asked to dowload Avast Antivirus when entering an url - General Questions and Answers

every time i enter an url in Opera, Dolphin or any other browser, i am asked to download "avast_free_antivirus_setup.exe"
I have a optimus 2x using temasek ROM and Kernel. What i should do to solve this problem?

Does it happen on wifi, 3G or both? Maybe a DNS issue, try typing "74.125.226.69" as an address. Thats the IP for Google's homepage and should bypass any DNS server. An infected exe file on android is harmless, but could infect a Windows system the second you plug in your phone with a USB cable.

Do a reset, sounds very strange and check for your problem after every app you have installed. IMHO anti_virus_ software with phones is useless. Problems occur with trojans.

the problem desapeared. Maybe it was after clear history, but it desaperead even in Opera, and i did not to fix that... i have no idea what happened

This is kind of interesting to me, I've been looking for antivirus software for my phone, as a previous poster said it will do no harm to your phone, but could harm your PC once connected.
I think there is a gap in the market place for a true antivirus software for your phone.
My 2 cents!
Sent from my GT-I9100 using xda premium

Related

FlexProvider what is it and why do we need it

I am the type of person that hates having things running in the background that I do not need or do not know what they are. Is this FlexProvider process part of android OS or some type of app put in by TMO or LG? I have tried multiple ways of disabling it and uninstalling it but all lead to any internet based app force closing. Can anyone shed some light on this?
it's for data connection. you need it. thats all i know
Yeah I know that but what I'm trying to figure out is why. I dont remember it in any other android OS that iv had. Is it specific to this phone or 2.2? Like if we had a working ASOP build would it include it?
Did ever ever shed any more light on what this is?
I found these files in /etc/flex.. called flex.db and flex.xml. The flex.db contains the service provider details such as ..
Operator key, Nation, Operator, MCC, MNC, GID, SPN.
I really don't have any idea of why these db for !
I uninstalled it in gb and it doesnt cause a problem like in froyo.
HELP!!!! please
I deleted saved data from flex provider and now i cant do nothing, even put it in airplane mode because everything force closes.i didnt know what was flexprovider.....Please help me ..what to do...e mail me:[email protected]
Sounds like you shouldn't have a phone that multitasks....your prob wasting more battery and time trying to see what is always running than by just leaving things alone
Sent from my LG-P999 using XDA App
Uninstalled it on v21a O3D and phone works like a charm. All internet and phone services are a go. Market skyfire stock browser opera facebook twitter all working just fine...
CIQ Client?
I wonder if it's LG's CIQ Client. I hope not. If you're unfamiliar with CIQ, google "Researcher's Video Shows Secret Software on Millions of Phones Logging Everything" (title of a Wired article). I'd post a link but new members aren't allowed.
It is none of that. It handles setting your phone up to work with specific carrier settings, such as what languages are available, default time zones, mms settings, etc. You know, boring stuff that is the guts of your phone. I think the system has defaults it uses if flex provider is missing in system/etc/flex/flex.DB.
It is certainly not ciq, and I would not delete it. Doing so may not overtly break things, but it could cause issues.
There hasn't been any evidence of Ciq on LG yet, but it is always possible. I'm watching the situation.
Sent from my LG-P999 using Tapatalk

