Addware /bloatware or virus in a UMI diamond X stock ? - Security Discussion

Hi
A friend bought a UMI diamond X a month ago.
From yesterday he stars to have some commercials each time that he takes his phone.
Did the put something in the stock rom that activate after a little time of use ?
Someone knows something?
thanks

I don't know if there is a delay or not before adds start but Chinese phones are known to have quite aggressive ad network even with stock apps & they have weak privacy often, so it could be a stock app. Some Chinese phones have also been shown to do silent upgrades, so you don't know when they update something (can't recall if Umi is one) which is why is may only start a month later.
However it could be due to malware/adware downloaded from a website or if he has used one of the Chinese app stores to get an app or any store that is not Google you are increasing your risks, those stores are not well regulated and many apps have had adware/malware inserted into legitimate looking apps like youtube etc. Did he recently download some apps from an app store that was NOT Google?
see eg
http://blog.teamleadnet.com/2015/06/how-to-remove-adware-browser-hijack-or.html
or
https://www.youtube.com/watch?v=zfi6N10ARFA
(also lookout for Chinese apps (or any other unusual apps) with western alphabet like Baidu, which this guy seems to ignore)

IronRoo said:
I don't know if there is a delay or not before adds start but Chinese phones are known to have quite aggressive ad network even with stock apps & they have weak privacy often, so it could be a stock app. Some Chinese phones have also been shown to do silent upgrades, so you don't know when they update something (can't recall if Umi is one) which is why is may only start a month later.
However it could be due to malware/adware downloaded from a website or if he has used one of the Chinese app stores to get an app or any store that is not Google you are increasing your risks, those stores are not well regulated and many apps have had adware/malware inserted into legitimate looking apps like youtube etc. Did he recently download some apps from an app store that was NOT Google?
see eg
http://blog.teamleadnet.com/2015/06/how-to-remove-adware-browser-hijack-or.html
or
https://www.youtube.com/watch?v=zfi6N10ARFA
(also lookout for Chinese apps (or any other unusual apps) with western alphabet like Baidu, which this guy seems to ignore)
Click to expand...
Click to collapse
Thanks.
As far as I know he didn't install something for a while and on the umi diamond X there is no parallel app store.
He did a factory reset but if there are new commercial pop up i'll try your links , thank you again

Android 5.0 and above, just download, install DNS66 from Fdroid. Update all hosts file.

Cedric1127 said:
Hi
A friend bought a UMI diamond X a month ago.
From yesterday he stars to have some commercials each time that he takes his phone.
Did the put something in the stock rom that activate after a little time of use ?
Someone knows something?
thanks
Click to expand...
Click to collapse
I have the same problem, couple days ago commercials started shows all time, i tried use DNS66 and it doesn't help.
Do anybody know how to root this phone?

I can tell that on UMI Super apart from the battery additions and MediaTek apps there is no of that, very little bloat.. alost AOSP.
This also should help you identify some MTK apps http://bitlog.it/re/dissecting-an-android-chinaphone/

Bringing this up .
I have exactly the same problem. Ad starts showing up on lock screen and every few day some fake app installs out of nowhere. What can I do?
Wrote about it here on xda
The only thing I haven't tried yet is going to stock but now I found this topic and not sure if even that would help. Did OP had any luck with this?

Cedric1127 said:
Thanks.
As far as I know he didn't install something for a while and on the umi diamond X there is no parallel app store.
He did a factory reset but if there are new commercial pop up i'll try your links , thank you again
Click to expand...
Click to collapse
cyryl85 said:
I have the same problem, couple days ago commercials started shows all time, i tried use DNS66 and it doesn't help.
Do anybody know how to root this phone?
Click to expand...
Click to collapse
AbelardM said:
I can tell that on UMI Super apart from the battery additions and MediaTek apps there is no of that, very little bloat.. alost AOSP.
This also should help you identify some MTK apps http://bitlog.it/re/dissecting-an-android-chinaphone/
Click to expand...
Click to collapse
the_bulk said:
Bringing this up .
I have exactly the same problem. Ad starts showing up on lock screen and every few day some fake app installs out of nowhere. What can I do?
Wrote about it here on xda
The only thing I haven't tried yet is going to stock but now I found this topic and not sure if even that would help. Did OP had any luck with this?
Click to expand...
Click to collapse
I saw another forum where someone says you need to freeze the "super cleaner" app (can't be uninstalled) that comes with the phone to stop this & maybe any of the DU branded apps also if they
(edit: on other phone eg Zuji they have another app "battery saver " that seems to work similarly and serve ads or/or push apps to your phone in the same way that needed to be frozen)

