Malware acts as system app, cannot delete it - Security Discussion

Hi everyone!
I'm having difficulties with the malware that I, nor all AV and anti-malware apps I've tried cannot delete. I'm sorry if this thread was discused previously, if so just send me a link.
Here's what happened:
I clicked on a link in a web browser, and than phone flashed several times as application "Firewall" was starting.
Anyway AV app detected a virus and tried to clean it, but failed.
The malware is on the phone as "SecurityService" system app in /system/priv-app/.gmp.apk
I cannot delet file it's write protected. I've tried several methods nothing worked.
Any ideas?

If you're rooted, you can uninstall system apps.
Sent from Hell

No, I cannot... Can you give me some tip how to, maybe I Didn't try it.

Most of the time the app which you get when you root can be used to uninstall system apps.... If you don't seem to find it google for root apps uninstaller and install one of them
Sent from Hell

Nope... I tried several of them but they all failed. They either crash, freez or say something like "unable to uninstall", "failed to uninstall", "can't uninstall for unknow reason" and things like that. This malware protected itself somehow. Any other ideas?

dtalic said:
/system/priv-app/.gmp.apk
Click to expand...
Click to collapse
Just delete the folder with a root file explorer. If the "." in front of the file name is correct, it looks like it's trying to mark itself as a hidden file, which may be why the other methods aren't working.

Yes there is dot (.) in front of file name. But if you are suggesting me to delete folder "priv-app" where the file is, I don't think that's a good idea at all. It's packed with system apps files such as dialer, calendar, contacts, etc... Anything else?

I could show you some screenshots if it would help anyone to maybe figure out what to do... Although I wrote what is going on...

dtalic said:
Yes there is dot (.) in front of file name. But if you are suggesting me to delete folder "priv-app" where the file is, I don't think that's a good idea at all. It's packed with system apps files such as dialer, calendar, contacts, etc... Anything else?
Click to expand...
Click to collapse
Don't delete the folder, delete the apk
Sent from Hell

I cannot delete it. Root Explorer just say "can`t delete file" (or something like that). And dozens of other apps say the same. That is my main problem.

dtalic said:
I cannot delete it. Root Explorer just say "can`t delete file" (or something like that). And dozens of other apps say the same. That is my main problem.
Click to expand...
Click to collapse
You can delete anything in TWRP. Just mount system and then use unternal file manager to delete the app.

That sounds promising. Im quite unfamiliar and new to all this, can you either explain me how to, or send me a link with explanation...

dtalic said:
Yes there is dot (.) in front of file name. But if you are suggesting me to delete folder "priv-app" where the file is, I don't think that's a good idea at all. It's packed with system apps files such as dialer, calendar, contacts, etc... Anything else?
Click to expand...
Click to collapse
I should have paid more attention to the file path. Since Lollipop, installed apks are given their own folders. It looks like you're on Kitkat or earlier.
Most root explorers have a toggle between read only and read/write. Check that.

Yes i know about that. Switching to r/w mode didn't help.
i googled twrp as optimumpro suggested and it seems like something that really would work, BUT my phone is not supported any other suggestions?

I also tried "force remove app (by recovery exploit)" option offered by titaniumbackup, but that also failed saying that file couldnt be found!?

dtalic said:
That sounds promising. Im quite unfamiliar and new to all this, can you either explain me how to, or send me a link with explanation...
Click to expand...
Click to collapse
You need to have TWRP recovery. Boot in recovery, go to Mounts and mount System. Then go back to the main screen, choose Advanced, then File Manager. Go to the directory where your file is, click on it, then choose Delete. You'll get a warning that operation is irreversible. Swipe to execute. That's it.
If that doesn't work for you, then reinstall your current rom without wiping data. This way, your System partition will be reformatted, original system apps installed and data preserved. Depending on the rom you flash, you may lose root and/or Supersu, so, you'll have to redo those.

Ok, I think im following you, optimumpro. I also saw some instructions on youtube. But did you see that i wrote that my phone is not supported in twrp. I need to install it, right? I mailed them, maybe they will add my phone for installation too. Or can i risk trying to install twrp using settings for some other device? There is a ZTE, but not my model...

dtalic said:
Ok, I think im following you, optimumpro. I also saw some instructions on youtube. But did you see that i wrote that my phone is not supported in twrp. I need to install it, right? I mailed them, maybe they will add my phone for installation too. Or can i risk trying to install twrp using settings for some other device? There is a ZTE, but not my model...
Click to expand...
Click to collapse
Unlikely that another device recovery would work. You can use terminal to execute rm "your file" in the directory your file is in. First type su to get root rights. If your rom has no terminal, get it from f-droid. Also see if whatever recovery you use has a file manager or terminal. But again, just reinstall your rom without wiping data...

