I'm S - off and recently rooted. AVG just did a full scan last night and came back with a threat for malware. It said an app "device provisioner" was malware, it gave me an option to uninstall the app but when I try it says uninstall was unsuccessful. I also looked with file explorer and I see no such app. Question is, should I be concerned and what to do?
Related
Hello everyone! I am not new here,I have an old account "JBmorris", however i dont use it anymore.
Anyway, does anyone know iRoot(formerly Vroot)? If so. I'm going to need your help.
I am a person who almost often scans files before running them. So yesterday, I was download iRoot, and I scanned it, and it was detected as A virus called "Android:Agent-GYN [PUP]" (avast) and "Android/Spy.Agent.Y.Gen" (Avira).
It was scanned on virustotal.
I am afraid of hackers spying me.. can you clarify me? thanks.
JBmorris289 said:
Hello everyone! I am not new here,I have an old account "JBmorris", however i dont use it anymore.
Anyway, does anyone know iRoot(formerly Vroot)? If so. I'm going to need your help.
I am a person who almost often scans files before running them. So yesterday, I was download iRoot, and I scanned it, and it was detected as A virus called "Android:Agent-GYN [PUP]" (avast) and "Android/Spy.Agent.Y.Gen" (Avira).
It was scanned on virustotal.
I am afraid of hackers spying me.. can you clarify me? thanks.
Click to expand...
Click to collapse
As far as i know its safe to use iROOT (formerly VRoot) I used it before my my computer is free of viruses. Many root "exploits" are detected as viruses or PUP. Just disconnet your internet, disable AV for rooting, delete iROOT once done OR add iROOT to your AV's exceptions. BUT you should change the contained superuser app for SuperSU once rooted.
But what about the Android Spy Agent detections?
JBmorris289 said:
But what about the Android Spy Agent detections?
Click to expand...
Click to collapse
As I said, once the phone is rooted install SuperSU. SuperSU will prompt you to uninstall the crappy chinese superuser app and you're done
LS.xD said:
As I said, once the phone is rooted install SuperSU. SuperSU will prompt you to uninstall the crappy chinese superuser app and you're done
Click to expand...
Click to collapse
Ah...okay. Thanks!
I used iRoot/VRoot but my phone got infected with something. After using the root application (which does work) it installed several more apps and I'm getting popups in my browsers and whatsapp. So far I haven't been able to remove it.
Any luck removing this? I tried using iRoot on my Galaxy S5 G900W8 and root failed, but I got a bunch of apps installed. The dam thing is in chinese and I can't read anything..... grr! This thing is sketchy... I'd say IF you're going to try it, do it NOT connected to internet (disable data/wifi) MAYBE then you wont get all these ****ty apps.....
but for me it has not worked thus far...
Happened to me yesterday. It was so painful! This junk installed 2 stubborn trojans in system/priv-app. Impossible to remove even with factory reset. It gains admin privileges, starts downloading crap from the net, fills the display with porn pics etc. Kingroot saved the day in the end! Managed to root my phone and clean the mess. It was a whole day battle.
BTW, credit to Stubborn Trojan Killer as well! It showed me the location, but wasn't able to clean because the phone wasn't really rooted.
Also, Total Commander was the only file manager capable of opening that dir without root.
P.S. First trojan was named "shell" and had version 1.0. The original shell app is higher version. That's how you know which is the good and which is the bad one. The other trojan was names something like xy_1_some digits. You should stop that "shell" crap immediately and disable it. It will be hard, but possible to do. Otherwise you wouldn't be able to do anything.
The other night I went to the Google Playstore to find an app' I wanted to try.
I found it but the phone was acting weird.
I did some checking and in Security/admin privileges I found something I'd never seen before.
It was called "Android Digital Management".
I searched around with my file explorer and found nothing.
Hmm?
I then removed the Playstore updates and disabled Play store and it's account manager ...... I always do to save power.
I went back and checked on ADM and it was gone.
My SD Maid app' was complaining about only a partial root as well as some of my other root apps' not working correctly.
Thank God for TWRP recovery.
I had a two week old backup that I installed from recovery and everything is great now.
Has anyone else ran into this?
I am rooted aswell, and when checking the area u stated, i dont have a Android Digital Management, but its called Android Device Manager, same initials, that is checked and Greenify, quick reboot and Wheres my droid are unchecked. What app is your device administrator after what you did??
I believe they are (just my opinion).
It really seems that the once touted "open source" OS is going the way of IOS for "security" reasons. I know this is a supposed to be for my protection but it is a serious curtailing of our ability to do as we please with our device.
Google took the first major step down the slippery slope of a locked OS when THEY decided we don't need an external sd card.
I know they're locking up security exploits but it really seems that soon what we loved about Android will be gone and it willl just be another OIS or Windows phone....
urirx98 said:
I am rooted aswell, and when checking the area u stated, i dont have a Android Digital Management, but its called Android Device Manager, same initials, that is checked and Greenify, quick reboot and Wheres my droid are unchecked. What app is your device administrator after what you did??
