Heise (German publisher of various computer related magazines) has just put up an article about the Chinese Star N9500 Android smartphone coming pre-loaded with a trojan called Uupay.D, that will try to harvest your personal information on the phone and may even try to send costly SMS to premium numbers.
link to the article translated into English
link to article in German
I just checked my shiny new iNew/Alps i7000 with ESET Mobile Security and sure enough, it has the Uupay.A trojan apparently macerating as Google Play service.
Root your device
Root your device and from /system/app remove the extra play apks. The offending apk is not part of system image but of the custom ROM that is on these phones.
Run the the ESET anti-virus to check for the trojan
SUMM0NER said:
Heise (German publisher of various computer related magazines) has just put up an article about the Chinese Star N9500 Android smartphone coming pre-loaded with a trojan called Uupay.D, that will try to harvest your personal information on the phone and may even try to send costly SMS to premium numbers.
I just checked my shiny new iNew/Alps i7000 with ESET Mobile Security and sure enough, it has the Uupay.A trojan apparently macerating as Google Play service.
Click to expand...
Click to collapse
This program ist known here since 2013/08.
Kaspersky lab wrote in march about this problem - but it was not interesting enought.
Now, the german crew from GData saw this app (it is only a PUP - not a trojan or virus) and they make money with there own anti virus app.
Go to settings --> Apps --> scroll to all apps --> deactivate (or remmove all apps if your phone is rooted.)
You are able to scann all apps on your phone if you pull all apps to your PC (adb pull /system/app and if you run KitKat adb pull /system/priv-app)
Remember: In the eyes of anti virus crews are all rooting apps also malicous apps!
Also see http://forum.xda-developers.com/showthread.php?t=2395007
Thanks everyone!
Rooted my phone with this and then removed the fake Google Play app with Root App Delete. :good:
Related
Hi folks,
Just wondering if running a program to root an Android can install malware (record or spy on my data, messages, etc.), and if so, are there any suggestions on how to find it? I've run 'Anti Spy Mobile Free' and have Avast! installed, with nothing found, and from the searches I've done, the main thing that came back was that the risk for getting infected with bad stuff increases when you root...but nothing about the actual process being bad.
I found the program on this site, so, I'm guessing it's fine. Just being a bit paranoid haha.
(I rooted it a few months ago, and don't remember what it was called, sorry)
Thanks for any help!
Anti Spy Mobile will give you warning or malware if there are any packages that has escalated spyware permissions - read SMS, record voice calls, etc. However even on rooted phones every process (service or background process) comes from an app (I mean if you are sure in the ROM that you are using and the apps installed, there's nothing to worry about). There are some exploits on Android but they can escalate the user permissions, and if they are used with separate spyware, the spyware should be an apk too. Many of the spywares are "hidden" (e.g. they don't have launcher activity) and they don't show on your launcher phone desktop - but you will still see them at the installed apps list. Both anti spy mobile and avast are searching through all installed packages.
Phone, in my experience is quite hard to get virus, provided you don't go anywhere pornographic or whatnot. Recommend avast if you are really paranoid.
Moved to General Q&A.
Thanks a lot!
install antivirus or antimalware to be sure!
This is on a generic a23 q8h tablet, I was also getting popups in the form of fake facebook alerts about some stupid drone company.I deleted 2 apps/plugins/whatever they were and the popups went away but my homepage changes between smartdrone.com, vandroidnews.com and kszz.com.I want to put a boot up someones ass for installing this garbage on these tablets and selling them.
What browser do you use ?
Check the browser settings it may have option to set the desired homepage.
Stock browser, there was also baidu browser installed but i uninstalled with titanium backup.I changed the setting but it gets replaced with one of those three pages.
Tried clearing data of the browser?
I just got a Q88 A33 "generic" tablet and I too get the "default" page and the "home page" in the browser changed to "smartdrone.com". This was/is the behavior on delivery so it is probably part of their installed firmware.
