Related
Hi,
Sometimes an app (.apk) is either simply not available through Google's store, or it might say "not compatible with your device", etc. There can be various reasons why a person might download a .apk from somewhere other than a "trusted" source.
If this was a file for my PC I could test it in a "sandbox", and I could scan it with both Microsoft Security Essentials and Malware Bytes Antimalware.
On my Android phone(s) I'm not aware of something like the "sandbox" option, and I don't really want to run an "antivirus" program on my phone. Is there an easy way to scan .apk files on the PC to see if they are rogue apps, might send SMS, "phone home", or otherwise mess with other applications or the system software installed on my phone?
Lets give another example: say I thought 15 minutes was not long enough to evaluate a relatively expensive Android game (it certainly isn't!) and I want to test it out first. Let's assume my only option in that case might be an illegally downloaded copy from unknown sources. Of course, we shouldn't do that. But if we did, how could we know if the file is safe and not risk installing some Chinese spyware?
About Android AV programs: anybody know how effective they are? Do some defend against "trojans" - I would think these days trojans are 99% of problems and viruses mostly a relic of the past?
My biggest concern is actually just unwanted crap that runs in the background which eats up battery, makes my phone warm (which I hate), or, perhaps even sends SMS message [this would be even worse because I don't have a text message plan].
EDIT: I see web pages with tiles like "new study finds Android antivirus apps not effective" and articles like this one: http://www.zdnet.com/blog/hardware/...bouncer-does-it-offer-enough-protection/17981
Do we have an easy way to boot Galaxy S3 off of "external" SDCARD instead of internal memory?
Search play store for avast antivirus, completely free, updates daily and works really well (firewall. Anti theft. And many more Features
sony xperia ray ics 4.0.4
stock rom unrooted
I found this website, maybe it can help someone.
h t t p://scan.netqin.com/en/
Maybe someone can post another one...
an easy way to check for safe apk
The easiest way to check for safe apk is to have one gmail account and another "whatever" email account. Then just send the apk from the gmail one to the second account, gmail always find viruses in any apk and stop the process to join the file (virus alert). Bad point is you are limited with the size of the file you wanna send.
Nowadays, even pc antiviruses can detect viruses in apks. I would rather not burden my phone with any android antivirus,since they are literally battery hogs.
sent using my HTC One S
Go here and upload the APK
http://anubis.iseclab.org/
Anubis is a service for analyzing malware.
Submit your Windows executable or Android APK and receive an analysis report telling you what it does. Alternatively, submit a suspicious URL and receive a report that shows you all the activities of the Internet Explorer process when visiting this URL.
Andrubis executes Android apps in a sandbox and provides a detailed report on their behavior, including file access, network access, crypto operations, dynamic code loading and information leaks. In addition to the dynamic analysis in the sandbox, Andrubis also performs static analysis, yielding information on e.g. the app's activities, services, required external libraries and actually required permissions.
Found a good one too
apkscan.nviso.be - give it a try. Drag and drop - wait for the upload - than click SCAN . Wait for a few minutes. That`s all. Unlike ANUBIS it has a resolution at the end of the analysis . Usually helpful.
You can also email the file to [email protected] and it will email the report back in about ten minutes. Virustotal can display some interesting info, for example it said that Lucky Patcher is a "Potentially Infected Hosts File (v)", as reported by VIPRE and AVware.
Virustotal also has an official android app.
The Netqin scanner is also an android mobile app.
Late answer, sure, but I think ClamAV is what you want. You also want its bytecode signature file, and to speed things up, you only want that single file (speeds up things quite a bit).
It is the only offline apk scanner i know of, and as for its efficiency i cannot say, but it seems like it is what you are asking for.
An alternative would be to install something like BlueStacks and remap your "Windows shared folder" (through registry) to the folder you have your apk files in, and then run BitDefender on it. BD is by far the most pernickety AV app out there for Android.
I'll have to check out bitdefender (it's also included on virustotal.com)
apkscan.nviso.be seems to be pretty good at analyzing files for suspicious activity, and it also uploads the file to virustotal for you. Then you can copy the sha256 hash into the virustotal's search, to get all the gory details.
anubis.iseclab.org limits files to 8 megabytes.
Another way to avoid malware is:
when installing an update to an already-installed version of an application, it will 99% of the time prompt you to update an existing app. There's been rare instances where some apps do use a new digital signature (for example when spotify had a big security hole, and for awhile there were two apps by spotify in the app store).