Adfoc. Us spam

Hi guys, i recently got this adfoc.us popup or somethig and it shows on 99% of the webpages when i browse the web via chrome. Its probably a malware or something but I cant get rid of it. It also prompted me if i want to inspall sexy cafe. Apk or something.
Anyone has same problem and how can i get rid of it? Should i do factory reset?
Thanks
raperot said:
Hi guys, i recently got this adfoc.us popup or somethig and it shows on 99% of the webpages when i browse the web via chrome. Its probably a malware or something but I cant get rid of it. It also prompted me if i want to inspall sexy cafe. Apk or something.
Anyone has same problem and how can i get rid of it? Should i do factory reset?
Thanks
Click to expand...
Click to collapse
You could try downloading an AV program off of Google Play Store, but you may have to factory reset.
You are not infected, but your router is. DNS is changed, go into router settings and put manual DNS from Google
Sent from my Nexus 5 using Tapatalk
Highly doubt its the router (unless remote admin is turned on, then you deserve it) sounds like hosts to me
I don't use windows, but this should help
http://blog.mitechmate.com/remove-adfocus-us/
then use this for your windows machine and phone
https://www.malwarebytes.org/ and http://www.labtechsoftware.com/hitman.php
make sure you use them in safe-mode, or use a live linux cd and clean the mess up
Sent from my rooted RCT6203W46 using xda-dev app
I work in a isp company and yes it's a router. zte and tplink routers have more or less widely open wan access, either from web, cwmp or SNMP, so merely changing web access pass does not help some script kiddie plays with range of IP addresses and you have adfoc site on every computer, phone, etc
Sent from my Nexus 5 using Tapatalk
absbrain said:
I work in a isp company and yes it's a router. zte and tplink routers have more or less widely open wan access, either from web, cwmp or SNMP, so merely changing web access pass does not help some script kiddie plays with range of IP addresses and you have adfoc site on every computer, phone, etc
Sent from my Nexus 5 using Tapatalk
Click to expand...
Click to collapse
What does working for a isp company have to do with anything ?
adfoc.us is nothing more than 'bundling' malware not a virus (to be technical a redirect virus) that highjacks DNS and hosts files on windows machines also adds other malware hence it's called 'bundling'.
Its real name is adfocus.us browser hijacker, it's distributed by hook
A Hook is programmed as DLL file that it is capable to block the message of solicitation to a desirable site and achieve redirection, then a cyber criminals may use Windows Socket Layer Service Provider associated with SPI to get user’s transmitting data no matter you are using Firefox, IE or Chrome
If you have a "wide open" type of router, you shouldn't be using a computer or phone period
Been removing rootkits, virus, malware off of windows machines for many years, don't need a isp worker to tell me it's a router
Well, ISP worker tells you, from first hand experience that some Chinese routers can be manipulated regardless of web password and DNS can be changed.
That means ISP worker has seen DNS changed from our DNS to some address in Germany. And wide open router is something most users know nothing about especially regarding cwmp protocol.
And we have reports from our customers that every network device opens adfoc.us it's not really rocket science is it ? And windows is crap we get that but I'm somewhat sure my version is the correct one, especially because adfoc.us tried to install some apk file (see original post) Not sure if apk files work with windows
Sent from my Nexus 5 using Tapatalk
Thx for your replies gents. I dont think this adfoc. Us crap pops up when i use my pc, only on my mobile and also when i use mobile data.
absbrain said:
Well, ISP worker tells you, from first hand experience that some Chinese routers can be manipulated regardless of web password and DNS can be changed.
That means ISP worker has seen DNS changed from our DNS to some address in Germany. And wide open router is something most users know nothing about especially regarding cwmp protocol.
And we have reports from our customers that every network device opens adfoc.us it's not really rocket science is it ? And windows is crap we get that but I'm somewhat sure my version is the correct one, especially because adfoc.us tried to install some apk file (see original post) Not sure if apk files work with windows
Sent from my Nexus 5 using Tapatalk
Click to expand...
Click to collapse
Can you give me some links that actually prove that this malware takes over/changes router settings ?
Were not talking windows tcp protocols and hosts, but, actual router settings
Sent from my rooted RCT6203W46 using xda-dev app
piperx said:
Can you give me some links that actually prove that this malware takes over/changes router settings ?
Were not talking windows tcp protocols and hosts, but, actual router settings
Sent from my rooted RCT6203W46 using xda-dev app
Click to expand...
Click to collapse
Not really sure why are you so opposed to idea that ultra-cheap (10-15 euro) router can be hacked ?
http://www.csoonline.com/article/21...e-routers-to-attack-online-banking-users.html
http://rootatnasro.wordpress.com/20...-from-the-zynos-rom-0-attack-full-disclosure/
And I'm talking exactly about this (ZTE, and TPLINK). And you must know that almost all xDSL routers given to customers by large(r) ISPs have custom firmwares (because of ACS configurations, port mapping, etc) so the potential for unintended WAN access is huge. And the ISPs always will buy the cheapest and fastest available router, so it's not surprising at all.
raperot said:
Thx for your replies gents. I dont think this adfoc. Us crap pops up when i use my pc, only on my mobile and also when i use mobile data.
Click to expand...
Click to collapse
Yeesh. Try safe mode?
Sent from my Nexus 5 using XDA Free mobile app
MrObvious said:
Yeesh. Try safe mode?
Sent from my Nexus 5 using XDA Free mobile app
Click to expand...
Click to collapse
I tried surfing in safe mode on another wifi network at my office. I dont have any problem at all.
Not once this adfoc popped up.
It must be some third party app or the rooter as absbrain mentioned. If its the rooter I should have the same issue on my pc as well correct?
