Sexy Wallpaper app has installed itself as a system app - Galaxy Tab 2 Q&A, Help & Troubleshooting

Dear Sir/Madame,
I am having a few issues with my Samsung Galaxy Tab 2 (GT-P5113) and I believe they may be related to apps installing themselves onto my tablet as system apps. I first started to have a problem with my music players – they will play fine until the screen times out then they stop playing until the screen is taken out of saver mode.
Another problem is that I am constantly getting a message that the system update has failed and I cannot update my tablet because I get a message saying my tablet has been modified. Finally, I am noticing that there are several apps that must be stored on my tablet as system apps – one is called sexy wallpaper, another is magic eye and I do not remember the name of the others but they just pop up even when my wi-fi is turned off.
I have tried to do a factory reset and a manual reset of the tablet to remove any apps but after the resets the wallpaper pops up again and the message of system update has failed appears. I have to believe all of the problems are related to the wallpaper app and/or the other apps that have forced themselves onto my tablet.
The other problem with my music players stopping when the display goes into saver began all of a sudden and I have had to change my display to timeout after 30 minutes so that I can listen to music on the tablet. It is not the worst option but it is a huge drain on my battery to keep the display on if I want to listen to music.
After I do a factory reset or a manual reset of the tablet, when setting up my device I have skipped the option of setting up the wi-fi but these apps show up as system apps. I move them to the trash bin immediately and it takes them a while to disappear from the apps or widget screen. I usually have to click on them after I have moved them to the trash bin to get them off the screen.
Also, I get the message that the system update has failed immediately after setting up the tablet following a reset.
I downloaded the firmware and the latest ODIN to do a flash stock ROM but I did not want to do anything until I knew that would be the best next step. Any assistance with these problems will be greatly appreciated.

The first answer to your problem is that happens when you are using a custom rom or kernel or on power saver mode, they set the cpu frequency to get low when the screen gets locked. so, when the screen goes off your cpu starts running on low frequency which is not enough to run music player seamlessly but good enough to save your battery.
Second msg is there because you have enabled root, congrats buddy. :good: so you won't be needing any more system updates from samsung now xda is your official update zone. the system files have been modified and thus system can't officially update.
Un-root is an option but since you are getting random apps installed on your pc, then it might be infected and staying on root is better since you can delete those apps causing you trouble. there are many ways to delete those apps even the samsung update app. You can get rid of. search for system app uninstallers.
or
Yes you can try the odin mode and flash stock rom, it will format and install with default. it's safe and will solve your problems.
I
would suggest you learn more from here, going back to stock and waiting for an official update which will never come out from samsung, xda is a great place to learn. best of luck

Billysam,
Thank you for your reply. So how did it get rooted because I did not do that? The wallpaper app that pops up was not installed on the tablet by me it just started to pop up like a virus. I had installed apps from aptoide (chess, dominoes, holdem poker, etc.) and there are pop up ads that will randomly show up when playing those games. However, I have not tried to modify the tablet in any other way since I got it a few years ago.
The only reason I even did the factory resets was to get rid of the pop up from the wall paper and several other apps that were constantly trying to install on the tablet. Because I do not have the unknown sources box ticked so that I have to verify and approve non-google apps that is the only reason the apps were not installing. However, even with the security protections that I mentioned turned on the apps began installing themselves so that is the only reason I tried to factory resets. I had already tried to do the system update before the reset and I was getting the message that my table had been modified so I started making the connection in my mind that the apps were being viewed as system apps.
I have no problem in going back to stock settings or even staying rooted is that is what has happened -- it is just that I did not root the tablet myself. Knowing that it has been rooted by these apps (or viruses possibly) is disconcerting to me -- I just hope the flash will actually remove them since your assessment has me alarmed. The table is not in power saving mode so if the rom or kernel has been customized again that would have been the result of these intruding apps. Currently, the app does not show but that is because I can send it to the trash and the Wi-Fi has been disabled. Once I enable the Wi-Fi the apps force their way back onto the tablet.
The "Unfortunately, System Update has stopped” message pops up all the time even with the Wi-Fi disabled. Of course that message started about the same time as the apps started installing themselves onto the tablet. I always had the automatic update setting on so I never paid attention to whether the tablet was updating. I just assumed Samsung was sending out updates whenever they were available. I guess, in hindsight I do not actually remember seeing any updates being downloaded from Samsung so your statement about waiting endlessly is definitely correct.
So when you say the Odin mode will install with default do you mean that the tablet will go back to the original factory settings and it will allow for the update to work as normal? Or will it still be rooted and I will need to get any updates from this Xda website? Again, at this point I do not really have a preference either way I just want to know as much as I can before I take any actions.
Another curious observation is that I have not enabled Wi-Fi as I stated earlier and when I go to settings to look at the application manager the only app that it shows is the “Galaxy Tab 2 Screensaver” taking up 23.52MB of space but I don’t know if that is a system app or if it is part of the self-imposed sexy wallpaper app that I had to delete. I ask because all the other system apps do not show up in the app manager under the settings – for instance alarm, amazon kindle, paper artist, playbooks, music player, YouTube, Polaris Office, etc. The Screensaver is of course one of the apps but none of the other 60 apps are listed in the application manager only the “Galaxy Tab2 Screensaver” – I did not notice if this Galaxy Screensaver was already there since I never change the screensaver settings on my tablets. When I compare this to the way the application manager looks on my 7” (GT-P3113) the 7” has all of the apps listed in the application manager.
Also, when I compare the Android Version (4.2.2), Kernel Version (3.0.31-1978026, [email protected]#1, Tue Nov 19 18:37:42 KST 2013) and Build number (JDQ39.P5113UEUCMK3) they are virtually the same. The only difference is the 7” has slightly different Kernel Version (09#1) and Build number (P3113) so I am confused by the initial statement of a custom kernel possibility or modification of the tablet except that the self-imposed app(s) make the tablet appear to be rooted or modified? Does that make any sense? I am not a tablet guy by any stretch of the imagination but I have had to troubleshoot many a laptop plus I have had more than a few Coby tablets that all tapped out of life at some point. The Samsung tablets were actually replacements for those Coby tablets (may they R.I.P.) – in short I am still very confused. Where can I get further help in understanding not the steps to flash the rom but an understanding of what that actually does?