One other way to tell, as a final check when launching the apk for installation on the phone: the icon will not have the right icon. I've installed apps before that I thought came from a trusted source, but the icon was not right. In fact, I was considering not posting this publically, so the "bad dudes" would not update their methods.
Another tool I found:
http://andrototal.org/
Although it might be a duplicate of virustotal.
nintendo1889 said:
Another tool I found:
http://andrototal.org/
Although it might be a duplicate of virustotal.
Click to expand...
Click to collapse
I just tried out this site. To me, it appears to be the most thorough virus testing site that I have seen. It takes some time for it to complete the scans. mainly because it scans the file with about 7 or 8 different scanning engines. Just just have to keep refreshing the page every few minutes to see if the results have updated.
I will be using this one as my go to site for apk scanning.
Just install it on the default emulator in the Android SDK
You can also install your apps on other emulator live bluestacks(best for games), jar of beans(best for rooted app) and windroy(the lightest)
Hit thanks if this helps
nintendo1889 said:
I'll have to check out bitdefender ...
Click to expand...
Click to collapse
Your signature photo ... awesome ... Bad Dudes
By using GDATA security , When you want to install an app the GDATA will scan it befor installing
Sent from my LG-D855 using Tapatalk
Use google scanning service VirusTotal to scan any app, secondly always use secure source. There are many well reputed apk sites but I personally use apklink.com , on this site required apk file is just a click away and its quite easy as well...
be safe & secure
This threads out of date, but it has me thinking I want to use something as mentioned in several replies to OP.
Are there any sites, or apps that can warn me if an .apk (for example) has malware etc.?
Thanks in advance for any help, including a link to another discussion that may have my answer
denise1952 said:
This threads out of date, but it has me thinking I want to use something as mentioned in several replies to OP.
Are there any sites, or apps that can warn me if an .apk (for example) has malware etc.?
Thanks in advance for any help, including a link to another discussion that may have my answer
Click to expand...
Click to collapse
Malwarebytes can detect malware.
Sent from my LGL84VL using Tapatalk
I tried this site and I like it because it goes into a lot of detail after analyzing and sends me a report in email. It was mentioned, and it is still available to use: https://apkscan.nviso.be/
Thank you for the heads up on MB, I use that on my PC and works great
You can use virustotal.
Hello
im facing an ad-ware issues on my htc desire 610
out of no where my phone's screen dims and an add appear (while im on my home screen and all the apps are closed)
You can see the adds in the attachment
please tell me how to locate and remove it
You could try running Malwarebytes, I've normally had quite good results with it.
It's one of the apps you're using. Go through the permissions your apps have
genius911 said:
Hello
im facing an ad-ware issues on my htc desire 610
out of no where my phone's screen dims and an add appear (while im on my home screen and all the apps are closed)
You can see the adds in the attachment
please tell me how to locate and remove it
Click to expand...
Click to collapse
i also have this problem... i guess "Clean Master" is doing it in my Z3 Compact.
I have solved this issue on canvas a116 and core duos (gt i8262)
firstly, to check the severity of the virus do this : go to settings>security>device administrators
try to remove all apps under device administrators. If u are unable to remove them implies the virus is now embedded to ur fone's firmware.
solution : 1. backup ur contacts and media only, (do not backup apps and app data)
2. now u need to do a factory reset either from recovery menu or using adb (factory reset from 'settings' wont work)
3. if u again see any app under device administrators then the only solution is to reflash ur firmware
About the virus: This virus come packed in several apps on playstore in april 2015, those apps were immediately removed from playstore. however before its removal from playstore the virus had infected around 5000 smartphones. some websites refer to it as ghosthost virus. Still some non playstore apps carry this virus with them. once you install such apps, the virus will first root ur fone, and then grant itself superuser permissions without u even knowing it. Then it will install itself into system folder so dat it appears to be a system app. Whenever u r connected to internet it will download adware and install them in system folder. Its a very powerful virus, it also hides itself by running a script. Once it is in system folder u wont be able to delete it because it imitates the file names of the system files.
There's a huge list of infected apps hosted by Google playstore. So I think it's not easy to keep our devices secure from virus infection.
AVG can be as correct the problem
Hi guys! i have a serious adware problem on my elephone p7000 and i hope you can help me out.