I am having lots of problems with my umi diamond x screen keeps jumping and goes into the black screen with all your settings on like wifi aeroplane mode screen brightness etc it locks up the phone, I am also getting lots of adds and the phone is getting hot and using up the battery too, I have taken the sim out and sd card and it still does this so the issues are not sd or sim so it must be the operating system on the phone or something, I have tried everything but cant fix can anyone help or should I just buy a new phone

you can try a factory reset or you can flash the phone with an original room or a custom room but as far as I remember there are very few custom ROMs for this phone

Related

Motorola Solutions TC55

Hello,
I have a TC55 from Motorola Solutions (i.e. the enterprise division that does not belong to Google). It is a rugged phone with a big battery (4400 mAh), but certainly not the sleekest design. Not sure if there is much interest in this kind of device, and I am certainly no developer - but in case anyone is investigating the TC55, here are two things I found so far:
It does not come with any Google apps: no Maps, no Gmail, no Play store and so on.
It is easily rooted with Framaroot using the Gandalf exploit.
(I cannot post this info into the Framaroot thread due to my low post count).
Anyway, maybe this helps someone. I will be happy to try to answer any questions about the TC55, but keep in mind I am no pro and I am not keen in messing around in its internals much more than I have done already.
Elanguescence said:
Hello,
I have a TC55 from Motorola Solutions (i.e. the enterprise division that does not belong to Google). It is a rugged phone with a big battery (4400 mAh), but certainly not the sleekest design. Not sure if there is much interest in this kind of device, and I am certainly no developer - but in case anyone is investigating the TC55, here are two things I found so far:
It does not come with any Google apps: no Maps, no Gmail, no Play store and so on.
It is easily rooted with Framaroot using the Gandalf exploit.
(I cannot post this info into the Framaroot thread due to my low post count).
Anyway, maybe this helps someone. I will be happy to try to answer any questions about the TC55, but keep in mind I am no pro and I am not keen in messing around in its internals much more than I have done already.
Click to expand...
Click to collapse
I heard my company is planning to go with these soon for entry level supervisors such as myself. I'm trying to figure out exactly what it is. All the specs and brochures from Motorola keep calling it a mobile computer in a smartphone "form factor" but never actually call it a phone. I didn't see anything in any of the specs to lead me to believe for sure that it was a phone or if it was just an Android computer in a smartphone form factor.
Anyway, I just wanted to confirm, that, you're certain this is a phone, correct?
Thanks.
- Byron
bfollowell said:
Anyway, I just wanted to confirm, that, you're certain this is a phone, correct?
Click to expand...
Click to collapse
Yes, definitely. You can call and get called, and you can send and receive SMS. It also supports wired headsets, and it is supposed to work with Bluetooth headsets, though I do not have any to test.
Elanguescence said:
Yes, definitely. You can call and get called, and you can send and receive SMS. It also supports wired headsets, and it is supposed to work with Bluetooth headsets, though I do not have any to test.
Click to expand...
Click to collapse
Thanks for the info but it looks like mine is going to be crippled.
Sort of a let-down really. Yes, it "can" be a phone. Or without a sim card it can be a really powerful Android based mobile computer. That's what it is going to be for most of us. Only a few supervisors with area management approval are going to get units with the phone features working. Still cool. Just not as cool as I'd thought it was going to be.
- Byron
bfollowell said:
Thanks for the info but it looks like mine is going to be crippled.
Click to expand...
Click to collapse
I see, sorry to hear that. It sounds weird to me to do that, but then again I have no clue about this type of work.
Maybe the crippling could be worked around or undone by people with good Android knowledge - but I suppose it might not be the best idea to go against company policy.
Elanguescence said:
I see, sorry to hear that. It sounds weird to me to do that, but then again I have no clue about this type of work.
Maybe the crippling could be worked around or undone by people with good Android knowledge - but I suppose it might not be the best idea to go against company policy.
Click to expand...
Click to collapse
I don't think they're doing anything all that special to cripple it. They just won't all have sim cards or a cell plan. Pretty much as simple as that.
I won't be doing anything to circumvent that though or rooting it or anything like that. It's not like it's a gift and it belongs to me or anything. After almost 22 years, I've kind of grown to like my job and getting a paycheck every two weeks.I'd kind of like to keep it for another 15 or 20 years. Who knows, maybe my manager will decide that I need cell service with mine.
I work for a large automaker in the U.S. We have over 2.8 million square feet under roof. Personally, I can be anywhere on in the plant, on the roof, in pits & sub-basements underneath or anywhere on or near the 50 acre plant site at any given time. A lot of what I need to do on a daily basis is through our intranet portal. They're putting in something like 500 new wi-fi repeaters/extenders all around the plant as well. They're purchasing these for over 300 first line supervisors at my site alone. I'm pretty sure they're doing this corporate-wide so I hate to think what they're spending on these things as a corporation. I'm sure it would bankrupt many small nations! In addition to giving us portal access away from the desk, these are meant to replace our aging industrial radio system. As expensive as these are, they're still much cheaper than $1.5 to $2k per person for a radio that has no other built-in functionality and these do seem pretty ruggedized.
