Related
Hi,
I recently bought a Xiaomi Redmi Note 2. very happy with the phone hardware, however the phone shipped with preinstalled apps that serve ads. I have run AVG and identified the preinstalled apps (which cannot be removed) and disabled those apps through Settings > Apps. I have also reset all of the defaults to change the Launcher to the Google Now launcher and things such as the default Mail and browser apps.
What i was hoping to get advise on, is simply disabling the apps enough to ensure that they can no longer cause a threat to the person using the phone, the ads have stopped running since I have done all of the above. Does disabling the app put the apps into a quarantine state where they are completely harmless or should I aim to permanently remove them?
I have tried to avoid rooting the phone (partly because I have never rooted a phone before) and also because of warranty concerns. Would a temporary root be a good compromise here? I also attempted to flash the rom with the global developers rom, however that didnt work when I attempted it and I kept getting the Install update.zip failed! update.zip signature verification failed.
At the moment the phone is stable fast and does not show ads like it did before disabling the apps and changing the launcher etc.... Have I done enough to protect any silent processes sending my data off to china?
Thanks for your help
model number : lenovo a5500-hv
android version: 4.4.2
baseband version: a5500-hv.v34, 2014/05/08 22:28
kernel version: 3.4.67
build number: a5500hv_a442_000_011_140508_row
As shared in subject, my tab ANDROID is infected by malware where multiple issues have starting lately
a) Constant popup message stating" Unfortunately, com.system.update has stopped"
b) Constant popup message stating" Unfortunately, org.snow.down.update has stopped"
c) Constant popup displaying to INSTALL application" com.android.keyguard"
d) Automatic checking (on) in Settings> Security> Allow installation of apps from unknown sources, despite my regular check off( its gets reactivated again). Device Administrators viewed are Android Device Manager (ticked), Daemon Service( twice listed- unchecked).
e) Installed Malwarebytes Anti-malware, upon scanning detected these 11 malwares, which it is unable to delete ( Norton is unable to detect those even). Any open app which I try to use after some seconds are abruptly closed.
Malware name- Path
Android/ Backdoor.Triada.c - /system/priv-app/higher.apk ( File linked to be uninstalled- AppManage)
Android/ Backdoor.Triada.js - /system/priv-app/BCTService.apk ( File linked to be uninstalled- bcct_service)
Android/ Trojan.Rootnik.I - /system/priv-app/Bseting.apk ( File linked to be uninstalled- com.android.sync)
Android/ Trojan.SMSSend.ge - /system/app/com.android.token.apk ( File linked to be uninstalled- com.android.taken)
Android/ Trojan.OveeAd.F - /system/priv-app/com.mws.tqy.vsdp.apk ( File linked to be uninstalled- com.system.update)
Android/ Backdoor.Triada.J - /system/priv-app/com_android_goglemap_services.apk ( File linked to be uninstalled- GoogleMapService)
Android/Trojan.Dropper.Shedun.dc - /system/priv-app/parlmast.apk ( File linked to be uninstalled- GuardService)
Android/Trojan.Dropper.Agent.MJ - /system/priv-apk/Sooner.apk ( File linked to be uninstalled- PhoneService)
Android/Trojan.OveeAd.J - /system/priv-apk/com.tsr.eny.hyu.apk ( File linked to be uninstalled- system.bin)
Android/Trojan.Guerrilla.Q - /system/priv-apk/NAT.apk ( File linked to be uninstalled- SysTool)
Android/Trojan.Triada.m - /system/priv-apk/com.glb.filemanager.apk ( File linked to be uninstalled- UPDATE)
PS: If I try to connect to Internet, app icons are downloaded and auto open displaying porn images.
Please assist to REMOVE the MALWARE INFECTION. Tried FACTORY DATA RESET from Settings, but no help. Tab not rooted.
Solution
Last night i got some pesky malwares. For now i think i removed them. Get Avast and see what it can find. After that try to remove the files from file explorer and the most important thing - go to Settings-Security-Device Administrators. From there remove everything and now from Avast you should be able to remove the infected apps. Hope i helped
Tried cm's stubborn Trojan remover from play store and it did the trick- as in disabled the infected processes but at end took my mail ID with followup request if raised to get the device cleaned from malware. Cross checked from Malwarebytes and kaspersky, and looks seemingly clean with no active culprits. Though not checked with WiFi or data connection through sim.