tzxlyd said:
I had installed apps from aptoide (chess, dominoes, holdem poker, etc.) and there are pop up ads that will randomly show up when playing those games. However, I have not tried to modify the tablet in any other way since I got it a few years ago.
Click to expand...
Click to collapse
So you haven't flashed anything or tried to root. so you're clean in that manner. But Aptoide seems to be the culprit here.
"Aptoide Anti-Malware platform analyses applications in run-time and disables potential threats across all stores."
So, basically aptoide allows pirated apps, they could even give you access to the malware and viruses and not even let you know about it. So, even if you're installing a safe app like a game which is also available on the google play store(which is the safest place until now) malicious codes could be added to them over aptoide.
---------- Post added at 10:51 PM ---------- Previous post was at 10:38 PM ----------
tzxlyd said:
Billysam,
The only reason I even did the factory resets was to get rid of the pop up from the wall paper and several other apps that were constantly trying to install on the tablet. Because I do not have the unknown sources box ticked so that I have to verify and approve non-google apps that is the only reason the apps were not installing. However, even with the security protections that I mentioned turned on the apps began installing themselves so that is the only reason I tried to factory resets. I had already tried to do the system update before the reset and I was getting the message that my table had been modified so I started making the connection in my mind that the apps were being viewed as system apps.
Click to expand...
Click to collapse
What a factory reset does?
It removes all USER DATA and restores the device back to factory settings providing that the device is not rooted. User data is defined as apps, call logs, contacts, and anything else the user has placed in the devices memory. Stuff that is on the SDCARD is not affected by a factory reset. A factory reset really only deals with the Data and the Cache partitions.
So, if your system is modified and you're not on a custom recovery(you get through flashing with odin). it will only delete data and cache, system apps will stay as it is. i.e system files modified in your case.
Unknown sources box doesn't help much either and verifying non-google app won't work since aptoide has already the permissions to allow.(that is how you could even get a pirated app installed through aptoide in the first place. makes sense? then the malicious apps also gets way in and use scripts to get into root)
---------- Post added at 11:23 PM ---------- Previous post was at 10:51 PM ----------
tzxlyd said:
I have no problem in going back to stock settings or even staying rooted is that is what has happened -- it is just that I did not root the tablet myself. Knowing that it has been rooted by these apps (or viruses possibly) is disconcerting to me -- I just hope the flash will actually remove them since your assessment has me alarmed. The table is not in power saving mode so if the rom or kernel has been customized again that would have been the result of these intruding apps. Currently, the app does not show but that is because I can send it to the trash and the Wi-Fi has been disabled. Once I enable the Wi-Fi the apps force their way back onto the tablet.
So when you say the Odin mode will install with default do you mean that the tablet will go back to the original factory settings and it will allow for the update to work as normal? Or will it still be rooted and I will need to get any updates from this Xda website? Again, at this point I do not really have a preference either way I just want to know as much as I can before I take any actions.
Click to expand...
Click to collapse
Yes, it's not a power saving mode, and kernel isn't modified either and no, this is not a root induced by you, but it's malicious activity, so don't stay like that.
Flashing stock firmware through odin
wipes/format system,
boot/kernel,
cache,
hidden partitions and rewrites them all like it came out of the box(except data on your external memory card.) It will leave no sign of any apps or hidden codes or any data that doesn't belongs to Samsung. So no root, completely the way you bought it the first time. no need of xda anymore and you can stay without it even making update possible to work. but then you're not getting any more updates from them. but xda here on xda have so much updates if you've seen already.
---------- Post added at 11:55 PM ---------- Previous post was at 11:23 PM ----------
[/COLOR]
tzxlyd said:
The "Unfortunately, System Update has stopped” message pops up all the time even with the Wi-Fi disabled. Of course that message started about the same time as the apps started installing themselves onto the tablet. I always had the automatic update setting on so I never paid attention to whether the tablet was updating.
Another curious observation is that I have not enabled Wi-Fi as I stated earlier and when I go to settings to look at the application manager the only app that it shows is the “Galaxy Tab 2 Screensaver” taking up 23.52MB of space but I don’t know if that is a system app or if it is part of the self-imposed sexy wallpaper app that I had to delete. I ask because all the other system apps do not show up in the app manager under the settings – for instance alarm, amazon kindle, paper artist, playbooks, music player, YouTube, Polaris Office, etc. The Screensaver is of course one of the apps but none of the other 60 apps are listed in the application manager only the “Galaxy Tab2 Screensaver” – I did not notice if this Galaxy Screensaver was already there since I never change the screensaver settings on my tablets. When I compare this to the way the application manager looks on my 7” (GT-P3113) the 7” has all of the apps listed in the application manager.
in short I am still very confused. Where can I get further help in understanding not the steps to flash the rom but an understanding of what that actually does?
Click to expand...
Click to collapse
the reason the app stops, could be because bad, overwritten, conflicting data, or even in case when you're ram is pretty much choked up all apps could start misbehaving and stop responding.
simple test, try deleting system update app's data. in settings- app manager- all apps. if it's because bad data, it will sort things out.
any app under settings-app manager you find that has uninstall option ------ is not a system app.
the apps which you can only disable and can't uninstall ------- are the apps installed on your system partition.
So, don't be confused, focus, first clear data/cache of all the apps that you suspect or is getting stopped, then uninstall the apps which you can, get rid of aptoide, Galaxy Tab2 Screensaver. use google play store or amazon and install apps from them only, or sites which you can trust. if you want to disable samsung update, disable it as well, since it will never show any update anymore and won't be getting stopped.
See how it goes, if problem persists, then we will get over to flashing through odin

