Hello folks, moving this thread here due to little activity on premium forums.

So a week or two ago, my phone started to act very suspiciously. It started to glitch, run slow, and restart on it's own. Upon digging around in the running processes, I discovered hundreds of curiously named .apks and custom written scripts that seemed to make use of "org.simalliance.openmobile.api.service:remote ". Essentially I found logs being created of every app and service on the phone and found protocols used to dump the logs into a remote service. Simple spyware? Maybe....until I found this.

Upon trying to factory reset the phone, I saw that the phone was in "#manual mode. Multi csc mode applied" There were also several log files that appeared to show some genius level hijacking of everything in the phone down to the root files. At this time I'm not 100% sure if the "phone" rooted itself. But, it sure looks that way based on the log files. The files show custom scripts being injected to launch apk files and scripts while "factory resetting" the phone (I've never reset or rooted this phone). The interesting thing is though, is that once the files did their work, they deleted themselves, according to the logs.

Upon trying to factory reset or wipe the cache partition, the phone spits out a short log file and in about 2 seconds "factory reset and wipes the phone". However, upon booting the phone, it's clear that all of the same rogue apps (multiple iterations of "android system", "google services", "smartcard manager" and processes are still running strong. A few examples include "com.qualcomm.attfwdservice" "com.qualcomm.embms" "com.qualcomm.telephony" "deviceTest" "com.samsung.inputeventapp" "com.trustonic.tuiservice" "Make_sim_DBService" just to name a few. I realize that at face value, some of these processes are part of core files in the phone, but upon viewing the processes started by them and the permissions they are given, they seem very out of place.

Permissions include READ_CALL_SETTINGS, "This application can access MDM content providers" "com.sec.android.app.music.permission.WRITE_SE TTIN GS", "com.sec.android.app.sns3.permission.SNS_FB_AC CESS _TOKEN", "MIRRORLINK_ACCESS_PERMISSION", "com.samsung.android.soagent.permission.ACCESS ORY" "com.android.permission.LOCK_TASK_MODE ".......provider.badge.permission.WRITE" and many more. all of the apps that I deem suspicious are mentioned in the process description as grouped together and all have similar permissions.

Some other symptoms (to name a few) of the phone are random shutdowns and reboots (this always happens when trying to install a new app however), battery life being taxed slightly, catching the phone once or twice in a menu when unlocking the phone, cache files constantly piling up for audio recorder and camera, "selfie alarm process", things like google services and play store showing up in the downloaded apps section, getting redirected to "tracking.roo....." very briefly before getting to the URL I typed.

I'm worried that my security is threatened as I've also had some issues with my home PC. I've had several exploit attempts blocked by A.E. programs as well as fishy processes and a sluggish system. I don't want to have my information stolen and I'm just plain pissed off that my $800 phone is essentially an unfixable P.O.S. that is spying on my every move. I want to be able to log into my bank apps and other websites without having to worry about keyloggers or remote hijacking attempts. I just want this to be over with! If anyone can offer some advice I'd really, really appreciate it. I'm at a complete loss now as my technological abilities are limited.

My 3 main questions:

If I flash a factory rom to the phone with ODIN, will that completely eliminate any chance of rogue files being left in the root folders?

How can I keep my phone and home network secure once this is fixed?

Is it possible that this threat is now somehow stuck inside my network? Meaning that anything I connect to the router could be affected.


I really appreciate your help, this is driving me insane.