[ToolKit] Nexus 7 one click root tool !

Search This thread

ichigo_kurosaki

Senior Member
Feb 24, 2013
963
229
34
Butuan City
I am going to wait for the 4.4.3 update before i will root. Hmmm..and i also need to buy external hdd coz my sis' gonna kill me if i store may files on.here laptop. Lol

Sent from my Tensa Sensation XE using Ban Kai
 

salutcemoi

Senior Member
Oct 29, 2012
556
123
Im stuck at "Installing PDAnet to your phone"

If I install PDAnet on my n7 form Play Store, can I just ignore that and run root.exe?

Edit : fixed


But now I have "device offline - waiting for device " in the root exe

When connecting the PDAnet it says "error = HTC Sync -1 "
I installed the legacy network driver, but Im still getting that message

And I have uninstalled HTC Sync ..

I will uninstall and reinstall the toolkit , just in case ....
 
Last edited:

stevecaboose

Senior Member
Jan 26, 2012
231
33
ZTE Axon 7
ASUS ROG Phone 5
I know this is old, but just downloaded it and ****ed my pc with malware. Thanks!! Bubble Dock for the win.

This should contain no malware. Ive used this many times and its saved my butt. Could you please be specific about the problem. What file contained the malware and what was the name of the malware and what did the malware do?
 
Last edited:

Mace490

Senior Member
Jun 20, 2010
227
16
this F***ed my PC with Malware that i am still trying to get rid of it. THANK YOU!

PLEASE DELETE THIS DOWNLOAD BY YOURSELF OR OPERATOR
 

Mace490

Senior Member
Jun 20, 2010
227
16
Like I said with the last post. Please describe what malware was found and what did it do. No need to use profanity also.

Malwarebytes Anti-Malware
www.malwarebytes.org

Date : 27.06.2016
Suchlaufzeit: 22:40


Version: 2.2.1.1043
Malware-Datenbank: v2016.06.27.06
Rootkit-Datenbank: v2016.05.27.01
Lizenz: Testversion
Malware-Schutz: Aktiviert
Schutz vor bösartigen Websites: Aktiviert
Selbstschutz: Deaktiviert

Betriebssystem: Windows 10
CPU: x64
Dateisystem: NTFS


Registrierungsschlüssel: 12
PUP.Optional.HohoSearch, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\ArhCntservice, , [29c932cf257549edcd955f87728fd12f],
PUP.Optional.HohoSearch, HKLM\SOFTWARE\CLASSES\CLSID\{98C066AB-D735-4339-9E52-A34875141B56}, , [a151778a9604d4628b7de3b4ae5420e0],
Trojan.ProxyHijacker, HKLM\SOFTWARE\CLASSES\Nexus_7_root_toolkit_v.1.5.DynamicNS, , [43af15eca7f334027214148140c2b848],
Trojan.ProxyHijacker, HKLM\SOFTWARE\WOW6432NODE\CLASSES\Nexus_7_root_toolkit_v.1.5.DynamicNS, , [16dc13eedfbb1d194c3a5e37c9398d73],
Trojan.ProxyHijacker, HKLM\SOFTWARE\CLASSES\WOW6432NODE\Nexus_7_root_toolkit_v.1.5.DynamicNS, , [16dc13eedfbb1d194c3a5e37c9398d73],
PUP.Optional.Komodia.Gen, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{5CA6199E-204C-480A-AF55-DE1F4C1CC751}, , [658d2ed3683238febc3d5e9aa162cf31],
PUP.Optional.HohoSearch, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{EB8450D9-9FFD-4E8F-97FC-20EE36546DBD}, , [569ccb36bfdb6fc791be14eb47bc6e92],
PUP.Optional.HohoSearch, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\Arahick Controls, , [6b8730d17f1b72c46fe124db956eb749],
PUP.Optional.Komodia.Gen, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\rde3028, , [559d09f8881248ee39c1ea0eea19bb45],
PUP.Optional.HohoSearch, HKLM\SOFTWARE\MOZILLA\FIREFOX\{EB52F1AB-3C2B-424F-9794-833C687025CF}, , [2dc527dadfbb2a0c48c2a05de22110f0],
PUP.Optional.Linkury.ACMB1, HKLM\SOFTWARE\WOW6432NODE\mtSilsolis, , [c230a75a7f1bd36328884da81be808f8],
PUP.Optional.Linkury.ACMB1, HKU\S-1-5-21-3482407538-2142533698-2377789723-1001\SOFTWARE\mtSilsolis, , [7a788879306aa294503d2aca14ef01ff],

