BlackBerry Forums Support Community

BlackBerry Forums Support Community (http://www.blackberryforums.com/)
-   BlackBerry and Mobile Security (http://www.blackberryforums.com/blackberry-mobile-security/)
-   -   I think I have a *Virus* on my Tour!! (http://www.blackberryforums.com/blackberry-mobile-security/223278-i-think-i-have-virus-my-tour.html)

PJD642 03-31-2010 03:43 PM

I think I have a *Virus* on my Tour!!
 
I think I've managed to get a virus on my Tour - I downloaded the leaked version of .591 on 3/24 onto my office computer from a link posted here, and managed to get a trojan on the desktop machine that malwarebytes caught and supposedly deleted. Before I was aware of this, however, I installed the leaked .591 on my phone (also on 3/24), and thought it went fine. As of about 1/2 an hour ago, however, everytime I get a BBM instead of my normal ring tone it plays a file that says "F* you, F* this shit", etc for about 20 seconds. I USB'd the phone to the computer and ran the anti-virus on the memory card with no results, but if the phone itself has a virus that wouldn't accomplish anything.

How should I go about trying to fix this? JL Commander to wipe everything? Is there a less intrusive alternative? Somebody help....please.

bigolsparky 03-31-2010 03:49 PM

LMAO Best to be safe and wipe that.

TTsoldier 03-31-2010 04:07 PM

A virus?

http://www.blackberryforums.com/gene...t-viruses.html

John Clark 03-31-2010 04:10 PM

There was a link to that OS that did load some malware to PC machines. I didn't think that link was posted here. It happened at crackberry.com when I heard about it. However, the chance of you getting a "virus" on the device is almost nil.

This is the first I've heard of any ringtones being loaded to the device, though.

John Clark 03-31-2010 04:21 PM

Can you report the post here on BBF that has the link to the malware? We will remove it.

PJD642 03-31-2010 04:22 PM

Quote:

Originally Posted by John Clark (Post 1588159)
There was a link to that OS that did load some malware to PC machines. I didn't think that link was posted here. It happened at crackberry.com when I heard about it. However, the chance of you getting a "virus" on the device is almost nil.

This is the first I've heard of any ringtones being loaded to the device, though.

Well, yeah, I followed a link here to crackberry.com to get the leaked file...and while it may not be a "virus" on my phone, it now plays a ringtone I never loaded, can't find anywhere on the phone, and can't get to stop playing anytime I get a message or a call. So whatever the correct term for it is, I need it to go away and never return.

Is wiping with JL Commander my best bet?

PJD642 03-31-2010 04:25 PM

This Thread
I think it was the link in the first post to hotfile or whatever it is...happened last wednesday so I believe that was the one. One of the two links posted in that thread anyway.

juwaack68 03-31-2010 04:57 PM

I got a really, really nasty virus on my PC from that same link (also posted on Crackberry here: http://forums.crackberry.com/f95/os-...1-tour-442151/).

I didn't even complete the download of the OS, so never even installed it on my PC. The virus is called Virut.N. I'd recommend you have your IT department scan for that NOW as my regular McAfee just told me I had trojans, but never cleaned them. Every single .exe file on my hard drive was infected, and it also infects .htm and .html files.

As for the ringtone, I'm guessing here, but possibly someone mucked with the file (like how people can make hybrid OS's) and put the ringtone in there as a stock ringtone. Total guess and I could be very wrong.

leifandmindy 03-31-2010 05:03 PM

Nice. I loaded that link as well. Oopie.

John Clark 03-31-2010 05:20 PM

The links have been deleted. If anyone needs .591 just download from the Verizon site. You need a VZW phone number to download, though. Even though it does nothing with the phone number I wouldn't advocate using a friend's VZW number...hint hint! ;-)

juwaack68 03-31-2010 05:24 PM

Wink Wink

PJD642 03-31-2010 05:42 PM

OK...JL CMDR run, new OS loaded from Verizon's website...we shall see.

Now the questions is, will my backup file from yesterday be infected (or whatever the correct term is) or can I safely restore things using it?