Ok, here's where im now: tried to use terminal to remove file, but couldn't, it said that i don't have permissions for that. Tried to change permissions, couldn't. As i see it, i should find a way to delete file in recovery. Because i couldn't install twrp, i looked for another recovery file manager. Found "aroma", tried it, but also couldn't install it (none of several versions, followed instructions, but just got message something like "not able to verify... ",something like that... Now, im willing to reinstall rom, but how do i do it? I don't even care for wiping data, I'll just make backup and start all over again

That type of malware usually makes itself immutable so that it can t be erased (even when in recovery, immutable that is), and by reading your post I guess that it s what is happening on your phone.
It s easy to undo if you are rooted and have busybox installed.
Open your android terminal, or connect your phone through adb, then type:
lsattr system/priv-app/.gmp.apk
Most likely it will show something like:
-------------iA----------
The "i" means that the file is immutable, ie is write protected.
To undo this type:
busybox mount -o remount,rw /system
then type:
chattr -i system/priv-app/.gmp.apk
Now you can erase the file, and don t forget to erase its dex in the dalvik cache ([email protected]@[email protected]).
The malware may have some hidden stuff in the system/etc or the system/usr folder(check the install date and time, it should be the same than for .gmp.apk), and it may be immutable too so if that s the case just follow the above procedure again (you ll have of course to change the path, for example if there s a suspicious file called xyz in the system/etc folder then type chattr -i system/etc/xyz).
Let us know if it worked...

Related

[HACK] Kill Amazon MP3 Store Application

Even though I keep killing with Task Manager the Amazon MP3 Store application, it keeps coming back, how I can stop it from auto running all the time or even better to fully remove it from the phone ?, thanks
I fully removed it from the adb shell using rm -f. I think it's stored somewhere in /data/app. Anywais, just look for the apk and remove it.
St.Jimmy! said:
I fully removed it from the adb shell using rm -f. I think it's stored somewhere in /data/app. Anywais, just look for the apk and remove it.
Click to expand...
Click to collapse
I just remove it using Titanium Backup, great tool, I also removed, Mail, VPN, Music, etc.
brosen said:
Even though I keep killing with Task Manager the Amazon MP3 Store application, it keeps coming back, how I can stop it from auto running all the time or even better to fully remove it from the phone ?, thanks
Click to expand...
Click to collapse
Original post @ Modaco
http://android.modaco.com/content/g...-mp3-store-or-other-stock-apps-rooted-device/
---
adb remount
adb shell rm /system/app/com.amazon.mp3.apk
---
If you are using enom's ROM , the option for removing amazon MP3 , and other built-in apps .. is under spareparts :
Application Options
Built-in Applications ..
checkmark and done !
You also can remove it with "Root Explorer" from the market too...
Or SUFBS I hardly ever bother with commands anymore
You can also remov it with Android mate. (marked)
pvillasuso said:
..
---
adb remount
adb shell rm /system/app/com.amazon.mp3.apk
---
Click to expand...
Click to collapse
Thanx..removed
rori1 said:
Thanx..removed
Click to expand...
Click to collapse
Can someone walk me through this? I have a stock N1 I've been using for a couple weeks and would love to get rid of some of these crappy programs I never use, without voiding the warranty.
johnstevens said:
Can someone walk me through this? I have a stock N1 I've been using for a couple weeks and would love to get rid of some of these crappy programs I never use, without voiding the warranty.
Click to expand...
Click to collapse
You can't without rooting.
sergioalvarezmac said:
You also can remove it with "Root Explorer" from the market too...
Click to expand...
Click to collapse
Anyone care to explain how to do this? Is it as simple as just deleting the apk's?
InFlicT666 said:
Anyone care to explain how to do this? Is it as simple as just deleting the apk's?
Click to expand...
Click to collapse
Yep.
If you want to completely remove it, rm the apk, the related /data/data/.. folder, the related dalvik-cache object and remove it from packages.xml.
But for a quick removal just del the apk (and .odex if exists).
Or you could just get root manager from the market (paid app) which allows you to uninstall system apps
Can someone please explain to me why programs like the Amazon MP3 store come back after reboot each time I've deleted it. I've deleted it via Root Manager, android mate, titanium backup and all the other methods listed in this forum. Each seem to be rid of the files with out issue. Then I reboot ...and the program is BACK. Clearly there is something I'm missing when i reboot the system reverts back before I deleted it. I just want this sprint bloatware gone
GinjiVitis said:
Can someone please explain to me why programs like the Amazon MP3 store come back after reboot each time I've deleted it. I've deleted it via Root Manager, android mate, titanium backup and all the other methods listed in this forum. Each seem to be rid of the files with out issue. Then I reboot ...and the program is BACK. Clearly there is something I'm missing when i reboot the system reverts back before I deleted it. I just want this sprint bloatware gone
Click to expand...
Click to collapse
Sounds to me like the old days of my Blackberry, and things getting pushed to your device OTA without permission, lol. I haven't had that issue though, sorry.
GinjiVitis said:
Can someone please explain to me why programs like the Amazon MP3 store come back after reboot each time I've deleted it. I've deleted it via Root Manager, android mate, titanium backup and all the other methods listed in this forum. Each seem to be rid of the files with out issue. Then I reboot ...and the program is BACK. Clearly there is something I'm missing when i reboot the system reverts back before I deleted it. I just want this sprint bloatware gone
Click to expand...
Click to collapse
That...doesn't sound right.
GinjiVitis said:
Can someone please explain to me why programs like the Amazon MP3 store come back after reboot each time I've deleted it. I've deleted it via Root Manager, android mate, titanium backup and all the other methods listed in this forum. Each seem to be rid of the files with out issue. Then I reboot ...and the program is BACK. Clearly there is something I'm missing when i reboot the system reverts back before I deleted it. I just want this sprint bloatware gone
Click to expand...
Click to collapse
Sounds like you're not mounting the file system for writing before trying to write (delete) to the file system.
Very interesting thought. I figured since I'm not familiar with these root file system programs yet I could easily have it set to read only instead of write but after some digging I do have the software set to allow write permissions. I found some posts regarding this deleted program respawning issue. the general consensus is its the systems NAND protection. Im going to work on disabling that and trying again. thanks for the great suggestion though.
tipe this on your termina without the quotes if you dont have a terminal get one at the market.
"su"
"mount -o rw,remount /system"
"rm -r /system/app/com.amazon.mp3.apk"
"pm uninstall com.amazon.mp3"
In root explorer I went in to /system/apps and deleted .com.amazon.mp3.apk. Is that fine or is there anything else I need to delete to uninstall it?