Registrierungswerte: 5
PUP.Optional.HohoSearch, HKLM\SOFTWARE\MICROSOFT|help, http://d2ucfwpxlh3zh3.cloudfront.ne...6D37E4C6C7D1586893F0315&ptid=isr&mode=loadmex, , [d31faf5229713df9f08ef50aee15cc34]
PUP.Optional.Komodia.Gen, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{5CA6199E-204C-480A-AF55-DE1F4C1CC751}|Path, \rde3028, , [658d2ed3683238febc3d5e9aa162cf31]
PUP.Optional.HohoSearch, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{EB8450D9-9FFD-4E8F-97FC-20EE36546DBD}|Path, \Arahick Controls, , [569ccb36bfdb6fc791be14eb47bc6e92]
PUP.Optional.HohoSearch, HKLM\SOFTWARE\MOZILLA\FIREFOX\{EB52F1AB-3C2B-424F-9794-833C687025CF}|hp, http://d2ucfwpxlh3zh3.cloudfront.ne...37E4C6C7D1586893F0315&ptid=isr&mode=ffsengext, , [2dc527dadfbb2a0c48c2a05de22110f0]
PUP.Optional.HohoSearch, HKLM\SOFTWARE\MOZILLA\FIREFOX\{EB52F1AB-3C2B-424F-9794-833C687025CF}|tab, http://d2ucfwpxlh3zh3.cloudfront.ne...37E4C6C7D1586893F0315&ptid=isr&mode=ffsengext, , [2ac8e31e514975c16c9e43ba3bc88d73]

Registrierungsdaten: 0
(keine bösartigen Elemente erkannt)

Ordner: 4
PUP.Optional.FastWeb, C:\Program Files (x86)\FastWeb, , [6e842cd50298e94d802c37904eb4ed13],
PUP.Optional.HohoSearch, C:\Program Files (x86)\Bodekmuocult, , [3eb412ef45551d194cef30980200f40c],
PUP.Optional.HohoSearch, C:\Program Files (x86)\Arahick, , [cd25a25f6d2d74c20c387355966ce41c],
PUP.Optional.HohoSearch, C:\Program Files (x86)\Arkosshocult, , [5999946d6238270f0c396365cb37fc04],

Dateien: 12
PUP.Optional.HohoSearch, C:\Program Files (x86)\Arahick\ArhCntservice.html5, , [29c932cf257549edcd955f87728fd12f],
PUP.Optional.HohoSearch, C:\Program Files (x86)\Arahick\ArhCnttask.exe, , [de14d42dd4c6d6604a1884628b7628d8],
PUP.Optional.OpenCandy, C:\$Recycle.Bin\S-1-5-21-3482407538-2142533698-2377789723-1001\$RO8XA37.exe, , [8f6391707327c0761a9471fcd52f6f91],
PUP.Optional.DownloadGuide, C:\$Recycle.Bin\S-1-5-21-3482407538-2142533698-2377789723-1001\$R1K43VX.crdownload, , [985a926fe0ba092d06238abfb34d14ec],
PUP.Optional.Wajam, C:\Users\Matijas\AppData\Local\Temp\25AE7258-DC16-4F0A-A4FF-808B3478761C\s2s_install.exe, , [f5fda25f71297abcdf0e432b3dc7916f],
PUP.Optional.Komodia, C:\Windows\Temp\zdengine.log, , [0ee416eb63370f27f090e30a9a69926e],
PUP.Optional.GsearchFinder, C:\Users\Matijas\AppData\Roaming\Profiles\st7njx15.default\extensions\@A3592ADB-854A-443A-854E-EB92130D470D.xpi, , [648e946d2c6eeb4b2dba01fbd330e818],
PUP.Optional.GsearchFinder, C:\Users\Matijas\AppData\Roaming\Profiles\yzzfdyu4.default\extensions\@A3592ADB-854A-443A-854E-EB92130D470D.xpi, , [ed0546bb108a3204a83fc23a867d4fb1],
PUP.Optional.HohoSearch, C:\Windows\System32\Tasks\Arahick Controls, , [f4fe03fe8713bb7b3b128a7516eda759],
PUP.Optional.FastWeb, C:\Program Files (x86)\FastWeb\config_ns1.dat, , [6e842cd50298e94d802c37904eb4ed13],
PUP.Optional.HohoSearch, C:\Users\Matijas\AppData\Roaming\Profiles\st7njx15.default\searchplugins\98m5wb3j.xml, , [747e2ed3623893a34573891324e0f60a],
PUP.Optional.HohoSearch, C:\Users\Matijas\AppData\Roaming\Profiles\yzzfdyu4.default\searchplugins\98m5wb3j.xml, , [ee04cc351189c571c9efd2ca2dd73cc4],