So it's been a few days and i haven't been able to uninstall this mofo.
Here's what the adware is doing:
-Used to open ads on homescreen. it did that disguising itself as a dancing matrioska doll (which you could move around). since i installed CM security it stopped showing this kinds of ads.
-It opens pop up windows with du batery saver or other related apps (from appstore and from non-official stores). Mostly when i browse the internet.
-it places vertical ad banners (like the normal ones on almost every app on the store) on some apps, it seems to be random, cause it doesn't always happen on the same app, but it's always placed on the lower side of the phone.
-it installs push notifications with ads
-i believe it shows app ads on google play store (i haven't installed any app in quite a while so it could be google implementing this).
i have tried a lot of apps:
-Avg
-Avira
-Avast
-Malwarebytes
-CM manager (found a stagefright vulnerability and fixed it)
-Stagefright detector (with vulnerable result)
-addons detector
-airpush detector
-trustgo ad detector
-adware
-ad clean & antivirus security
and not even has been able to remove this damn malware, they don't even spot it!
i've also tried looking for all the apps on the phone,searching for apps with all the permissions and here's the list ( i don't know if these are the problem or not):
-Aging test
-agoldFactory test
-Bluetooth
.Bluetooth Share
-Bluetoooth LE
-Common data service
-e_Compass
-Elephone launcher (apparently it's the same as X launcher mysterious)
-LocationEM2
-MTK THERMAL MANAGER
- at least 3 different phone apps, 2 with 4.4 icons and 1 with android 5.0 icon. all have access to everything (is it normal to have 3 apps with the same name but different icons? )
- settings storage
-trusted face
-ygps
i have also cleared the cache of the phone, because i've read on several places that it helps (settings -> storage -> clear cache data) but with no positive result.
i have also tried looking for admin permissions but the only things in there are CM security and android manager (which i suppose is NOT an app but part of the OS).
I have tried looking for hidden files while checking my phone on my pc but there wasn't any nor did i find any weird app NOT installed by me.
i don't know if you have any other advice on what to do, or if you can help me reduce this list of apps so i can find the culprit app.
i'm afraid this is the ghost virus everyone's talking about, it appeared out of nowhere.
i haven't browsed that much. and when i do i always go to trusted sources. apart from the netflix app which i downloaded a few days ago i haven't downloaded anything in like 1 or 2 months and didn't have this problem until a few days ago. Right after my girlfriend's phone (same model as mine) got the same problem.
We both had the "install from untrusted sources" option on because i was testing an app i am making, but i doubt that's the problem since we only activated it whenever i tried to install the app on the phone (like twice in a week).
she has sent me pictures or files through mail, whatsapp or telegram only and it's the only link between our phones, besides being under the same wifi connection, of course.
thanks in advance for the help!
This is a known issue with these types of devices. They have these ads built into the system apks.
Hi !
Thanks for that solutions !
I have a question : where could I find malwarebytes for android ?
Best regard.
Adware and infected htc desire 526 g plus
Guys I am in a pickle! :silly:
I want to wipe my HTC desire 526 plus clean of malware that is causing it to download unwanted apps without consent. The malware seems capable of modifying the inherent permissions and bypassing all security features.
I am unable to gain root access by kingoroot alone. adware is not letting me update the Superuser app and being nasty on purpose.
It can gain permission to automatically start wifi, gain pemission to install 'Unknown Apps' and sends location and data with impunity. The ads are everywhere.:crying:
I have tried stock backup but it still reinstalls all the malware and the same cycle begins again. What I want is a freash stock rom/nand backup for this menace. Surprisingly I still cant find one link on the world wide web. Please Help me find it.
I am unable to gain root access by kingoroot alone. adware is not letting me update the Superuser app and being nasty on purpose.
alokmey3 said:
Guys I am in a pickle! :silly:
I want to wipe my HTC desire 526 plus clean of malware that is causing it to download unwanted apps without consent. The malware seems capable of modifying the inherent permissions and bypassing all security features.
I am unable to gain root access by kingoroot alone. adware is not letting me update the Superuser app and being nasty on purpose.
It can gain permission to automatically start wifi, gain pemission to install 'Unknown Apps' and sends location and data with impunity. The ads are everywhere.:crying:
I have tried stock backup but it still reinstalls all the malware and the same cycle begins again. What I want is a freash stock rom/nand backup for this menace. Surprisingly I still cant find one link on the world wide web. Please Help me find it.