If you have made any progress on how to fix this then please let me know, I will be reading up on Android and how to take a look at the files in the ROM and see if I can find a solution but I am not very familiar with Android so some pointers would be great. For example, would this be the result of some .apk that can simply be removed or is it some shell script or file somewhere in the actual ROM files?
It's because theres a factory installed trojan, yes its baked right into the factory firmware and if you remove it with say an anti-virus program the word DEMO in big red letters will be superimposed on the screen making the tablet useless.I've seen manufacturers offering an apk to 'fix' it but that just re-installs the trojan.Here is a fix that I got from another website and uploaded to my Box account.
Instructions from another forum:
A backup will be made before actual modification are made. To restore the backup, rename SystemUI-backup.apk to SystemUI-A20/A23.apk and restart the corresponding function.
HowTo use:
1. Scan for Device: searches and verifies a connected android device.
2. Scan for Trojan: checks if the trojan responsible for the demo lock is active.
3. If 2. is positive, check the Build.prop to see if you have a A20 or A23 model.
4. A20 FIX or A23 FIX, depending on the results from 3., you choose one of these.
5. The script will reboot the device to recovery mode, manually perform a factory reset.
Definition for Cloudservice / DEMO Trojan:
For clarification let me state that Android by "default" or "origin" is not susceptible to virus' and being built on Linux platform it is "open source" so that is where you get some LAME people and large corporations making these virus' encoded into the devices original configuration [ROM] and NOT NATIVE TO ANDROID.
Perfect example for how we the users can infect our own devices would be the small flashlight apps we all use daily and available for free on Google Play Store... these can factually be classified as "Intrusive Adware" that we install for quick access to our devices camera flash for use as a flashlight and yet we tolerate the pop-ups generated by the app.
Again not NATIVE to Android... this is something we the USERS have put on our devices. Harmless but annoying and same principle.
What is the Cloudservice / DEMO Trojan?
My definition based on learned knowledge as no "official" definition is or most likely will ever be available.
Firstly, in some devices it seems to be in a "sleep" mode until one day it simply "shows up" according to some reports. Our new Tool at TechKnow seeks and destroys the hidden files and configs totally eliminating all traces of the Trojan.
[SPECULATION: it could possibly be incorporated into some downloadable apps in the future. The same basic principle as adware is incorporated into the flashlight apps would suffice. However, it being included in downloadable apps is NOT confirmed and if/when it is the confirmed apps will immediately be reported to their distributor whether Google Play or Amazon App Store etc... by your friends at TechKnow]
It is a truly deceptive application that is hardcoded into the must have system dependent "framework-res.apk" on some of the newer Android devices ROM from the factory. The Trojan can track your app content such as Browser and can lock your device into a "demo" mode which will display large red DEMO text in caps across all your screens. The app is also linked to Baidu.
Baidu, Inc., incorporated on January 18, 2000, a Chinese web services company headquartered in the Baidu Campus in Haidian District in Beijing.
ok.... so you are being tracked and monitored by the Chinese?
but that's not all...
The secondary part to the Virus/Trojan is more of a pain in the :wub: imho than tracking and reporting my web history to an unknown Chinese web service company [for who knows what they seek to learn or truly have access to with this Trojan on your device]...
Click to expand...
Click to collapse
Allwinner Demo Fix: https://app.box.com/s/wpbl5nfrxtjdbgvgrwp2tbgvzlt31oqk
I can't remove Trojan virus from my tablet azpen. A739 ?
Sent from my A739 using XDA Free mobile app
Allwinner Demo Fix
This is how I removed the trojan without getting the red "Demo" letters on the screen http://forum.xda-developers.com/android/help/chinese-tablet-demo-mode-t2853062#post64002423
Hello
im facing an ad-ware issues on my htc desire 610
out of no where my phone's screen dims and an add appear (while im on my home screen and all the apps are closed)
You can see the adds in the attachment
please tell me how to locate and remove it
You could try running Malwarebytes, I've normally had quite good results with it.
It's one of the apps you're using. Go through the permissions your apps have
genius911 said:
Hello
im facing an ad-ware issues on my htc desire 610
out of no where my phone's screen dims and an add appear (while im on my home screen and all the apps are closed)
You can see the adds in the attachment
please tell me how to locate and remove it
Click to expand...
