Hi can anyone advise please? My phone behaved a bit madly, playing unsolicited music and emptying my email stored on phone. I don’t know what app it came from I just turned it off immediatly. It was way too full with 0MB storage left, so it either just malfunctioned or got compromised another way. I didn’t click on any phishing links. How can I check if it is compromised? Hope you can help, Thanks!
Is the phone full or your online space in the Murena cloud?
Hi there, My phone internal FP3 storage was full, I’ve now put images on SD card so its kind of functioning again but all my emails dissappeared from phone so I stopped the sync with my email until I know wether there is a virus or something on the phone. How can I scan that please?
(Not sure why you asked this but I did install cloud at some point (next cloud before it was all called murena ) but still confused about the function so kind of ignored it and nextcloud always told me it was full or coudnt sync and and I ignored that too.)
Hope you can help virus scan should be straight forward no?
I did ask because in the very most cases the cloud space (which is only 1GB by default) is full and tends to mither the user about that while the device memory is much bigger. You didn’t make it clear.
The most likely case is that you have just too much data: pictures, videos, music files, recordings, and never cleaned up. A virus can happen but its probability is 1000 times less. A question is: does the free space now fill again by itself or does it remain free?
Thanks for getting back - so my email didnt fill back up as I have not told my syncing email app my new password, as I want to be sure there is no virus eating my emails before I sync again - it looks like its trying to sync.
I’d like to give my phone a health check before hooking it back up to wifi and email, especially after playing this random music. Could you suggest how I’d do that?
I agree its unlikely as I don’t click on funny links. Does security malfunction when phone is full? Is the E OS software a target for things that would slip through this net?
Hope you can hep and Thanks again.
hello again, I’d just really like to know what I can do to scan my phone for a virus. Is there nothing? My phone is offline since a week now and it’s a bit of a bother. I kind of expected that this would be straight forward?
Hope someone can tell me how to scan for a virus?
It’s not straightforward because phone OSes (not only Android) are doing their best to restrict what Apps can actually do in general. That is true for potentially malicious Apps as well as for supposed virus scanners.
Did you try safe mode already? … [HOWTO] Reboot into Safe Mode
The question “does the free space now fill again by itself or does it remain free?” is still open. What happened while the phone was offline for a week?
Thanks for getting back - so i cleared some data in my FP3 storage to get the phone working again. It is not completely full yet, I have not monitored at which rate it will have filled up and with what, I only took photos since and at the beginning it kept logging into wifi it self and dowloaded signal messages but I managed to turn that off.
Does it make sense that I am quite disconcerted by my phone playing Comic-like Christmas music out of nowhere to me and all my email dissapearing? Is it understandable that I would like to check this in a thorough way, like you get a virus scanner on the PC? What would you do if you suspected your phone had a virus?
Thank you. How does safe mode help me find out if I have or had a virus? I have my phone running without being on the internet, so taking minimal precautions but now I need to find out if I have something weird on my phone before using it normally again, and if it did any damage. I can follow instructions to go into safe-mode yes but what do I do then and for what aim please? So from the article I understand that I would have to go out of my way to get a virus, however it is possible.
Safe mode is running the phone without any App installed by the user.
If the weird behaviour persists in safe mode, that would rule out a possible factor.
If the phone behaves normally in safe mode, the culprit would most probably be among Apps installed by the user.
I would wipe the phone and install it from scratch.
Thanks, I hadn’t thought of that - of course. But is there a way to scan in the end please? I don’t want to test if weird behaviour persists as it involves risking a virus accessing my personal emails. But I’d really like to know if that has happened.
If it gives you some peace of mind, just install the Android version of any of the known brands of virus scanners and let it do a scan. Example (I’m not affiliated, just grabbed this from an internet search): https://www.avg.com/en/signal/remove-phone-virus
Note how even this known antivirus vendor says to first remove any possibly malicious App yourself manually in safe mode before installing the antivirus App to prevent incidents in the future. The weaponry antivirus Apps have while running on the phone themselves is limited, and malware could use this to hide and/or prevent removal.
Consequently a virus scanner should do the scan of the phone storage from the outside, not as an App on the phone, where its weaponry is pretty limited and can be matched by the malware to prevent detection or removal. As a comparison think of booting a Live Linux to scan a Windows installation from the outside.
This would need the virus scanner to use some form of rooting to access all of the phone storage, otherwise only parts of the storage would be accessible (= what you usually get via a USB connection).
Rooted Debugging is available in /e/OS in the Developer options (tap the Build number in the settings a few times to make them visible) at least on the dev release channel (how to check).
But I’m not aware of a ready-made antivirus solution using this.
(Could of course just be a lack of knowledge on my part, since I never needed something like this and didn’t find something like this in the internet quickly apart from this old Python script here.)
Thank you for getting back - unfortunately I don’t fully understand the recommendations, but hopefully you can fill me in…
So a virus scanner should do a scan from the outside - do you mean installing it on a PC that is hooked up to the phone? in case there is a virus maybe not the best idea to hook phone up to something that is on the ‘outside’?
What means ‘rooting’ and ‘Rooted debugging’?
is it the same as using a virus scanner from the ‘outside’?
I don’t understand the instructions given in the para. ‘rooted debugging is available …’ . I’ve read the link with the screenshots but not fully clear how it relates to my case.
Lastly wiping phone is becoming increasingly attractive to me - would there be a way I could save my data to somewhere that would not be vulnerable to the virus? As Irrlicht already knows I struggle with the Ecloud but its on my phone.
Hope you can help me,
Thanks for your time so far.
You can try Hypatia from F-Droid Hypatia | F-Droid - Free and Open Source Android App Repository
If you know the app please tell me if that looks like a successful scan? Its telling me it has scanned my files but it does not say whether they are clean. Is that the assumption? It didn’t let me scan offline although apparently that is 1 of the main features…
It looks fine to me. @anon88181694 might be able to explain better.
its letting me scan offline now.
Hypatia won’t help here.
Before you wipe the phone, just simply boot it into safe mode and check for suspicious apps installed!
Steps to enter safe mode:
- power off the phone
- power on the phone
- when you see the /e/OS boot animation, hold VOLUME DOWN
- keep holding until you feel it vibrate
- the device should then boot, and say
SAFE MODEin the bottom left
- open up the Settings app > Apps > See all apps
- uninstall anything suspicious
- be sure to check for apps with names like “Camera” or “Calendar” that aren’t system apps, as it is common for malware to hide that way
lastly it could just be a bug with some system componet spamming log files to disk < a bug report & system update would help
or it could be something worse like actual malware, not an app, that gained persistence < a wipe won’t help here since I don’t think /e/OS offers proper verified boot still.
and this wouldn’t be impossible given how poorly maintained /e/OS with regards to security patching, their new browser/webview just hit 48 known security issues and the PDF viewer still has 60 known security issues.