absbrain said:
Not really sure why are you so opposed to idea that ultra-cheap (10-15 euro) router can be hacked ?
http://www.csoonline.com/article/21...e-routers-to-attack-online-banking-users.html
http://rootatnasro.wordpress.com/20...-from-the-zynos-rom-0-attack-full-disclosure/
And I'm talking exactly about this (ZTE, and TPLINK). And you must know that almost all xDSL routers given to customers by large(r) ISPs have custom firmwares (because of ACS configurations, port mapping, etc) so the potential for unintended WAN access is huge. And the ISPs always will buy the cheapest and fastest available router, so it's not surprising at all.
Click to expand...
Click to collapse
I am not opposed to the idea, its not new, but, first of all, this article is just about a year old, and new firmware has been out since then, have the users switched to the new firmware, who knows, 98% of windows people are point & click, that is the biggest problem, especially using android.
Second, like I said earlier, and what the article says also, remote admin should be disabled and change the default username and password, here in the states, dsl kinda faded out 10 years ago and those routers you list aren't common here, not saying this can't happen, but, OTOH a little common sense goes a long way.
Javascript is a popular way to get infected from websites, running things as noscript, ghost, etc, should help out a lot, there is a lot you can do to prevent this stuff from happening, most people are clueless or lazy or click happy.
Another way to help is to get rid of windows (every operating system can be hacked) (flame) but others are more secure by design, or for banking needs use a live linux cd/usb stick, 99% of people won't bother or even research the idea.
I look at this as pebak, and not knowing enough of the internet or their equipment and just clicking on anything, hence the point & click.
I run a few servers, none are windows, we do have windows clients. I try my best
Sent from my rooted RCT6203W46 using xda-dev app
raperot said:
I tried surfing in safe mode on another wifi network at my office. I dont have any problem at all.
Not once this adfoc popped up.
It must be some third party app or the rooter as absbrain mentioned. If its the rooter I should have the same issue on my pc as well correct?
Click to expand...
Click to collapse
Possibly. Unless it is Android only malware or affects your computer differently. If you have any lesser known apps installed try removing them. I would honestly suggest a factory reset.
Sent from my Nexus 5 using XDA Free mobile app
absbrain said:
You are not infected, but your router is. DNS is changed, go into router settings and put manual DNS from Google
Sent from my Nexus 5 using Tapatalk
Click to expand...
Click to collapse
Hi,
Its definetely the wi-fi rooter that i have w hich is TP Link.
I called my proveder they said there is a problem with the DNS. They reset my rooter online and it was fine for couple of days.
But now same thing happens. On both my wife and mine mobile phones surfing is impossible.
It automatically swithches the link to a porn site. Same thing happens as a pop up on my PC as well.
Any solution to fix this or I should get a more expensive rooter?
Thanks a lot.
raperot said:
Hi,
Its definetely the wi-fi rooter that i have w hich is TP Link.
I called my proveder they said there is a problem with the DNS. They reset my rooter online and it was fine for couple of days.
But now same thing happens. On both my wife and mine mobile phones surfing is impossible.
It automatically swithches the link to a porn site. Same thing happens as a pop up on my PC as well.
Any solution to fix this or I should get a more expensive rooter?
Thanks a lot.
Click to expand...
Click to collapse
Sounds like your router may have been compromised. Try a complete reset of it including updating it's firmware.
Sent from my Nexus 9 using XDA Free mobile app
jd1639 said:
Sounds like your router may have been compromised. Try a complete reset of it including updating it's firmware.
Sent from my Nexus 9 using XDA Free mobile app
Click to expand...
Click to collapse
Tried that, same thing happens.
I'm being directed to spaces.slimspots.com and then to various porn sites.
Its really annoying and I cant seem to find a solution.
raperot said:
Tried that, same thing happens.
I'm being directed to spaces.slimspots.com and then to various porn sites.
Its really annoying and I cant seem to find a solution.
Click to expand...
Click to collapse
Have you tried malwarebytes on your pc's?
Sent from my Nexus 5 using XDA Free mobile app
I would recommend the following:
1) Hard reset all your devices. Back up your data but then completely wipe the phone (/sdcard as well).
2) Disconnect your PCs. If you are savvy enough I would recommend running a Linux distro for a few days (so you can at least still use the computer).
3) Get a CD (not usb stick due to writableness) and download several AV tools (quick Google will yield some results). Take the PC offline (unplug ethernet/disable wifi), put the CD in, run a few scans and get it cleaned out.
4) Manually take your router and disable DHCP/DNS interally, forward your DHCP requests if you decide to keep DHCP on to a known good DNS server like 8.8.8.8.
5) Ideally, swap the router out for a new one or use your own instead of #4.
Something is causing it.
MrObvious said:
I would recommend the following:
1) Hard reset all your devices. Back up your data but then completely wipe the phone (/sdcard as well).
2) Disconnect your PCs. If you are savvy enough I would recommend running a Linux distro for a few days (so you can at least still use the computer).
3) Get a CD (not usb stick due to writableness) and download several AV tools (quick Google will yield some results). Take the PC offline (unplug ethernet/disable wifi), put the CD in, run a few scans and get it cleaned out.
4) Manually take your router and disable DHCP/DNS interally, forward your DHCP requests if you decide to keep DHCP on to a known good DNS server like 8.8.8.8.
5) Ideally, swap the router out for a new one or use your own instead of #4.
Something is causing it.
Click to expand...
Click to collapse
Great advise, especially #5 (you can also use linux box as a router)
Sent from my rooted RCT6203W46 using xda-dev app