Click to collapse
i also have this problem... i guess "Clean Master" is doing it in my Z3 Compact.
I have solved this issue on canvas a116 and core duos (gt i8262)
firstly, to check the severity of the virus do this : go to settings>security>device administrators
try to remove all apps under device administrators. If u are unable to remove them implies the virus is now embedded to ur fone's firmware.
solution : 1. backup ur contacts and media only, (do not backup apps and app data)
2. now u need to do a factory reset either from recovery menu or using adb (factory reset from 'settings' wont work)
3. if u again see any app under device administrators then the only solution is to reflash ur firmware
About the virus: This virus come packed in several apps on playstore in april 2015, those apps were immediately removed from playstore. however before its removal from playstore the virus had infected around 5000 smartphones. some websites refer to it as ghosthost virus. Still some non playstore apps carry this virus with them. once you install such apps, the virus will first root ur fone, and then grant itself superuser permissions without u even knowing it. Then it will install itself into system folder so dat it appears to be a system app. Whenever u r connected to internet it will download adware and install them in system folder. Its a very powerful virus, it also hides itself by running a script. Once it is in system folder u wont be able to delete it because it imitates the file names of the system files.
There's a huge list of infected apps hosted by Google playstore. So I think it's not easy to keep our devices secure from virus infection.
AVG can be as correct the problem
Hi guys! i have a serious adware problem on my elephone p7000 and i hope you can help me out.
So it's been a few days and i haven't been able to uninstall this mofo.
Here's what the adware is doing:
-Used to open ads on homescreen. it did that disguising itself as a dancing matrioska doll (which you could move around). since i installed CM security it stopped showing this kinds of ads.
-It opens pop up windows with du batery saver or other related apps (from appstore and from non-official stores). Mostly when i browse the internet.
-it places vertical ad banners (like the normal ones on almost every app on the store) on some apps, it seems to be random, cause it doesn't always happen on the same app, but it's always placed on the lower side of the phone.
-it installs push notifications with ads
-i believe it shows app ads on google play store (i haven't installed any app in quite a while so it could be google implementing this).
i have tried a lot of apps:
-Avg
-Avira
-Avast
-Malwarebytes
-CM manager (found a stagefright vulnerability and fixed it)
-Stagefright detector (with vulnerable result)
-addons detector
-airpush detector
-trustgo ad detector
-adware
-ad clean & antivirus security
and not even has been able to remove this damn malware, they don't even spot it!
i've also tried looking for all the apps on the phone,searching for apps with all the permissions and here's the list ( i don't know if these are the problem or not):
-Aging test
-agoldFactory test
-Bluetooth
.Bluetooth Share
-Bluetoooth LE
-Common data service
-e_Compass
-Elephone launcher (apparently it's the same as X launcher mysterious)
-LocationEM2
-MTK THERMAL MANAGER
- at least 3 different phone apps, 2 with 4.4 icons and 1 with android 5.0 icon. all have access to everything (is it normal to have 3 apps with the same name but different icons? )
- settings storage
-trusted face
-ygps
i have also cleared the cache of the phone, because i've read on several places that it helps (settings -> storage -> clear cache data) but with no positive result.
i have also tried looking for admin permissions but the only things in there are CM security and android manager (which i suppose is NOT an app but part of the OS).
I have tried looking for hidden files while checking my phone on my pc but there wasn't any nor did i find any weird app NOT installed by me.
i don't know if you have any other advice on what to do, or if you can help me reduce this list of apps so i can find the culprit app.
i'm afraid this is the ghost virus everyone's talking about, it appeared out of nowhere.
i haven't browsed that much. and when i do i always go to trusted sources. apart from the netflix app which i downloaded a few days ago i haven't downloaded anything in like 1 or 2 months and didn't have this problem until a few days ago. Right after my girlfriend's phone (same model as mine) got the same problem.
