Yeah..as the title says.. 3 weeks ago this hacker hacked into my network..
placed rootkits in all my 3 computers and then hacked its way to my Desire and my wifes iphone. good thing i had wireshark running same time.
So.. 5 units hacked with the method in like 1 houre. Bad luck for me i guess.
And kaspersky didnt give me any warnings at all. bye bye kaspersky.
Anyway... i flashed my desire's HBOOT just to be sure. after i did a check with "AutoKiller Memory Optimizer" all kinds of malware services was attached to most of my apps.
1- downgraded HBOOT
2- flashed stock HBOOT from alpharev
3- Changed recovery from CWM to 4EXT as i suspected the recovery being infected somehow.
I checkd my log... the hacker had removed some files and moved shell files from an folder to another as well as busybox and so on. it was so many i thought il be better of installing new ROM.
I tried with Gingervillain first... everything installed fine..
checking with "root explorer" i see same files that had been moved and added was still there.
OK.. i tried again..
full wipe with 4ext and then installed Runnymede.. still.. when i check my root partition most of the files still there and i get same results doing a root check.
any idees...? im not sure if my kernel is right. it should be, when i installed Runnymede. when checking kernel v.
it says.. "2.6.35.10_EBfixTP2WcLsSma2OcUvVddS35+droidzone@supernova #11"
May be kernel rootkit? does the kernel start before recovery?
can someone plz confirm this?
baseband seem to be the same
any advise as for how to start from scratch will be much appreciated.
placed rootkits in all my 3 computers and then hacked its way to my Desire and my wifes iphone. good thing i had wireshark running same time.
So.. 5 units hacked with the method in like 1 houre. Bad luck for me i guess.
And kaspersky didnt give me any warnings at all. bye bye kaspersky.
Anyway... i flashed my desire's HBOOT just to be sure. after i did a check with "AutoKiller Memory Optimizer" all kinds of malware services was attached to most of my apps.
1- downgraded HBOOT
2- flashed stock HBOOT from alpharev
3- Changed recovery from CWM to 4EXT as i suspected the recovery being infected somehow.
I checkd my log... the hacker had removed some files and moved shell files from an folder to another as well as busybox and so on. it was so many i thought il be better of installing new ROM.
I tried with Gingervillain first... everything installed fine..
checking with "root explorer" i see same files that had been moved and added was still there.
OK.. i tried again..
full wipe with 4ext and then installed Runnymede.. still.. when i check my root partition most of the files still there and i get same results doing a root check.
any idees...? im not sure if my kernel is right. it should be, when i installed Runnymede. when checking kernel v.
it says.. "2.6.35.10_EBfixTP2WcLsSma2OcUvVddS35+droidzone@supernova #11"
May be kernel rootkit? does the kernel start before recovery?
can someone plz confirm this?
baseband seem to be the same
any advise as for how to start from scratch will be much appreciated.