I am unable to gain root access by kingoroot alone. adware is not letting me update the Superuser app and being nasty on purpose.
Click to expand...
Click to collapse
Kingo root is the reason you are in this jam as it is. I don't think HTC ever released anything for this device so your best bet is to contact HTC.
ENERGYSER400 MTK 6572 virus help android 4.4.2
Bonjour, hy
For me it's exactly the same on my phone.... i have the snowfoxer folder with a lot of malicious apk on it and i don't know how to delete or erase the virus .... without wifi and google play ..... how i can flash the firmwire please
!
philjps said:
Bonjour, hy
For me it's exactly the same on my phone.... i have the snowfoxer folder with a lot of malicious apk on it and i don't know how to delete or erase the virus .... without wifi and google play ..... how i can flash the firmwire please
!
Click to expand...
Click to collapse
Find the forum that supports your device
model/carrier and post there. You'll likely find your answers there. If not someone will help you.
HTC desire 526G+ bricked
zelendel said:
Kingo root is the reason you are in this jam as it is. I don't think HTC ever released anything for this device so your best bet is to contact HTC.
Click to expand...
Click to collapse
I have deleted my priv-app folder and now I am stuck in boot loop, or just the HTC logo.
cant boot into recovery or bootloader (I tried). Tell me if you know something
model number : lenovo a5500-hv
android version: 4.4.2
baseband version: a5500-hv.v34, 2014/05/08 22:28
kernel version: 3.4.67
build number: a5500hv_a442_000_011_140508_row
As shared in subject, my tab ANDROID is infected by malware where multiple issues have starting lately
a) Constant popup message stating" Unfortunately, com.system.update has stopped"
b) Constant popup message stating" Unfortunately, org.snow.down.update has stopped"
c) Constant popup displaying to INSTALL application" com.android.keyguard"
d) Automatic checking (on) in Settings> Security> Allow installation of apps from unknown sources, despite my regular check off( its gets reactivated again). Device Administrators viewed are Android Device Manager (ticked), Daemon Service( twice listed- unchecked).
e) Installed Malwarebytes Anti-malware, upon scanning detected these 11 malwares, which it is unable to delete ( Norton is unable to detect those even). Any open app which I try to use after some seconds are abruptly closed.
Malware name- Path
Android/ Backdoor.Triada.c - /system/priv-app/higher.apk ( File linked to be uninstalled- AppManage)
Android/ Backdoor.Triada.js - /system/priv-app/BCTService.apk ( File linked to be uninstalled- bcct_service)
Android/ Trojan.Rootnik.I - /system/priv-app/Bseting.apk ( File linked to be uninstalled- com.android.sync)
Android/ Trojan.SMSSend.ge - /system/app/com.android.token.apk ( File linked to be uninstalled- com.android.taken)
Android/ Trojan.OveeAd.F - /system/priv-app/com.mws.tqy.vsdp.apk ( File linked to be uninstalled- com.system.update)
Android/ Backdoor.Triada.J - /system/priv-app/com_android_goglemap_services.apk ( File linked to be uninstalled- GoogleMapService)
Android/Trojan.Dropper.Shedun.dc - /system/priv-app/parlmast.apk ( File linked to be uninstalled- GuardService)
Android/Trojan.Dropper.Agent.MJ - /system/priv-apk/Sooner.apk ( File linked to be uninstalled- PhoneService)
Android/Trojan.OveeAd.J - /system/priv-apk/com.tsr.eny.hyu.apk ( File linked to be uninstalled- system.bin)
Android/Trojan.Guerrilla.Q - /system/priv-apk/NAT.apk ( File linked to be uninstalled- SysTool)
Android/Trojan.Triada.m - /system/priv-apk/com.glb.filemanager.apk ( File linked to be uninstalled- UPDATE)
PS: If I try to connect to Internet, app icons are downloaded and auto open displaying porn images.
Please assist to REMOVE the MALWARE INFECTION. Tried FACTORY DATA RESET from Settings, but no help. Tab not rooted.