Still a shame about the phone functionality though.
- Byron
Can you see what browser it comes with? Can you install (untrusted) APKs directly without rooting it?
FYI, in case anyone's wondering, there is a version with Google apps on the way (if it isn't already orderable).
Sent from my Moto X
tfnico said:
Can you see what browser it comes with? Can you install (untrusted) APKs directly without rooting it?
Click to expand...
Click to collapse
Browser is a standard one, which comes with other devices. Name is Browser.apk and version is 1.0.9
It's possible to install unsigned APK's without rooting.
google account
Hi,
I got stucked with trying to get google calendars from my google account to TC55.
I found one solution to setup google account as a corporate one, but it's not available anymore due to change in google policy.
I can setup google mail via email account, but that doesn't bring me my calendars to the device.
I tried to install gapps but without success.
Is there any other way?
Thanks.
Motorola work on google apps for TC55.There is in beta.
Elanguescence said:
... here are two things I found so far:
It does not come with any Google apps: no Maps, no Gmail, no Play store and so on.
It is easily rooted with Framaroot using the Gandalf exploit.
(I cannot post this info into the Framaroot thread due to my low post count).
Anyway, maybe this helps someone. I will be happy to try to answer any questions about the TC55, but keep in mind I am no pro and I am not keen in messing around in its internals much more than I have done already.
Click to expand...
Click to collapse
Obviously u rooted, can u install gapps in it?
RjCode said:
Obviously u rooted, can u install gapps in it?
Click to expand...
Click to collapse
No idea, I haven't tried. As far as I understand gapps are usually installed via flashing a zip from recovery, and the stock recovery of the TC55 does not have that option, it only allows reflashing a whole image, if I understand it correctly. Either way, I have come to appreciate the open source alternatives and do not want to get Google on my phone, so I will not try, sorry.
However, going by this thread over at the Motorola support forum, it seems it won't take long until there is official gapps support:
https://developer.motorolasolutions.com/thread/4989
Motorola has now released a TC55-firmware with Google apps. Here are the release notes:
https://atgsupportcentral.motorolasolutions.com/content/emb/docs/ReleaseNotes/Release%20Notes%20-%20%20TC55_RevAPlus_GMS_01%2074G_v10.htm
According to the support email they sent me, to get the actual release you need to perform the following arcane ritual:
Resolution Type is : Software Download
Resolution Id is  : 95562
Resolution Title is : TC55 Update Image v1.74 with GMS (Google Mobile Service) Release Note & Factory Reset & Enterprise Enabler package
restrictedSW :
T55N0JGMVRUEN17400.zip 321 MB TC55 OS Recovery Update package
T55N0JGMVAUEN17400.apf 321 MB TC55 OS update package file for deployment using MSP
If you require access to OS files for TC55 1.74 GMS then call the local Support Desk and provide following information:
a. Site ID
b. Serial #(s)
c. Phone #
d. Customer name (First and Last)
e. E-mail address
Click to expand...
Click to collapse
Don't ask me what the local support desk number is, or the site ID, or why they have to make this so complicated.
Hi Elanguescence,
I think I screwed up my tc55 by enabling the multiuser function without first creating the white list. Now all the users (with admin rights) does not have access to all the programs, including Applock Administrator and Multiuser administrator.
To cut things short, do you know of a way to reset the device? I don't mind setting it to factory default and start over. I've googled it and some said to launch Rapid Deployment and scan a barcode from there... but my Rapid Deployment just says "Service Not Ready, Please Wait" and get stuck there.
Any help appreciated. Thank you.
Any TC55 users here? Should be getting my unit w/ GMS soon... How do you guys like it?
Is the bootloader locked?
Sent from my Moto X
Hey!
I want to Buy one TC55 for me. Normally i hate Android and the Google stuff on the Phone but some Motorola Salesman told me there is a version with out.
Now i use an Sybian Device. That mean i am "offline" the hole time and when i need Internet the Phone connect the the Internet.
So how about that phone can i work "offline" to?
I will also use an VPN Tunnel to block on my backend all Connnection i dont want. Does all Data trough this VPN Tunnel ?
How about the Barcode Scanning does it work good?
I know for 2D i need to use the Cam but how works it when i am in some other Application?
Nobody?
Ok. I just bought a TC55 from a Friend and I was wondering if someone would post the update to get GSM and the Factory Reset packages. I went to the page and it requires all the information posted above before. Mine is rooted, but i am trying to install GAPS but the recovery is the basic and cannot. I manually installed Google Play and the Google Play Services but Google Play services keep crashing and the Play Store will not connect, any ideas ?
the are 2 versions one with google s... service and the other without.
So i belive you have the first?
(Can i ask you some question about that phone?)