Click to expand...
Click to collapse
Ah,that sounds like it.
My bad.
I was so pissed after it happened,I guess I screwed up the name......you got the idea though.
If you uninstall the updates to the Google Play apps',that thing goes away.
I notice when I go to the Playstore that they like to update my app' resulting in phone restarts.
This time the last restart presented a PlayStore screen in a format I hadn't seen before.
That"s when everything went downhill.
Some games are, remember mine rooted note 3 can't even detect the game marvel future fight
RESOLVED ***
I tried a 'one-click' root from play store (yeah, I knew better, or should have) called "Root Access" from 'homeappdevelop.'
After 5 hours of command line terminal activity and innumerable pop-ups for unwanted junk, it said it was rooted.
This morning it says it isn't. That's OK, I don't need root anyway.
But now everytime I boot the device I get a bunch of pop-ups for junk. I restored from the back-up I did before the install, but that does not help. It was free so "My Paid Apps" cannot help.
I understand I can delete this crap-ware from the phone applications list, but who knows what it is called?
I use Lookout but it's not really made for this kind of stuff.
GranPaSmurf said:
I tried a 'one-click' root from play store (yeah, I knew better, or should have) called "Root Access" from 'homeappdevelop.'
After 5 hours of command line terminal activity and innumerable pop-ups for unwanted junk, it said it was rooted.
This morning it says it isn't. That's OK, I don't need root anyway.
But now everytime I boot the device I get a bunch of pop-ups for junk. I restored from the back-up I did before the install, but that does not help. It was free so "My Paid Apps" cannot help.
I understand I can delete this crap-ware from the phone applications list, but who knows what it is called?
I use Lookout but it's not really made for this kind of stuff.
Click to expand...
Click to collapse
have u checked to make sure non of its in device administrators and if it is make sure its off first then delete
Thanks for the reply.
I downloaded Malwarebytes. The first scan found it. I deleted the bad stuff.
All is well.
I went on a website that i later found out was known for installing rootkits . I was on firefox and have ublock origin installed. I didnt know about the third party filter settings so those werent up to date. And the page was saying how it was scanning my browser and initiating a dd something. I backed out before more stuff could load. And i cleared my cookies and downloaded several antivirus apps from the appstore and they all said im fine. But those dont scan for rootkits. I dont think theres a app that does that. I didnt click anything on the site but idk i something downloaded to my phone. Would i see it in my downloaded history or my download folder?
Tldr i just want to know if i may have gotten a rootkit by visiting a malicious website on my android phone.
I have a samsung galaxt s6
poopcycles said:
I went on a website that i later found out was known for installing rootkits . I was on firefox and have ublock origin installed. I didnt know about the third party filter settings so those werent up to date. And the page was saying how it was scanning my browser and initiating a dd something. I backed out before more stuff could load. And i cleared my cookies and downloaded several antivirus apps from the appstore and they all said im fine. But those dont scan for rootkits. I dont think theres a app that does that. I didnt click anything on the site but idk i something downloaded to my phone. Would i see it in my downloaded history or my download folder?
Tldr i just want to know if i may have gotten a rootkit by visiting a malicious website on my android phone.
I have a samsung galaxt s6
Click to expand...
Click to collapse
yes you could have got malware, though normally you would have had to interact with it to enable install. If it did gain root then nothing may show in downloads etc. If your rom is up to date or you backed out quickly you have a good chance you may be ok.
You could try a few root checker apps, but bear in mind it could have unrooted itself once installed as a system app. Else look out for any signs of strange behaviour or changes to system eg admin being added (maybe also try hidden admin finder app), install a firewall and check logs ....
go to virustotal or similar website and look for (or submit) that domain and see what malware it is being distributed, that might give you an idea where/what to look for (assuming it's still serving the same malware if you just submited url)
IronRoo said:
yes you could have got malware, though normally you would have had to interact with it to enable install. If it did gain root then nothing may show in downloads etc. If your rom is up to date or you backed out quickly you have a good chance you may be ok.
You could try a few root checker apps, but bear in mind it could have unrooted itself once installed as a system app. Else look out for any signs of strange behaviour or changes to system eg admin being added (maybe also try hidden admin finder app), install a firewall and check logs ....
go to virustotal or similar website and look for (or submit) that domain and see what malware it is being distributed, that might give you an idea where/what to look for (assuming it's still serving the same malware if you just submited url)
Click to expand...
Click to collapse
Why are you giving fake info ??? He couldnt had got malware on android when he hadnt installed anything!
So I was looking for an app to make the top radius match the bottom radius on the corners while using the option of hiding the notch (I already have one different working app for that now). Someone suggested a very shady link to download an apk but since I'm desperate and dumb I just downloaded and installed it. However, after installation there was only a "done" button but "open" button was greyed out, there was no new app on app drawer and there was no new app in application list in settings. I started getting worried that I had just installed some bitcoin mining software or another kind of malware.