Solution
Last night i got some pesky malwares. For now i think i removed them. Get Avast and see what it can find. After that try to remove the files from file explorer and the most important thing - go to Settings-Security-Device Administrators. From there remove everything and now from Avast you should be able to remove the infected apps. Hope i helped
Tried cm's stubborn Trojan remover from play store and it did the trick- as in disabled the infected processes but at end took my mail ID with followup request if raised to get the device cleaned from malware. Cross checked from Malwarebytes and kaspersky, and looks seemingly clean with no active culprits. Though not checked with WiFi or data connection through sim.
Sent from my A0001 using XDA-Developers mobile app
Ashish1+1 said:
Tried cm's stubborn Trojan remover from play store and it did the trick- as in disabled the infected processes but at end took my mail ID with followup request if raised to get the device cleaned from malware. Cross checked from Malwarebytes and kaspersky, and looks seemingly clean with no active culprits. Though not checked with WiFi or data connection through sim.
Sent from my A0001 using XDA-Developers mobile app
Click to expand...
Click to collapse
Did it root your phone first? Else I can't see how it would be able to get to those apps installed as system. If so, if it was me, I'd unroot my phone at the very least & uninstall the CM apps since they do not have a good reputation so far as data snooping goes and excessive app permissions etc goes.
eg (from The Capitol Forum)
The apps require extensive access to the devices on which they run, and they are able to harvest a great deal of data about users’ interests, demographics and location. Cheetah Mobile’s business model is not significantly different from the way in which some major American tech companies such as Facebook monetise their free products. However, Cheetah Mobile is different from American tech companies in that its headquarters are located in China and its data servers are primarily located there as well, and its main business partners are major Chinese tech firms. The Chinese government, according to sources, accesses its companies’ data for internal security, economic competitiveness or other purposes. Cheetah Mobile, and similar companies, represents a major point of entry for China to access American app marketplaces and their users to gather information. However, U.S. government officials in national security and intelligence agencies are highly aware of surveillance and hacking both inside and outside China, presumably coming from actors affiliated with the Chinese state.
Click to expand...
Click to collapse
see the alteco report (about investment risks but they ran tests on other apps that didn't do anything, what battery savers don't help!!! :silly: )
https://drive.google.com/file/d/0B_zW4GWDn5wpVDBiLUpDcE9IS0E/view
Now I haven't used the app you quote but if it didn't root your phone then it can't have removed the malware and they are likely up to their old tricks ie the app doesn't really work, they have just been blocked or something. (Ask yourself why aren't there other apps from well known companies that can remove trojans in system on play store?) ANd with their dodgy reputation for ads, & selling user data if it did root your phone you may only be slightly better off!!?? But at least it should only be your user data they are gathering and not your bank account number to try and get ya money like the malware guys!
Anyhow happy for you if you really are free of malware and don't forget to change all your passwords for all accounts, your routers etc else you could be reinfected by the time you read this!
I would reflash the stock ROM to be sure (backup ALL your pics, txts address, whatsapp etc etc)
I would also be interested to know how the app worked, if you can explain it. Did it say it would ROOT your phone? (there is nothing in their write up to say it will, Google would not allow an app that can root on play store, as far as I know) Do you have an app that can read what system apps are installed, like Link2sd? Does that show any of the malicious apk?
Thanks, No I did not root my phone but judging by the way removal came (easy) I too was bit surprised with outcome. No sooner I decided to remove the cm app Trojans and malware again became evident meaning it was just being suppressed in a way not removed and now again came back (when removed).
Sent from my A0001 using XDA-Developers mobile app
Ashish1+1 said:
Thanks, No I did not root my phone but judging by the way removal came (easy) I too was bit surprised with outcome. No sooner I decided to remove the cm app Trojans and malware again became evident meaning it was just being suppressed in a way not removed and now again came back (when removed).
Sent from my A0001 using XDA-Developers mobile app
Click to expand...
Click to collapse
Sorry to hear this. However I think it is possible that the CM app did its job as those malicious apps have probably already rooted your phone, so CM may have just used that root access without informing you, though whether or not other apps like CM app can still use that root, I'm not sure, it depends if its been left "on". I did watch a video on youtube for CM Stubborn Trojan app and the guy had to root his phone first. (You could try some/several of the root checker apps, if you want to know). So lets assume the CM app worked properly and removed trojan as it could get root without giving you a root request notification.
It's entirely possible that your reinfection is from your external SD card or via some other means eg. your router has had some ports opened or some other means. (Sorry I should have said reset router when I said change router password [do this for all routers you use & update firmware & ensure remote access is off (ref. dirty cow) while you are about it too!]