Preinstalled bloatware and possibly phishing tools on some devices?

Since i live in Europe i couldn't buy the Mi4i through a well known seller and got it through Aliexpress.
I havn't owned a Xiaomi phone before, but the amount of crapware preinstalled is insane. I was able to disable some of it, but not all.
The phone does some random actions every now and then too, such as when i fully shutdown chrome and start it again it will open an ad in a new tab which is very annoying. It has also downloaded some random files named 1.tmp, 2.tmp, 3.tmp, 4.tmp and 5.tmp which i havn't downloaded at all. Just connected to a new wifi and I saw that these five files started downloading from my notification tray and instantly canceled the download which worked fine. I have not installed any third party apps that are not on google play, and the only apps i have downloaded from google play are Google Music, Soundcloud, Plex, Reddit Sync and Terminal Emulator and all of those are clean.
Does anyone else have the annoying apps DU Speed Booster, DU Battery Booster, DC Share or Monoplay preinstalled on their devices? When i ran MIUI on my nexus 5 a year ago i didn't get those apps preinstalled, and they are pissing me off and i can't remove them. The youtube app is also extremely outdated and it isn't able to update through the play store.
The security app doesn't report that there are any viruses, but i'm not really counting on that.
I have had the phone for 4 days now and rooted 1hr ago, and will try to fix some of these things like removing the preinstalled crapapps, and if it messes up the phone i'll just do a factory reset.
Have anyone else had these problems? I love the hardware of the Mi4i and I'm still getting used to MIUI, but all this crapware and strange behaviour annoys me alot.
I'm from germany and I got my mi4i from TradingShenzhen and I dont had these apps preinstalled
I got mine from the official retailer of mi and no apps where installed expect from two keyboard apps which I uninstalled the first day
Sent from my Mi 4i using Tapatalk
Account removal
Deleted
I first removed some apps with root, but some of the preinstalled apps were still unable to be removed, so i went and downloaded the developer rom, flashed it and did a full data reset. Works great now, battery is improved and the speed of the device is waaaay better. Had some stuttering every now and then before, but now it's barely anywhere!
Now when the experience isn't bottlenecked by the software anymore, the Mi4i is a great device!
If anyone wonders, i bought it from the Aliexpress seller Hong Kong Goldway, so don't buy it there. It's the real product and shipping with DHL was just 5$, but the crapware was horrible.
zenolijo said:
I first removed some apps with root, but some of the preinstalled apps were still unable to be removed, so i went and downloaded the developer rom, flashed it and did a full data reset. Works great now, battery is improved and the speed of the device is waaaay better. Had some stuttering every now and then before, but now it's barely anywhere!
Now when the experience isn't bottlenecked by the software anymore, the Mi4i is a great device!
If anyone wonders, i bought it from the Aliexpress seller Hong Kong Goldway, so don't buy it there. It's the real product and shipping with DHL was just 5$, but the crapware was horrible.
Click to expand...
Click to collapse
Enjoy
Sent from my Mi 4i using Tapatalk
Account removal
Deleted
Hi there.
i got all these preinstalled spam apps too on my mi 4i. i ordered it via aliexpress (hong kong goldway). To be on the safe side root your phone and flash the original firmware from the xiaomi website. dont type in any password or do bank stuff with the phone before you not removed all this spamware. But hongkong goldway is not bad at all - they ship very quick.
so glad its not just me
I am so glad its not just me thats had problems with the bloatware. I thought something was up when i had 2 different antivirus software on here. this morning its been installing porn apps! I got mine from coolicool.
Being a complete newbie if someone could point me towards how to flash the new firmware onto the phone id appreciate it.
Dan.
---------- Post added at 10:55 AM ---------- Previous post was at 10:05 AM ----------
ahhh found a site androidxda with the rom and instructions.
ewawowa said:
I am so glad its not just me thats had problems with the bloatware. I thought something was up when i had 2 different antivirus software on here. this morning its been installing porn apps! I got mine from coolicool.
Being a complete newbie if someone could point me towards how to flash the new firmware onto the phone id appreciate it.
Dan.
---------- Post added at 10:55 AM ---------- Previous post was at 10:05 AM ----------
ahhh found a site androidxda with the rom and instructions.
Click to expand...
Click to collapse
Hi Dan!
Download the Miui Phone Manager from the official website (you need this because of the phone drivers - restart your computer). after that install the root tool (you can find it here: http://forum.xda-developers.com/mi-4i/development/tool-native-root-twrp-recovery-efs-t3122346) - after that go to settings on your phone and tap on "MIUI version" so often until you phone displays "you are now developer". after that go to settings -> Additional settings and click on "developer options". Turn "USB debugging" on. Download the official MIUI Firmware here: http://en.miui.com/download-263.html (pick the stable version). Put this on your phone via USB. After all that start the root tool on your computer (connect phone via usb now too) and type 1 + enter on the computer. Wait...i think your mobile restarts. Next start root tool again and type 2 + enter. After your phone restarts again. push Power off + volume down buttons some seconds together. now your phone starts into twrp. now tap "install" and then from zip and go there where you put the MIUI Firmware . Tap on it - then swype to flash. Then wait. you can wipe cache, davlic cache in twrp after that too after the firmware flash procedere. I think thats it
I'm worried, too!!
Hi there!!
The same is happening to me, I bought it through Pandawill... I'm very glad to find this forum, I'm newbie too and I was really worried not finding answers... Now I will try to understand what are you talking about, and I hope to solve it with your instructions, guys.
So, until I manage to do all this, should I unintall all my apps to avoid someone catch my passwords???