We both had the "install from untrusted sources" option on because i was testing an app i am making, but i doubt that's the problem since we only activated it whenever i tried to install the app on the phone (like twice in a week).
she has sent me pictures or files through mail, whatsapp or telegram only and it's the only link between our phones, besides being under the same wifi connection, of course.
thanks in advance for the help!
This is a known issue with these types of devices. They have these ads built into the system apks.
Hi !
Thanks for that solutions !
I have a question : where could I find malwarebytes for android ?
Best regard.
Adware and infected htc desire 526 g plus
Guys I am in a pickle! :silly:
I want to wipe my HTC desire 526 plus clean of malware that is causing it to download unwanted apps without consent. The malware seems capable of modifying the inherent permissions and bypassing all security features.
I am unable to gain root access by kingoroot alone. adware is not letting me update the Superuser app and being nasty on purpose.
It can gain permission to automatically start wifi, gain pemission to install 'Unknown Apps' and sends location and data with impunity. The ads are everywhere.:crying:
I have tried stock backup but it still reinstalls all the malware and the same cycle begins again. What I want is a freash stock rom/nand backup for this menace. Surprisingly I still cant find one link on the world wide web. Please Help me find it.
I am unable to gain root access by kingoroot alone. adware is not letting me update the Superuser app and being nasty on purpose.
alokmey3 said:
Guys I am in a pickle! :silly:
I want to wipe my HTC desire 526 plus clean of malware that is causing it to download unwanted apps without consent. The malware seems capable of modifying the inherent permissions and bypassing all security features.
I am unable to gain root access by kingoroot alone. adware is not letting me update the Superuser app and being nasty on purpose.
It can gain permission to automatically start wifi, gain pemission to install 'Unknown Apps' and sends location and data with impunity. The ads are everywhere.:crying:
I have tried stock backup but it still reinstalls all the malware and the same cycle begins again. What I want is a freash stock rom/nand backup for this menace. Surprisingly I still cant find one link on the world wide web. Please Help me find it.
I am unable to gain root access by kingoroot alone. adware is not letting me update the Superuser app and being nasty on purpose.
Click to expand...
Click to collapse
Kingo root is the reason you are in this jam as it is. I don't think HTC ever released anything for this device so your best bet is to contact HTC.
ENERGYSER400 MTK 6572 virus help android 4.4.2
Bonjour, hy
For me it's exactly the same on my phone.... i have the snowfoxer folder with a lot of malicious apk on it and i don't know how to delete or erase the virus .... without wifi and google play ..... how i can flash the firmwire please
!
philjps said:
Bonjour, hy
For me it's exactly the same on my phone.... i have the snowfoxer folder with a lot of malicious apk on it and i don't know how to delete or erase the virus .... without wifi and google play ..... how i can flash the firmwire please
!
Click to expand...
Click to collapse
Find the forum that supports your device
model/carrier and post there. You'll likely find your answers there. If not someone will help you.
HTC desire 526G+ bricked
zelendel said:
Kingo root is the reason you are in this jam as it is. I don't think HTC ever released anything for this device so your best bet is to contact HTC.
Click to expand...
Click to collapse
I have deleted my priv-app folder and now I am stuck in boot loop, or just the HTC logo.
cant boot into recovery or bootloader (I tried). Tell me if you know something
model number : lenovo a5500-hv
android version: 4.4.2
baseband version: a5500-hv.v34, 2014/05/08 22:28
kernel version: 3.4.67
build number: a5500hv_a442_000_011_140508_row
As shared in subject, my tab ANDROID is infected by malware where multiple issues have starting lately
a) Constant popup message stating" Unfortunately, com.system.update has stopped"
b) Constant popup message stating" Unfortunately, org.snow.down.update has stopped"
c) Constant popup displaying to INSTALL application" com.android.keyguard"
d) Automatic checking (on) in Settings> Security> Allow installation of apps from unknown sources, despite my regular check off( its gets reactivated again). Device Administrators viewed are Android Device Manager (ticked), Daemon Service( twice listed- unchecked).
e) Installed Malwarebytes Anti-malware, upon scanning detected these 11 malwares, which it is unable to delete ( Norton is unable to detect those even). Any open app which I try to use after some seconds are abruptly closed.