I got even more worried because if I tapped on the apk again it was asking me if I wanted to UPDATE the app instead of if I wanted to install it so it was already installed and it had permissions to access gps, phone history, and read, modify and delete USB storage.
After a while during the day, my phone started doing random noises from the speakers like audio from ads but without opening any app, then later it started opening random chit on google chrome and that is not even my default browser (my default is samsung browser), it opened those very intrusive ads that tell you you have a virus and you cannot go back you have to close the whole tab or app it also opened some ads with sexual content a few times.
I always thought all free anti-virus app on the play store were completely useless and just bloating apps but I started installing a bunch, most didn't detect absolutely anything after the option "scan all apps" I tried kaspersky, avast, AVG, Norton, etc. then I installed this (it's called "hi security" so not known brand and I thought it was going to be the worse but after opening it was powered by "McAfee" so at least McAfee is known):
https://play.google.com/store/apps/details?id=com.ehawk.antivirus.applock.wifi
And it actually detected some malware after scanning all apps, there was an app with completely blank name on device administrators that I never gave permission to become device administrator as far as I remember, so I unchecked that app from admin and then the antivirus app was able to uninstall it.
After the virus cleaner uninstalled the app I haven't had any more issues with audios or ads opening on chrome. Do you think I'm safe now or could I still have some spyware?
I posted some screenshots showing everything.
I doubt that anyone wants the apk but if a developer wants it for reverse engineering or whatever reason I can post it the the name "MALWARE_do_NOT_install.apk" or something like that
If you are afraid of malware then flashing stock room is the best bet to get rid of it
vwite said:
So I was looking for an app to make the top radius match the bottom radius on the corners while using the option of hiding the notch.
Click to expand...
Click to collapse
Well, that all sucks!
Back to your top radius matching the bottom problem, here is what your're looking for!
I saw it on some guys youtube channel
https://play.google.com/store/apps/details?id=com.thsoft.rounded.corner&hl=en_US
Bro if security is top priority dont unlock bootloader and root because if you root your device you need to be careful i use af wall and also in settings i will control the permissons of all the apps you need to be conscious because in today's world internet devloped along with it many hackers many trojan rats are devloped so first study some blogs how to use android mobile safely finally if you root and use right apps you can secure device tonhigh level .apps like x privacy lua afwall will secure your device and super user authentication should be set to promt not allow by default
surface13 said:
Well, that all sucks!
Back to your top radius matching the bottom problem, here is what your're looking for!
I saw it on some guys youtube channel
https://play.google.com/store/apps/details?id=com.thsoft.rounded.corner&hl=en_US
Click to expand...
Click to collapse
good app, that's the one I've been using for a while It has a few issues but overall good
Manivannan9444 said:
Bro if security is top priority dont unlock bootloader and root because if you root your device you need to be careful i use af wall and also in settings i will control the permissons of all the apps you need to be conscious because in today's world internet devloped along with it many hackers many trojan rats are devloped so first study some blogs how to use android mobile safely finally if you root and use right apps you can secure device tonhigh level .apps like x privacy lua afwall will secure your device and super user authentication should be set to promt not allow by default
Click to expand...
Click to collapse
I'm not rooted at the moment, phone has been doing everything I want except HBM but I don't think I'll root just because of that because I also use samsung pay plugin for my gear s3 and don't want to risk it
First of all dont trust any antivirus app except major companies like AVG, Avira etc. Always download from playstore. Don't give permission to browser to install app (unknown sources) in 8.1.0 u can do that.
Now scan all apps.. And remove them. Malwarebytes is best to remove hidden malware on any platform.
Good luck.
If u r ready to format and clean ur internal memory then, format ur handset from settings, download whole stock rom and flash it from recovery..
Regards.
herecomesmaggi said:
First of all dont trust any antivirus app except major companies like AVG, Avira etc. Always download from playstore. Don't give permission to browser to install app (unknown sources) in 8.1.0 u can do that.
Now scan all apps.. And remove them. Malwarebytes is best to remove hidden malware on any platform.
Good luck.
If u r ready to format and clean ur internal memory then, format ur handset from settings, download whole stock rom and flash it from recovery..
Regards.
Click to expand...
Click to collapse
Thanks, as I said on first post AVG and Avira were useless for this infection but both "Hi Security" and Malwarebytes premium were able to do the job
vwite said:
Thanks, as I said on first post AVG and Avira were useless for this infection but both "Hi Security" and Malwarebytes premium were able to do the job
Click to expand...
Click to collapse
I mentioned Avira nd AVG as antivirus. Malwarebytes is best bro for malware infection. I m using it since 2009 for pc. Every time it does the job.
Also for ur round corner.. I suggest u search for "round R" a app found on xda in 2011 or 12, since then It does it job beautifully.
Regards