Help: Is a New Cubot X6 image available? System is compromised!

Hello!
I would like to ask for help installing either a new Cubot X6 Android or a linux based system. Until recently I wasn't aware of what kind of aggressive trojans for Android happen to compromise a phone to a degree where the solution is to buy a new one. I do not want to accept that. Therefor I am here to ask for help.
WLAN enabled - the phone runs nutts. It causes unknown apps to be installed, ruining the function of the phone completely. I bought it via ebay, a used Cubot X6. I had the device years ago until i sat on it which happened to break the display, but I liked it and bought it again, used. (The used one cost 60 bucks, a replace-display would have cost 35, so I ran with the used one - big mistake as it turned out).
Now, it's root-system is compromised. I set it to only allow apps from trusted sources. I did not download any apps beside well known trust-worthy ones, like google-maps, WhatsApp, all together.
When I first enabled WLAN, it suddenly started to display a message of the shutting down of "org.rain.ball.update" and also "ssCleaner ("suc", "chengele") is trying to obtain your current position", "ymm" cancelled, and several others. If I allow WLAN it automatically downloads 10-20 apps, some of which correlate with my laptop visited websites (alibaba), others apps from sites I have never visited ("sexy videos"). Basically the phone gets so busy that it needs to be restarted to allow any control of the phone.
I tried to fix it with Avaast, Avira, and Malewarebytes without success. With Avaast it also displays: "/storage/sdcard0/.androidsdata/is.jar", but is unable to fix it. I guess I would have to erase the SD-Card too, if I were to have the system replaced, once. None of the above things can be fixed with the tools at hand. The deletions are always interrupted, nothing gets improved permanently.
I immediately did a "Reset to factory condition", but when I enabled WLAN I didn't even install an app - it all started again, as described above.
So, a quick Google-Research turned out, there are trojan-horses, that cover themselves by pretending to be system applications, so that it would be nearly impossible to get rid of the trojan - only solution: buy a new one (See this article wwwDOTblog.lookout.com/blog/2015/11/04/trojanized-adware/).
Now, while I have a broken device and a trojan device, one solution would be to mount the display of the compromised one onto the broken one. I know it's easy to break the display during this. That's why I am here to ask, if someone might have suggestions of what else could be done to have this fixed?
Maybe it would be possible to get an uncompromised mirror-image of a Cubot X6 from the internet that would replace every data on mine? Would it fix it, if I were to install this: "Ubuntu Touch - Version 15.04 Phone"?
Any help would be appreciated. If I were to take a wild guess, I'ld say the trojan horses might have been developed by Apple...... So what am I to do now? Buy a new one?
EDIT: If you were to not believe this to be true, I could shoot a video of it with my laptop. It's really strange, but it is as it is. EDIT 2: Avaast displays a message, the phone has been rooted.
Please help!! Thank you so much!!
You won't get the virus to YOUR phone from replying ...
Am I here at the right forum for this technical problem?
Thanks
Do a search for your rom and instructions on how to flash. It will replace system partition and problem should then be gone.
tys0n said:
Do a search for your rom and instructions on how to flash. It will replace system partition and problem should then be gone.
Click to expand...
Click to collapse
I will try that. Im total newb to smartphone software. any linking would be appreciated. thanks so far!
CubotX6 said:
I will try that. Im total newb to smartphone software. any linking would be appreciated. thanks so far!
Click to expand...
Click to collapse
A google search for "cubot x6 firmware" will give you some good results.
Here's also Cubot forums, with link to downloads.
Hope that will help, and be sure to read up on the subject on how to flash before you start
So many Thanks! You linked me to the perfect spot! Thank you!
While i will redo my laptop with linux soon, you got experience with having linux on the phone? If i wee to try and mes up, it still were possible to go bac to the original cubot files u linked to, correct?
Thank you!!

