Attend XDA's Second Annual Developer Conference, XDA:DevCon 2014!
5,732,704 Members 52,528 Now Online
XDA Developers Android and Mobile Development Forum

[Q] Ransomware on Nexus 7 Please Help

Tip us?
 
deepblue364
Old
#1  
Junior Member - OP
Thanks Meter 0
Posts: 1
Join Date: Apr 2014
Default [Q] Ransomware on Nexus 7 Please Help

Hi All,

I was just helping my son on his nexus 7, we were on castle clash and downloaded a free tapjoy offer called funny ringtones. However when we clicked open/activate it locked his tablet and all it is showing is a blue screen with a keypad on it asking for a pin however we have never set a pin on this so it's obviously part of the virus. It is asking us to click a link then there is a box that asks us to enter the code for a ukash voucher, it says if we don't do this all of his files etc will be wiped off within 24 hours.

I have tried starting the tablet in safe mode but it still just has the locked blue keypad screen showing, please can anyone advise what we can do?


Many thanks
 
gsmyth
Old
#2  
gsmyth's Avatar
Senior Member
Thanks Meter 390
Posts: 1,147
Join Date: Dec 2010
Quote:
Originally Posted by deepblue364 View Post
Hi All,

I was just helping my son on his nexus 7, we were on castle clash and downloaded a free tapjoy offer called funny ringtones. However when we clicked open/activate it locked his tablet and all it is showing is a blue screen with a keypad on it asking for a pin however we have never set a pin on this so it's obviously part of the virus. It is asking us to click a link then there is a box that asks us to enter the code for a ukash voucher, it says if we don't do this all of his files etc will be wiped off within 24 hours.

I have tried starting the tablet in safe mode but it still just has the locked blue keypad screen showing, please can anyone advise what we can do?


Many thanks
There seems to be a few people having problems with this in the last 24 hours:
http://www.pcadvisor.co.uk/forums/1/...-hudl-android/

As a last resort you can try booting into recovery (power off, hold volume down and power on) and performing a factory reset. This will wipe all your data/apps though.

Once up and running again install and run Malware bytes.
https://play.google.com/store/apps/d...es.antimalware
Samsung Galaxy S4 I9505 - GoldenEye
Nexus 7 32GB WiFi 2012 - Stock rooted 4.4.3
 
Captain Sweatpants
Old
#3  
Captain Sweatpants's Avatar
Senior Member
Thanks Meter 83
Posts: 328
Join Date: Feb 2014
Location: Edinburgh
Quote:
Originally Posted by deepblue364 View Post
Hi All,

I was just helping my son on his nexus 7, we were on castle clash and downloaded a free tapjoy offer called funny ringtones. However when we clicked open/activate it locked his tablet and all it is showing is a blue screen with a keypad on it asking for a pin however we have never set a pin on this so it's obviously part of the virus. It is asking us to click a link then there is a box that asks us to enter the code for a ukash voucher, it says if we don't do this all of his files etc will be wiped off within 24 hours.

I have tried starting the tablet in safe mode but it still just has the locked blue keypad screen showing, please can anyone advise what we can do?


Many thanks
If you have time before the wiping it I will see if I can infect my nexus with this. This is the first time ransomware has been seen on an android device so as yet there is no bullet proof way to remove it on windows a live CD can be used but on android that's not an option. The fact that it is still there in safe mode is worrying because that means it must have found a way to write to the system partition. Was your tablet rooted?

Sent from my C5303 using xda app-developers app
Programming is a race between engineers striving to build bigger and better idiot-proof programs, and the Universe trying to produce bigger and better idiots. So far, the Universe is winning
The Following User Says Thank You to Captain Sweatpants For This Useful Post: [ Click to Expand ]
 
Captain Sweatpants
Old
#4  
Captain Sweatpants's Avatar
Senior Member
Thanks Meter 83
Posts: 328
Join Date: Feb 2014
Location: Edinburgh
OK I have been unable to find a solution to your problem without wiping the tablet.
I have assumed the bootloader locked tablet not rooted and USB debugging not enabled the only solution I can see is to boot to recovery and hard reset losing all data. If USB debugging is enabled then it is possible to uninstall apps via adb.

Programming is a race between engineers striving to build bigger and better idiot-proof programs, and the Universe trying to produce bigger and better idiots. So far, the Universe is winning.
Programming is a race between engineers striving to build bigger and better idiot-proof programs, and the Universe trying to produce bigger and better idiots. So far, the Universe is winning
 
winny stu
Old
#5  
Junior Member
Thanks Meter 0
Posts: 1
Join Date: Apr 2014
Default Ransomeware

Quote:
Originally Posted by deepblue364 View Post
Hi All,

I was just helping my son on his nexus 7, we were on castle clash and downloaded a free tapjoy offer called funny ringtones. However when we clicked open/activate it locked his tablet and all it is showing is a blue screen with a keypad on it asking for a pin however we have never set a pin on this so it's obviously part of the virus. It is asking us to click a link then there is a box that asks us to enter the code for a ukash voucher, it says if we don't do this all of his files etc will be wiped off within 24 hours.

I have tried starting the tablet in safe mode but it still just has the locked blue keypad screen showing, please can anyone advise what we can do?


Many thanks

i also have same Ransomeware and have failed solve problem via Nexus Root kit software -as my device is locked and am not 100% certain of the ""build number " i wud try factory reset if i cud get it to recovery all app/data back up .
 
Captain Sweatpants
Old
#6  
Captain Sweatpants's Avatar
Senior Member
Thanks Meter 83
Posts: 328
Join Date: Feb 2014
Location: Edinburgh
Quote:
Originally Posted by winny stu View Post

i also have same Ransomeware and have failed solve problem via Nexus Root kit software -as my device is locked and am not 100% certain of the ""build number " i wud try factory reset if i cud get it to recovery all app/data back up .
You can't recover data the best you can do is boot to recovery power & vol- then factory reset

Sent from my C5303 using xda app-developers app
Programming is a race between engineers striving to build bigger and better idiot-proof programs, and the Universe trying to produce bigger and better idiots. So far, the Universe is winning
The Following User Says Thank You to Captain Sweatpants For This Useful Post: [ Click to Expand ]
Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes


XDA PORTAL POSTS

Run, Jump, and Shoot in Tales of Ciaxia

There are certain types of games that have become paramount of the portable gaming world. As we have … more

Samsung Gear Live Stock Firmware Image Pulled, Temp Root

Just yesterday,XDA Recognized Developer and TV ProducerAdamOutlertore apart … more