Malware name- Path
Android/ Backdoor.Triada.c - /system/priv-app/higher.apk ( File linked to be uninstalled- AppManage)
Android/ Backdoor.Triada.js - /system/priv-app/BCTService.apk ( File linked to be uninstalled- bcct_service)
Android/ Trojan.Rootnik.I - /system/priv-app/Bseting.apk ( File linked to be uninstalled- com.android.sync)
Android/ Trojan.SMSSend.ge - /system/app/com.android.token.apk ( File linked to be uninstalled- com.android.taken)
Android/ Trojan.OveeAd.F - /system/priv-app/com.mws.tqy.vsdp.apk ( File linked to be uninstalled- com.system.update)
Android/ Backdoor.Triada.J - /system/priv-app/com_android_goglemap_services.apk ( File linked to be uninstalled- GoogleMapService)
Android/Trojan.Dropper.Shedun.dc - /system/priv-app/parlmast.apk ( File linked to be uninstalled- GuardService)
Android/Trojan.Dropper.Agent.MJ - /system/priv-apk/Sooner.apk ( File linked to be uninstalled- PhoneService)
Android/Trojan.OveeAd.J - /system/priv-apk/com.tsr.eny.hyu.apk ( File linked to be uninstalled- system.bin)
Android/Trojan.Guerrilla.Q - /system/priv-apk/NAT.apk ( File linked to be uninstalled- SysTool)
Android/Trojan.Triada.m - /system/priv-apk/com.glb.filemanager.apk ( File linked to be uninstalled- UPDATE)
PS: If I try to connect to Internet, app icons are downloaded and auto open displaying porn images.
Please assist to REMOVE the MALWARE INFECTION. Tried FACTORY DATA RESET from Settings, but no help. Tab not rooted.
Solution
Last night i got some pesky malwares. For now i think i removed them. Get Avast and see what it can find. After that try to remove the files from file explorer and the most important thing - go to Settings-Security-Device Administrators. From there remove everything and now from Avast you should be able to remove the infected apps. Hope i helped
Tried cm's stubborn Trojan remover from play store and it did the trick- as in disabled the infected processes but at end took my mail ID with followup request if raised to get the device cleaned from malware. Cross checked from Malwarebytes and kaspersky, and looks seemingly clean with no active culprits. Though not checked with WiFi or data connection through sim.
Sent from my A0001 using XDA-Developers mobile app
Ashish1+1 said:
Tried cm's stubborn Trojan remover from play store and it did the trick- as in disabled the infected processes but at end took my mail ID with followup request if raised to get the device cleaned from malware. Cross checked from Malwarebytes and kaspersky, and looks seemingly clean with no active culprits. Though not checked with WiFi or data connection through sim.
Sent from my A0001 using XDA-Developers mobile app
Click to expand...
Click to collapse
Did it root your phone first? Else I can't see how it would be able to get to those apps installed as system. If so, if it was me, I'd unroot my phone at the very least & uninstall the CM apps since they do not have a good reputation so far as data snooping goes and excessive app permissions etc goes.
eg (from The Capitol Forum)
The apps require extensive access to the devices on which they run, and they are able to harvest a great deal of data about users’ interests, demographics and location. Cheetah Mobile’s business model is not significantly different from the way in which some major American tech companies such as Facebook monetise their free products. However, Cheetah Mobile is different from American tech companies in that its headquarters are located in China and its data servers are primarily located there as well, and its main business partners are major Chinese tech firms. The Chinese government, according to sources, accesses its companies’ data for internal security, economic competitiveness or other purposes. Cheetah Mobile, and similar companies, represents a major point of entry for China to access American app marketplaces and their users to gather information. However, U.S. government officials in national security and intelligence agencies are highly aware of surveillance and hacking both inside and outside China, presumably coming from actors affiliated with the Chinese state.
Click to expand...