Link2SD completely messed up my phone

Alright guys I'm about to blow my top off here. The most recent Link2SD update completely messed up my entire phone.
For reference, I'm currently running an LG G3 D851 4.4.2, stock ROM and rooted. Everything was fine until recently when I started noticing a Play Store update app error "-110".
Not knowing what it was, I investigated, and found that my entire group of app installations have been completely screwed up.
1) First off, I can't install ANYTHING. No app, no nothing. I need to probably install an updated Link2SD to fix this nonsense...right? Can anyone direct me to how I would install the apk using ADB?
2) My mount script is broken and it's not working. It tells me "Mount script cannot be created. mount: Unknown error 150". As a result, my SD 2nd partition remains unmounted....which I think is the source of this entire problem.
3) Viewing my internal storage through DiskUsage, I've discovered that every single app I used to have installed has been "merged" into a single folder simply called "System data". Referenced through this photo here: http://i.imgur.com/ksukQGG.png . Instead of showing the individual folders, e.g.: Google Translate, Pocketcasts, etc, it just shows that big anonymous block of "System Data".
4) If I go to Settings -> Apps. Every single app shows up with "0.00b" as their app size.
HELPPPPP PLEASEEEE I will seriously monetarily tip someone if they can provide me with a solution to this.
crazylilazn said:
Alright guys I'm about to blow my top off here. The most recent Link2SD update completely messed up my entire phone.
For reference, I'm currently running an LG G3 D851 4.4.2, stock ROM and rooted. Everything was fine until recently when I started noticing a Play Store update app error "-110".
Not knowing what it was, I investigated, and found that my entire group of app installations have been completely screwed up.
1) First off, I can't install ANYTHING. No app, no nothing. I need to probably install an updated Link2SD to fix this nonsense...right? Can anyone direct me to how I would install the apk using ADB?
2) My mount script is broken and it's not working. It tells me "Mount script cannot be created. mount: Unknown error 150". As a result, my SD 2nd partition remains unmounted....which I think is the source of this entire problem.
3) Viewing my internal storage through DiskUsage, I've discovered that every single app I used to have installed has been "merged" into a single folder simply called "System data". Referenced through this photo here: http://i.imgur.com/ksukQGG.png . Instead of showing the individual folders, e.g.: Google Translate, Pocketcasts, etc, it just shows that big anonymous block of "System Data".
4) If I go to Settings -> Apps. Every single app shows up with "0.00b" as their app size.
HELPPPPP PLEASEEEE I will seriously monetarily tip someone if they can provide me with a solution to this.
Click to expand...
Click to collapse
Latest (free) Link2SD version
Latest Android Commander for Windows
Enable usb debugging in your phone's settings (Make sure you have the latest drivers for your phone installed)
Install Android Commander (AC)
Open AC while your device is connected
If your device is listed, press okay
On the right upper side in AC there is a option "Install"
Select the Link2SD APK (Try "update" if it doesn't work "normal insstallation"
Link2SD should be installed again
LS.xD said:
Latest (free) Link2SD version
Latest Android Commander for Windows
Enable usb debugging in your phone's settings (Make sure you have the latest drivers for your phone installed)
Install Android Commander (AC)
Open AC while your device is connected
If your device is listed, press okay
On the right upper side in AC there is a option "Install"
Select the Link2SD APK (Try "update" if it doesn't work "normal insstallation"
Link2SD should be installed again
Click to expand...
Click to collapse
Thank you so much for the detailed response. Unfortunately though, it looks like I already have the most recent version installed, 4.0.9? Would this solve anything by basically reinstalling it? I was hoping there would be like a 4.1 version that would fix the issue or revert changes or something.
Update:
Tried installing an app through ADB and it now shows me this:
WARNING: linker: app_process has text relocations. This is wasting memory and is a security risk. Please fix.
pkg: link2sd-4-0-8-multi-android.apk
Failure [INSTALL_FAILED_INTERNAL_ERROR]
Any idea anybody? Like before, I'd be willing to donate to anybody who can provide me with the solution. Thanks!
crazylilazn said:
Update:
Tried installing an app through ADB and it now shows me this:
WARNING: linker: app_process has text relocations. This is wasting memory and is a security risk. Please fix.
pkg: link2sd-4-0-8-multi-android.apk
Failure [INSTALL_FAILED_INTERNAL_ERROR]
Any idea anybody? Like before, I'd be willing to donate to anybody who can provide me with the solution. Thanks!
Click to expand...
Click to collapse
Seems as you have 4.0.8 at the moment. 4.0.9 is the latest official and released 03/10/2015. By the way (most) people here won't help more willingly if your offer some bucks
LS.xD said:
Seems as you have 4.0.8 at the moment. 4.0.9 is the latest official and released 03/10/2015. By the way (most) people here won't help more willingly if your offer some bucks
Click to expand...
Click to collapse
Oh, I was trying to downgrade Link2SD in hopes that it would fix whatever happened with 4.0.9.