[Doogee Shoot 1 ] App Android "Chromes". what's it? [TRIADA Malware]

Dear friends,
i am struggling with a strange APP named "Chromes". It seems to be undocumented (i googled a lot).
The only thing i know is that IT INSTALLS ALONE without any visibile message. After a Factory reset i found it (AGAIN) in the phone.
I couldn't SEEK what / when / Who installs it in my phone.
It gains telephone and archive rights without any ask to me.
I also know that my doogee phone suffers of a vulnerability (never closed) by DOOGEE and i don't know if it'd be related with it.
No clue.
Does anyone have had the same experience? Does anyone have EVER seen it?
Let me know please.
Best Regards.
EDIT: ****warning: I remember to everyone that ROOTING/HACKING/INSTALLING a different ROM in your phone may void the warranty AND can potentially BRICK your phone . Do it ONLY IF YOU KNOW WHAT YOU ARE DOING . I warned you.*****
edit 13/11/2017 *LIST OF REPORTED DEVICE AFFECTED WITH CHROMES (Malware) app *:
----------------------------------------------
Doogee Shoot 1
Gretel A9
UHANS A101
NOMU S10
Leagoo M8
leagoo M8 pro
----------------------------------------------
Report if you have it. Thank you.
i just found it on my phone too and started googling it.. and yours seem to be the only instance ive found so far.. i dont know what it does or where it comes from.. i can close it from the task manager but itll start itself again 3 processes that itself have about 2-3 services.. mostly ChromesService DaemonService and ChromesService2 the main proces seems to be signed from com.appclone.lyhj the second one doesnt have the daemonService and is signed from com.android.qnsettings and the third one had com.yunshi.market listed. again i dont know there they come from or whats their purpose.. and if they have anything to do with the ad popups i get since a few days now that dont seem to be app related since its the same popups for most apps .. apps that dont have those popups natively like whatsapp or facebook. i have since uninstalled pretty much anything and tried some antivirus but i guess its gonna be rooted and gets a custom rom. it is also a china cell called nomu s20 . after googling a bit it seems there are a lot security problems with my device.
edit: ive found something on this link i cant post because i am not a trusted user yet
also after running kaspersky antivirus it did indeed find something (as opposed to the comodo antivirus that kept silent)
it found Trojan.androidOS.Boogr.gsh as the chromesBase.apk and another one i just deleted without writing the name. it seems though this might be related to the Triada-Virus/trojan .. soo.. yeah it might be a good idea to save your stuff and not only try with a factory reset but completely reinstall the whole rom.
edit2: just deinstalling them hasnt solved anything .. the problem sits way deeper meaning it is definitely related to the triada virus. it just reinstalls the software again without anything showing.
edit3: found it.. it is indeed the triada virus on my phone ..
I have been dealing with that damned "Chromes" app for two or three weeks now (BTW, they appear two of them with the same icon and logo.)
MalwareBytes detects it as malware (Avast sometimes does, sometimes does'nt)
I have trie , for sure , uninstalling (completely unuseful) stopping all the apps I can (seems to have an effect in the reinstalling time ), and also keeping them installed but removing the Phone, Storage and SMS permissions, which, surprisingly, remain removed (until you uninstall the app)
I dealed in the past with the virus app on the Shoot 1 firmware, which turnaround solution (disabling the fake app) worked OK for me. But recently there have not been any fw update, so this time is not the firmware the responsible.
Any hint or help will be greatly appreciated.
¡Cheers!
Hi guys!
I'm having the same problem as you two. I can't believe that Doogee has screwed up on this again... (I also have the shoot 1 [nice screen ]) I'm surprised that, as you said, I've not found anything on the internet about this*. In addition, the application consumes a large amount of mobile data!
I hope there is an update soon, and that the problem is solved
Thank you all for your comments! Greetings from Spain!!
*Well, here they have the same problem
https ://android.stackexchange.com/questions/185520/how-to-get-rid-of-a-malware-app-chromes
Don't wait too much from Doogee. In fact don't wait nothing at all. They didn't solved yet the firmware virus that came with the first OTA update. We're alone...
And your GPS signal how is it going? In my case it does not get fixed to any satellite. Has someone managed to root it successfully? The truth is that I do not understand much about this, that's why I'm a bit afraid to do it.
I found this in a spanish forum, look at the last post (#19). (I think you have to translate it )
http: //ww w.htcmania. com/showthread.php?t=1291106
Summing up a bit, he says that Doogee sells mobiles with malware in the system. The fact is that they do it conscientiously. And then put a "solution", which is to install a firewall, so that you can control the internet connection of the applications.
Thanks again!
Some updates...
let me give you some updates :
1) the Shoot 1 phone is not easy to root with standard tools (kingroot & others: i tried a lot of them);
1) i successfully installed twrp with the FLASHTOOL and a specific recovery image TWRP + SU (if needed i can help about it);
2) I backupped everything (included malware of course) just to be sure i could go back in case of brick;
*** 3) I downloaded and installed the FANTASTIC lineage OS without any STUPID bloatware. ***
My phone is secure and fast NOW.
i warmly RECOMMEND all of you to root and update to lineage OS 7.1.2 (ver 14). Thankx to the lineage team! **they deserve a donation!!****
* about Shoot1 GPS *
i still didn't test it with the new LINEAGE and i will update you
Before i discovered the malware inside the GPS was not fixing correctly and in general not working like my previous LG or HTC