Billysam,
I got rid of the Aptoide apps when I tried to do the factory resets so they have been removed and as you say I guess the viruses were already embedded onto the tablet from using those games. Even with all of the Aptoide apps removed I am getting the update failure message and the wallpaper app (plus sometime others) are already on the tablet after the reset. I will look at the Odin flash and I saw the steps on Sammobile. I already downloaded the Odin and the firmware files that match the build of my tablet so I believe I am ready to proceed. Can you review the instructions I copied from the Sammobile website to ensure the steps are correct?
The Sammobile steps are as follows:
• Extract (unzip) the firmware file
• Download Odin v3.10.7
• Extract Odin ZIP file
• Open Odin v3.10.7
• Reboot Phone in Download Mode (press and hold Home + Power + Volume Down buttons)
• Connect phone and wait until you get a blue sign in Odin
• Add the firmware file to AP / PDA
• Make sure re-partition is NOT ticked
• Click the start button, sit back and wait few minutes

tzxlyd said:
Billysam,
I got rid of the Aptoide apps when I tried to do the factory resets so they have been removed and as you say I guess the viruses were already embedded onto the tablet from using those games. Even with all of the Aptoide apps removed I am getting the update failure message and the wallpaper app (plus sometime others) are already on the tablet after the reset. I will look at the Odin flash and I saw the steps on Sammobile. I already downloaded the Odin and the firmware files that match the build of my tablet so I believe I am ready to proceed. Can you review the instructions I copied from the Sammobile website to ensure the steps are correct?
The Sammobile steps are as follows:
• Extract (unzip) the firmware file
• Download Odin v3.10.7
• Extract Odin ZIP file
• Open Odin v3.10.7
• Reboot Phone in Download Mode (press and hold Home + Power + Volume Down buttons)
• Connect phone and wait until you get a blue sign in Odin
• Add the firmware file to AP / PDA
• Make sure re-partition is NOT ticked
• Click the start button, sit back and wait few minutes
Click to expand...
Click to collapse
"Backup all your Important files before doing any troubleshooting"
Yes that's right.

Billysam,
I wanted to let you know that I was finally able to get back to this today and I followed your instructions on flashing the stock firmware through Odin. From what I can tell it worked just as you described – I was able to connect the Wi-Fi, then check the update and that update error did not appear. Additionally, the system loaded music player is working as it was prior to the problem and there has not been any wallpaper application trying to force itself onto my tablet.
I truly appreciate your assistance with everything. I may at some point in the future update my tablet to the latest android platform from the instructions contained within the XDA website. Especially, now that I know the caliber of expertise within the forums.
I believe from what you indicated that will require that I root the tablet to get to the most current android system but I am definitely going to take my time to fully research the steps required before I venture down that path. I will stay away from Aptoide as my app store from this point forward – I never had any problems with those apps previously – still I do not need the hassle since as you said they can be acquired from the Google store. Again, I truly appreciate your assistance.