According to the about page in Link2SD, I currently have 4.0.9.
And haha thanks for the heads up...I'm really desperate though which is why I pulled that card out.
crazylilazn said:
Oh, I was trying to downgrade Link2SD in hopes that it would fix whatever happened with 4.0.9.
According to the about page in Link2SD, I currently have 4.0.9.
And haha thanks for the heads up...I'm really desperate though which is why I pulled that card out.
Click to expand...
Click to collapse
Please fix.
pkg: link2sd-4-0-8-multi-android.apk
Click to expand...
Click to collapse
looks like 4.0.8. Thats why I asked. Have you tried to reinstall the app or does it offer an option to reload the mount script?
LS.xD said:
looks like 4.0.8. Thats why I asked. Have you tried to reinstall the app or does it offer an option to reload the mount script?
Click to expand...
Click to collapse
I can uninstall apps, but I can't install or update anything. That's why I was trying to install through adb instead, which unfortunately still doesn't work. When I open up Link2SD, it doesn't give me an option to reload, it only gives me the option to "Recreate mount scripts". If I click on it, it gives me the mount script error - "Mount script cannot be created. mount: Unknown error 150."
crazylilazn said:
I can uninstall apps, but I can't install or update anything. That's why I was trying to install through adb instead, which unfortunately still doesn't work. When I open up Link2SD, it doesn't give me an option to reload, it only gives me the option to "Recreate mount scripts". If I click on it, it gives me the mount script error - "Mount script cannot be created. mount: Unknown error 150."
Click to expand...
Click to collapse
Is there any really important data on your installed apps? If I was you I would simply reflash the firmware and start from scratch instead of spending hours to find a solution. The point is that you don't know what you changed that your phone became like this. I have send a email to the Link2SD developer but I'm not sure if he can provide a solution.
LS.xD said:
Is there any really important data on your installed apps? If I was you I would simply reflash the firmware and start from scratch instead of spending hours to find a solution. The point is that you don't know what you changed that your phone became like this. I have send a email to the Link2SD developer but I'm not sure if he can provide a solution.
Click to expand...
Click to collapse
I'm actually backing up all my app data as I'm typing this. The only concern I have though, is that my phone is actually on the stock recovery. I only rooted it because I didn't want to deal with the potential for something like this to happen (which would suck up all my time, haha). As a result, I can't flash anything. So if I decide to stock factory reset, would that clean the /system /data, and everything else that needs to be cleaned for my phone to work properly again? I thought that root (and potentially whatever screwed my phone) persisted through a stock factory reset, which would make trying to do that pointless.
crazylilazn said:
I'm actually backing up all my app data as I'm typing this. The only concern I have though, is that my phone is actually on the stock recovery. I only rooted it because I didn't want to deal with the potential for something like this to happen (which would suck up all my time, haha). As a result, I can't flash anything. So if I decide to stock factory reset, would that clean the /system /data, and everything else that needs to be cleaned for my phone to work properly again? I thought that root (and potentially whatever screwed my phone) persisted through a stock factory reset, which would make trying to do that pointless.
Click to expand...
Click to collapse
I really don't know, if your root survives a factory reset. Probably it will. A custom recovery is really usefull as you can make complete nandroid backups
LS.xD said:
I really don't know, if your root survives a factory reset. Probably it will. A custom recovery is really usefull as you can make complete nandroid backups
Click to expand...
Click to collapse
I suppose so, I'll have to make sure I can flash it properly though considering I'm finding it impossible to install apps right now. This is getting to be highly frustrating
crazylilazn said:
I suppose so, I'll have to make sure I can flash it properly though considering I'm finding it impossible to install apps right now. This is getting to be highly frustrating
Click to expand...
Click to collapse
Any progress here? Developer has answered my mail, but not offered any solution yet
LS.xD said:
Any progress here? Developer has answered my mail, but not offered any solution yet
Click to expand...
Click to collapse
Well, I solved the mount problem by formatting my SD card. But that didn't fix anything else unfortunately.
I also noticed a couple interesting things:
1) Android and Link2SD show my data and cache for ALL apps to be 0.00b. I know that's not true because I went to the /data/data/app directories and found the data exists.
2) I can use all my apps normally with no problem. that means all the files are there, and can communicate correctly(?)
3) I still can't install any app at all.
Next course of action: Completely disable link2sd's boot script perhaps? So what would that entail, deleting install-recovery.sh from /system/etc/ ? Anything else, or would that be good enough?

