|
|
|
03-31-2010, 03:43 PM
|
#1
|
Talking BlackBerry Encyclopedia
Join Date: Nov 2009
Location: East of Cleveland, OH
Model: Q10
OS: 10.2.1.23
PIN: N/A
Carrier: Verizon
Posts: 209
|
I think I have a *Virus* on my Tour!!
Please Login to Remove!
I think I've managed to get a virus on my Tour - I downloaded the leaked version of .591 on 3/24 onto my office computer from a link posted here, and managed to get a trojan on the desktop machine that malwarebytes caught and supposedly deleted. Before I was aware of this, however, I installed the leaked .591 on my phone (also on 3/24), and thought it went fine. As of about 1/2 an hour ago, however, everytime I get a BBM instead of my normal ring tone it plays a file that says "F* you, F* this shit", etc for about 20 seconds. I USB'd the phone to the computer and ran the anti-virus on the memory card with no results, but if the phone itself has a virus that wouldn't accomplish anything.
How should I go about trying to fix this? JL Commander to wipe everything? Is there a less intrusive alternative? Somebody help....please.
|
Offline
|
|
03-31-2010, 03:49 PM
|
#2
|
Talking BlackBerry Encyclopedia
Join Date: Sep 2007
Location: Talladega, AL
Model: 9550
OS: MS-DOS
PIN: t of Samuel Smith's Oatmeal Stout
Carrier: VZW and ATT
Posts: 425
|
LMAO Best to be safe and wipe that.
__________________
=
|
Offline
|
|
03-31-2010, 04:07 PM
|
#3
|
CrackBerry Addict
Join Date: Sep 2009
Location: Trinidad and Tobago
Model: 9700
OS: 5.0.0.656
PIN: 2168B71A
Carrier: bmobile
Posts: 644
|
|
Offline
|
|
03-31-2010, 04:10 PM
|
#4
|
BBF Moderator
Join Date: Jun 2005
Model: Z30
OS: 10.2.1.x
PIN: s & needles
Carrier: AT&T
Posts: 34,720
|
There was a link to that OS that did load some malware to PC machines. I didn't think that link was posted here. It happened at crackberry.com when I heard about it. However, the chance of you getting a "virus" on the device is almost nil.
This is the first I've heard of any ringtones being loaded to the device, though.
|
Offline
|
|
03-31-2010, 04:21 PM
|
#5
|
BBF Moderator
Join Date: Jun 2005
Model: Z30
OS: 10.2.1.x
PIN: s & needles
Carrier: AT&T
Posts: 34,720
|
Can you report the post here on BBF that has the link to the malware? We will remove it.
|
Offline
|
|
03-31-2010, 04:22 PM
|
#6
|
Talking BlackBerry Encyclopedia
Join Date: Nov 2009
Location: East of Cleveland, OH
Model: Q10
OS: 10.2.1.23
PIN: N/A
Carrier: Verizon
Posts: 209
|
Quote:
Originally Posted by John Clark
There was a link to that OS that did load some malware to PC machines. I didn't think that link was posted here. It happened at crackberry.com when I heard about it. However, the chance of you getting a "virus" on the device is almost nil.
This is the first I've heard of any ringtones being loaded to the device, though.
|
Well, yeah, I followed a link here to crackberry.com to get the leaked file...and while it may not be a "virus" on my phone, it now plays a ringtone I never loaded, can't find anywhere on the phone, and can't get to stop playing anytime I get a message or a call. So whatever the correct term for it is, I need it to go away and never return.
Is wiping with JL Commander my best bet?
|
Offline
|
|
03-31-2010, 04:25 PM
|
#7
|
Talking BlackBerry Encyclopedia
Join Date: Nov 2009
Location: East of Cleveland, OH
Model: Q10
OS: 10.2.1.23
PIN: N/A
Carrier: Verizon
Posts: 209
|
This Thread
I think it was the link in the first post to hotfile or whatever it is...happened last wednesday so I believe that was the one. One of the two links posted in that thread anyway.
|
Offline
|
|
03-31-2010, 04:57 PM
|
#8
|
iPhone Convert
Join Date: Oct 2005
Location: Tulip City - MI
Model: iP5
OS: 6.0.2
PIN: to beans
Carrier: I'm not
Posts: 13,878
|
I got a really, really nasty virus on my PC from that same link (also posted on Crackberry here: http://forums.crackberry.com/f95/os-...1-tour-442151/).