Sent from my A0001 using XDA-Developers mobile app
Ashish1+1 said:
Tried cm's stubborn Trojan remover from play store and it did the trick- as in disabled the infected processes but at end took my mail ID with followup request if raised to get the device cleaned from malware. Cross checked from Malwarebytes and kaspersky, and looks seemingly clean with no active culprits. Though not checked with WiFi or data connection through sim.
Sent from my A0001 using XDA-Developers mobile app
Click to expand...
Click to collapse
Did it root your phone first? Else I can't see how it would be able to get to those apps installed as system. If so, if it was me, I'd unroot my phone at the very least & uninstall the CM apps since they do not have a good reputation so far as data snooping goes and excessive app permissions etc goes.
eg (from The Capitol Forum)
The apps require extensive access to the devices on which they run, and they are able to harvest a great deal of data about users’ interests, demographics and location. Cheetah Mobile’s business model is not significantly different from the way in which some major American tech companies such as Facebook monetise their free products. However, Cheetah Mobile is different from American tech companies in that its headquarters are located in China and its data servers are primarily located there as well, and its main business partners are major Chinese tech firms. The Chinese government, according to sources, accesses its companies’ data for internal security, economic competitiveness or other purposes. Cheetah Mobile, and similar companies, represents a major point of entry for China to access American app marketplaces and their users to gather information. However, U.S. government officials in national security and intelligence agencies are highly aware of surveillance and hacking both inside and outside China, presumably coming from actors affiliated with the Chinese state.
Click to expand...
Click to collapse
see the alteco report (about investment risks but they ran tests on other apps that didn't do anything, what battery savers don't help!!! :silly: )
https://drive.google.com/file/d/0B_zW4GWDn5wpVDBiLUpDcE9IS0E/view
Now I haven't used the app you quote but if it didn't root your phone then it can't have removed the malware and they are likely up to their old tricks ie the app doesn't really work, they have just been blocked or something. (Ask yourself why aren't there other apps from well known companies that can remove trojans in system on play store?) ANd with their dodgy reputation for ads, & selling user data if it did root your phone you may only be slightly better off!!?? But at least it should only be your user data they are gathering and not your bank account number to try and get ya money like the malware guys!
Anyhow happy for you if you really are free of malware and don't forget to change all your passwords for all accounts, your routers etc else you could be reinfected by the time you read this!
I would reflash the stock ROM to be sure (backup ALL your pics, txts address, whatsapp etc etc)
I would also be interested to know how the app worked, if you can explain it. Did it say it would ROOT your phone? (there is nothing in their write up to say it will, Google would not allow an app that can root on play store, as far as I know) Do you have an app that can read what system apps are installed, like Link2sd? Does that show any of the malicious apk?
Thanks, No I did not root my phone but judging by the way removal came (easy) I too was bit surprised with outcome. No sooner I decided to remove the cm app Trojans and malware again became evident meaning it was just being suppressed in a way not removed and now again came back (when removed).
Sent from my A0001 using XDA-Developers mobile app
Ashish1+1 said:
Thanks, No I did not root my phone but judging by the way removal came (easy) I too was bit surprised with outcome. No sooner I decided to remove the cm app Trojans and malware again became evident meaning it was just being suppressed in a way not removed and now again came back (when removed).
Sent from my A0001 using XDA-Developers mobile app
Click to expand...
Click to collapse
Sorry to hear this. However I think it is possible that the CM app did its job as those malicious apps have probably already rooted your phone, so CM may have just used that root access without informing you, though whether or not other apps like CM app can still use that root, I'm not sure, it depends if its been left "on". I did watch a video on youtube for CM Stubborn Trojan app and the guy had to root his phone first. (You could try some/several of the root checker apps, if you want to know). So lets assume the CM app worked properly and removed trojan as it could get root without giving you a root request notification.
It's entirely possible that your reinfection is from your external SD card or via some other means eg. your router has had some ports opened or some other means. (Sorry I should have said reset router when I said change router password [do this for all routers you use & update firmware & ensure remote access is off (ref. dirty cow) while you are about it too!]