So I would reinstall CM Stubborn Trojan (lets assume it removes malware as it has root, even if it just blocks them it helps us) so you can then reflash official stock ROM for your country (& update to newest version if available), you must flash the FULL stock ROM so all partitions are reflashed. partial stock or custom ROM will not do this & potentially leave you open to reinfection! Reflash the FULL STOCK ROM is the only way to "easily" be sure you have cleaned the malware from your phone. NOTE: just doing a factory reset will NOT remove the malicious apps if they are in operating system folders, this only works for malicious apps in user data areas! Then you must make sure all possible ways you can be reinfected eg via sync, external SD cards or storage, your PC, router etc are cleaned/blocked/reset/updated
If you are not getting updates for your ROM you might want to consider installing a custom ROM (AFTER you have flashed the stock ROM!) from a reliable & trustworthy source, if available for your model, so that you get security patch updates. But you need to research and consider the risks of things like bricks, security etc for yourself first.
Hope this helps you clean your phone
Sometimes, it's times, it's the firmware itself that is infected
IronRoo said:
Did it root your phone first? Else I can't see how it would be able to get to those apps installed as system. If so, if it was me, I'd unroot my phone at the very least & uninstall the CM apps since they do not have a good reputation so far as data snooping goes and excessive app permissions etc goes.
eg (from The Capitol Forum)
see the alteco report (about investment risks but they ran tests on other apps that didn't do anything, what battery savers don't help!!! :silly: )
https://drive.google.com/file/d/0B_zW4GWDn5wpVDBiLUpDcE9IS0E/view
Now I haven't used the app you quote but if it didn't root your phone then it can't have removed the malware and they are likely up to their old tricks ie the app doesn't really work, they have just been blocked or something. (Ask yourself why aren't there other apps from well known companies that can remove trojans in system on play store?) ANd with their dodgy reputation for ads, & selling user data if it did root your phone you may only be slightly better off!!?? But at least it should only be your user data they are gathering and not your bank account number to try and get ya money like the malware guys!
Anyhow happy for you if you really are free of malware and don't forget to change all your passwords for all accounts, your routers etc else you could be reinfected by the time you read this!
I would reflash the stock ROM to be sure (backup ALL your pics, txts address, whatsapp etc etc)
I would also be interested to know how the app worked, if you can explain it. Did it say it would ROOT your phone? (there is nothing in their write up to say it will, Google would not allow an app that can root on play store, as far as I know) Do you have an app that can read what system apps are installed, like Link2sd? Does that show any of the malicious apk?
Click to expand...
Click to collapse
In my case, I have a similar issue - however, it's an infected SYSTEM file - which Malwarebytes spotted (but is unable to remove), and is NOT related to the KingRoot dodgy file. It's actually two different Trojans - both in /system/priv-app (settings.apk and smsservices.apk) - the first is the more problematical. (It's problematical because it's a critical system file/app/service - killing it without a replacement is NOT an option.) How the heck do you replace such a critical system file when it got itself hijacked?
In this case, I would agree with just a complete factory reset or ROM reflash. Like it is simply too much of an issue to try removing and recovering everything. Especially, once it's deep within your system....
Josh Ross said:
In this case, I would agree with just a complete factory reset or ROM reflash. Like it is simply too much of an issue to try removing and recovering everything. Especially, once it's deep within your system....
Click to expand...
Click to collapse
This was what I did finally, I went to service centre and spent bucks. They reloaded the firmware I suppose ( not flashing it) and instantaneously it was as good as new. I think, malware was itself part of original installation like uc browser- it was there. It just activated after some time or may be I clicked on some advertisement while running app and then the hell happened.
Any ways, its working fine, added an adblocker, restricted usage to few apps and keeping my fingers crossed for future.
Sent from my A0001 using XDA-Developers Legacy app
Yeah, the bloatware that you get with some phones nowadays is unbearable. If there is an option, go with a rooted phone, custom ROM, some couple custom solutions for protection and you will be good to go. And they work better than defaults most of the time. Good luck! Hopefully, we will only be hearing good news from you
PGHammer said:
In my case, I have a similar issue - however, it's an infected SYSTEM file - which Malwarebytes spotted (but is unable to remove), and is NOT related to the KingRoot dodgy file. It's actually two different Trojans - both in /system/priv-app (settings.apk and smsservices.apk) - the first is the more problematical. (It's problematical because it's a critical system file/app/service - killing it without a replacement is NOT an option.) How the heck do you replace such a critical system file when it got itself hijacked?