Click to collapse
see the alteco report (about investment risks but they ran tests on other apps that didn't do anything, what battery savers don't help!!! :silly: )
https://drive.google.com/file/d/0B_zW4GWDn5wpVDBiLUpDcE9IS0E/view
Now I haven't used the app you quote but if it didn't root your phone then it can't have removed the malware and they are likely up to their old tricks ie the app doesn't really work, they have just been blocked or something. (Ask yourself why aren't there other apps from well known companies that can remove trojans in system on play store?) ANd with their dodgy reputation for ads, & selling user data if it did root your phone you may only be slightly better off!!?? But at least it should only be your user data they are gathering and not your bank account number to try and get ya money like the malware guys!
Anyhow happy for you if you really are free of malware and don't forget to change all your passwords for all accounts, your routers etc else you could be reinfected by the time you read this!
I would reflash the stock ROM to be sure (backup ALL your pics, txts address, whatsapp etc etc)
I would also be interested to know how the app worked, if you can explain it. Did it say it would ROOT your phone? (there is nothing in their write up to say it will, Google would not allow an app that can root on play store, as far as I know) Do you have an app that can read what system apps are installed, like Link2sd? Does that show any of the malicious apk?
Thanks, No I did not root my phone but judging by the way removal came (easy) I too was bit surprised with outcome. No sooner I decided to remove the cm app Trojans and malware again became evident meaning it was just being suppressed in a way not removed and now again came back (when removed).
Sent from my A0001 using XDA-Developers mobile app
Ashish1+1 said:
Thanks, No I did not root my phone but judging by the way removal came (easy) I too was bit surprised with outcome. No sooner I decided to remove the cm app Trojans and malware again became evident meaning it was just being suppressed in a way not removed and now again came back (when removed).
Sent from my A0001 using XDA-Developers mobile app
Click to expand...
Click to collapse
Sorry to hear this. However I think it is possible that the CM app did its job as those malicious apps have probably already rooted your phone, so CM may have just used that root access without informing you, though whether or not other apps like CM app can still use that root, I'm not sure, it depends if its been left "on". I did watch a video on youtube for CM Stubborn Trojan app and the guy had to root his phone first. (You could try some/several of the root checker apps, if you want to know). So lets assume the CM app worked properly and removed trojan as it could get root without giving you a root request notification.
It's entirely possible that your reinfection is from your external SD card or via some other means eg. your router has had some ports opened or some other means. (Sorry I should have said reset router when I said change router password [do this for all routers you use & update firmware & ensure remote access is off (ref. dirty cow) while you are about it too!]
So I would reinstall CM Stubborn Trojan (lets assume it removes malware as it has root, even if it just blocks them it helps us) so you can then reflash official stock ROM for your country (& update to newest version if available), you must flash the FULL stock ROM so all partitions are reflashed. partial stock or custom ROM will not do this & potentially leave you open to reinfection! Reflash the FULL STOCK ROM is the only way to "easily" be sure you have cleaned the malware from your phone. NOTE: just doing a factory reset will NOT remove the malicious apps if they are in operating system folders, this only works for malicious apps in user data areas! Then you must make sure all possible ways you can be reinfected eg via sync, external SD cards or storage, your PC, router etc are cleaned/blocked/reset/updated
If you are not getting updates for your ROM you might want to consider installing a custom ROM (AFTER you have flashed the stock ROM!) from a reliable & trustworthy source, if available for your model, so that you get security patch updates. But you need to research and consider the risks of things like bricks, security etc for yourself first.
Hope this helps you clean your phone
Sometimes, it's times, it's the firmware itself that is infected
IronRoo said:
Did it root your phone first? Else I can't see how it would be able to get to those apps installed as system. If so, if it was me, I'd unroot my phone at the very least & uninstall the CM apps since they do not have a good reputation so far as data snooping goes and excessive app permissions etc goes.
eg (from The Capitol Forum)
see the alteco report (about investment risks but they ran tests on other apps that didn't do anything, what battery savers don't help!!! :silly: )
https://drive.google.com/file/d/0B_zW4GWDn5wpVDBiLUpDcE9IS0E/view
Now I haven't used the app you quote but if it didn't root your phone then it can't have removed the malware and they are likely up to their old tricks ie the app doesn't really work, they have just been blocked or something. (Ask yourself why aren't there other apps from well known companies that can remove trojans in system on play store?) ANd with their dodgy reputation for ads, & selling user data if it did root your phone you may only be slightly better off!!?? But at least it should only be your user data they are gathering and not your bank account number to try and get ya money like the malware guys!