(end)

here you go
 

stevecaboose

Senior Member
Jan 26, 2012
231
33
ZTE Axon 7
ASUS ROG Phone 5
Malwarebytes Anti-Malware
www.malwarebytes.org

Date : 27.06.2016
Suchlaufzeit: 22:40


Version: 2.2.1.1043
Malware-Datenbank: v2016.06.27.06
Rootkit-Datenbank: v2016.05.27.01
Lizenz: Testversion
Malware-Schutz: Aktiviert
Schutz vor bösartigen Websites: Aktiviert
Selbstschutz: Deaktiviert

Betriebssystem: Windows 10
CPU: x64
Dateisystem: NTFS


Registrierungsschlüssel: 12
PUP.Optional.HohoSearch, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\ArhCntservice, , [29c932cf257549edcd955f87728fd12f],
PUP.Optional.HohoSearch, HKLM\SOFTWARE\CLASSES\CLSID\{98C066AB-D735-4339-9E52-A34875141B56}, , [a151778a9604d4628b7de3b4ae5420e0],
Trojan.ProxyHijacker, HKLM\SOFTWARE\CLASSES\Nexus_7_root_toolkit_v.1.5.DynamicNS, , [43af15eca7f334027214148140c2b848],
Trojan.ProxyHijacker, HKLM\SOFTWARE\WOW6432NODE\CLASSES\Nexus_7_root_toolkit_v.1.5.DynamicNS, , [16dc13eedfbb1d194c3a5e37c9398d73],
Trojan.ProxyHijacker, HKLM\SOFTWARE\CLASSES\WOW6432NODE\Nexus_7_root_toolkit_v.1.5.DynamicNS, , [16dc13eedfbb1d194c3a5e37c9398d73],
PUP.Optional.Komodia.Gen, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{5CA6199E-204C-480A-AF55-DE1F4C1CC751}, , [658d2ed3683238febc3d5e9aa162cf31],
PUP.Optional.HohoSearch, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{EB8450D9-9FFD-4E8F-97FC-20EE36546DBD}, , [569ccb36bfdb6fc791be14eb47bc6e92],
PUP.Optional.HohoSearch, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\Arahick Controls, , [6b8730d17f1b72c46fe124db956eb749],
PUP.Optional.Komodia.Gen, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\rde3028, , [559d09f8881248ee39c1ea0eea19bb45],
PUP.Optional.HohoSearch, HKLM\SOFTWARE\MOZILLA\FIREFOX\{EB52F1AB-3C2B-424F-9794-833C687025CF}, , [2dc527dadfbb2a0c48c2a05de22110f0],
PUP.Optional.Linkury.ACMB1, HKLM\SOFTWARE\WOW6432NODE\mtSilsolis, , [c230a75a7f1bd36328884da81be808f8],
PUP.Optional.Linkury.ACMB1, HKU\S-1-5-21-3482407538-2142533698-2377789723-1001\SOFTWARE\mtSilsolis, , [7a788879306aa294503d2aca14ef01ff],

Registrierungswerte: 5
PUP.Optional.HohoSearch, HKLM\SOFTWARE\MICROSOFT|help, http://d2ucfwpxlh3zh3.cloudfront.ne...6D37E4C6C7D1586893F0315&ptid=isr&mode=loadmex, , [d31faf5229713df9f08ef50aee15cc34]
PUP.Optional.Komodia.Gen, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{5CA6199E-204C-480A-AF55-DE1F4C1CC751}|Path, \rde3028, , [658d2ed3683238febc3d5e9aa162cf31]
PUP.Optional.HohoSearch, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{EB8450D9-9FFD-4E8F-97FC-20EE36546DBD}|Path, \Arahick Controls, , [569ccb36bfdb6fc791be14eb47bc6e92]
PUP.Optional.HohoSearch, HKLM\SOFTWARE\MOZILLA\FIREFOX\{EB52F1AB-3C2B-424F-9794-833C687025CF}|hp, http://d2ucfwpxlh3zh3.cloudfront.ne...37E4C6C7D1586893F0315&ptid=isr&mode=ffsengext, , [2dc527dadfbb2a0c48c2a05de22110f0]
PUP.Optional.HohoSearch, HKLM\SOFTWARE\MOZILLA\FIREFOX\{EB52F1AB-3C2B-424F-9794-833C687025CF}|tab, http://d2ucfwpxlh3zh3.cloudfront.ne...37E4C6C7D1586893F0315&ptid=isr&mode=ffsengext, , [2ac8e31e514975c16c9e43ba3bc88d73]

