# I think a PC Rootkit took the MBR of my sdcard (rooted voodoo gummy)



## pseven (Aug 1, 2011)

The PC I plugged my phone into to root it had a crazy MBR rootkit. (Thanks Dad)

I figured it wouldn't affect my phone because a PC virus can't infect an Android/ Linux device, right?

I installed voodoo, and the stable version of Gummy figuring I had to go out of town, so go with the stable option ... on the unstable computer.

Apparently this virus plants a linux kernel, or something, in the PC's MBR, hides partitions, puts tons of hooks into system files, and hidden directories... I think it was capable of infecting my phone.

The reasons for this: I've seen this virus grab flash drive mbr's. I still figured my phone would be impervious. I'm a rooting newb, but fought through all the crazy steps, and bricked my phone 6 times... figured out how to fix it. I was so glad to get it rooted, I felt triumphant. I don't know Linux, but with the debloated, voodoo gummy rom people were getting 1500 quadrant scores. Mine is grabbing 985. SuperUser starts bugging out. Titanium Backup Pro crashes on boot. Sad to say, even with something seriously bogging it down, that 985 is faster than stock.

So how do I get rid of this thing without permanently ruining my phone? Formatted the SD through the settings, but there's still a small amount missing. Could be in the phone? Any special people experienced in this?

How do I nuke this entire thing, and start over? I'm afraid to hook it up to a clean PC. Dropbox? Should I boot a PC with a boot disk, and try to hook it up? New to rooting, and good on PC's, but this is double over my head b/c Linux masters mystify me. People used to ***** about Dos.

Bless anyone who helps. Took me days to get this BS off a few PC's. Now it's in my phone? I'm helpless.


----------



## iamtyy (Jun 6, 2011)

I don't know a whole lot about PC's, so don't quote me on this, but it seems to me like whatever infected the pc wouldn't affect the phone. The issues you're having are not uncommon, and are usually just caused by flashing without wiping, or a few other pesky things. You should be fine to just plug into a clean pc, flash one of the leaked complete odin files, and start fresh.


----------



## pseven (Aug 1, 2011)

iamtyy said:


> I don't know a whole lot about PC's, so don't quote me on this, but it seems to me like whatever infected the pc wouldn't affect the phone. The issues you're having are not uncommon, and are usually just caused by flashing without wiping, or a few other pesky things. You should be fine to just plug into a clean pc, flash one of the leaked complete odin files, and start fresh.


I was thinking that I might be paranoid. This was an original flash (to unbrick a bunch of times) then an OTA update... I don't understand why RootExplorer, SuperUser and Titanium are acting weird. And low quadrant scores? That's what worries me - those are the warning signs on a PC.

Edit:
Thinking out loud ... I booted into CWM Recovery. Formatted the sdcard. Just downloaded the new gummycharged FE. Unzipped it to a .md5 file. Am uploading that to my dropbox. Thinking I'll DL it to my sdcard directly from dropbox... then recover into CWM... factory wipe... then hopefully CWM will still come up and I can open the .md5 directly from the CWM sdcard zip option?

Or will I brick it, and I'm clueless? I appreciate the input though tyy. I might try this, and if I brick it, I'll just unbrick it on a clean computer.....


----------



## andraddict (Jun 22, 2011)

If you have a file with an .md5 extension, it is to be flashed only through Odin. It will not work correctly if you flash through CWM. I would find a non-Odin version if you intend to install through CWM - they usually end with a .zip extension. From the sounds of your problem, I would wipe cache, system data, and dalvik cache in CWM, and then do a clean install with Odin. I would also steer clear of doing any restore of data through Titanium backup. Any performance issues I have had were related to bad restores of data through Titanium or Mybackup Pro. I highly doubt something from your PC has affected your phone. The software wouldn't even be compatible. When in doubt, data wipe is always your friend.


----------



## iamtyy (Jun 6, 2011)

andraddict said:


> If you have a file with an .md5 extension, it is to be flashed only through Odin. It will not work correctly if you flash through CWM. I would find a non-Odin version if you intend to install through CWM - they usually end with a .zip extension. From the sounds of your problem, I would wipe cache, system data, and dalvik cache in CWM, and then do a clean install with Odin. I would also steer clear of doing any restore of data through Titanium backup. Any performance issues I have had were related to bad restores of data through Titanium or Mybackup Pro. I highly doubt something from your PC has affected your phone. The software wouldn't even be compatible. When in doubt, data wipe is always your friend.


This is correct. I would suggest using the complete gummy odin though, as it is simple, and does all the wiping for you.

edit: reread and i see that is what he is suggesting above. so +1 for using odin package.


----------



## pseven (Aug 1, 2011)

Indra - I had the same suspicion when I noticed it said zips and the md5 was exactly what Odin was looking for, so I threw a zip on there for good measure... it was only 7 megs. 730 voodoo charge kernel? The hilarious thing is I downloaded a half gig md5 file also. Kinda sad. 2 gb per month? This is their new text messaging. Robbery. That and net tiering.

But I've had to normally help people with PC stuff, and sometimes roll your eyes and laugh at crazy conclusions and problems people come up with. I now get to be that guy. We'll learn.

The good news is I had the same hunch, and decided to wait for the droid/linux wisdom.

Thank you for taking the time and the patience.

Tyy you too buddy. I'm thinking about jumping off the cliff and see what this new kernel will do straight out of cwm. If you don't hear from me for a few days, you know why.

P.S. I HATE AUTOCORRECT THY AND ANDRA. Been up too long.


----------



## pseven (Aug 1, 2011)

HOLY CRAP - IT WORKED FIRST TRY

It was pretty funny... booted cwm, wiped the cache, then did a factory wipe... thought it locked up. Moved along ... here's the best part. Screen goes blank. I'm thinking, "Come on ... Come on Samsung logo..." A bit later, the Samsung logo comes up. It hangs for like 3 minutes. I think, "Damn it. I screwed up. Should have Odin'd it. Bricked. Get ready for a two hour ordeal." I'm sitting here, by myself in the dark staring at my phone which pretty much never makes noises. I keep it on silent. It was on silent. Before I replaced the kernel. This crazy lady all of a sudden starts screaming at me full blast through my phone. I jumped out of the chair and dropped the phone. Totally unexpected, and were it on video, it would go viral.

So the evil lady cyborg takes over my phone, tells me everything's going to be okay, installs voodoo, and things seem great. I hope. Fingers crossed.

Gonna get some sleep. Big ups to my people tyy and Indra with the talking me through logic and advice.

Peanut Butter Jelly Voodoo Goodness...

Now that I have that in, what can we do to mod this thing?


----------

