Android 5.0.2 Fixes 2012 Nexus 7! Sony’s Making a Google Glass Competitor? – XDA TV

Android 5.0.2 Lollipop is available for the … more

Early Lollipop Ports for Micromax A116 and A117

It feels like it was only yesterday when Google announced the mysterious Android L.After … more

Now Gesture Tweaks Replaces Google Now with Custom Action

On most modern Android devices with software navigation keys, swiping up from the … more

ToqAN Fixes Android 5.0 Notification Bug on Qualcomm Toq

The Qualcomm Toq is probably one of the lesser known smartwatches on the market … more

Welcome to XDA

Search to go directly to your device's forum

Register an account

Unlock full posting privileges

Ask a question

No registration required
Post Reply

[Q] Ransomware on Nexus 7 Please Help

OP deepblue364

21st April 2014, 09:51 PM   |  #1  
OP Junior Member
Thanks Meter: 0
 
1 posts
Join Date:Joined: Apr 2014
Hi All,

I was just helping my son on his nexus 7, we were on castle clash and downloaded a free tapjoy offer called funny ringtones. However when we clicked open/activate it locked his tablet and all it is showing is a blue screen with a keypad on it asking for a pin however we have never set a pin on this so it's obviously part of the virus. It is asking us to click a link then there is a box that asks us to enter the code for a ukash voucher, it says if we don't do this all of his files etc will be wiped off within 24 hours.

I have tried starting the tablet in safe mode but it still just has the locked blue keypad screen showing, please can anyone advise what we can do?


Many thanks
22nd April 2014, 11:53 AM   |  #2  
gsmyth's Avatar
Senior Member
Thanks Meter: 447
 
1,380 posts
Join Date:Joined: Dec 2010
More
Quote:
Originally Posted by deepblue364

Hi All,

I was just helping my son on his nexus 7, we were on castle clash and downloaded a free tapjoy offer called funny ringtones. However when we clicked open/activate it locked his tablet and all it is showing is a blue screen with a keypad on it asking for a pin however we have never set a pin on this so it's obviously part of the virus. It is asking us to click a link then there is a box that asks us to enter the code for a ukash voucher, it says if we don't do this all of his files etc will be wiped off within 24 hours.

I have tried starting the tablet in safe mode but it still just has the locked blue keypad screen showing, please can anyone advise what we can do?


Many thanks

There seems to be a few people having problems with this in the last 24 hours:
http://www.pcadvisor.co.uk/forums/1/...-hudl-android/

As a last resort you can try booting into recovery (power off, hold volume down and power on) and performing a factory reset. This will wipe all your data/apps though.

Once up and running again install and run Malware bytes.
https://play.google.com/store/apps/d...es.antimalware
22nd April 2014, 05:30 PM   |  #3  
Captain Sweatpants's Avatar
Senior Member
Flag Edinburgh
Thanks Meter: 83
 
329 posts
Join Date:Joined: Feb 2014
More
Quote:
Originally Posted by deepblue364

Hi All,

I was just helping my son on his nexus 7, we were on castle clash and downloaded a free tapjoy offer called funny ringtones. However when we clicked open/activate it locked his tablet and all it is showing is a blue screen with a keypad on it asking for a pin however we have never set a pin on this so it's obviously part of the virus. It is asking us to click a link then there is a box that asks us to enter the code for a ukash voucher, it says if we don't do this all of his files etc will be wiped off within 24 hours.

I have tried starting the tablet in safe mode but it still just has the locked blue keypad screen showing, please can anyone advise what we can do?


Many thanks

If you have time before the wiping it I will see if I can infect my nexus with this. This is the first time ransomware has been seen on an android device so as yet there is no bullet proof way to remove it on windows a live CD can be used but on android that's not an option. The fact that it is still there in safe mode is worrying because that means it must have found a way to write to the system partition. Was your tablet rooted?

Sent from my C5303 using xda app-developers app
The Following User Says Thank You to Captain Sweatpants For This Useful Post: [ View ]
23rd April 2014, 10:36 PM   |  #4  
Captain Sweatpants's Avatar
Senior Member
Flag Edinburgh
Thanks Meter: 83
 
329 posts
Join Date:Joined: Feb 2014
More
OK I have been unable to find a solution to your problem without wiping the tablet.
I have assumed the bootloader locked tablet not rooted and USB debugging not enabled the only solution I can see is to boot to recovery and hard reset losing all data. If USB debugging is enabled then it is possible to uninstall apps via adb.

Programming is a race between engineers striving to build bigger and better idiot-proof programs, and the Universe trying to produce bigger and better idiots. So far, the Universe is winning.
29th April 2014, 11:17 AM   |  #5  
Junior Member
Thanks Meter: 0
 
1 posts
Join Date:Joined: Apr 2014
Ransomeware
Quote:
Originally Posted by deepblue364

Hi All,

I was just helping my son on his nexus 7, we were on castle clash and downloaded a free tapjoy offer called funny ringtones. However when we clicked open/activate it locked his tablet and all it is showing is a blue screen with a keypad on it asking for a pin however we have never set a pin on this so it's obviously part of the virus. It is asking us to click a link then there is a box that asks us to enter the code for a ukash voucher, it says if we don't do this all of his files etc will be wiped off within 24 hours.

I have tried starting the tablet in safe mode but it still just has the locked blue keypad screen showing, please can anyone advise what we can do?


Many thanks


i also have same Ransomeware and have failed solve problem via Nexus Root kit software -as my device is locked and am not 100% certain of the ""build number " i wud try factory reset if i cud get it to recovery all app/data back up .
29th April 2014, 04:59 PM   |  #6  
Captain Sweatpants's Avatar
Senior Member
Flag Edinburgh
Thanks Meter: 83
 
329 posts
Join Date:Joined: Feb 2014
More
Quote:
Originally Posted by winny stu


i also have same Ransomeware and have failed solve problem via Nexus Root kit software -as my device is locked and am not 100% certain of the ""build number " i wud try factory reset if i cud get it to recovery all app/data back up .

You can't recover data the best you can do is boot to recovery power & vol- then factory reset

Sent from my C5303 using xda app-developers app
The Following User Says Thank You to Captain Sweatpants For This Useful Post: [ View ]
Post Reply Subscribe to Thread
Previous Thread Next Thread
Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes