Database Info

[Q] 360 Security needs root access to remove trojan

Hi!
I have an LG G2 on T-Mobile - for the 2 months I've had it, the device has been real swell. Super fast, nice screen, whatever.
I have AVG Security installed, as well as Lookout Mobile Security and 360 Security. I'm paranoid, whatever.
So I was doing a scan using 360 Security, because my phone was acting slow (OH NO AN LG G2 HAS BEEN SLOW WHAT HAS THE WORLD COME TO!!!). The scan concluded that I trojan. Specifically, it says:
Malware(1)
demo stub
Trojan(In ROM)
So I tap on "Finish", which leads be back to the screen for scanning the phone. I then tap on "Resolve All", which brings up a pop-up message box:
"Warning
The listed malicious programs have been flashed into the system directory. Root privileges are required to remove them. Please grant root privileges to 360 Security or re-flash your device with an official ROM.
demo stub
Trojan"
My only option here is to click "OK", at which point nothing else happens.
1. How can I allow 360 Security root access?
2. I've never rooted my device, nor have I done anything fancy with it (except I've been using Nova Launcher, that shouldn't cause any issues), so how could this have happened? No apps from unknown sources have been downloaded - and any app from the playstore that was scanned upon downloading as adware, malware, trojan, or posing any security threat was uninstalled immediately.
I really don't know a lot about this stuff, so I'm worried my phone will only get progressively slower, and perhaps someone out there is accessing any "information" on my phone. So how can I get 360 Security root access so it remove the trojan?
Thank you in advance!

Search for iroot25, its the latest working method for the G2.
Sent from my LG-VS980 using XDA Premium 4 mobile app

Would I have to root my device for that method to work? I'm sorry if that's like a really stupid question, I'm not savvy enough to root and I know nothing about it, and I'm not willing to take the risk of rooting a device if it means the warranty is void, etc.
If that method doesn't entail rooting, what would I have to do. I googled it and only found various forum posts regarding rooting.
Was hoping there was some administrator setting within 360 Security or within my phone that gives me the ability to grant 360 Security root access.
Also, none of my other anti virus apps detect a Trojan (lookout, avg and one other one, hornet something??). Maybe 360 is falsely detecting a Trojan? My device has been a bit wacky every once in a while. Maybe something else - not a Trojan - is causing this?
Sent from my LG-D801 using XDA Free mobile app

I can't guess why you are having issues or why one is detecting a trojan and others are not.
You asked how to give the security program root, and that is what I provided you with.
There is no way to give any app etc root without rooting first.
If you are not comfortable rooting or don't want to void your warranty etc, then there is no way to remove the trojan unless its an app you downloaded from the market. In which case, you can go there and uninstall it.
Sent from my LG-VS980 using XDA Premium 4 mobile app

Alrighty. Well thank you for the help, and I guess I will start inspecting how to root.
Thank you though, I really do appreciate it!
Sent from my LG-D801 using XDA Free mobile app

bweN diorD said:
Search for iroot25, its the latest working method for the G2.
Sent from my LG-VS980 using XDA Premium 4 mobile app
Click to expand...
Click to collapse
What is the latest working method for the Note 3 because I am also getting the same message as the other guy on my phone and I have no idea what to do. Plz help!

jackindabox24 said:
What is the latest working method for the Note 3 because I am also getting the same message as the other guy on my phone and I have no idea what to do. Plz help!
Click to expand...
Click to collapse
should be this.

maxx ax8 android
when l use 360 security for clean up my mobile maxx ax8 then i results find there are trojan in rom pls grant root priviliges to 360 security. pls tell me what can i do to grant root priviliges to 360 security

tripathi said:
when l use 360 security for clean up my mobile maxx ax8 then i results find there are trojan in rom pls grant root priviliges to 360 security. pls tell me what can i do to grant root priviliges to 360 security
Click to expand...
Click to collapse
You have to root your device to grant for privileges to any app... Search XDA about rooting your device..
But in my opinion these Antivirus apps are just craps... Nothing useful.. Don't use these kind of apps...
Hit thank button if this post helped you
---------- Post added at 05:12 PM ---------- Previous post was at 05:11 PM ----------
King Jojo said:
Hi!
I have an LG G2 on T-Mobile - for the 2 months I've had it, the device has been real swell. Super fast, nice screen, whatever.
I have AVG Security installed, as well as Lookout Mobile Security and 360 Security. I'm paranoid, whatever.
So I was doing a scan using 360 Security, because my phone was acting slow (OH NO AN LG G2 HAS BEEN SLOW WHAT HAS THE WORLD COME TO!!!). The scan concluded that I trojan. Specifically, it says:
Malware(1)
demo stub
Trojan(In ROM)
So I tap on "Finish", which leads be back to the screen for scanning the phone. I then tap on "Resolve All", which brings up a pop-up message box:
"Warning
The listed malicious programs have been flashed into the system directory. Root privileges are required to remove them. Please grant root privileges to 360 Security or re-flash your device with an official ROM.
demo stub
Trojan"
My only option here is to click "OK", at which point nothing else happens.
1. How can I allow 360 Security root access?
2. I've never rooted my device, nor have I done anything fancy with it (except I've been using Nova Launcher, that shouldn't cause any issues), so how could this have happened? No apps from unknown sources have been downloaded - and any app from the playstore that was scanned upon downloading as adware, malware, trojan, or posing any security threat was uninstalled immediately.
I really don't know a lot about this stuff, so I'm worried my phone will only get progressively slower, and perhaps someone out there is accessing any "information" on my phone. So how can I get 360 Security root access so it remove the trojan?
Thank you in advance!
Click to expand...
Click to collapse
Hit thank button if this post helped you

demo stub is coming out in the newer OTAs from T-Mobile..I didnt receive it in the OTA but all the ROMs based on the newest firmware have it. I think it's harmless but it does have a ton of permissions..
I just Uninstalled it with TB and I Have not seen any bad effects.Hope that helps. By the way.. it's not whats slowing your phone down.
But just Uninstall it anyway to put your mind at ease.
Sent from my SM-G900T using XDA Premium 4 mobile app

Thank you so so so much for letting me know about this! I'm not able to uninstall it - only allowed to disable it (which I did but 360 still calls it a trojan). But now I'm no longer worried. Thank you so much!
Sent from my LG-D801 using XDA Free mobile app

Hi!
I have an karbonn S1 titanium which was working in good condition. Engrik ,pro &Y-apps etc is a Trojan which I got to know when I downloaded 360 Security app. Then after scanning it and then I got an option for allow an root then I confirmed but the root was failed. I had tried many times but it was failed.
Please you can help!!

[Q] Disable OTA updates possible?

I am trying and getting absolutely nowhere disabling the OTA update nag screen. Even though my phone is rooted I can not disable the OTA update service nor rename the otacerts.zip file (as it still says access is denied.)
Motorola is refusing to help me aswell.
Surely there is a way of doing this?
Any help would be much appriciated.

I disabled the OTA and a whole bunch of other services using Greenify. There is a thread in this forum, with a comprehensive list of services that can be disabled (far more than I disabled). I also disabled some apps from multi tasking. I typically get 3 days of moderate usage. So its a win win situation.

Can u tell me the apps that i can disable to save battery life.
Sent from my XT1033 using XDA Free mobile app

grahamgo said:
I disabled the OTA and a whole bunch of other services using Greenify. There is a thread in this forum, with a comprehensive list of services that can be disabled (far more than I disabled). I also disabled some apps from multi tasking. I typically get 3 days of moderate usage. So its a win win situation.
Click to expand...
Click to collapse
I understand to do this I have to install the xposed framework? Something that does worry me after seeing the dreaded boot loop recently.
I am under the impression from some thread in here, renaming otacerts.zip in the system folder to otacerts.bak can disable the function, but likewise I am a bit worried about bricking my phone. Motorola have informed me that updates are mandatory now and they will not tell me how to disable OTA updates.
The lack of working apps for things like this is also putting me off playing around too.

kartik sehgal said:
Can u tell me the apps that i can disable to save battery life.
Sent from my XT1033 using XDA Free mobile app
Click to expand...
Click to collapse
Here is the link hope it helps
http://forum.xda-developers.com/showthread.php?t=2818992
Sent from my XT1033 using XDA Premium 4 mobile app

I got rid of the nag screen by disabling an app called "motorolaOTA" and erasing the cache in recovery to delete the OTA file. I really wouldn't recommend upgrading to 4.4.4 as I eventually did anyway about a week after disabling the nag screen (wanted to test it out lol) and in the process hard bricked my phone.
So, disable "motorolaOTA" and whatever you do DO NOT upgrade!

kartik sehgal said:
Can u tell me the apps that i can disable to save battery life.
Sent from my XT1033 using XDA Free mobile app
Click to expand...
Click to collapse
Sorry, I dont have access to the phone right now so cannot list the services. But I think I fed some miss-information, I now realize that I used Titanium backup to freeze the unwanted apps. This being all Motorola services. I then used Greenify on my messaging apps, like Facebook, Whatsapp and others.
But I do agree with another comment in this thread that rooting does mess up the upgrade process, it becomes a real pain! So its worth considering to not do it. Like others I have not upgraded to 4.4.4

grahamgo said:
Sorry, I dont have access to the phone right now so cannot list the services. But I think I fed some miss-information, I now realize that I used Titanium backup to freeze the unwanted apps. This being all Motorola services. I then used Greenify on my messaging apps, like Facebook, Whatsapp and others.
But I do agree with another comment in this thread that rooting does mess up the upgrade process, it becomes a real pain! So its worth considering to not do it. Like others I have not upgraded to 4.4.4
Click to expand...
Click to collapse
This helped me with the upgrade (Phone is unlocked, rooted and had xposed modules on it before the upgrade)
For me to succesfully update the OTA i had to do follow the steps in the OP of this Post. I tried a lot of flashing, but in the end only this worked:
http://forum.xda-developers.com/moto-g/general/ota-file-indian-dual-sim-4-4-4-t2810166
Just follow the steps below the text:
REVERT TO STOCK WITHOUT LOSING DATA OR ANYTHING ELSE
After this, you have to root it again with superboot. It's worth the effort to have 4.4.4. The phone feels more responsive for me.

Problem Solved!
I installed "System app remover (ROOT) by Jumobile". Its a free app in the google play store. This allowed me to uninstall Motorola OTA service.
The upgrade nag screen has yet to re-appear, and my phone is otherwise functioning perfectly.

Well done! I had never heard of this app, it looks neat. I use Titanium primarily for backups, the ability to freeze apps is just a nice bonus. I wonder if Titanium and "System app remover" work using the same method? With Titanium its easy to restore a frozen app. I read that "System app remover" puts removed apps in the recycle bin. I'm wondering what the chances are of this storage getting erased by accident, making it harder to restore?

Root Without Unlocking Bootloader

Hello All
How long does it usually take for root Without Unlocking the Bootloader to come out?
This is the only reason I have not purchased this phone yet.
So frustrated there will be no decent normal sized Nexus 6 and the Z3 loses camera features when unlocked ?

No ETA pls
Let's wait

funkyblue04 said:
Hello All
How long does it usually take for root Without Unlocking the Bootloader to come out?
This is the only reason I have not purchased this phone yet.
So frustrated there will be no decent normal sized Nexus 6 and the Z3 loses camera features when unlocked ?
Click to expand...
Click to collapse
There is no "usual" number. Some phones got root before they were even out officially. Some took a few days. Some took over a month. And some end up retired without a safe root option.
First rule of xda: don't ask for eta

I know that. Just another frustration with android. We need more Nexus phones!

funkyblue04 said:
I know that. Just another frustration with android. We need more Nexus phones!
Click to expand...
Click to collapse
I never thought I could use this phone without root but it turns out I'm wrong. Not really seeing any need for it at the present moment

I like to be about to restore all my data and apps with Titanium Backup. So much easier.

wolf0491 said:
I have nothing but force closes when restoring with titanium unless the ROM is very similar anyway. Like I was using AOSP on my Z before so I just came in fresh. Less issues down the road
Click to expand...
Click to collapse
I've never had an issue switching ROM's being careful to avoid system apps and only restoring the call logs and SMS database, as well as non-system apps.

Everyone is different ☺ I also do nightly backups and sync with Dropbox.

Shudder123 said:
I never thought I could use this phone without root but it turns out I'm wrong. Not really seeing any need for it at the present moment
Click to expand...
Click to collapse
Never thought of using adblockers like AdAway, preventing a total waste of mobile data for loading unwanted ads which easily consume ten times the data needed ?
Never thought of kicking out bloatware also wasting your ressources ?

Would love to see root but for now I can manage quite fine without it... There is less bloatware then with certain other brands and you can uninstall or disable quite a bit.
The few things I WOULD like:
* Completely remove unused system apps
* Change LCD Density (it's all soooo big now)
* Full SDCard read/write access for all apps. (I love quickpic as a gallery, but because I save my pics/vids to sdcard it can not remove anything now)
* Titanium backup. Have never ever had issues with this (only user apps+data for me most of the time) and that's with switching between different roms, brands, aosp/stock, etc... Never failed me

Chefproll said:
Never thought of using adblockers like AdAway, preventing a total waste of mobile data for loading unwanted ads which easily consume ten times the data needed ?
Never thought of kicking out bloatware also wasting your ressources ?
Click to expand...
Click to collapse
ABP doesn't require root and all of the bloat apps can be uninstalled or disabled / blocked using package manager.

cschmitt said:
ABP doesn't require root and all of the bloat apps can be uninstalled or disabled / blocked using package manager.
Click to expand...
Click to collapse
Not to mention Xposed and everything it offers.
Sent from my SAMSUNG-SGH-I317 using xda app-developers app

cschmitt said:
ABP doesn't require root and all of the bloat apps can be uninstalled or disabled / blocked using package manager.
Click to expand...
Click to collapse
ABP (please call it "Adblock Plus" so every readers knows what's meant) does not require root, but it's not too capable running under Android. It does a brilliant job with FireFox and Windows, but the Android implementation only captures a fracture of annoying ads. And: No plugin for defining your own black lists under Android.
AdAway additionally removes annoying ads from a wealth of apps. Just doesn't work without root.
Ok, I can hear you: "If everybody uses that means, app developers won't get paid."
Yes, that's correct.
But:
a) If I really like an app, I'll buy it. Example: Poweramp. NO ads, no annoyance. It just stops working after some time. I regard that as ok. I do NOT like apps getting on my nerves all the time.
My formula is simple: Annoying ads = deinstall, no purchase.
b) A majority of free app developers uses that "evil" ads, appearing at places previously occupied by regular buttons - so you tap on them although you just don't want to.
If that bad behavior gets to a stop, I'll think about disabling AdAway again. Fair play - but on BOTH sides.

Need Help: BEEN Infected by MALWARE Lenovo tab model a5500-hv android version 4.4.2

model number : lenovo a5500-hv
android version: 4.4.2
baseband version: a5500-hv.v34, 2014/05/08 22:28
kernel version: 3.4.67
build number: a5500hv_a442_000_011_140508_row
As shared in subject, my tab ANDROID is infected by malware where multiple issues have starting lately
a) Constant popup message stating" Unfortunately, com.system.update has stopped"
b) Constant popup message stating" Unfortunately, org.snow.down.update has stopped"
c) Constant popup displaying to INSTALL application" com.android.keyguard"
d) Automatic checking (on) in Settings> Security> Allow installation of apps from unknown sources, despite my regular check off( its gets reactivated again). Device Administrators viewed are Android Device Manager (ticked), Daemon Service( twice listed- unchecked).
e) Installed Malwarebytes Anti-malware, upon scanning detected these 11 malwares, which it is unable to delete ( Norton is unable to detect those even). Any open app which I try to use after some seconds are abruptly closed.
Malware name- Path
Android/ Backdoor.Triada.c - /system/priv-app/higher.apk ( File linked to be uninstalled- AppManage)
Android/ Backdoor.Triada.js - /system/priv-app/BCTService.apk ( File linked to be uninstalled- bcct_service)
Android/ Trojan.Rootnik.I - /system/priv-app/Bseting.apk ( File linked to be uninstalled- com.android.sync)
Android/ Trojan.SMSSend.ge - /system/app/com.android.token.apk ( File linked to be uninstalled- com.android.taken)
Android/ Trojan.OveeAd.F - /system/priv-app/com.mws.tqy.vsdp.apk ( File linked to be uninstalled- com.system.update)
Android/ Backdoor.Triada.J - /system/priv-app/com_android_goglemap_services.apk ( File linked to be uninstalled- GoogleMapService)
Android/Trojan.Dropper.Shedun.dc - /system/priv-app/parlmast.apk ( File linked to be uninstalled- GuardService)
Android/Trojan.Dropper.Agent.MJ - /system/priv-apk/Sooner.apk ( File linked to be uninstalled- PhoneService)
Android/Trojan.OveeAd.J - /system/priv-apk/com.tsr.eny.hyu.apk ( File linked to be uninstalled- system.bin)
Android/Trojan.Guerrilla.Q - /system/priv-apk/NAT.apk ( File linked to be uninstalled- SysTool)
Android/Trojan.Triada.m - /system/priv-apk/com.glb.filemanager.apk ( File linked to be uninstalled- UPDATE)
PS: If I try to connect to Internet, app icons are downloaded and auto open displaying porn images.
Please assist to REMOVE the MALWARE INFECTION. Tried FACTORY DATA RESET from Settings, but no help. Tab not rooted.

Solution
Last night i got some pesky malwares. For now i think i removed them. Get Avast and see what it can find. After that try to remove the files from file explorer and the most important thing - go to Settings-Security-Device Administrators. From there remove everything and now from Avast you should be able to remove the infected apps. Hope i helped

Tried cm's stubborn Trojan remover from play store and it did the trick- as in disabled the infected processes but at end took my mail ID with followup request if raised to get the device cleaned from malware. Cross checked from Malwarebytes and kaspersky, and looks seemingly clean with no active culprits. Though not checked with WiFi or data connection through sim.
Sent from my A0001 using XDA-Developers mobile app

Ashish1+1 said:
Tried cm's stubborn Trojan remover from play store and it did the trick- as in disabled the infected processes but at end took my mail ID with followup request if raised to get the device cleaned from malware. Cross checked from Malwarebytes and kaspersky, and looks seemingly clean with no active culprits. Though not checked with WiFi or data connection through sim.
Sent from my A0001 using XDA-Developers mobile app
Click to expand...
Click to collapse
Did it root your phone first? Else I can't see how it would be able to get to those apps installed as system. If so, if it was me, I'd unroot my phone at the very least & uninstall the CM apps since they do not have a good reputation so far as data snooping goes and excessive app permissions etc goes.
eg (from The Capitol Forum)
The apps require extensive access to the devices on which they run, and they are able to harvest a great deal of data about users’ interests, demographics and location. Cheetah Mobile’s business model is not significantly different from the way in which some major American tech companies such as Facebook monetise their free products. However, Cheetah Mobile is different from American tech companies in that its headquarters are located in China and its data servers are primarily located there as well, and its main business partners are major Chinese tech firms. The Chinese government, according to sources, accesses its companies’ data for internal security, economic competitiveness or other purposes. Cheetah Mobile, and similar companies, represents a major point of entry for China to access American app marketplaces and their users to gather information. However, U.S. government officials in national security and intelligence agencies are highly aware of surveillance and hacking both inside and outside China, presumably coming from actors affiliated with the Chinese state.
Click to expand...
Click to collapse
see the alteco report (about investment risks but they ran tests on other apps that didn't do anything, what battery savers don't help!!! :silly: )
https://drive.google.com/file/d/0B_zW4GWDn5wpVDBiLUpDcE9IS0E/view
Now I haven't used the app you quote but if it didn't root your phone then it can't have removed the malware and they are likely up to their old tricks ie the app doesn't really work, they have just been blocked or something. (Ask yourself why aren't there other apps from well known companies that can remove trojans in system on play store?) ANd with their dodgy reputation for ads, & selling user data if it did root your phone you may only be slightly better off!!?? But at least it should only be your user data they are gathering and not your bank account number to try and get ya money like the malware guys!
Anyhow happy for you if you really are free of malware and don't forget to change all your passwords for all accounts, your routers etc else you could be reinfected by the time you read this!
I would reflash the stock ROM to be sure (backup ALL your pics, txts address, whatsapp etc etc)
I would also be interested to know how the app worked, if you can explain it. Did it say it would ROOT your phone? (there is nothing in their write up to say it will, Google would not allow an app that can root on play store, as far as I know) Do you have an app that can read what system apps are installed, like Link2sd? Does that show any of the malicious apk?

Thanks, No I did not root my phone but judging by the way removal came (easy) I too was bit surprised with outcome. No sooner I decided to remove the cm app Trojans and malware again became evident meaning it was just being suppressed in a way not removed and now again came back (when removed).
Sent from my A0001 using XDA-Developers mobile app

Ashish1+1 said:
Thanks, No I did not root my phone but judging by the way removal came (easy) I too was bit surprised with outcome. No sooner I decided to remove the cm app Trojans and malware again became evident meaning it was just being suppressed in a way not removed and now again came back (when removed).
Sent from my A0001 using XDA-Developers mobile app
Click to expand...
Click to collapse
Sorry to hear this. However I think it is possible that the CM app did its job as those malicious apps have probably already rooted your phone, so CM may have just used that root access without informing you, though whether or not other apps like CM app can still use that root, I'm not sure, it depends if its been left "on". I did watch a video on youtube for CM Stubborn Trojan app and the guy had to root his phone first. (You could try some/several of the root checker apps, if you want to know). So lets assume the CM app worked properly and removed trojan as it could get root without giving you a root request notification.
It's entirely possible that your reinfection is from your external SD card or via some other means eg. your router has had some ports opened or some other means. (Sorry I should have said reset router when I said change router password [do this for all routers you use & update firmware & ensure remote access is off (ref. dirty cow) while you are about it too!]
So I would reinstall CM Stubborn Trojan (lets assume it removes malware as it has root, even if it just blocks them it helps us) so you can then reflash official stock ROM for your country (& update to newest version if available), you must flash the FULL stock ROM so all partitions are reflashed. partial stock or custom ROM will not do this & potentially leave you open to reinfection! Reflash the FULL STOCK ROM is the only way to "easily" be sure you have cleaned the malware from your phone. NOTE: just doing a factory reset will NOT remove the malicious apps if they are in operating system folders, this only works for malicious apps in user data areas! Then you must make sure all possible ways you can be reinfected eg via sync, external SD cards or storage, your PC, router etc are cleaned/blocked/reset/updated
If you are not getting updates for your ROM you might want to consider installing a custom ROM (AFTER you have flashed the stock ROM!) from a reliable & trustworthy source, if available for your model, so that you get security patch updates. But you need to research and consider the risks of things like bricks, security etc for yourself first.
Hope this helps you clean your phone

Sometimes, it's times, it's the firmware itself that is infected
IronRoo said:
Did it root your phone first? Else I can't see how it would be able to get to those apps installed as system. If so, if it was me, I'd unroot my phone at the very least & uninstall the CM apps since they do not have a good reputation so far as data snooping goes and excessive app permissions etc goes.
eg (from The Capitol Forum)
see the alteco report (about investment risks but they ran tests on other apps that didn't do anything, what battery savers don't help!!! :silly: )
https://drive.google.com/file/d/0B_zW4GWDn5wpVDBiLUpDcE9IS0E/view
Now I haven't used the app you quote but if it didn't root your phone then it can't have removed the malware and they are likely up to their old tricks ie the app doesn't really work, they have just been blocked or something. (Ask yourself why aren't there other apps from well known companies that can remove trojans in system on play store?) ANd with their dodgy reputation for ads, & selling user data if it did root your phone you may only be slightly better off!!?? But at least it should only be your user data they are gathering and not your bank account number to try and get ya money like the malware guys!
Anyhow happy for you if you really are free of malware and don't forget to change all your passwords for all accounts, your routers etc else you could be reinfected by the time you read this!
I would reflash the stock ROM to be sure (backup ALL your pics, txts address, whatsapp etc etc)
I would also be interested to know how the app worked, if you can explain it. Did it say it would ROOT your phone? (there is nothing in their write up to say it will, Google would not allow an app that can root on play store, as far as I know) Do you have an app that can read what system apps are installed, like Link2sd? Does that show any of the malicious apk?
Click to expand...
Click to collapse
In my case, I have a similar issue - however, it's an infected SYSTEM file - which Malwarebytes spotted (but is unable to remove), and is NOT related to the KingRoot dodgy file. It's actually two different Trojans - both in /system/priv-app (settings.apk and smsservices.apk) - the first is the more problematical. (It's problematical because it's a critical system file/app/service - killing it without a replacement is NOT an option.) How the heck do you replace such a critical system file when it got itself hijacked?

In this case, I would agree with just a complete factory reset or ROM reflash. Like it is simply too much of an issue to try removing and recovering everything. Especially, once it's deep within your system....

Josh Ross said:
In this case, I would agree with just a complete factory reset or ROM reflash. Like it is simply too much of an issue to try removing and recovering everything. Especially, once it's deep within your system....
Click to expand...
Click to collapse
This was what I did finally, I went to service centre and spent bucks. They reloaded the firmware I suppose ( not flashing it) and instantaneously it was as good as new. I think, malware was itself part of original installation like uc browser- it was there. It just activated after some time or may be I clicked on some advertisement while running app and then the hell happened.
Any ways, its working fine, added an adblocker, restricted usage to few apps and keeping my fingers crossed for future.
Sent from my A0001 using XDA-Developers Legacy app

Yeah, the bloatware that you get with some phones nowadays is unbearable. If there is an option, go with a rooted phone, custom ROM, some couple custom solutions for protection and you will be good to go. And they work better than defaults most of the time. Good luck! Hopefully, we will only be hearing good news from you

PGHammer said:
In my case, I have a similar issue - however, it's an infected SYSTEM file - which Malwarebytes spotted (but is unable to remove), and is NOT related to the KingRoot dodgy file. It's actually two different Trojans - both in /system/priv-app (settings.apk and smsservices.apk) - the first is the more problematical. (It's problematical because it's a critical system file/app/service - killing it without a replacement is NOT an option.) How the heck do you replace such a critical system file when it got itself hijacked?
Click to expand...
Click to collapse
I'd reflash stock.

How I got malware on my OP6 and how I got rid of it (at least I think so)

So I was looking for an app to make the top radius match the bottom radius on the corners while using the option of hiding the notch (I already have one different working app for that now). Someone suggested a very shady link to download an apk but since I'm desperate and dumb I just downloaded and installed it. However, after installation there was only a "done" button but "open" button was greyed out, there was no new app on app drawer and there was no new app in application list in settings. I started getting worried that I had just installed some bitcoin mining software or another kind of malware.
I got even more worried because if I tapped on the apk again it was asking me if I wanted to UPDATE the app instead of if I wanted to install it so it was already installed and it had permissions to access gps, phone history, and read, modify and delete USB storage.
After a while during the day, my phone started doing random noises from the speakers like audio from ads but without opening any app, then later it started opening random chit on google chrome and that is not even my default browser (my default is samsung browser), it opened those very intrusive ads that tell you you have a virus and you cannot go back you have to close the whole tab or app it also opened some ads with sexual content a few times.
I always thought all free anti-virus app on the play store were completely useless and just bloating apps but I started installing a bunch, most didn't detect absolutely anything after the option "scan all apps" I tried kaspersky, avast, AVG, Norton, etc. then I installed this (it's called "hi security" so not known brand and I thought it was going to be the worse but after opening it was powered by "McAfee" so at least McAfee is known):
https://play.google.com/store/apps/details?id=com.ehawk.antivirus.applock.wifi
And it actually detected some malware after scanning all apps, there was an app with completely blank name on device administrators that I never gave permission to become device administrator as far as I remember, so I unchecked that app from admin and then the antivirus app was able to uninstall it.
After the virus cleaner uninstalled the app I haven't had any more issues with audios or ads opening on chrome. Do you think I'm safe now or could I still have some spyware?
I posted some screenshots showing everything.
I doubt that anyone wants the apk but if a developer wants it for reverse engineering or whatever reason I can post it the the name "MALWARE_do_NOT_install.apk" or something like that

If you are afraid of malware then flashing stock room is the best bet to get rid of it

vwite said:
So I was looking for an app to make the top radius match the bottom radius on the corners while using the option of hiding the notch.
Click to expand...
Click to collapse
Well, that all sucks!
Back to your top radius matching the bottom problem, here is what your're looking for!
I saw it on some guys youtube channel
https://play.google.com/store/apps/details?id=com.thsoft.rounded.corner&hl=en_US

Bro if security is top priority dont unlock bootloader and root because if you root your device you need to be careful i use af wall and also in settings i will control the permissons of all the apps you need to be conscious because in today's world internet devloped along with it many hackers many trojan rats are devloped so first study some blogs how to use android mobile safely finally if you root and use right apps you can secure device tonhigh level .apps like x privacy lua afwall will secure your device and super user authentication should be set to promt not allow by default

surface13 said:
Well, that all sucks!
Back to your top radius matching the bottom problem, here is what your're looking for!
I saw it on some guys youtube channel
https://play.google.com/store/apps/details?id=com.thsoft.rounded.corner&hl=en_US
Click to expand...
Click to collapse
good app, that's the one I've been using for a while It has a few issues but overall good
Manivannan9444 said:
Bro if security is top priority dont unlock bootloader and root because if you root your device you need to be careful i use af wall and also in settings i will control the permissons of all the apps you need to be conscious because in today's world internet devloped along with it many hackers many trojan rats are devloped so first study some blogs how to use android mobile safely finally if you root and use right apps you can secure device tonhigh level .apps like x privacy lua afwall will secure your device and super user authentication should be set to promt not allow by default
Click to expand...
Click to collapse
I'm not rooted at the moment, phone has been doing everything I want except HBM but I don't think I'll root just because of that because I also use samsung pay plugin for my gear s3 and don't want to risk it

First of all dont trust any antivirus app except major companies like AVG, Avira etc. Always download from playstore. Don't give permission to browser to install app (unknown sources) in 8.1.0 u can do that.
Now scan all apps.. And remove them. Malwarebytes is best to remove hidden malware on any platform.
Good luck.
If u r ready to format and clean ur internal memory then, format ur handset from settings, download whole stock rom and flash it from recovery..
Regards.

herecomesmaggi said:
First of all dont trust any antivirus app except major companies like AVG, Avira etc. Always download from playstore. Don't give permission to browser to install app (unknown sources) in 8.1.0 u can do that.
Now scan all apps.. And remove them. Malwarebytes is best to remove hidden malware on any platform.
Good luck.
If u r ready to format and clean ur internal memory then, format ur handset from settings, download whole stock rom and flash it from recovery..
Regards.
Click to expand...
Click to collapse
Thanks, as I said on first post AVG and Avira were useless for this infection but both "Hi Security" and Malwarebytes premium were able to do the job

vwite said:
Thanks, as I said on first post AVG and Avira were useless for this infection but both "Hi Security" and Malwarebytes premium were able to do the job
Click to expand...
Click to collapse
I mentioned Avira nd AVG as antivirus. Malwarebytes is best bro for malware infection. I m using it since 2009 for pc. Every time it does the job.
Also for ur round corner.. I suggest u search for "round R" a app found on xda in 2011 or 12, since then It does it job beautifully.
Regards