I didn't even complete the download of the OS, so never even installed it on my PC. The virus is called Virut.N. I'd recommend you have your IT department scan for that NOW as my regular McAfee just told me I had trojans, but never cleaned them. Every single .exe file on my hard drive was infected, and it also infects .htm and .html files.
As for the ringtone, I'm guessing here, but possibly someone mucked with the file (like how people can make hybrid OS's) and put the ringtone in there as a stock ringtone. Total guess and I could be very wrong.
__________________
No longer a BES Admin, but it was fun while it lasted!
Last edited by juwaack68; 03-31-2010 at 04:58 PM..
|
Offline
|
|
03-31-2010, 05:03 PM
|
#9
|
Thumbs Must Hurt
Join Date: Jun 2008
Location: Minnesota
Model: 9630
OS: 5.0.0.643
PIN: N/A
Carrier: Verizon
Posts: 122
|
Nice. I loaded that link as well. Oopie.
|
Offline
|
|
03-31-2010, 05:20 PM
|
#10
|
BBF Moderator
Join Date: Jun 2005
Model: Z30
OS: 10.2.1.x
PIN: s & needles
Carrier: AT&T
Posts: 34,720
|
The links have been deleted. If anyone needs .591 just download from the Verizon site. You need a VZW phone number to download, though. Even though it does nothing with the phone number I wouldn't advocate using a friend's VZW number...hint hint!
|
Offline
|
|
03-31-2010, 05:24 PM
|
#11
|
iPhone Convert
Join Date: Oct 2005
Location: Tulip City - MI
Model: iP5
OS: 6.0.2
PIN: to beans
Carrier: I'm not
Posts: 13,878
|
Wink Wink
__________________
No longer a BES Admin, but it was fun while it lasted!
|
Offline
|
|
03-31-2010, 05:42 PM
|
#12
|
Talking BlackBerry Encyclopedia
Join Date: Nov 2009
Location: East of Cleveland, OH
Model: Q10
OS: 10.2.1.23
PIN: N/A
Carrier: Verizon
Posts: 209
|
OK...JL CMDR run, new OS loaded from Verizon's website...we shall see.
Now the questions is, will my backup file from yesterday be infected (or whatever the correct term is) or can I safely restore things using it?
Of course, I deleted my data backups from previous weeks yesterday, before all this shyt started. Sigh.
|
Offline
|
|
03-31-2010, 05:49 PM
|
#13
|
iPhone Convert
Join Date: Oct 2005
Location: Tulip City - MI
Model: iP5
OS: 6.0.2
PIN: to beans
Carrier: I'm not
Posts: 13,878
|
What happens when you run your anti virus program now? Does it still find anything? Everytime I ran mine it would find the virus. That's why I turned it over to the security team at work and let them clean it (it was a work laptop).
__________________
No longer a BES Admin, but it was fun while it lasted!
|
Offline
|
|
03-31-2010, 08:00 PM
|
#14
|
Thumbs Must Hurt
Join Date: Jun 2008
Location: Minnesota
Model: 9630
OS: 5.0.0.643
PIN: N/A
Carrier: Verizon
Posts: 122
|
I did 2 scans with Trend Micro and it didn't find anything.
|
Offline
|
|
03-31-2010, 08:54 PM
|
#15
|
BBF Spam Killer Moderator
Join Date: May 2007
Location: on a sunny beach
Model: Paspt
OS: 10.3.0.90
PIN: X1ZPY34K
Carrier: VZW but not for long
Posts: 9,176
|
I think that file at hotfile may have gotten infected with the virus after it had been uploaded to the site, while it was on their server. Probably some people downloaded it before it got infected.
PJD642, it's very doubtful your BlackBerry is infected with anything, but there is some malware that will go on to a media card and infect a PC when plugged it if you have autorun enabled on the drives.
I would be a lot more worried about your PC than the BlackBerry. As juwaack said that infection she got is deadly to a PC. It also creates a backdoor that lets hackers control the PC and installs a rootkit, and downloads more malware. It can also install trojans that steal your passwords.
I hope youve scanned your PC with a good AV. But in many cases, Virut.n cannot be fully cleaned and the pc has to be reimaged or the hard drive formatted and the OS reinstalled.
There's always a risk in downloading files from sites like megaupload, hotfiles, etc. because you have no way to know if the file is what is is supposed to be, or if it's a virus. Personally I avoid those sites like the plague after working in the antivirus business and seeing what can happen. To me it's not worth the risk.