tzxlyd said:
Billysam,
I wanted to let you know that I was finally able to get back to this today and I followed your instructions on flashing the stock firmware through Odin. From what I can tell it worked just as you described – I was able to connect the Wi-Fi, then check the update and that update error did not appear. Additionally, the system loaded music player is working as it was prior to the problem and there has not been any wallpaper application trying to force itself onto my tablet.
I truly appreciate your assistance with everything. I may at some point in the future update my tablet to the latest android platform from the instructions contained within the XDA website. Especially, now that I know the caliber of expertise within the forums.
I believe from what you indicated that will require that I root the tablet to get to the most current android system but I am definitely going to take my time to fully research the steps required before I venture down that path. I will stay away from Aptoide as my app store from this point forward – I never had any problems with those apps previously – still I do not need the hassle since as you said they can be acquired from the Google store. Again, I truly appreciate your assistance.
Click to expand...
Click to collapse
Glad that you've achieved a new level of expertise yourself. welcome to the community and do spend some time here, there are tons of great stuffs here that will take your android device to heights that no official stock update can give. rooting and getting on a custom rom not exploits your device or is harmful if you truly understand and utilise the power that it gives in your hand. you can take control of your device yourself rather than stay in the hands of malicious app developers and forced sponsored bloatwares.

Related

[Resolved] WOW!!! Backup and Restore!

I am just amazed. IF this has been available to samsung users or if it's a ICS function, I'm still blown away but it.
If you are having problems, and want to do the Windows thing of restarting from scratch, take advantage of the included Outstanding Backup and Restore.
I had been suggested doing the backup and restore by Samsung for my wifi connect/reconnect issue with "N" (no, it doesn't seem to have resolved it) but I was hesitant to go through the PAIN of reinstallation of all my apps (about70).
I decided to bite the bullet and reset the phone. I rooted too so I expected the worse. Well, let me say, that as I am writing this, the phone is automatically reinstalling my apps after signing in to Google and my wifi network. This restored my entire set of apps in only a few minutes (I have 50 mb internet and 5Ghz N, so the phone does my full bandwidth).
It's still rooted. A new Android ID was issued (TI offered to restore the old one). The About Phone/Status page still says Modified at the bottom.
Data from apps like my FlightTracker have no information so that will have to be re-entered. Passwords for apps and sync (or specific sync settings like NOT syncing GDrive or Gmail,) are not restated.
If for whatever reason you decide to do this, don't hesitate.
google
it's not an ICS specific function but more of a google play (formerly google market) function.
Google play knows which apps you have installed from them and on which device.
When you reset your device and input your google credentials, it will propose you to put back the previously installed apps.
Just surf to
play . google . com
log on and it will reflect what you already have installed, it also knows what you have paid for (you can install a paid app on multiple devices and only have to pay once) and at the bottom in "my orders and settings" you can see the devices you own and give them a name.
you can also review and install applications remotely from there. Click on install and your device will start downloading and installing it.
Well coming from a GB device I never saw/realized that the market can install all the apps automatically.
Sent from my SAMSUNG-SGH-I747 using xda premium
Since I rooted my phone I wiped and installed it countless times with roms (cyanogen mostly) from android 2.2 to the current 4.0.4
I always check that automatic backup is enabled in the relevant setting but I never seen it working.. I thought it was supposed to restore apps, wifi passwords and so on when, after a wipe, I configure my Google account, but no luck, it never worked for me.
Sent from my HTC Desire using xda app-developers app

Tronsmart TS7 (aka Glacier TS7) installs random apps without permission

I have a (4GB) Tronsmart TS7 (some times known as a Alps Glacier TS7). It's a Chinese MTK6589 based phone running Android 4.2 purchased from geekbuying.
For the most part the device is stock, there are next to no pre-installed apps apart from the usual, and the only additional apps I have installed are: Playstation, Steam, ColorNote, Shuttle+, Root Explorer DI Radio, Chrome & Gmail
The problem I have is that there are apps appearing on the device that I am not installing. So far it has been the same set of apps that appear:
Mobo Market
UC Browser
TrustGo Security
DU Battery Saver
337 Game Master
GameCenter
(there may be more)
These apps don't start appearing right after a factory reset, but start to arrive 1-2weeks later. They also seem to be packaged similarly; when I say packaged I mean opening them seems to prompt with the same menu & style (accept licence etc) before it gets to the main app. Also, after you open the app from the app drawer it then creates an icon on the desktop. Maybe opening it actually does the installing?
The apps themselves seem to be legit.
I have factory reset the device (twice), and changed my Google password but they are still appearing. They don't show up in my Play store history so they must be coming from elsewhere.
My main concern is that if it is downloading things without my permission, what might it be uploading ? Not to mention wasting my 3g data etc.
So I have a few questions:
Should I be (really) worried?
Is there a way to monitor this? eg connect to a wifi hotspot and packet capture the network traffic? or maybe use a process monitor (the ones I've tried so far haven't shown anything) to see if there is some sort of script in the background?
Can it be stopped?
Thanks in advance, I would be interested to know if anyone else has/had this problem?
I have the same problem.
I haven't tried flashing some other ROM yet, but I guess that is the only way to get it to stop installing those things.
Have you actually found any other roms to install?
For anybody's information:
You may have noticed how you always end up with a 'Tronsmart.mp4' video file appearing in your gallery app. This is damn annoying since it appears twice, once on the internal and once on the external SD card. There is an '\system\app\CopyTest.apk' file which creates both of these. Should be safe to delete it and thus prevent the file(s) appearing
I have actually decompiled this apk. It works as a service that runs when MEDIA_UNMOUNTED or MEDIA_MOUNTED is invoked, and does absolutely nothing else.
I have the same problem, those random apps installing and the video always in my gallery. I have managed to stop tge apps by using a firewall and allowing only my apps that i want to use the internet. I havent found a solution though to fix the problem. Probably tronsmart is spamming its customers...
mariosm1cy said:
I have managed to stop tge apps by using a firewall and allowing only my apps that i want to use the internet.
Click to expand...
Click to collapse
What Firewall did you use? I might be able to use something like that to pinpoint the app that's causing this.
Sory for the late reply. I am usin "android firewall" free from google play store.
USB debugging disabled stopped it on mine
edit: not that easy, wasn't enough. made some cleanup by disabing/removing some system apps. seems to work so far although there are still some strange events like superuser crashing and right after that system downloader.apk reappearing. haven't seen any other junk coming back
these are the apk's i removed:
systemupdateassistant
systemdownloader
omacp
mtkbt
midtest
galaxy4
fusedlocation
engineermode
engineermodesim
cds_info
basicdreams.