So I would reinstall CM Stubborn Trojan (lets assume it removes malware as it has root, even if it just blocks them it helps us) so you can then reflash official stock ROM for your country (& update to newest version if available), you must flash the FULL stock ROM so all partitions are reflashed. partial stock or custom ROM will not do this & potentially leave you open to reinfection! Reflash the FULL STOCK ROM is the only way to "easily" be sure you have cleaned the malware from your phone. NOTE: just doing a factory reset will NOT remove the malicious apps if they are in operating system folders, this only works for malicious apps in user data areas! Then you must make sure all possible ways you can be reinfected eg via sync, external SD cards or storage, your PC, router etc are cleaned/blocked/reset/updated
If you are not getting updates for your ROM you might want to consider installing a custom ROM (AFTER you have flashed the stock ROM!) from a reliable & trustworthy source, if available for your model, so that you get security patch updates. But you need to research and consider the risks of things like bricks, security etc for yourself first.
Hope this helps you clean your phone
Sometimes, it's times, it's the firmware itself that is infected
IronRoo said:
Did it root your phone first? Else I can't see how it would be able to get to those apps installed as system. If so, if it was me, I'd unroot my phone at the very least & uninstall the CM apps since they do not have a good reputation so far as data snooping goes and excessive app permissions etc goes.
eg (from The Capitol Forum)
see the alteco report (about investment risks but they ran tests on other apps that didn't do anything, what battery savers don't help!!! :silly: )
https://drive.google.com/file/d/0B_zW4GWDn5wpVDBiLUpDcE9IS0E/view
Now I haven't used the app you quote but if it didn't root your phone then it can't have removed the malware and they are likely up to their old tricks ie the app doesn't really work, they have just been blocked or something. (Ask yourself why aren't there other apps from well known companies that can remove trojans in system on play store?) ANd with their dodgy reputation for ads, & selling user data if it did root your phone you may only be slightly better off!!?? But at least it should only be your user data they are gathering and not your bank account number to try and get ya money like the malware guys!
Anyhow happy for you if you really are free of malware and don't forget to change all your passwords for all accounts, your routers etc else you could be reinfected by the time you read this!
I would reflash the stock ROM to be sure (backup ALL your pics, txts address, whatsapp etc etc)
I would also be interested to know how the app worked, if you can explain it. Did it say it would ROOT your phone? (there is nothing in their write up to say it will, Google would not allow an app that can root on play store, as far as I know) Do you have an app that can read what system apps are installed, like Link2sd? Does that show any of the malicious apk?
Click to expand...
Click to collapse
In my case, I have a similar issue - however, it's an infected SYSTEM file - which Malwarebytes spotted (but is unable to remove), and is NOT related to the KingRoot dodgy file. It's actually two different Trojans - both in /system/priv-app (settings.apk and smsservices.apk) - the first is the more problematical. (It's problematical because it's a critical system file/app/service - killing it without a replacement is NOT an option.) How the heck do you replace such a critical system file when it got itself hijacked?
In this case, I would agree with just a complete factory reset or ROM reflash. Like it is simply too much of an issue to try removing and recovering everything. Especially, once it's deep within your system....
Josh Ross said:
In this case, I would agree with just a complete factory reset or ROM reflash. Like it is simply too much of an issue to try removing and recovering everything. Especially, once it's deep within your system....
Click to expand...
Click to collapse
This was what I did finally, I went to service centre and spent bucks. They reloaded the firmware I suppose ( not flashing it) and instantaneously it was as good as new. I think, malware was itself part of original installation like uc browser- it was there. It just activated after some time or may be I clicked on some advertisement while running app and then the hell happened.
Any ways, its working fine, added an adblocker, restricted usage to few apps and keeping my fingers crossed for future.
Sent from my A0001 using XDA-Developers Legacy app
Yeah, the bloatware that you get with some phones nowadays is unbearable. If there is an option, go with a rooted phone, custom ROM, some couple custom solutions for protection and you will be good to go. And they work better than defaults most of the time. Good luck! Hopefully, we will only be hearing good news from you
PGHammer said:
In my case, I have a similar issue - however, it's an infected SYSTEM file - which Malwarebytes spotted (but is unable to remove), and is NOT related to the KingRoot dodgy file. It's actually two different Trojans - both in /system/priv-app (settings.apk and smsservices.apk) - the first is the more problematical. (It's problematical because it's a critical system file/app/service - killing it without a replacement is NOT an option.) How the heck do you replace such a critical system file when it got itself hijacked?
Click to expand...
Click to collapse
I'd reflash stock.
Hi all, I work at a group home and one of the clients recently purchased an Amazon Fire tablet to facebook chat with his dad.
My issue is that thanks to the crapiness of humanity I know that there's a strong potential for the tablet to grow legs.