Registrierungsdaten: 0
(keine bösartigen Elemente erkannt)

Ordner: 4
PUP.Optional.FastWeb, C:\Program Files (x86)\FastWeb, , [6e842cd50298e94d802c37904eb4ed13],
PUP.Optional.HohoSearch, C:\Program Files (x86)\Bodekmuocult, , [3eb412ef45551d194cef30980200f40c],
PUP.Optional.HohoSearch, C:\Program Files (x86)\Arahick, , [cd25a25f6d2d74c20c387355966ce41c],
PUP.Optional.HohoSearch, C:\Program Files (x86)\Arkosshocult, , [5999946d6238270f0c396365cb37fc04],

Dateien: 12
PUP.Optional.HohoSearch, C:\Program Files (x86)\Arahick\ArhCntservice.html5, , [29c932cf257549edcd955f87728fd12f],
PUP.Optional.HohoSearch, C:\Program Files (x86)\Arahick\ArhCnttask.exe, , [de14d42dd4c6d6604a1884628b7628d8],
PUP.Optional.OpenCandy, C:\$Recycle.Bin\S-1-5-21-3482407538-2142533698-2377789723-1001\$RO8XA37.exe, , [8f6391707327c0761a9471fcd52f6f91],
PUP.Optional.DownloadGuide, C:\$Recycle.Bin\S-1-5-21-3482407538-2142533698-2377789723-1001\$R1K43VX.crdownload, , [985a926fe0ba092d06238abfb34d14ec],
PUP.Optional.Wajam, C:\Users\Matijas\AppData\Local\Temp\25AE7258-DC16-4F0A-A4FF-808B3478761C\s2s_install.exe, , [f5fda25f71297abcdf0e432b3dc7916f],
PUP.Optional.Komodia, C:\Windows\Temp\zdengine.log, , [0ee416eb63370f27f090e30a9a69926e],
PUP.Optional.GsearchFinder, C:\Users\Matijas\AppData\Roaming\Profiles\st7njx15.default\extensions\@A3592ADB-854A-443A-854E-EB92130D470D.xpi, , [648e946d2c6eeb4b2dba01fbd330e818],
PUP.Optional.GsearchFinder, C:\Users\Matijas\AppData\Roaming\Profiles\yzzfdyu4.default\extensions\@A3592ADB-854A-443A-854E-EB92130D470D.xpi, , [ed0546bb108a3204a83fc23a867d4fb1],
PUP.Optional.HohoSearch, C:\Windows\System32\Tasks\Arahick Controls, , [f4fe03fe8713bb7b3b128a7516eda759],
PUP.Optional.FastWeb, C:\Program Files (x86)\FastWeb\config_ns1.dat, , [6e842cd50298e94d802c37904eb4ed13],
PUP.Optional.HohoSearch, C:\Users\Matijas\AppData\Roaming\Profiles\st7njx15.default\searchplugins\98m5wb3j.xml, , [747e2ed3623893a34573891324e0f60a],
PUP.Optional.HohoSearch, C:\Users\Matijas\AppData\Roaming\Profiles\yzzfdyu4.default\searchplugins\98m5wb3j.xml, , [ee04cc351189c571c9efd2ca2dd73cc4],




(end)

here you go

Let me do some tests for viruses and ill get back to you and everyone watching this forum to see whats going on here.
 

stevecaboose

Senior Member
Jan 26, 2012
231
33
ZTE Axon 7
ASUS ROG Phone 5
Just installed win7 on a vm and only downloaded the toolkit and malwarebytes. Here are my results

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 6/29/2016
Scan Time: 4:03 PM
Logfile: Nexus7PreInstallResults.txt
Administrator: Yes

Version: 2.2.1.1043
Malware Database: v2016.06.29.04
Rootkit Database: v2016.05.27.01
License: Trial
Malware Protection: Enabled
Malicious Website Protection: Enabled
Self-protection: Disabled

OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: Stevecaboose

Scan Type: Custom Scan
Result: Completed
Objects Scanned: 260591
Time Elapsed: 1 min, 2 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Warn
PUM: Warn

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 0
(No malicious items detected)

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 0
(No malicious items detected)

Physical Sectors: 0
(No malicious items detected)


(end)

I see no sign of this being infected. The exe is not packed (I would guess someone making a virus would pack it). After disassembling it and looking at the assembly, there appears to be no sign of malicious assembly. Overall this looks very clean and safe and props to the creator for making this nice script. I have used this before and it works perfectly.

