Jonamerica.com

A blog by Jonathan Eggers

Technology

Recover from the DreamDroid virus

You may have missed the recent news about the DreamDroid virus that is affecting Android phones. This virus is embedded in more than 50 apps, which have since been removed from the Android Market. The DreamDroid virus uploads your personal information to a server, roots your android phone, and downloads to the phone additional software. Read more about DreamDroid on ArsTechnica.

If you are running Gingerbread (Android 2.3), Android 2.2.2, or a patched ROM, you are safe from infection.

If you’re not running Gingerbread, 2.2.2, or a patched ROM, and you downloaded and ran one of the 50 infected apps, then you are infected.The only way to recover from the virus is to do a factory reset on your android phone and format the SD card to ensure everything is clean.

Pre-wipe preparations

  1. Uninstall any infected software you currently have on your android phone
  2. Create a new backup of all your apps using Titanium Backup
  3. In Titanium, be sure to delete backups of all uninstalled apps (including the virus, duh)
  4. Connect the android phone to your computer and copy everything off of the phone itself. Not the SD Card (yet)
  5. Make note of your system setup (accounts, screen layouts, etc)
  6. Reboot into Clockworkmod recovery and do a backup
  7. Mount the SD Card and copy all of your data off the SD Card to your computer

Wipe the android phone

  1. With the SD Card still mounted, in windows format the SD Card as FAT 32. Make sure not to do a quick format as that just deletes the files on the card. This will take a while, especially if you have a large SD card
  2. Follow Doug Piston’s directions here for going back to stock. You do not need to go S-Off.

Re-root

You now have a stock android phone and need to install Clockworkmod and Su. The easiest way to do that is to use Unrevoked Recovery. However, because you’re still S-Off, you can also just download the latest version of Clockworkmod and Su and flash them yourself from HBOOT.

Be sure to remove the stock PB31IMG.zip file from your SD Card first, before running Unrevoked!

Once you’re all set with Clockworkmod and Su you can install your favorite ROM. Then, reboot back into Clockworkmod, if you’re not already there, and either apply the zip file found on XDA Forums, or do the following:

  1. In Clockworkmod mount /system
  2. Use adb shell to connect to the android phone and run the following commands
  1. touch /system/bin/profile
  2. chmod 644 /system/bin/profile

You’re now protected against the exploit. If your ROM has not taken steps to implement this patch, you will have to do this every time you update your ROM. If you’re using a ROM that isn’t patched you should reach out to the dev and suggest they patch their ROM (or find a new one).

Restore your android phone

If you haven’t already done so, go ahead and setup your phone. You now have an android phone, with your favorite ROM, configured just the way you like, patched against the exploit, with no apps. Go ahead and make a new backup in Clockworkmod. Save this backup to your computer somewhere and call it something like DD.MM.YY-RomName-NoApps. This way you can always get back to a virus free base should anything happen to your phone in the future.

To get your user apps back you’ll want to:

  1. Install Titanium Backup from the market
  2. Copy your data back to your SD Card
  3. Use Titanium Backup to restore ONLY your user Apps – not system apps – just to be on the safe side.

Once your android phone is back in a working condition, and setup just the way you like it, with your apps, go ahead and make another backup in Clockworkmod. Call this one DD.MM.YY-RomName-WithApps. From this point forward you have two virus free backups – one that is a “stock ROM” backup and one with all your apps.

Your android phone is now virus free and your android phone should be back to where it was (or close to it) when you started.

A few things to remember

  1. Always look at the developer, downloads, and reviews before installing any app
  2. Always look at the requested permissions of the app before installing it. Some of these apps were requesting permissions they had no need to be requesting (a bowling app that sends SMS?)
  3. Install an anti-virus app to keep your phone clean

Leave a Reply

Theme by Anders Norén