Without getting into details, the client cannot have the tablet always in their posession, and we can't conveniently lock it down anywhere, and ideally whoever is supporting him needs to have access to the tablet whenever possible.
I'm wondering if there is an app, or even better, a device, which can cause the tablet to alert my manager the moment the device leaves the property? Ideally something not easily accessed or removed.
I know getting a tablet just for facebook chat is overkill, I wasn't the one who purchased it for the client, I'm just trying to make do with what is available.
theseventensplit said:
Hi all, I work at a group home and one of the clients recently purchased an Amazon Fire tablet to facebook chat with his dad.
My issue is that thanks to the crapiness of humanity I know that there's a strong potential for the tablet to grow legs.
Without getting into details, the client cannot have the tablet always in their posession, and we can't conveniently lock it down anywhere, and ideally whoever is supporting him needs to have access to the tablet whenever possible.
I'm wondering if there is an app, or even better, a device, which can cause the tablet to alert my manager the moment the device leaves the property? Ideally something not easily accessed or removed.
I know getting a tablet just for facebook chat is overkill, I wasn't the one who purchased it for the client, I'm just trying to make do with what is available.
Click to expand...
Click to collapse
It's an Android right?
I had a look at the Amazon store for anti-theft apps but there were none that I recognised from sources I trust (nit that I have researched them, but maybe you can find a reliable review) You have to be certain it's from a trusted source as these type of apps require special permissions eg admin in order to do their job, and could be abused by a malicious app.
I would recommend Cerberus Anti Theft, I used them for years & they have a good reputation, even though Google removed the app form play store. This is because they had to link the Google app to additional downloads in order to maintain the functionality of the app that made it the best, after Google changed what permissions apps could be granted for apps downloaded from Google store.
You can download for Android devices from their website
https://www.cerberusapp.com/
However there is a potential problem with all antitheft apps, ie. Turning off wifi/data means you can't communicate with it(but Cerberus could be activated via SMS), also a factory reset will remove them, so if a knowledgeable person steals a phone/tablet they can remove the antitheft app, so possibly you would have limited time to activate it. Which is why I used to root & install as a system app, which meant only reinstalling the full factory Android operating system to remove it.
There should be the basic "fined my device" on Android built in (I'm not familiar with Amazon variants) but its not very powerful.
I'll look into it, thanks. It does have tracking but unfortunately that wouldn't alert in time to be able to accurately determine who took it.
If Cerberus can do sms then my manager might be able to get immediate notification if it walks away, once it disconnects from wifi
What I don't get is why isn't there a hardware based solution, something that you have connected to your wifi that alerts you if devices in connected to that wifi signal get disconnected. Or even simpler, bluetooth based.
The problem is that tablets don't all have data, and if turned off they lose the anti theft features. So there needs to be something outside of the device itself that can alert the owner. Maybe it's just to specific a problem unfortunately.
theseventensplit said:
What I don't get is why isn't there a hardware based solution, something that you have connected to your wifi that alerts you if devices in connected to that wifi signal get disconnected. Or even simpler, bluetooth based.
The problem is that tablets don't all have data, and if turned off they lose the anti theft features. So there needs to be something outside of the device itself that can alert the owner. Maybe it's just to specific a problem unfortunately.
Click to expand...
Click to collapse
PS. You could use Tasker app (or other automation app) on your phone to set up an alert when the tablet losses connection, if you use your phone as a hotspot, I think.
Hi guys, I believe my galaxy tab s4 is contaminated with a virus . I already did many factorys resets and didnt installed no apps but from time to time , even when Im at the home screen with Avast only or with the antivirus that comes with the tablet activated, google play store opens without my request showing a program called IQ Option broker. What should I do?
malandrex said:
Hi guys, I believe my galaxy tab s4 is contaminated with a virus . I already did many factorys resets and didnt installed no apps but from time to time , even when Im at the home screen with Avast only or with the antivirus that comes with the tablet activated, google play store opens without my request showing a program called IQ Option broker. What should I do?
Click to expand...
Click to collapse
Could be a fake Play store app reinstalling itself somehow eg from SD card. Is your antivirus scanning your external storage also? Check if you have more than one play store app shown in settings>apps (not your normal apps screen as they can be hidden there). Or it could be an overlay made to look like Playstore screen ... you did get official Avast app right?
else something has installed itself in system folder which is why factory reset not working and you will need to reinstall your FULL Samsung factory ROM suggest you use Samsung SmartSwitch like RootJunky here (use high quality cable eg samsung usb cable, else danger of bricking)
https://m.youtube.com/watch?v=9QhJngOuLQ4
malandrex said:
Hi guys, I believe my galaxy tab s4 is contaminated with a virus . I already did many factorys resets and didnt installed no apps but from time to time , even when Im at the home screen with Avast only or with the antivirus that comes with the tablet activated, google play store opens without my request showing a program called IQ Option broker. What should I do?
