My Samsung GS3 Sprint was hacked /exploited and modified last week. It's driving me insane and I need help. This also happened to five laptops and some in our home. The only connection is WiFi since my phone hasn't touched the computers. They are still compromised after wiping, low level formatting, reinstalling the operating systems, etc. It appears they are all connected to a virtual mount point or network. Same with phonwith severale. It just rebooted and all of the apps looked different. I looked in processes and found almost a hundred. Each had fake permissions with misspellings authorizing full access to the phone. The processes are abbreviated or listed as com.android.remoteshell. They can be stopped most start back. I
From what I see, I think it's now rooted. I can't tell for sure because apps are looking in one spot but my phone's files were moved to another.
For example, I have three system folders which contain similar folders or files. They are all incomplete in some way. Some folders are locked and some aren't. I've tried rooting, flashing the stock firmware, and a few other things. Nothing works. I get the same processes back and I know the phone is compromised. I've found logs and packets showing my personal info being sent out. It also shows two mounts in a file explorer with multiple sd and usb mounts. A log from the Unified Toolkit says the root is a virtual sd card. It lists several folders and files it couldn't find. Rightnow Superuser is installed at System but system is where the apps are listed. I'm going to try to install there.
Is there a list somewhere of the file structure? Any ideas how I can remove these mounts? Any ideas at all? This is driving me over edge.
I'm also finding things that say Factory Mode or Knox Mode.