If you are still not convinced. I would be happy to post all the imports and functions the program uses.
 
Last edited:

Weeeee

New member
Jan 26, 2011
2
0
Like I said with the last post. Please describe what malware was found and what did it do. No need to use profanity also.

It was bubble dock for starters, which basically took over my entire PC. Uninstalled chrome, changed homepages, added startup programs, auto playing video and audio ads on desktop, disabled installation of spybot or reinstallation of chrome. It was a nightmare, also, if you would have been there, you would have dropped a couple of F bombs..lol. Anywhoo, I literally installed from the link provided by OP. Im not sure what happened, I am a decent, safe computer user. Never got my PC mucked up that bad ever. Completely wiped HDD and did OS reinstall. Had a few drinks in me too :)
 

stevecaboose

Senior Member
Jan 26, 2012
231
33
ZTE Axon 7
ASUS ROG Phone 5
It was bubble dock for starters, which basically took over my entire PC. Uninstalled chrome, changed homepages, added startup programs, auto playing video and audio ads on desktop, disabled installation of spybot or reinstallation of chrome. It was a nightmare, also, if you would have been there, you would have dropped a couple of F bombs..lol. Anywhoo, I literally installed from the link provided by OP. Im not sure what happened, I am a decent, safe computer user. Never got my PC mucked up that bad ever. Completely wiped HDD and did OS reinstall. Had a few drinks in me too :)

Im sorry to hear that your computer got infected. Happens to the best of us. I'm very confident that the cause was not this specific file. Sometimes it will take days or weeks before a virus shows itself on your computer. Its possible you may have downloaded something or clicked on something without even realizing it. Now that we've been so used to clicking on things our muscle memory. I know ive done this a few times where I click on something then I say to myself "why did i just click on that?". My guess would be that something infected your computer a while ago and decided to come out around the time you downloaded this. It would have been nice if the original creator would have left it as a bat file. Then this could be cleared up very quickly. If you're interested in looking at the assembly I can post it here. As I said in my previous post, after analyzing the assembly and looking at the imports of the exe there is nothing suspicious. The program is not importing any functions that connect to the internet. If you need any more help or have any questions feel free to post here or message me.
 

Top Liked Posts

  • There are no posts matching your filters.
  • 132
    This tool will root you nexus 7 install su or super su and ClockWorkMod recovery!!
    i already developed a similar tool for the nexus s and galaxy nexus,this tool is based on the same code with few modifications.it should root your device in few minutes,so give it a spin and tell me how it goes :D

    Disclaimer!
    Your warranty is now void.
    I am not responsible for bricked or damaged devices
    YOU are choosing to make these modifications.


    Current v1.5:http://d-h.st/xMX

    Mirror:http://www.mediafire.com/?c29tr726xpejad7

    (old versions)
    v1.1: http://d-h.st/8I4
    Extract the downloaded zip file on your pc,install the drivers available in the "drivers" folder if you don't have them already installed,after installing the drivers run the file called "root.exe" to root your device.

    and here is a video that explains it all (big thank to SladeNoctics) : http://www.youtube.com/watch?v=2Q6uBd38hm0&feature=youtu.be

    Changelog
    v1.5
    -updated superuser and supersu
    -new recovery (all cwm bugs should be fixed)
    -new menu that
    4
    Hrm...there are a lot of ways you could improve this.
    3
    Worked right out of the box, thank you.

    1. Install driver accordingly, for 32bit or 64bit OS.
    2. Watch the question on Nexus 7 screen to let it unlock, use volume and power buttons to choose it.
    3. Remember to turn USB Debugging back on again after first boot, it wiped out everything.
    4. Go apps drawer, go Super User and update the bin coed twice.
    5. Install Busybox Free to create busybox.

    Done, and I install TB after this to restore my apps from other android, everything worked like a chime.
    3
    Well I am impressed. I thought for sure I would be seeing it AFTER it was shipped.

    Good job!

    This is Xda!!!!!!! (said in the Sparta scream voice)
    2
    also do i need android sdk installed for this toolkit to work?