Click to expand...
Click to collapse
Download Odin 3.xx (current version)
Browse SamMobile for firmware for your device, download factory ROM. Pay close attention to the region code for your ROM, CSC code. Use one compatible with your device and regional settings. It can be found on the IMEI sticker on the back of the device
Follow the flashing instructions to the letter that you will find on SamMobile website.
Once completed the device is fully refreshed and has latest available software at the time of the build. Do device setup and download app updates.
Enjoy.
Many thanks for both replies , but I have a few more questions:
a) Does this virus have the power to attack my router? If so, what should I inspect at my router? Should I use my brother´s ios iphone as a router while cleaning my device?
b) If I attach the tablet at my PC to perform the firmwire installation, could the virus be transmitted to it? What should I do to avoid it?
c) Where can I safely download this ODIN?
And answering some questions you made:
a) The avast app was downloaded from the store
b) Ive already tried disconnecting the sd card, perform a factory reset without the card but the problem persists.
c) I logged at my google account and when looking at my registered activity, Google claims I did opened the Google Play Store and searched for the IQ Option Broker app. So the virus acts as if it was me.
malandrex said:
Many thanks for both replies , but I have a few more questions:
a) Does this virus have the power to attack my router? If so, what should I inspect at my router? Should I use my brother´s ios iphone as a router while cleaning my device?
b) If I attach the tablet at my PC to perform the firmwire installation, could the virus be transmitted to it? What should I do to avoid it?
c) Where can I safely download this ODIN?
And answering some questions you made:
a) The avast app was downloaded from the store
b) Ive already tried disconnecting the sd card, perform a factory reset without the card but the problem persists.
c) I logged at my google account and when looking at my registered activity, Google claims I did opened the Google Play Store and searched for the IQ Option Broker app. So the virus acts as if it was me.
Click to expand...
Click to collapse
b) Possibly access is possible via your modem (or Bluetooth as serious bug was just patched this month if an attacker knows your BT MAC ... though likely take a while to rollout to all Samsung so you moray not be patched). If you suspect modem then you need to therefore also update your modem firmware (assuming its been patched & is not old & still vulnerable to some old bug, or buy new one) AND change both user & admin passwords
There is an XDA article with link to safe Odin download, google to find. But I'd recommend using Samsung SmartSwitch as this is official way & no special knowledge required.
Re item c) then possible it's just someone trying to load an app remotely via your Google account, does it show any unrecognised login from another device? Also I'm not 100% sure if this requires user to tap install on newer phones, so might not be what you are seeing. Change Google password. (your phone not infected in this case as you didn't click install) Always use a different password)(used same password then check your email address on have I been pwnd)
See below
IronRoo said:
b) Possibly access is possible via your modem (or Bluetooth as serious bug was just patched this month if an attacker knows your BT MAC ... though likely take a while to rollout to all Samsung so you moray not be patched). If you suspect modem then you need to therefore also update your modem firmware (assuming its been patched & is not old & still vulnerable to some old bug, or buy new one) AND change both user & admin passwords
There is an XDA article with link to safe Odin download, google to find. But I'd recommend using Samsung SmartSwitch as this is official way & no special knowledge required.
Re item c) then possible it's just someone trying to load an app remotely via your Google account, does it show any unrecognised login from another device? Also I'm not 100% sure if this requires user to tap install on newer phones, so might not be what you are seeing. Change Google password. (your phone not infected in this case as you didn't click install) Always use a different password)(used same password then check your email address on have I been pwnd)
Click to expand...
Click to collapse
b) I have 2 modens here, one from the internet provider , which is at bridge mode and one that spreads the signal. THe last one is modern and updated and the bridged one , there is no way I can acesss the firmwire besides its info. However , when I had to put it at bridge mode, I had to use an ethernet cable with a computer which maybe wasnt the most protected one. Could that process corrupts a firmwire modem?
c) But I have 2 stage factor. Shouldnt my phone receive an SMS alerting someone is logging at my account? And no, I havent seen any unrecognized login when I accessed my google account.