[Q] Gfirewall and Gsearch bloatware/virus problem.. HELP!

Hello guys, i have a problem as reported above with 2 bloatware apps on my android phone: Gfirewall and Gsearch.
My phone model is UBTEL U8 (MTK model, china phone) and i'm running Android 4.2.2 ROOTED. I have no custom rom/firmware installed.
These 2 apps appeared magically about 2/3 months ago, and i thought they were safe beacuse of Google logo and name. Nothing happened in these months except for some phone crashes and restarts, but 2 days ago a banner ad appeared in my home screen at phone restart and/or phone unlock. I use AdAway (similar to AdBlock) to disable ALL TYPES of banner, ads and related on my phone, browser and apps. When i went to AdAway i noticed that was disabled: i enabled it again and restarted the phone.. but banner ads still showing.. so i went again in AdAway and it was disabled.. again!
I have a similar problem with 3G/H connection with Vodafone. Everytime i disable internet connection, it gets activated again in 1 minute max.. so i can't disable internet.. never!
I removed these 2 bloatware apps today and fortunatly they didn't show up again or get reinstalled.. ads and AdAway blocks are disappeared. I started a lot of antivirus controls with Avira and nothing showed up.. so i thought i was fine, BUT the internet problem persists.. i can't disable internet everytime i want. Someone of you could help me to solve this problem? I hope there is an alternative method to solve this without format/reset the phone!
I have the same problem with Gfirewall and Gsearch in my STAR N9800
Same full screen banner ad in my home screen.
In my phone there is Trend Micro Worry Free Business Security Services as antivirus, but nothing was found after a full scan.
If I find something new, I'll write here
user064 said:
I have the same problem with Gfirewall and Gsearch in my STAR N9800
Same full screen banner ad in my home screen.
In my phone there is Trend Micro Worry Free Business Security Services as antivirus, but nothing was found after a full scan.
If I find something new, I'll write here
Click to expand...
Click to collapse
Hello! I solved with hard reset.. if you want to try i suggest you to use titanium backup for your safe apps, so you'll not lose anything
MatthewTaylor92 said:
Hello! I solved with hard reset.. if you want to try i suggest you to use titanium backup for your safe apps, so you'll not lose anything
Click to expand...
Click to collapse
I am facing the same issues, I do not think a hard reset will solve the problem, these two apps are embedded in the firmware, they lie dormant for a while then kick in, after a while, about 3months after purchase.
I have tried uninstalling & they just re-install, if you phone is rooted, you can hybernate them with ''App Quarantine''
I am struggling to deal with them, as my phone is not currently rooted.
FYI: CM security now shows Gsearch as a virus.
Any solutions please??
Cheers Martin
martinzx13 said:
I am facing the same issues, I do not think a hard reset will solve the problem, these two apps are embedded in the firmware, they lie dormant for a while then kick in, after a while, about 3months after purchase.
I have tried uninstalling & they just re-install, if you phone is rooted, you can hybernate them with ''App Quarantine''
I am struggling to deal with them, as my phone is not currently rooted.
FYI: CM security now shows Gsearch as a virus.
Any solutions please??
Cheers Martin
Click to expand...
Click to collapse
remove them after rooting your phone!!! seems soo unimaginable that they are embedded in your rom :/
pushkardua said:
remove them after rooting your phone!!! seems soo unimaginable that they are embedded in your rom :/
Click to expand...
Click to collapse
Yes you are very likely to be correct, I was kinda hoping, for a solution without rooting? Any ideas? Anyone?
Cheers Martin :angel::angel:
Same problem , rooted phone and uninstalled gsearch and gfirewall but in one or two days they auto-reinstall
Play Store
There is a app in the rom called Play Store (Not Google Play Store!) and Opera Service
Remove those apps from the rom to prevent advertisements at screen unlocking.
To remove Play Store and Opera service your phone needs to be rooted (use Titanium backup fi). You can check this by using a firewall like droidwall.
If you can't root your device:
Use a firewall like mobiwol if your device is not rooted (is creates an internal vpn where it can filter your traffic).
Suspicious files found running at background