Click to expand...
Click to collapse
I'd reflash stock.
So I was looking for an app to make the top radius match the bottom radius on the corners while using the option of hiding the notch (I already have one different working app for that now). Someone suggested a very shady link to download an apk but since I'm desperate and dumb I just downloaded and installed it. However, after installation there was only a "done" button but "open" button was greyed out, there was no new app on app drawer and there was no new app in application list in settings. I started getting worried that I had just installed some bitcoin mining software or another kind of malware.
I got even more worried because if I tapped on the apk again it was asking me if I wanted to UPDATE the app instead of if I wanted to install it so it was already installed and it had permissions to access gps, phone history, and read, modify and delete USB storage.
After a while during the day, my phone started doing random noises from the speakers like audio from ads but without opening any app, then later it started opening random chit on google chrome and that is not even my default browser (my default is samsung browser), it opened those very intrusive ads that tell you you have a virus and you cannot go back you have to close the whole tab or app it also opened some ads with sexual content a few times.
I always thought all free anti-virus app on the play store were completely useless and just bloating apps but I started installing a bunch, most didn't detect absolutely anything after the option "scan all apps" I tried kaspersky, avast, AVG, Norton, etc. then I installed this (it's called "hi security" so not known brand and I thought it was going to be the worse but after opening it was powered by "McAfee" so at least McAfee is known):
https://play.google.com/store/apps/details?id=com.ehawk.antivirus.applock.wifi
And it actually detected some malware after scanning all apps, there was an app with completely blank name on device administrators that I never gave permission to become device administrator as far as I remember, so I unchecked that app from admin and then the antivirus app was able to uninstall it.
After the virus cleaner uninstalled the app I haven't had any more issues with audios or ads opening on chrome. Do you think I'm safe now or could I still have some spyware?
I posted some screenshots showing everything.
I doubt that anyone wants the apk but if a developer wants it for reverse engineering or whatever reason I can post it the the name "MALWARE_do_NOT_install.apk" or something like that
If you are afraid of malware then flashing stock room is the best bet to get rid of it
vwite said:
So I was looking for an app to make the top radius match the bottom radius on the corners while using the option of hiding the notch.
Click to expand...
Click to collapse
Well, that all sucks!
Back to your top radius matching the bottom problem, here is what your're looking for!
I saw it on some guys youtube channel
https://play.google.com/store/apps/details?id=com.thsoft.rounded.corner&hl=en_US
Bro if security is top priority dont unlock bootloader and root because if you root your device you need to be careful i use af wall and also in settings i will control the permissons of all the apps you need to be conscious because in today's world internet devloped along with it many hackers many trojan rats are devloped so first study some blogs how to use android mobile safely finally if you root and use right apps you can secure device tonhigh level .apps like x privacy lua afwall will secure your device and super user authentication should be set to promt not allow by default
surface13 said:
Well, that all sucks!
Back to your top radius matching the bottom problem, here is what your're looking for!
I saw it on some guys youtube channel
https://play.google.com/store/apps/details?id=com.thsoft.rounded.corner&hl=en_US
Click to expand...
Click to collapse
good app, that's the one I've been using for a while It has a few issues but overall good
Manivannan9444 said:
Bro if security is top priority dont unlock bootloader and root because if you root your device you need to be careful i use af wall and also in settings i will control the permissons of all the apps you need to be conscious because in today's world internet devloped along with it many hackers many trojan rats are devloped so first study some blogs how to use android mobile safely finally if you root and use right apps you can secure device tonhigh level .apps like x privacy lua afwall will secure your device and super user authentication should be set to promt not allow by default
Click to expand...
Click to collapse
I'm not rooted at the moment, phone has been doing everything I want except HBM but I don't think I'll root just because of that because I also use samsung pay plugin for my gear s3 and don't want to risk it
First of all dont trust any antivirus app except major companies like AVG, Avira etc. Always download from playstore. Don't give permission to browser to install app (unknown sources) in 8.1.0 u can do that.
Now scan all apps.. And remove them. Malwarebytes is best to remove hidden malware on any platform.