But your reply gave me an idea...: Maybe an access to my google account was made from a "public" computer and since the access wasnt terminated, as I use this computer a lot, a bot may be trying to remotely install this app.
malandrex said:
b) I have 2 modens here, one from the internet provider , which is at bridge mode and one that spreads the signal. THe last one is modern and updated and the bridged one , there is no way I can acesss the firmwire besides its info. However , when I had to put it at bridge mode, I had to use an ethernet cable with a computer which maybe wasnt the most protected one. Could that process corrupts a firmwire modem?
c) But I have 2 stage factor. Shouldnt my phone receive an SMS alerting someone is logging at my account? And no, I havent seen any unrecognized login when I accessed my google account.
But your reply gave me an idea...: Maybe an access to my google account was made from a "public" computer and since the access wasnt terminated, as I use this computer a lot, a bot may be trying to remotely install this app.
Click to expand...
Click to collapse
b) would need to be a modem exposed hero their internet with known vulnerability, so not sure.
C) yes, should have got a msg so can role that out, I guess.
Suppose it' possible that public pc could be comprised and doing that ... bit of a long shot ...
IronRoo said:
b) would need to be a modem exposed hero their internet with known vulnerability, so not sure.
C) yes, should have got a msg so can role that out, I guess.
Suppose it' possible that public pc could be comprised and doing that ... bit of a long shot ...
Click to expand...
Click to collapse
I think I found the culprit , when I reviewd the few apps Ive installed on my tablet and googled them . There is Netflix, Omega Wars game, PUBG and COD Mobile, handycalc, Go Read, Hube and... QuickPic gallery!!!!!!!!! I used this app on my ancient galaxy S2 and at my other 2 previous tablets. When I looked for the program at Google Play one hour ago ,QuickPic wasnt available anymore!!!! I googled about it and saw many people complaining about this program when a chinese company bought it a few years ago . Maybe QuickPiC installed some crapware at my device!!!!
malandrex said:
Hi guys, I believe my galaxy tab s4 is contaminated with a virus . I already did many factorys resets and didnt installed no apps but from time to time , even when Im at the home screen with Avast only or with the antivirus that comes with the tablet activated, google play store opens without my request showing a program called IQ Option broker. What should I do?
Click to expand...
Click to collapse
BTW, can you find same app on Google, is it called IQ Forex, is closest I could fined
IronRoo said:
BTW, can you find same app on Google, is it called IQ Forex, is closest I could fined
Click to expand...
Click to collapse
The name of the program is IQ Option , from IQ Option developer
malandrex said:
The name of the program is IQ Option , from IQ Option developer
Click to expand...
Click to collapse
I can't find this one but doesn't mean anything, maybe not available in my country or not compatible with my phone.
PS: Don't rule out a compromised router even top of her range can be affected eg
https://threatpost.com/critical-netgear-bug-impacts-nighthawk-router/153445/
IronRoo said:
I can't find this one but doesn't mean anything, maybe not available in my country or not compatible with my phone.
PS: Don't rule out a compromised router even top of her range can be affected eg
https://threatpost.com/critical-netgear-bug-impacts-nighthawk-router/153445/
Click to expand...
Click to collapse
Dont have much free time , but despite the fact I think the router is still safe, Ill reset it on a weekend and change again its id and password as this is a process that takes too much time ( mostly due to my ignorance at the beginning of the process ).
Im thinking about taking my tablet for a Samsung assistance, but Im worried theyll change one virus for another if the employees are corrupt. Do you think I should take the risk or Im beeing too paranoic?
Hey,
I bought an android 11 phone from a Chinese website.
It has a Chinese rom and it came open box with google play installed(the seller probably opened it to install it).
My question is, what should I do to make sure there are no viruses, trojans etc. on it.
Is factory reset enough or other measures are required as well?
Also, can I make sure that the recovery/bootloader or other partitions wern't messed with?
Thanks,
Return phone and request refund of purchase price.
Do you mean there is no way of checking?
It's proved that phones produced for and sold in China contains pre-installed software what spies user: it's due to a directive by the Chinese government.
You can check this by monitoring device's network traffic.
And if I'll change it to global rom?
If you have a third-party antivirus app installed on your device, check the app developer's website to familiarise yourself with the expected notification you will see if that app detects a problem.
Whether you want to get rid of malware manually or use a virus removal tool or third-party app — such as an anti-malware scanner.