled with any Samsung Phones!, My Nexus's are stock, just Unlocked/Rooted using a Toolkit (from XDA)... so Fettling phones isn't summut I'm used to doing!

Plus I don't really have the time to do it for him anyway!... and he's more of a technophobe than me when it comes to mobile devices!

Any links or guides on doing this would be fantastic!! :)
 
reboot into recovery press and hold power volume up and home button from a powered off state. Use the volume buttons to navigate and power button to select and choose wipe data/factory reset. Reboot phone and start again!

Odin wont always wipe the data partition only the system partitions. Wipe data and factory reset is the only way to be sure.
 
Last edited:
As bigboy said, no need for Odin if you just want to factory reset (and I would highly suggest it). In theory it wouldn't be too hard to remove (hold home, task manager bottom left > kill all processes then find the app and remove) but there's no knowing what it did to the phone.
 
Tried the Task List, but it says there's no recent Apps then the web page pops up over the top again!!...

I've passed on the Re-Set suggestions (both through the Phone and ODIN) too him to try!

I'll keep you in the loop! :)

Cheers!
 
If you can get to it the task manager is hold home > pie icon (optionally bottom right to close all first) > RAM button at the top, clear memory option. This will close all background tasks as well as foreground and possibly stop it.
 
Done now! :)

We re-set using the Power/Vol-UP/Home route!... Rebooted... and it's gone! :) but so has all his settings/contacts! Thankfully he did a Backup on Keis on Saturday!

I've recommended he not install any 3rd party Apps! and move his settings/contacts over to Google, then he doesn't need to remember to back up :)
 
Simian said:
Done now! :)

We re-set using the Power/Vol-UP/Home route!... Rebooted... and it's gone! :) but so has all his settings/contacts! Thankfully he did a Backup on Keis on Saturday!

I've recommended he not install any 3rd party Apps! and move his settings/contacts over to Google, then he doesn't need to remember to back up :)
Click to expand...

It may not have been an app but a drive by install to which he's clicked from a webpage. If he's been browsing pr0n then this will likely happen often. On a legit site linked via XDA (one of those file hosting sites where someone uploaded a mod tweak) I noticed the site started auto downloading an apk that I didn't recognise. It doesn't run after download on Firefox so just sad in the download folder. I deleted it. I imagine his browser may have executed it and he clicked "Install" instead of cancel, accident or otherwise.

You just have to keep a watchful eye on this stuff.
 
You could possibly try using "airpushdetector" it might tell you the offending app. But personally I'd just wipe it clean.

The problem comes from side loading .apk files from unknown/untrusted sources. But as mrk said some sites will try to download themselves, I noticed it with devhost, One reason I will only download from there on a PC.

Thankfully the ROM's i use now don't use that hosting.
 
Last edited:
You must log in or register to reply here.
Back
Top Bottom