Good luck.
If u r ready to format and clean ur internal memory then, format ur handset from settings, download whole stock rom and flash it from recovery..
Regards.
herecomesmaggi said:
First of all dont trust any antivirus app except major companies like AVG, Avira etc. Always download from playstore. Don't give permission to browser to install app (unknown sources) in 8.1.0 u can do that.
Now scan all apps.. And remove them. Malwarebytes is best to remove hidden malware on any platform.
Good luck.
If u r ready to format and clean ur internal memory then, format ur handset from settings, download whole stock rom and flash it from recovery..
Regards.
Click to expand...
Click to collapse
Thanks, as I said on first post AVG and Avira were useless for this infection but both "Hi Security" and Malwarebytes premium were able to do the job
vwite said:
Thanks, as I said on first post AVG and Avira were useless for this infection but both "Hi Security" and Malwarebytes premium were able to do the job
Click to expand...
Click to collapse
I mentioned Avira nd AVG as antivirus. Malwarebytes is best bro for malware infection. I m using it since 2009 for pc. Every time it does the job.
Also for ur round corner.. I suggest u search for "round R" a app found on xda in 2011 or 12, since then It does it job beautifully.
Regards
Hi All,
I'd like some recommendations on steps for locating a stubborn adware infestation that virus scanners don't seem to be able to find on my mobile. System is:
- Samsung SM-G900F
- Android 6.0.1
- unrooted
I get advertising redirects several times per day. It isn't clear where they are coming from. Have tried complete system reset. Uninstalled all downloaded apps. Disabled app auto updating. Ran a Malwarebytes scan. It found nothing.
Is there somewhere a log file for browser calls? At least I could find the app that requests the unwanted URLs.
thunderslug said:
Hi All,
I'd like some recommendations on steps for locating a stubborn adware infestation that virus scanners don't seem to be able to find on my mobile. System is:
- Samsung SM-G900F
- Android 6.0.1
- unrooted
I get advertising redirects several times per day. It isn't clear where they are coming from. Have tried complete system reset. Uninstalled all downloaded apps. Disabled app auto updating. Ran a Malwarebytes scan. It found nothing.
Is there somewhere a log file for browser calls? At least I could find the app that requests the unwanted URLs.
Click to expand...
Click to collapse
you could turn on logging in developer options, though you'll need a little tech skill to use & set up.
Probably an easier way is to use a no root firewall eg
https://play.google.com/store/apps/details?id=eu.faircode.netguard
while the log feature is not free as you only want to find one potential app you can set notifications for internet connection attempts to on, then manually check app & ip address it's trying to connect to win you get popup.
Also you could use this app (it's NOT a proper antivirus app, but a useful 2nd opinion to your actual antivirus), it just allows you to easily see app status from virustotal.com & manually submit any that are suspicious or have not yet been submitted,
https://play.google.com/store/apps/details?id=com.funnycat.virustotal
btw even if you really have uninstalled all 3rd party apps one of the bloatware adk's may have a dodgy ad sdk within it. If so you can (probably) block this with the above firewall if you pay for that feature, without having to root your phone or freeze dodgy app. (Also boot phone into safe mode disables all 3rd polarity apps & see if it still happens)
Note: if system is infected by malware factory reset won't help, you need to reflash the FULL (eg 4 or 5 files inside) Samsung factory ROM with complete wipe. Though as I guess the S5 is not receiving updates anymore, I'd be looking into installing LineageOS to get up to date security patches (after first reinstalling stock ROM asuming you have malware as custom roms are not full roms like samsung factory rom)
thunderslug said:
Hi All,
I'd like some recommendations on steps for locating a stubborn adware infestation that virus scanners don't seem to be able to find on my mobile. System is:
- Samsung SM-G900F
- Android 6.0.1
- unrooted
I get advertising redirects several times per day. It isn't clear where they are coming from. Have tried complete system reset. Uninstalled all downloaded apps. Disabled app auto updating. Ran a Malwarebytes scan. It found nothing.
Is there somewhere a log file for browser calls? At least I could find the app that requests the unwanted URLs.
Click to expand...
Click to collapse
Could be xhelper, mostly Chinese phones (what a surprise ?) it seems but at least one Samsung running 6.0.X like you
https://threatpost.com/android-malware-45k-devices-mystery/149654/