I have the same problem with the two files reinstalling by itself after I delete them. I have a Chinese made smartphone Tronsmart PS7 running Android 4.2.2 rooted. After digging deeper into the files running at the background, I noticed there are files that have complete access to all the privilege rights in my phone other than android system, they are android.cube, AdupsFotaReboot, RebootAndWriteSys and Common Data Service. I have tried to force these files to stop and it seems the problem is solved, Anyone has any ideas what these 4 files are for?
I don't think to do any hard reset, if these are hard coded in ROM, this is not a stable solution
IMHO there are only two exit ways:
1) do a virus submission request
I've done this request 1 minute ago.
2) flash the device with another ROM (4.2.2 is getting older, anyway...)
You can see the manifests of Gsearch and Gfirewall, are identical:
Not so good news...
Hi all,
in my case, I found a solution. Once MTKDroidTools used to get root on the phone (root only, nothing else), I pressed the button "Delete China" and the application has removed the files from the "files_for_delete.txt" list. After this, the problems are over !!!
Another way to do this with the phone already rooted, you do it manually, and you can follow the steps of:
http://forum.xda-developers.com/showpost.php?p=44455669
or
http://electricheatingcosts.com/removing-chinese-smartphone-spyware/
Best regards.
No more Gsearch and Gfirewall
I had the same problem with my Chinese new teca n9900 and I found the same apps on my phone that you mentioned. I force stopped android.cube, AdupsFotaReboot, Common Data Service, and RebootandWriteSys in app manager in the setting and now Gfirewall and Gsearch stopped automatically installing. I can't seem to enable them back to restart even after I reboot the phone except for "android.cube" that app will restart after I reboot the phone which may be the app causing them to reinstall. I'm not sure what exactly these apps do but my phone seems to work perfectly without them running. Thank you.
Pete636 said:
I had the same problem with my Chinese new teca n9900 and I found the same apps on my phone that you mentioned. I force stopped android.cube, AdupsFotaReboot, Common Data Service, and RebootandWriteSys in app manager in the setting and now Gfirewall and Gsearch stopped automatically installing. I can't seem to enable them back to restart even after I reboot the phone except for "android.cube" that app will restart after I reboot the phone which may be the app causing them to reinstall. I'm not sure what exactly these apps do but my phone seems to work perfectly without them running. Thank you.
Click to expand...
Click to collapse
It seems like now i don't have Gfirewall anymore but Gsearch got reinstalled and i've got an add displayed again so this solution doesn't really work
uninstall gsearch en gfirewall.
I had the same troubles with my phone (elephone P8). First I stopped the software, then I uninstalled it. So far so good.. Did'nt get popupsuntill now..
Succes..
Arthur
Netherlands
MatthewTaylor92 said:
Hello guys, i have a problem as reported above with 2 bloatware apps on my android phone: Gfirewall and Gsearch.
My phone model is UBTEL U8 (MTK model, china phone) and i'm running Android 4.2.2 ROOTED. I have no custom rom/firmware installed.
These 2 apps appeared magically about 2/3 months ago, and i thought they were safe beacuse of Google logo and name. Nothing happened in these months except for some phone crashes and restarts, but 2 days ago a banner ad appeared in my home screen at phone restart and/or phone unlock. I use AdAway (similar to AdBlock) to disable ALL TYPES of banner, ads and related on my phone, browser and apps. When i went to AdAway i noticed that was disabled: i enabled it again and restarted the phone.. but banner ads still showing.. so i went again in AdAway and it was disabled.. again!
I have a similar problem with 3G/H connection with Vodafone. Everytime i disable internet connection, it gets activated again in 1 minute max.. so i can't disable internet.. never!
I removed these 2 bloatware apps today and fortunatly they didn't show up again or get reinstalled.. ads and AdAway blocks are disappeared. I started a lot of antivirus controls with Avira and nothing showed up.. so i thought i was fine, BUT the internet problem persists.. i can't disable internet everytime i want. Someone of you could help me to solve this problem? I hope there is an alternative method to solve this without format/reset the phone!
Click to expand...
Click to collapse
UPDATE:
I'm triyng "Disconnect Mobile" to limit the amount of data probably stolen by these two applications, and after the last unistall of Gsearch and Gfirewall, they do not auto-reinstall!