Anyhow happy for you if you really are free of malware and don't forget to change all your passwords for all accounts, your routers etc else you could be reinfected by the time you read this!
I would reflash the stock ROM to be sure (backup ALL your pics, txts address, whatsapp etc etc)
I would also be interested to know how the app worked, if you can explain it. Did it say it would ROOT your phone? (there is nothing in their write up to say it will, Google would not allow an app that can root on play store, as far as I know) Do you have an app that can read what system apps are installed, like Link2sd? Does that show any of the malicious apk?
Click to expand...
Click to collapse
In my case, I have a similar issue - however, it's an infected SYSTEM file - which Malwarebytes spotted (but is unable to remove), and is NOT related to the KingRoot dodgy file. It's actually two different Trojans - both in /system/priv-app (settings.apk and smsservices.apk) - the first is the more problematical. (It's problematical because it's a critical system file/app/service - killing it without a replacement is NOT an option.) How the heck do you replace such a critical system file when it got itself hijacked?
In this case, I would agree with just a complete factory reset or ROM reflash. Like it is simply too much of an issue to try removing and recovering everything. Especially, once it's deep within your system....
Josh Ross said:
In this case, I would agree with just a complete factory reset or ROM reflash. Like it is simply too much of an issue to try removing and recovering everything. Especially, once it's deep within your system....
Click to expand...
Click to collapse
This was what I did finally, I went to service centre and spent bucks. They reloaded the firmware I suppose ( not flashing it) and instantaneously it was as good as new. I think, malware was itself part of original installation like uc browser- it was there. It just activated after some time or may be I clicked on some advertisement while running app and then the hell happened.
Any ways, its working fine, added an adblocker, restricted usage to few apps and keeping my fingers crossed for future.
Sent from my A0001 using XDA-Developers Legacy app
Yeah, the bloatware that you get with some phones nowadays is unbearable. If there is an option, go with a rooted phone, custom ROM, some couple custom solutions for protection and you will be good to go. And they work better than defaults most of the time. Good luck! Hopefully, we will only be hearing good news from you
PGHammer said:
In my case, I have a similar issue - however, it's an infected SYSTEM file - which Malwarebytes spotted (but is unable to remove), and is NOT related to the KingRoot dodgy file. It's actually two different Trojans - both in /system/priv-app (settings.apk and smsservices.apk) - the first is the more problematical. (It's problematical because it's a critical system file/app/service - killing it without a replacement is NOT an option.) How the heck do you replace such a critical system file when it got itself hijacked?
Click to expand...
Click to collapse
I'd reflash stock.
Hi,
I seek good site with virus for Android. I must test my antyvirus on my mobile phone. Thank you
Android anti-virus are useless.. They just tell you if the app is infected and then to unninstall it..(Some times with fake alert)
If you talk seriously about android device "security", you should put some firewall app and filter the apps internet access and deny some connections. Smartphones are targeted for bot networks very often and if you allow root access to some of these apps they dig in to system and its very hard to remove them, you have to flash new kernel and rom. And the other threat is mostly the annoying adware apk's, but you can upload and scan them in the Nviso web page or with Virustotal. You can made some changes to the host file that is in the root directory of your android phone, there you can block sites that deliver ads with some apps, or use LP which is automated. This is important because some apps are not malicious themselfs, but the sites they connect to are malicious and some times they run bad JS codes in the backround on your phone and you see only some flashing ads on the screen.
Zionx9 said:
Hi,
I seek good site with virus for Android. I must test my antyvirus on my mobile phone. Thank you
Click to expand...
Click to collapse
Download test virus app from play store and run antivirus scan. These app is harmless. It is for test purpose.
If it helped. Please thank me.