I was using an external BLUETOOTH antenna by using a middleware driver named Bluetooth GPS. Once you configured the driveer it works like a charm with tomtom and all GPS software ( i tested a lot). The external GPS solution lets the phone cold and free to charge during long gps travel session.
I will test anyway with the internal GPS again with the new LINEAGE ROM.
For any test or info write here and send me a PV message.
UPDATE: the lineage team is releasing the version 15 (development) with OREO. Anyway i will not install it soon. I am SOOOO SOLID now!
jmam said:
Any hint or help will be greatly appreciated.
¡Cheers!
Click to expand...
Click to collapse
Unfortunately you can't get rid of it. No one knows if there is another fake app or background service that loads it again. It seems to appear (after a factory reset) some days later (i.e. just the time to download from whoknowswhere).
The fact is that I CAN'T TRUST ANYMORE the Doogee and the entire ROM so i warmly suggest you to ROOT (via TWRP + SU) , backup all, and install a LINEAGE fresh n° 14 release for shoot 1.
i did it and it worked like a charm.
Chromes
I have phone that is not rooted or changed firmware. Antivirus said that i have chomes and facebook apps that are not safe, but i do not have facebook installed. I tried factory reseting the phone twice, but it still comes back....
Have got the same "Chromes" problem on Gretel A9 mobile. Not rooted, only used Google Playstore for few apps. So frustrated and so little information on how to solve it for a non techie like me. Tried to contact Gretel who never reply. Still under an AliExpress warranty but not sure if malware stuff is covered. Needrom have the official stock rom for the A9. Do I have to root the phone to reinstall a clean stock rom? Can anyone point me to instructions on how to replace the stock rom? Thanks for any help.
I am really sorry to say that. The SUPPORT from some of these Chinese Supplier is really poor. I can't help you with your GRETEL . Please search on this XDA forum is anyone can do .
Root it and install a reliable distro. Be careful: when you root your phone you loose your WARRANTY and (sometime) some functions of your phone is not available or not available at 100%.
Custom ROMs should be considered ALWAYS as "bleeding" and "in development".
As i said i will never buy anymore low cost China phones DUE to this lack of support and this (unbelievable) disattention to release malwared firmware.
Deki-bg said:
I have phone that is not rooted or changed firmware. Antivirus said that i have chomes and facebook apps that are not safe, but i do not have facebook installed. I tried factory reseting the phone twice, but it still comes back....
Click to expand...
Click to collapse
I struggled a lot to remove it with normal antivirus and antimalware.
It seems to BE NOT POSSIBLE without a rooted phone.
In my phone there were 2 problems:
1) the malware CHROMES
2) the injected system library (dunno what it does).
So , once i removed the CHROMES %$£"%$£% app....i could not know if it was related (or somehow connected) with the malware injected system library. So i couldn't trust anymore that factory o.s. and i replaced it with LINEAGE (atm something not working 100% like GPS) but at least it's clean and works.
I hope LINEAGE could support more chinaphones to get rid of the buggy malwared firmware from Doogee, Gretel and others Chinamakers
UHANS A101 affected as well!
CHROMES and
fake FACEBOOK app
garibald75 said:
I am really sorry to say that. The SUPPORT from some of these Chinese Supplier is really poor. I can't help you with your GRETEL . Please search on this XDA forum is anyone can do .
Root it and install a reliable distro. Be careful: when you root your phone you loose your WARRANTY and (sometime) some functions of your phone is not available or not available at 100%.
Custom ROMs should be considered ALWAYS as "bleeding" and "in development".
As i said i will never buy anymore low cost China phones DUE to this lack of support and this (unbelievable) disattention to release malwared firmware.
Click to expand...
Click to collapse
Thanks for the reply.
Do warranties usually cover an infected Rom (I'd need to send it to a Poland service centre)
Is it hard to flash a new clean stock rom over an infected stock rom?
owlsman said:
Thanks for the reply.
Do warranties usually cover an infected Rom (I'd need to send it to a Poland service centre)
Is it hard to flash a new clean stock rom over an infected stock rom?
Click to expand...
Click to collapse
If you can't ROOT it, try to open RMA or open a ticket, try (at least). I hope we can MOUNT CASE and create a bit of hype around this CRAZY THINGS .
In my case it doesn worth. The DOOGEE has a really poor website and we yellew there a lot about this malware.
No way to return. IT doesn't worth.
However tell them and try to have it swapped.
Hey guys, I just got the apk. If a dev can make it "peaceful", I will really appreciate that. Just rename the chromes(blablabla).txt to chromes(blablabla).apk
jimmy1235 said:
Hey guys, I just got the apk. If a dev can make it "peaceful", I will really appreciate that. Just rename the chromes(blablabla).txt to chromes(blablabla).apk
Click to expand...
Click to collapse
WARNING for all the users: THIS APK IS FOR DEVELOPERS. This apk CONTAINS a malware. it's *ONLY* FOR RESEARCH purposes. so Don't try to install it!!
the really interesting THING would be to know if it RECALLS some system service or other RESIDENT modules to complete the cleaning and to allow US to use the original firmware again.
Let's see if anyone can help us.
Well... This is getting REALLY deeply...
https://www.kaspersky.com/blog/triada-trojan/11481/
i tested KAV and other antivirus and malware removal tools.
KAV was not able to remove and to detect it.
the 1st (maybe not the only one) that warned me has been DR WEB ANTIVIRUS and it (also) couldn't remove it without rooting.
It's impossibile, though, to know WHAT / WHICH process is linked in memory or injected in the original ROM since the Chinese CRAPPYPHONES are full of bloatware and "weirdware" .
The trust is ZERO for them ATM.