Of course, I deleted my data backups from previous weeks yesterday, before all this shyt started. Sigh.

juwaack68 03-31-2010 05:49 PM

What happens when you run your anti virus program now? Does it still find anything? Everytime I ran mine it would find the virus. That's why I turned it over to the security team at work and let them clean it (it was a work laptop).

leifandmindy 03-31-2010 08:00 PM

I did 2 scans with Trend Micro and it didn't find anything.

daphne 03-31-2010 08:54 PM

I think that file at hotfile may have gotten infected with the virus after it had been uploaded to the site, while it was on their server. Probably some people downloaded it before it got infected.

PJD642, it's very doubtful your BlackBerry is infected with anything, but there is some malware that will go on to a media card and infect a PC when plugged it if you have autorun enabled on the drives.

I would be a lot more worried about your PC than the BlackBerry. As juwaack said that infection she got is deadly to a PC. It also creates a backdoor that lets hackers control the PC and installs a rootkit, and downloads more malware. It can also install trojans that steal your passwords.

I hope youve scanned your PC with a good AV. But in many cases, Virut.n cannot be fully cleaned and the pc has to be reimaged or the hard drive formatted and the OS reinstalled.

There's always a risk in downloading files from sites like megaupload, hotfiles, etc. because you have no way to know if the file is what is is supposed to be, or if it's a virus. Personally I avoid those sites like the plague after working in the antivirus business and seeing what can happen. To me it's not worth the risk.

daphne 03-31-2010 09:05 PM

Quote:

Originally Posted by PJD642 (Post 1588165)
Well, yeah, I followed a link here to crackberry.com to get the leaked file...and while it may not be a "virus" on my phone, it now plays a ringtone I never loaded, can't find anywhere on the phone, and can't get to stop playing anytime I get a message or a call. So whatever the correct term for it is, I need it to go away and never return.

Is wiping with JL Commander my best bet?

About your media card, do you have an adapter than you can use to plug it in to the computer? Did you view the contents of the media card in Windows Explorer? If a rogue ringtone was put on your device, I would think it would be on the media card.

PJD642 03-31-2010 09:43 PM

Well, I scanned the home PC with malwarebytes anti-malware & AVG antivirus, and neither turned up anything.

Plugged the memory card into the PC and it didn't show anything either.

Any particular AV software you'd recommend to double check?

daveshowey 03-31-2010 10:02 PM

Here's what happened to me last night that is somewhat similar:

A "buddy" sent me a text message with a bunch of marshmallow peeps on a mocked up stripper stage with a pole and some peeps watching them.

The quote cleverly said "A peep show"
Rod Stewart's "If you want my body, and you think I'm sexy" played upon opening the text

Starting sometime this morning, every time I got an email notification, I would get the standard notification: BB_Pro_Sanguine, followed immediately by Rod Stewart.

I changed the notification, and it every email notification ping was followed by Rod Stewart.

I looked all through the phone, all through the desktop manager, and the song was nowhere to be found.

I had previously installed the leaked .591, but I installed some additional updates from Verizon and that seemed to fix it.

It was extremely annoying, but it's gone now.

Anyone heard of anything else like that?

daphne 03-31-2010 10:23 PM

This is a very good online scanner:
Free ESET Online Antivirus Scanner

Read the instructions and you should turn off real time protection on your installed antivirus while running the online scan.

daphne 03-31-2010 10:32 PM

Quote:

Originally Posted by daveshowey (Post 1588304)
Here's what happened to me last night that is somewhat similar:

A "buddy" sent me a text message with a bunch of marshmallow peeps on a mocked up stripper stage with a pole and some peeps watching them.

The quote cleverly said "A peep show"
Rod Stewart's "If you want my body, and you think I'm sexy" played upon opening the text

Starting sometime this morning, every time I got an email notification, I would get the standard notification: BB_Pro_Sanguine, followed immediately by Rod Stewart.

I changed the notification, and it every email notification ping was followed by Rod Stewart.

I looked all through the phone, all through the desktop manager, and the song was nowhere to be found.

I had previously installed the leaked .591, but I installed some additional updates from Verizon and that seemed to fix it.

It was extremely annoying, but it's gone now.

Anyone heard of anything else like that?

That is weird. I haven't heard of that particular situation, but there have been reports of malicious text messages going around. If you get texts with suspicious links, it's best to not click on them, just like suspicious email links.


All times are GMT -5. The time now is 06:01 PM.

Powered by vBulletin® Version 3.6.12
Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.