Operating System
Windows 7 and Windows 10 PC, iPhone 6 Plus on iOS 11 .2 6, Samsung Galaxy Tab, Android 7
Device model
The software I have used is Trend Micro, McAfee live, Norton Internet Security, and a VPN service
Current issues and symptoms
I first noticed issues with my Samsung TV, then my Windows laptop about 10 weeks ago around January 15th 2018. Shortly thereafter the problems spread to my Samsung tablet and my iPhone. Symptoms of my windows PC include virtual devices being installed as well as software, Event Viewer logs showing remote access and monitoring of my computer by external users. Mobile devices show tracking of my keystrokes, strange display, strange apps not installed by me, poor operation, device appearing not to be mine, homepage changes
Steps taken in order to remove the infection
See above. I have replaced most of my devices two or three times including my router and have utilized tech support from my device manufacturers such as HP, Samsung, and Apple and currently have 24/7 Geek Squad support who have scanned my PC for viruses and malware and have cleaned my device and reset it to factory default settings. I have done the same thing twice with my PC and with my Galaxy tablet. And replaced my iPhone 6 + twice with new devices. No malware or virus has ever shown up on any tech support or software scans and the changes made but the hackers changes show up on my new devices within a few hours

Agerwaze

New Member
Hey all, I have a quick question following from this:

If a potential attacker was to get physical access to a device like an Android mobile would they be able to cover up all signs of intrusion?

If, for example, you did a factory reset, checked for root (Terminal emulator, SU, root checker basic) then did a malware scan is it still possible for the device to be compromised? If so, how?
 

Slyguy

Level 40
Hey all, I have a quick question following from this:

If a potential attacker was to get physical access to a device like an Android mobile would they be able to cover up all signs of intrusion?

If, for example, you did a factory reset, checked for root (Terminal emulator, SU, root checker basic) then did a malware scan is it still possible for the device to be compromised? If so, how?
Generally speaking, not likely.

One of the methods that tend to reveal a compromised device is the fact it won't update. If you wipe the cache partition, then factory reset it, it should load the default factory firmware on the root installation. At that point, if it still doesn't update then toss the device.

There are some very (as in, extremely) advanced tools out there for interdiction into phones. On several occasions I have see devices that had to be discarded after deep compromises and for precautions. But honestly, that's probably not very common. Also there are some products to validate the installed firmware on devices as well (hash), which can come in handy.
 
  • Like
Reactions: Agerwaze