Digital High GPE Rom unable to go to specific website???

Hello!
I have kind of a weird issue that really has me quite confused. Running the latest GPE rom from Digital High on my Verizon HTC One m8. Everything works flawlessly and I am so happy with it... Except for the ESPN Fantasy Hockey app, which complains of not having an internet connection. Tried clearing cache, uninstalled and reinstalled the app. Nothing works. So as a workaround, I try to go to games.espn.go.com in Chrome browser, and the webpage is not available... How weird is that? I even tried factory resetting the rom and it still doesn't work. At first I suspected a DNS issue, so tried using an app to manually set DNS servers to public google servers (8.8.8.8), but that also did nothing.
For the sake of being thorough, this happens whether I am using LTE, Wifi at work and Wifi at home. I know it's kind of a strange isolated issue, but if any of you running a similar setup could try accessing that website, it would be great to know if that is where the issue lies... My wife's Moto X has no issues at all accessing this so I a certain it is specific to my phone (just want to know if it is the rom or my phone, and hoping someone here will have a brilliant idea to fix it).
Thanks!
Are you using an ad blocking app? If so, disable it and then see if you can get there. The hosts file it installs might have an entry in it that's causing problems. I have no idea why espn would be in there (probably not) but it can't hurt to try. If you're not using an ad blocking app I can't think of anything else that would cause this.
Sent from my HTC6525LVW using Tapatalk
robocuff said:
Are you using an ad blocking app? If so, disable it and then see if you can get there. The hosts file it installs might have an entry in it that's causing problems. I have no idea why espn would be in there (probably not) but it can't hurt to try. If you're not using an ad blocking app I can't think of anything else that would cause this.
Sent from my HTC6525LVW using Tapatalk
Click to expand...
Click to collapse
Wow, that was it! I didn't have an adblock program installed, but remembered seeing that in the Aroma installer when I installed it. Just reflashed with that option unchecked and all is well. I can once again keep tabs on how badly I am losing in my Fantasy Hockey League: THANK YOU SO MUCH!
Glad to hear it. Blocking ads is nice but as you can see, can also cause it's own share of problems at times.
If you still want to block them you can use an app like Adfree. It does pretty much the same thing as what you had but it makes it simple to revert back to your original hosts file when needed. Otherwise you could flash it in aroma again and when needed, just rename your hosts file temporarily. Personally, I prefer the app simply because it saves a bunch of drilling down through folders to get at the hosts file manually.
Sent from my HTC6525LVW using Tapatalk