Unable to delete bloatware from phone

Hello, I've made a threat not so long ago
http://forum.xda-developers.com/general/xda-assist/rooted-delete-bloatware-t3058272
I'm still unable to delete apps, as u might know, lenovo a850 comes with many useless chineese apps. I have disabled/frozen them, now I'm missing some internal memory.
I rooted my phone with framaroot, installed supersu.
then I tried removing apps with Es file explorer, I gained superuser access to it, and to all apps below, but "operation failed" . Same thing happened to Root explorer.
Later on, I have downloaded no bloat, It says "(app) deleted" but when I exit app and come back in, the app is still there. Same thing is with Titanium backup, I can select uninstall app, it fake uninstalled it, but when I reboot my phone, app is still there, no mater what I do.
Also, I tried using recovery exploit, phone reboots, but the app(s) still remain there
If anyone had same or similar issue, I would've really appreciate any help.
I can provide more info, about build, etc.
"Deleted apps"
imgur.com/fzFM9Rp
As you can see, apps are still there
imgur.com/6cG2kBi
More info
imgur.com/iwjgr86
Thanks for taking your time
Try root browser and locate the apps mostly it's in system/apps ....and delete the apk and restart ur phone ...
sent from my GT I9505 5.0.1
Tried it, still, apps are there
Now, I managed to find why it is unable to delete apps, because permissions.
However i can't change them either. Using total commander, es file explorer or using terminal, every time I get the same error.
imgur.com/Mr1acN1
Any way to fix this?
Ur links dsnt work
sent from my GT I9505 5.0.1
navi dl said:
Ur links dsnt work
sent from my GT I9505 5.0.1
Click to expand...
Click to collapse
Add www. In front, cant post links before 10 posts
FahRoDus said:
Hello, I've made a threat not so long ago
http://forum.xda-developers.com/general/xda-assist/rooted-delete-bloatware-t3058272
I'm still unable to delete apps, as u might know, lenovo a850 comes with many useless chineese apps. I have disabled/frozen them, now I'm missing some internal memory.
I rooted my phone with framaroot, installed supersu.
then I tried removing apps with Es file explorer, I gained superuser access to it, and to all apps below, but "operation failed" . Same thing happened to Root explorer.
Later on, I have downloaded no bloat, It says "(app) deleted" but when I exit app and come back in, the app is still there. Same thing is with Titanium backup, I can select uninstall app, it fake uninstalled it, but when I reboot my phone, app is still there, no mater what I do.
Also, I tried using recovery exploit, phone reboots, but the app(s) still remain there
If anyone had same or similar issue, I would've really appreciate any help.
I can provide more info, about build, etc.
"Deleted apps"
imgur.com/fzFM9Rp
As you can see, apps are still there
imgur.com/6cG2kBi
More info
imgur.com/iwjgr86
Thanks for taking your time
Click to expand...
Click to collapse
First thing first,
WHY...WHY DO YOU MANUALLY DELETE IT?
No offense bud, but yeah after you did that, you missed its registry, permissions, licenses and crap.
Ever heard about Uninstaller[ROOT]?
Ever?
This app saves your LIFE,PHONE and ITS LONGEVITY. This app also indicates what app you should delete, what you shouldn't.:good:
https://play.google.com/store/apps/details?id=com.jumobile.manager.systemapp
There, I gave you the link.:fingers-crossed:
Still, not working, can only delete user apps, but not the system ones
FahRoDus said:
Still, not working, can only delete user apps, but not the system ones
Click to expand...
Click to collapse
Do you actually got root access? You should make the Uninstaller app to ALWAYS GRANT and try again. If no success screenshot me the error popup you are facing.
The thing is, there is no error showing, after "deleting" app, it disappears, but after re-running app, it appears again. The thing is I cannon't change r/w access on .apk files in system/app folder. Even using apps that can change permissions and after granting them.superuser access, I'm unable to change it. On my old phone, after rooting my phone I could easily delete .apk filrs using ES file browser.
Thanks for replying
FahRoDus said:
The thing is, there is no error showing, after "deleting" app, it disappears, but after re-running app, it appears again. The thing is I cannon't change r/w access on .apk files in system/app folder. Even using apps that can change permissions and after granting them.superuser access, I'm unable to change it. On my old phone, after rooting my phone I could easily delete .apk filrs using ES file browser.
Thanks for replying
Click to expand...
Click to collapse
Logcat would help,maybe. Try posting your log here and see what is it tellimg.
CWM log when trying to force remove app using recovery exploit in titanium backup
Finding update package...
I:Update location: SYSTEM:app/appsearch.apk
E:unknown volume for path [SYSTEM:app/appsearch.apk]
E:Can't mount SYSTEM:app/appsearch.apk
Installation aborted.
FahRoDus, u need to do it with MTK Droid Tools. with 1 single click ALL the chinese craps will be GONE...
FahRoDus said:
CWM log when trying to force remove app using recovery exploit in titanium backup