Disconnect Mobile is a privacy app inspired by our award-winning browser software. The app actively blocks the biggest mobile trackers when you use an app or browse the web using 3G, 4G, LTE, or Wi-Fi. Optional packs include ad filtering and malware protection. Does NOT require root.
Features:
- Blocks the biggest mobile trackers from tracking and collecting your info
- Blocks ads from more than 2500 ad tracking services
- Blocks thousands of websites suspected of malware, spyware, phishing scams and more
Click to expand...
Click to collapse
Like all ad-blocker apps, you can't find this on Play Store, you can find it on 1mobile, for example.
(I cannot post links)
Please let me know if this hint works on your phones
Hi all, my rooted phone is Ulefone U9592 and I found this information :
http://androidforums.com/android-applications/864435-gfirewall.html
TEXT : " My phone is rooted, i set every apk need confirm install, and wait the apk download and confirm install, i used root explorer try to search which directory is. In my phone, i found "/data/user/0/com. cube. android" have the gfirewall apk, i delete that directory, also check whose apk create this directory. The apk is Cube_CJIA01.apk in /system/app, i delete this apk. It fixed. (I think you find the name may not same Cube_CJIA01.apk)"
Well, I revised this information and the folder are : "/data/user/0/com. cube.activity" or "/data/data/com. cube.activity" and in the folder "files" I found :
"_com.gsz.own.pack.apk" and "_com.zgs.gg.pack.apk" (GSearch and GFirewall), I deleted this APK's and I think the problem is solved ..... NOT REALLY!!
If you check the folder "shared_prefs" you find various XML with the information shared at ALISOFT (Chinesse company) and specifically "ApkLoader.xml" with the URL where are downloaded GSearch and GFirewall. Only you need to delete in the XML the parts what you not are interested .... well, if you reboot the phone, the infected XML are restored. The best option is delete the file Cube_CJIA01.apk (do Backup) and reboot the phone. The mentioned folder disappears and the phone works well. Enjoy !!!
Best regards.
Hi jorfen,
I want to follow your instructions, but I need to root my phone before.
Pelase can you give me some hint (or link) to find the right software?
I don't want to install another chinese spyware (like probably VROOT), to remove GFirewall and GSearch
---------- Post added at 09:28 AM ---------- Previous post was at 08:54 AM ----------
may be I have already found the right answer to my question: Framaroot
Compatibility list:
http://www.tfq.me/rooting-almost-any-android-smartphone-without-computer/
App:
http://forum.xda-developers.com/apps/framaroot/root-framaroot-one-click-apk-to-root-t2130276
jorfen said:
If you check the folder "shared_prefs" you find various XML with the information shared at ALISOFT (Chinesse company) and specifically "ApkLoader.xml" with the URL where are downloaded GSearch and GFirewall. Only you need to delete in the XML the parts what you not are interested.
Click to expand...
Click to collapse
I found two files "ApkLoader.xml" and "ApkLoad.xml" with similar info inside, and in both of them I modified the string starting with
<string name="json">blah blah blah...</string> to <string name="json"></string>
jorfen said:
well, if you reboot the phone, the infected XML are restored. The best option is delete the file Cube_CJIA01.apk (do Backup) and reboot the phone. The mentioned folder disappears and the phone works well. Enjoy !!!
Click to expand...
Click to collapse
in my phone I found some files with different names:
_com.gsz.own.pack.apk
_com.zgs.gg.pack.apk
core.apk
gad.apk
uac.apk
uac.dex
jorfen, Cube_CJIA01.apk was in "/data/user/0/com.cube.activity/files" (or similar) in your phone?
Thanks in advance,
Federico
Hi Federico,
I think you already have rooted the phone. Well, I used for this MTKDroidTools, found in this forum (and modified for only install 'su" and "SuperUser.apk"). No problem, only is needed root for System access.
The app Cube_CJIA01.apk is in the folder "/System/app/" (the normal folder for System App's ). The folder "/data/user/0/" is a soft-link (use ln in linux) to the folder "/data/data/"). You locate in this folders the same information, and this is a default folder for working or write files, used in the APK's. Every reboot of phone regenerate information in this folder.
Best regards.
Good news from my virus submission request at Trend Micro:
The two samples are confirmed as malware.
They will be detected as AndroidOS_FakeGSearch.A
Click to expand...
Click to collapse
From now, all products coming from Trend Micro will handle this malware the right way