An "evil" APK inside the OS, that drives me crazy

Hi !
I am ex-owner of Nokia 7 Plus and new owner of 8.1. After a few days with this phone, i have noticed, that there's something wrong with multitasking and background services, that are supposed to receive push notifications such as Messenger. Multitasking is a nightmare as compared to Nokia 7 Plus or Zenfone 2. Phone closes running apps and cleans RAM too quickly/ too aggresively. The same thing happens to push enabled apps such as Messenger, Facebook etc. Notifications appear with big delay (up to 5 minutes). I have made a discovery and i have noticed, that Adaptive Battery keeps turning back on itself + according to https://dontkillmyapp.com the problem is that one nasty system APK called "Battery Saving" (com.evenwell.powersaving.g3). I can tell this APK is a troublemaker, because once force closed, problem is gone until next reboot. It can't be disabled permanently. It's frustrating.
The faster Nokia gets rid of this APK or fixes it, the better.
I haven't encountered any delays with respect to the delivery of my notifications. But I do agree that some apps are killed way too early whereas they should be kept in memory. Maybe they are just trying to find a balance between users who want more battery backup and those who need constantly running apps in the background. I do not mind closed apps, but all I want is a whitelist which ensures me that these few apps will never be touched by the battery optimizer.
I don't face any notification delays or anything like that,and apps over a period of time are and should be removed from background ,that aggressive power saving is from Google itslef not from Nokia ,if someone still wants to make it run all the time then select don't optimise from power options it should help
My kids have a 6.1 but don't appear to have this program in their apps listing, so I'm wondering if maybe it's been removed in a monthly patch at some point? If people are still having this problem, have you tried following the instructions on the linked site (dontkillmyapp) to remove it with ADB?
i dont face notification delay... all good
Supposedly Nokia removed the culprit (evenwell) from their devices, so I take it that all is good now? (I will be receiving the 8.1 today, so wanting to make sure I do my homework).
wrp2015 said:
Supposedly Nokia removed the culprit (evenwell) from their devices, so I take it that all is good now? (I will be receiving the 8.1 today, so wanting to make sure I do my homework).
Click to expand...
Click to collapse
I dont think so any company can do like this.
light.apps said:
I dont think so any company can do like this.
Click to expand...
Click to collapse
Well, I am glad I returned the device without taking it out of the box because bootloader can't be opened. Got a OnePlus 5T now, so a custom operating system can be installed.
Ok, thanks good for you.
wrp2015 said:
Well, I am glad I returned the device without taking it out of the box because bootloader can't be opened. Got a OnePlus 5T now, so a custom operating system can be installed.
Click to expand...
Click to collapse
There is no such apk called com.evenwell.powersaving.g3 on my Nokia 8.1
It is easy to uninstall those aplications, i have a 7 plus and have uninstalled all evenwell cancer of the phone. Check on Nokia 7 plus forums, you need a pc and copy past a command and that's it.
razor17 said:
There is no such apk called com.evenwell.powersaving.g3 on my Nokia 8.1
Click to expand...
Click to collapse
Maybe because you have already upgraded to Android 10, which got rid of this package.

Categories

Resources