Finding update package...
I:Update location: SYSTEM:app/appsearch.apk
E:unknown volume for path [SYSTEM:app/appsearch.apk]
E:Can't mount SYSTEM:app/appsearch.apk
Installation aborted.
Click to expand...
Click to collapse
Unknown volume huh? Can you execute it? If you can't, I guess you can clean it up by using SD Maid. If the app is even functional....
"WTF? Is this hardware level?"
I would say the abruptly choice to is to COMPLETE WIPE (ROM,kernel,bootloader) and install new ROM. That's my level of expertise, no beyond that.
I mean, something glitched your volumes that they registered empty in kernel but not in the software, or a triple-A type of administration crapware that's preloaded within the ROM which, "BY ANY MEANS...TOP SECURITY SYSTEM APP PROTECTION PREVENTS ANY SOFTWARE-LEVEL DATA TERMINATIONS! ENSURES APPS ARE IN FACTORY STATE, NO MATTER WHATEVER LEVEL OF BREACH INJECTION! DESIGNED BY CHINA COMPANIES! PROVIDED TO YOU!"....
Well that thing actually exists, FYI, and that's the working theory right now.
In addition, try logging via CatLog, cause that is very little log lines for me to decipher.
This was sent from my fully-Xposed-modded Lenovo A850 rooted stock ROM via XDA mobile app.
irfanadli97 said:
Unknown volume huh? Can you execute it? If you can't, I guess you can clean it up by using SD Maid. If the app is even functional....
"WTF? Is this hardware level?"
I would say the abruptly choice to is to COMPLETE WIPE (ROM,kernel,bootloader) and install new ROM. That's my level of expertise, no beyond that.
I mean, something glitched your volumes that they registered empty in kernel but not in the software, or a triple-A type of administration crapware that's preloaded within the ROM which, "BY ANY MEANS...TOP SECURITY SYSTEM APP PROTECTION PREVENTS ANY SOFTWARE-LEVEL DATA TERMINATIONS! ENSURES APPS ARE IN FACTORY STATE, NO MATTER WHATEVER LEVEL OF BREACH INJECTION! DESIGNED BY CHINA COMPANIES! PROVIDED TO YOU!"....
Well that thing actually exists, FYI, and that's the working theory right now.
In addition, try logging via CatLog, cause that is very little log lines for me to decipher.
This was sent from my fully-Xposed-modded Lenovo A850 rooted stock ROM via XDA mobile app.
Click to expand...
Click to collapse
I tried removing apps by flashing
This is what I wrote:
delete("/system/app/14_Youni.apk");
delete("/system/app/17173.apk");
delete("/system/app/appHao123.apk");
delete("/system/app/appsearch.apk");
delete("/system/app/AppStore-279-209160-signed.apk");
delete("/system/app/baidubrowser.apk");
delete("/system/app/BaiduMap.apk");
delete("/system/app/baidusearch.apk");
delete("/system/app/cleanmaster.apk");
delete("/system/app/com.orangestudio.MuteCamera.apk");
delete("/system/app/com.speedsoftware.rootexplorer.apk");
delete("/system/app/iReader.apk");
delete("/system/app/NewsArticle.apk");
delete("/system/app/ninegame.apk");
delete("/system/app/oupeng.apk");
delete("/system/app/qqbrowser.apk");
delete("/system/app/SogouMall.apk");
delete("/system/app/SohuNewsClient.apk");
delete("/system/app/taobao.apk");
delete("/system/app/tencentmobilemanager.apk");
delete("/system/app/TencentNews.apk");
delete("/system/app/TTPod.apk");
delete("/system/app/UCBrowser.apk");
delete("/system/app/youhuidashi.apk");
delete("/system/app/yingyonghui.apk");
delete("/system/app/ es.pulimento.wifi-1.apk");
delete("/system/app/luckypatcher419.apk");
Managed to remove few apps that came with custom ROM (I had S128 stock rom, flashed s203) like luckypatcher, silentcamerapro, rootexplorer... But Chinese apps remain. I can't even chmod apps
it seems like I don't have any problem remove all the chinese apps with MTK Droid Tools
FahRoDus said:
I tried removing apps by flashing
This is what I wrote:
delete("/system/app/14_Youni.apk");
delete("/system/app/17173.apk");
delete("/system/app/appHao123.apk");
delete("/system/app/appsearch.apk");
delete("/system/app/AppStore-279-209160-signed.apk");
delete("/system/app/baidubrowser.apk");
delete("/system/app/BaiduMap.apk");
delete("/system/app/baidusearch.apk");
delete("/system/app/cleanmaster.apk");
delete("/system/app/com.orangestudio.MuteCamera.apk");
delete("/system/app/com.speedsoftware.rootexplorer.apk");
delete("/system/app/iReader.apk");
delete("/system/app/NewsArticle.apk");
delete("/system/app/ninegame.apk");
delete("/system/app/oupeng.apk");
delete("/system/app/qqbrowser.apk");
delete("/system/app/SogouMall.apk");
delete("/system/app/SohuNewsClient.apk");
delete("/system/app/taobao.apk");
delete("/system/app/tencentmobilemanager.apk");
delete("/system/app/TencentNews.apk");
delete("/system/app/TTPod.apk");
delete("/system/app/UCBrowser.apk");
delete("/system/app/youhuidashi.apk");
delete("/system/app/yingyonghui.apk");
delete("/system/app/ es.pulimento.wifi-1.apk");
delete("/system/app/luckypatcher419.apk");
Managed to remove few apps that came with custom ROM (I had S128 stock rom, flashed s203) like luckypatcher, silentcamerapro, rootexplorer... But Chinese apps remain. I can't even chmod apps
Click to expand...
Click to collapse
Yea, try MTKDroidTools, I never used it but I've been convinced it will work.
This was sent from my fully-Xposed-modded Lenovo A850 rooted stock ROM via XDA mobile app.
I'll try that, and will report results, thanks