recommended steps for locating hidden adware

Hi All,
I'd like some recommendations on steps for locating a stubborn adware infestation that virus scanners don't seem to be able to find on my mobile. System is:
- Samsung SM-G900F
- Android 6.0.1
- unrooted
I get advertising redirects several times per day. It isn't clear where they are coming from. Have tried complete system reset. Uninstalled all downloaded apps. Disabled app auto updating. Ran a Malwarebytes scan. It found nothing.
Is there somewhere a log file for browser calls? At least I could find the app that requests the unwanted URLs.
thunderslug said:
Hi All,
I'd like some recommendations on steps for locating a stubborn adware infestation that virus scanners don't seem to be able to find on my mobile. System is:
- Samsung SM-G900F
- Android 6.0.1
- unrooted
I get advertising redirects several times per day. It isn't clear where they are coming from. Have tried complete system reset. Uninstalled all downloaded apps. Disabled app auto updating. Ran a Malwarebytes scan. It found nothing.
Is there somewhere a log file for browser calls? At least I could find the app that requests the unwanted URLs.
Click to expand...
Click to collapse
you could turn on logging in developer options, though you'll need a little tech skill to use & set up.
Probably an easier way is to use a no root firewall eg
https://play.google.com/store/apps/details?id=eu.faircode.netguard
while the log feature is not free as you only want to find one potential app you can set notifications for internet connection attempts to on, then manually check app & ip address it's trying to connect to win you get popup.
Also you could use this app (it's NOT a proper antivirus app, but a useful 2nd opinion to your actual antivirus), it just allows you to easily see app status from virustotal.com & manually submit any that are suspicious or have not yet been submitted,
https://play.google.com/store/apps/details?id=com.funnycat.virustotal
btw even if you really have uninstalled all 3rd party apps one of the bloatware adk's may have a dodgy ad sdk within it. If so you can (probably) block this with the above firewall if you pay for that feature, without having to root your phone or freeze dodgy app. (Also boot phone into safe mode disables all 3rd polarity apps & see if it still happens)
Note: if system is infected by malware factory reset won't help, you need to reflash the FULL (eg 4 or 5 files inside) Samsung factory ROM with complete wipe. Though as I guess the S5 is not receiving updates anymore, I'd be looking into installing LineageOS to get up to date security patches (after first reinstalling stock ROM asuming you have malware as custom roms are not full roms like samsung factory rom)
thunderslug said:
Hi All,
I'd like some recommendations on steps for locating a stubborn adware infestation that virus scanners don't seem to be able to find on my mobile. System is:
- Samsung SM-G900F
- Android 6.0.1
- unrooted
I get advertising redirects several times per day. It isn't clear where they are coming from. Have tried complete system reset. Uninstalled all downloaded apps. Disabled app auto updating. Ran a Malwarebytes scan. It found nothing.
Is there somewhere a log file for browser calls? At least I could find the app that requests the unwanted URLs.
Click to expand...
Click to collapse
Could be xhelper, mostly Chinese phones (what a surprise ?) it seems but at least one Samsung running 6.0.X like you
https://threatpost.com/android-malware-45k-devices-mystery/149654/

Question (solved) play store auto installing apps on all devices

play store auto installing apps on all devices
Whenever I install something on my s22, it will install it on my galaxy tablet.
How can I prevent this.
In Playstore settings change to update by wifi only and disable wifi. I normally keep Playwhore package blocked and firewall blocked unless needed. Once a Playstore paid for app is activated I firewall block it as well if it doesn't need internet access. I avoid Playstore as much as possible and create installable backups for all the apps from Playstore so I never need to use Playstore again when reloading except for paid apps. It streamlines reloads and they go much faster.
I also use more Playstore alternatives now but always scan them first with Virustotal. A Playstore app may be clean when installed only to download it's payload latter as an "update". Another reason I don't allow updates or an internet connect if not needed. Playstore updates can and do ruin once working apps. Tired of that bs.
Thanks for your thoughts.
But this did not ever happen before.
I've always had a Samsung mobile and Samsung tablet and the mobile app never auto-installed on the tablet till now.
I don't want to turn off auto-update because thats not a real fix.
Need to find out why its auto-installing.
I checked playstore on mobile and on tablet and on browser - but theres no mention of auto-install on all devices.
CorruptedSanity said:
Thanks for your thoughts.
But this did not ever happen before.
I've always had a Samsung mobile and Samsung tablet and the mobile app never auto-installed on the tablet till now.
I don't want to turn off auto-update because thats not a real fix.
Need to find out why its auto-installing.
I checked playstore on mobile and on tablet and on browser - but theres no mention of auto-install on all devices.
Click to expand...
Click to collapse
You can manually install updates from Playstore which is a wiser way to do it. One of the reasons I can run Pie securely is I use vetted apps, some are 6 yo and I firewall block them. Updates bring trouble far too often. Once a system is running fast, stable and fulfilling its mission updates serve no purpose most of the time. Auto updates bring rude surprises and make troubleshooting much harder in tracking down the offender.
In 2.5 years (that's how old this current load is) I've had no malware but spent a lot of time undoing damage updates have caused including a firmware "upgrade" for my Buds+ that trashed the sound. That pair now needs to be reflashed and it's a pain to do. meh.
If you try unmark one or more of your devices before instalation on the app, did it help?
See the pictures.
Same, annoying feature, as on iPhone. On the other device go to settings/network preferences and disable auto update.
Simply manually periodically check for updates on tablet and it will check and update any apps installed if necessary
Monipeev said:
If you try unmark one or more of your devices before instalation on the app, did it help?
See the pictures.
Click to expand...
Click to collapse
that was exactly it!
both devices were checked
many thanks to you!!
raul6 said:
Same, annoying feature, as on iPhone. On the other device go to settings/network preferences and disable auto update.
Simply manually periodically check for updates on tablet and it will check and update any apps installed if necessary
Click to expand...
Click to collapse
see above solution

Categories

Resources