Motorola Connect Fix

I have been having a lot of problems with the Motorola Connect extension not working on Chrome (would not connect, kept getting disconnected within seconds of being connected, etc. etc.). But after searching the interwebs for months with no real fixes I finally stumbled upon a fix that actually works. I use avast with my Windows laptop, the antivirus was causing the problems. If you have a similar setup and want to get Connect up and running again follow these steps.
(I did not figure these out on my own, just giving it to the community here on XDA since I could not find a thread for a proper fix)
I got it to work by adding the Chrome extension to the Web Shield's URL by going to Avast, clicking the following links
1. Avast Main Window
2. Settings
3. Active Protection
4. Web Shield Customize
5. Uncheck "Scan traffic from well-known browser processes only" and Uncheck "Enable HTTPS Scanning"
6. Exclusions Tab
7. URLs to Exclude
8. In the input field, enter the following:
chrome-extension://kigmoblgooahdmdibodmcnffgnejlndh/*.*
I do not know the impact this will have on security in the long run, just know it works. Enjoy!
Edit: Also, allow the extension to work in incognito. If these steps do not work, try resetting Chrome.
Or stop using Avast and switch to Microsoft Security Essentials. I've found Windows Defender works very well. Then again, I don't click random links nor download from random sites.
nhizzat said:
Or stop using Avast and switch to Microsoft Security Essentials. I've found Windows Defender works very well. Then again, I don't click random links nor download from random sites.
Click to expand...
Click to collapse
Ha. Or that too. I use avast primarily for boot time scanning and just out of habit, really. The avast extension for chrome is helpful too but not entirely necessary if you know what you're doing. (like not clicking on random links or downloading from random sites)
Thank you!
I registered to these forums because I can use Moto Connect again!
Best,
BPG

Four Virus on Xperia Oreo 8.0.0

I am unable to remove annoying pop coming from any web browser I tried to install and use on my new Xperia Premium XZ including Chrome and Firefox. It looks like my phone gets DNS hijacked and randomly few times a day it pops this message - see attached screenshots.
I tried to Google solution, none I found worked including clearing data and cache of these apps, completely reinstalling them.
I tried premium Adware Malwarebytes and it does not detect anything wrong with the phone.
I also activated premium version of AVG but full scan has not discovered any issues.
At this point I ran out of options.
I can't believe there is no clear explanation anywhere about this so called Four Virus neither reference about it with respect to Oreo 8.0.0.
Am I the only Oreo user which has this issue?
Reseting my phone to factory defaults is last thing I would want but could do. Just trying to see other options before executing such drastic solution.
Any ideas are very appreciated.
Hi there
You caught a simple flu, but u probably need Safe Mode to remove it. Follow instructions here => https://forums.androidcentral.com/a...30081-guide-malware-adware-popup-removal.html
Good luck, and keep us posted,
Van
This is well-known problem, widely described on the Net. There's nothing wrong with your phone. There's no malware on the phone itself, which is why the anti-malware tools do not find anything.
What you see is a result of a server-side problem. Either the web page you were trying to visit got hijacked, or an ad provider that displays ads on that page got hijacked, or some DNS entry got hijacked. They used some kind of server-side exploit to redirect your browser to the above fake page. It is ordinary scareware, trying to scare you into purchasing a piece of software you don't really need (and it is useless crap anyway). If you were visiting a legitimate web site at the time this popup appeared, the site owners are most likely already aware of the problem. They will fix it shortly and the problem will go away.
At this time, just to make sure noting is cached on our phone after they fix the issue, a good idea might be to find your browser app in the app list and as Android to clear app data.

Categories

Resources