Unable to create folder /data/media/0/TWRP/BACKUPS

I've read a few posts that seem similar but nothing too recent. I'm trying to backup what I have now so I can flash another ROM but it keeps failing. I even used es file manager with root and created the folder needed and gave it root permissions but it still fails in TWRP to backup.
Switch on „mount namespace separation“ in super su
jeffrimerman said:
I've read a few posts that seem similar but nothing too recent. I'm trying to backup what I have now so I can flash another ROM but it keeps failing. I even used es file manager with root and created the folder needed and gave it root permissions but it still fails in TWRP to backup.
Click to expand...
Click to collapse
Are you decrypted? Else you won't be able to back up.
alexS123 said:
Switch on „mount namespace separation“ in super su
Click to expand...
Click to collapse
Thanks guys, I was wondering about if I'm decrypted or not. How do I check? It's probably a dumb question =/. I ended up installing another ROM and it uses Magisk baked into it so I don't see an option for mount namespace separation. Maybe I can attempt to backup now just to see if it works with this ROM or maybe it's not decrypted still. For some odd reason it refused to let me install Facebook, or Facebook Messenger from the play store and one of my apps won't start. It just tries to start then crashes. I downloaded a couple "updates" from a site that says they are stock ROMs. "update_full_hw_usa.zip" is 544 mb and "update" is 1.72gb. I'm thinking of going back to stock but that would probably lock the bootloader and erase twrp right?
Edit: I tried to back up again but it does the same thing. I did notice it also says "failed to unmount /DATA". It might have said that before.
Edit: I see under security the encrypt phone section. At the bottom the "Encrypt Phone" button is faded out and above it I see "Charge your battery and try again" and "Plug in your charger and try again" so I'm not too sure but guessing that means I'm not encrypted but it is faded out so maybe it is?
jeffrimerman said:
Thanks guys, I was wondering about if I'm decrypted or not. How do I check? It's probably a dumb question =/. I ended up installing another ROM and it uses Magisk baked into it so I don't see an option for mount namespace separation. Maybe I can attempt to backup now just to see if it works with this ROM or maybe it's not decrypted still. For some odd reason it refused to let me install Facebook, or Facebook Messenger from the play store and one of my apps won't start. It just tries to start then crashes. I downloaded a couple "updates" from a site that says they are stock ROMs. "update_full_hw_usa.zip" is 544 mb and "update" is 1.72gb. I'm thinking of going back to stock but that would probably lock the bootloader and erase twrp right?
Edit: I tried to back up again but it does the same thing. I did notice it also says "failed to unmount /DATA". It might have said that before.
Edit: I see under security the encrypt phone section. At the bottom the "Encrypt Phone" button is faded out and above it I see "Charge your battery and try again" and "Plug in your charger and try again" so I'm not too sure but guessing that means I'm not encrypted but it is faded out so maybe it is?
Click to expand...
Click to collapse
Go to twrp, advanced, file manager. Browse to /data/app and see if you see normal folders or randomly named folders. If the latter you are encrypted.
Same if you tap install then try to install from internal sd.
ante0 said:
Go to twrp, advanced, file manager. Browse to /data/app and see if you see normal folders or randomly named folders. If the latter you are encrypted.
Same if you tap install then try to install from internal sd.
Click to expand...
Click to collapse
Thank you. I should have checked that before I put another ROM. I did see randomly named folders when I connect it to my laptop but I can't remember when but I bet it was in that folder. I ended up within TWRP formatting data I think but it did have my type "yes" and said it would eliminate encryption, then I installed the new ROM. I should check and see if the new ROM has encryption. So far data on the root drive isn't encrypted and data in the android folder isnt' encrypted when I check with my laptop.
Edit: It's backing up so must not be encrypted. I check using the file manager in twrp and can see all the files in data. Thanks for you help. I guess if I had sensitive info on my phone then it would be something to do but I don't have a need to encrypt.
jeffrimerman said:
Thank you. I should have checked that before I put another ROM. I did see randomly named folders when I connect it to my laptop but I can't remember when but I bet it was in that folder. I ended up within TWRP formatting data I think but it did have my type "yes" and said it would eliminate encryption, then I installed the new ROM. I should check and see if the new ROM has encryption. So far data on the root drive isn't encrypted and data in the android folder isnt' encrypted when I check with my laptop.
Edit: It's backing up so must not be encrypted. I check using the file manager in twrp and can see all the files in data. Thanks for you help. I guess if I had sensitive info on my phone then it would be something to do but I don't have a need to encrypt.
Click to expand...
Click to collapse
If you did format data again now, flash the data files supplied by your rom. (Public and Hw data) else you will have problems with themes and stuff.
If you didn't format data now, disregard this message
ante0 said:
Are you decrypted? Else you won't be able to back up.
Click to expand...
Click to collapse
You can take a backup using this thread
https://forum.xda-developers.com/on...overy-unofficial-twrp-touch-recovery-t3861482
mansi0312 said:
You can take a backup using this thread
https://forum.xda-developers.com/on...overy-unofficial-twrp-touch-recovery-t3861482
Click to expand...
Click to collapse
That's for OPO6.