Last edited by daphne; 03-31-2010 at 08:55 PM..
|
Offline
|
|
03-31-2010, 09:05 PM
|
#16
|
BBF Spam Killer Moderator
Join Date: May 2007
Location: on a sunny beach
Model: Paspt
OS: 10.3.0.90
PIN: X1ZPY34K
Carrier: VZW but not for long
Posts: 9,176
|
Quote:
Originally Posted by PJD642
Well, yeah, I followed a link here to crackberry.com to get the leaked file...and while it may not be a "virus" on my phone, it now plays a ringtone I never loaded, can't find anywhere on the phone, and can't get to stop playing anytime I get a message or a call. So whatever the correct term for it is, I need it to go away and never return.
Is wiping with JL Commander my best bet?
|
About your media card, do you have an adapter than you can use to plug it in to the computer? Did you view the contents of the media card in Windows Explorer? If a rogue ringtone was put on your device, I would think it would be on the media card.
|
Offline
|
|
03-31-2010, 09:43 PM
|
#17
|
Talking BlackBerry Encyclopedia
Join Date: Nov 2009
Location: East of Cleveland, OH
Model: Q10
OS: 10.2.1.23
PIN: N/A
Carrier: Verizon
Posts: 209
|
Well, I scanned the home PC with malwarebytes anti-malware & AVG antivirus, and neither turned up anything.
Plugged the memory card into the PC and it didn't show anything either.
Any particular AV software you'd recommend to double check?
|
Offline
|
|
03-31-2010, 10:02 PM
|
#18
|
New Member
Join Date: Mar 2010
Model: 9630
PIN: N/A
Carrier: Verizon
Posts: 2
|
Here's what happened to me last night that is somewhat similar:
A "buddy" sent me a text message with a bunch of marshmallow peeps on a mocked up stripper stage with a pole and some peeps watching them.
The quote cleverly said "A peep show"
Rod Stewart's "If you want my body, and you think I'm sexy" played upon opening the text
Starting sometime this morning, every time I got an email notification, I would get the standard notification: BB_Pro_Sanguine, followed immediately by Rod Stewart.
I changed the notification, and it every email notification ping was followed by Rod Stewart.
I looked all through the phone, all through the desktop manager, and the song was nowhere to be found.
I had previously installed the leaked .591, but I installed some additional updates from Verizon and that seemed to fix it.
It was extremely annoying, but it's gone now.
Anyone heard of anything else like that?
Last edited by daveshowey; 03-31-2010 at 10:06 PM..
|
Offline
|
|
03-31-2010, 10:23 PM
|
#19
|
BBF Spam Killer Moderator
Join Date: May 2007
Location: on a sunny beach
Model: Paspt
OS: 10.3.0.90
PIN: X1ZPY34K
Carrier: VZW but not for long
Posts: 9,176
|
This is a very good online scanner:
Free ESET Online Antivirus Scanner
Read the instructions and you should turn off real time protection on your installed antivirus while running the online scan.
|
Offline
|
|
03-31-2010, 10:32 PM
|
#20
|
BBF Spam Killer Moderator
Join Date: May 2007
Location: on a sunny beach
Model: Paspt
OS: 10.3.0.90
PIN: X1ZPY34K
Carrier: VZW but not for long
Posts: 9,176
|
Quote:
Originally Posted by daveshowey
Here's what happened to me last night that is somewhat similar:
A "buddy" sent me a text message with a bunch of marshmallow peeps on a mocked up stripper stage with a pole and some peeps watching them.
The quote cleverly said "A peep show"
Rod Stewart's "If you want my body, and you think I'm sexy" played upon opening the text
Starting sometime this morning, every time I got an email notification, I would get the standard notification: BB_Pro_Sanguine, followed immediately by Rod Stewart.
I changed the notification, and it every email notification ping was followed by Rod Stewart.
I looked all through the phone, all through the desktop manager, and the song was nowhere to be found.
I had previously installed the leaked .591, but I installed some additional updates from Verizon and that seemed to fix it.
It was extremely annoying, but it's gone now.
Anyone heard of anything else like that?
|
That is weird. I haven't heard of that particular situation, but there have been reports of malicious text messages going around. If you get texts with suspicious links, it's best to not click on them, just like suspicious email links.
|
Offline
|
|
|
|