Your Phone is Locked Because the Payment Service was Uninstalled

If you ever lock Your Samsung because of disabling Samsung Payments or by debloating and You have TWRP installed here is a fix.
Boot to TWRP and using File Manager copy data/system/users/0/package-restrictions.xml to SD and then copy this file to PC to and open in notepad or any text editor.
Remove <pkg name="com.samsung.android.kgclient" ceDataInode="-4294836077" enabled="3" enabledCaller="0/" /> line from the file. It can have different values but package name must be the same. Remove whole line, save file and place it back to data/system/users/0/. I suggest to delete old package-restrictions.xml and package-restrictions.xml.bak before placing back edited file.
That's it, phone should be unlocked now.
Thank you! This saved me from several hours of tweaking this stupid samsung security.
Thank you @Chamelleon! I was about to get in to a full reflash stock, reroot, reinstall situation. Damn, I love xda!
BTW, the thing I did differently was to remove the three lines inclusive of
<disabled-components>
<item name="com.samsung.android.kgclient.receiver.KGAgentReceiver" />
</disabled-components>
...and changed enabled="3" to enabled="1" in this line
<pkg name="com.samsung.android.kgclient" ceDataInode="2643" enabled="1"
Probably not required, but thought I'd mention it.
Galaxy Tab S6
Android 9
Stock-Rooted
i cant find the line even if i search it
I tried attempted to debloat an S8 (running Pie), but I started receiving this message afterwards. There's no “com.samsung.android.kgclient” in the package-restrictions.xml file. Is there any other place this restriction could be enforced?
Found Another Way 2
in my case i copied the file package restrictions but did not found the line or the package in it.
What I Did
1. download the Samsung payment services apk from apkmirror.com
2. installed this app as a system app using lucky patcher.
Note: i guess we can use the adb tool too to install apps as system apps.
3. Nothing just restart and done.
Also this can be overcome in every restart without installing the above app. As you may have noticed device waits some time after the restart before pushing the notification and locking the device. What i found is that if we restart the SystemUI it disables the lock and does not show it up until next restart.
Enjoy and Keep Sharing.
I went in and deleted package-restrictions.xml and the bak file, I can reboot now and get in with the message, I initially uninstalled payment services, I tried flashing a zip of payment services apk couldn't get that going, now I'm getting android set up pop ups and my twrp won't boot to the recovery loader from within the app, and super su has lost all the settings for applications!?¿ rlly don't want to do a clean flash and re root ... bloody system packages arggghf help
Wow, this was easy. Thanks!
harismuntazir said:
in my case i copied the file package restrictions but did not found the line or the package in it.
What I Did
1. download the Samsung payment services apk from apkmirror.com
2. installed this app as a system app using lucky patcher.
Note: i guess we can use the adb tool too to install apps as system apps.
3. Nothing just restart and done.
Also this can be overcome in every restart without installing the above app. As you may have noticed device waits some time after the restart before pushing the notification and locking the device. What i found is that if we restart the SystemUI it disables the lock and does not show it up until next restart.
Enjoy and Keep Sharing.
Click to expand...
Click to collapse
Hi..how to restart system ui within so limited time
Chamelleon said:
If you ever lock Your Samsung because of disabling Samsung Payments or by debloating and You have TWRP installed here is a fix.
Boot to TWRP and using File Manager copy data/system/users/0/package-restrictions.xml to SD and then copy this file to PC to and open in notepad or any text editor.
Remove <pkg name="com.samsung.android.kgclient" ceDataInode="-4294836077" enabled="3" enabledCaller="0/" /> line from the file. It can have different values but package name must be the same. Remove whole line, save file and place it back to data/system/users/0/. I suggest to delete old package-restrictions.xml and package-restrictions.xml.bak before placing back edited file.
That's it, phone should be unlocked now.
Click to expand...
Click to collapse
i cant find this xml anywhere, please help
Any advice if twrp isn't yet installed but device is already rooted?
Solution is to reboot to Samsung recovery and factory reset. Worked for me.
JoshReuben said:
Solution is to reboot to Samsung recovery and factory reset. Worked for me.
Click to expand...
Click to collapse
luckily factory reset solves it. i was already getting anxious about paying "ransomware" to samsung service oof
thanks
but my TWRP doesnt mount data
CANDco said:
but my TWRP doesnt mount data
Click to expand...
Click to collapse
Only hard reset can fix Your phone then. If TWRP can't mount data it means that your phone is encrypted and without full wipe you won't be able to unlock it.
Thanks! I just fixed my m51 with this method. I was thinking about restoring full TWRP backup or flashing stock rom as last resort. So glad I found this thread.
I don't know what is wrong with my phone. I disabled the app, and got the message. I did what you suggested and rebooted. but the app re-enabled itself. I tried disabling again and the message came up again. I checked and that line is no longer in my package-restrictions.xml
Luckily for me, just rebooting unlocks my phone, but I think that defeats the purpose....
I kinda want to get rid of that app
adb shell pm enable com.samsung.android.kgclient
will solve the problem
jafferkhan said:
i cant find this xml anywhere, please help
Click to expand...
Click to collapse
Man, that was a trip to do, but on my unlocked S9+, it worked! I could only see the exact file when I opened the .xml file with wordpad on my Win. 10 to edit it, otherwise it's very hard to spot scrolling in TWRP on the device, particularly since the long package list can freeze up while you scroll down.
I should add, that I used an OTG USB Bridge with a type C connector to paste the copied .xml file to the connected flash drive I mounted in TWRP (just scroll up through the directories for "OTG USB' to find the drive to paste it), then put it on my PC, this made the process go even faster.
But it's better to proactively check what apps can be disabled, removed, or in my case frozen with Titanium Pro, before ever having to deal with such a scare as this!
Chamelleon said:
If you ever lock Your Samsung because of disabling Samsung Payments or by debloating and You have TWRP installed here is a fix.
Boot to TWRP and using File Manager copy data/system/users/0/package-restrictions.xml to SD and then copy this file to PC to and open in notepad or any text editor.
Remove <pkg name="com.samsung.android.kgclient" ceDataInode="-4294836077" enabled="3" enabledCaller="0/" />line from the file. It can have different values butIpackage name must be the same. Remove whole line, save file and place it back to data/system/users/0/. I suggest to delete old package-restrictions.xml and package-restrictions.xml.bak before placing back edited file.
That's it, phone should be unlocked now.
Click to expand...
Click to collapse
What are procedures on how to remove the file after disabling the package, my Samsung A03 CORE can't mount. So kindly assist me here..

Categories

Resources