Has anybody deleted some of the bloatware apps, more specifically the stock File Manager?
com.jrdcom.filemanager
/data/app/com.jrdcom.filemanager-2/base.apk
Wondering if anybody tried and had any ramifications from it.
This thing just all of a sudden activated itself and runs in memory, and there is no Disable for it. I could install an app to freeze it, but that defeats the purpose.
Moscow Desire said:
Has anybody deleted some of the bloatware apps, more specifically the stock File Manager?
com.jrdcom.filemanager
/data/app/com.jrdcom.filemanager-2/base.apk
Wondering if anybody tried and had any ramifications from it.
This thing just all of a sudden activated itself and runs in memory, and there is no Disable for it. I could install an app to freeze it, but that defeats the purpose.
Click to expand...
Click to collapse
Im runnin lineage on mine and doesnt even have it on there.
I would freeze it. Make sure your downloads and such still work ok.
Give it a few days if good then remove.
TheMadScientist said:
Im runnin lineage on mine and doesnt even have it on there.
I would freeze it. Make sure your downloads and such still work ok.
Give it a few days if good then remove.
Click to expand...
Click to collapse
Thanks, I deleted the culprit. No issues so far.
LOL...after 3 or 4 days the lovely File Manager App magically installed itself. Looks like a more indepth investigation is forthcoming.
Obviously there is another app that re-installs it.
Stinkin thing.
I switched over to the xperia rom on idol 3 And it got rid of a load of crap, Bunch of xposed is working.
I just dont care for the stock rom on this thing at all, Even debloated it runs like crap,
Ive had this device now over a week and cant find any sort of setup I like, I am used to lgs UI.
Even tried t get touchwiz ui and grace to run but nogo.
Did you remove the system update apps too by chance?
TheMadScientist said:
Stinkin thing.
I switched over to the xperia rom on idol 3 And it got rid of a load of crap, Bunch of xposed is working.
I just dont care for the stock rom on this thing at all, Even debloated it runs like crap,
Ive had this device now over a week and cant find any sort of setup I like, I am used to lgs UI.
Even tried t get touchwiz ui and grace to run but nogo.
Did you remove the system update apps too by chance?
Click to expand...
Click to collapse
Haven't really had a chance to look deep into it yet. I've disabled auto updates, so pretty sure it's not getting it from the netz.
Funny thing, I tried running a 100mb system update and i failed to completely install. Havent thot about it much since then, But I suspect it was in that update somewhere, as I had never seen nor had an issue with it before.
Will strip down that update and see when I get a chance.
It comes pre installed as 'files' app, auto updates to "file manager" to then run this 'boost' branded adware. I call it adware because it does not adhere to the android force stop, disable peeking or any other android OS settings and automatically regenerates itself despite the OS not allowing auto updates.
Android should never allow provider apps to have a higher privelage that renders the OS setting useless, bundled apps should also not disable the uninstall and disable functionality of the OS.
I have spent weeks in settings to find out it is allowed to act like a virus and do what ever it wants being rewarded with ad revenue.
Thanks Google for allowing me to purchase hardware pre loaded with junk ads by default with no way of opting out, it's not only a privacy and security concern, it's a consumer complaint.
adware/spyware
Not happy said:
It comes pre installed as 'files' app, auto updates to "file manager" to then run this 'boost' branded adware. I call it adware because it does not adhere to the android force stop, disable peeking or any other android OS settings and automatically regenerates itself despite the OS not allowing auto updates.
Android should never allow provider apps to have a higher privelage that renders the OS setting useless, bundled apps should also not disable the uninstall and disable functionality of the OS.
I have spent weeks in settings to find out it is allowed to act like a virus and do what ever it wants being rewarded with ad revenue.
Thanks Google for allowing me to purchase hardware pre loaded with junk ads by default with no way of opting out, it's not only a privacy and security concern, it's a consumer complaint.
Click to expand...
Click to collapse
Yes , this lovely new addition to the file manager is actually the "Hawk Super Cleaner/ antivirus" seen here: https://play.google.com/store/apps/details?id=com.apps.go.clean.boost.master&hl=en
You can see my complaint(s) here: https://forum.xda-developers.com/idol-3/help/joy-launcher-joy-t3628670
I just installed TWRP and SuperSU on the stock Marshmallow following this guide:https://forum.xda-developers.com/idol-3/general/twrp-custom-recovery-idol3-6045-t3162608 and will be removing this cancer for good!
Cheers, I might have a look at rooting (pain seeing I bought 4 of these for myself and fam). I have reported the appin the playstore for being installed with root permissions bypassing the expected android user settings and will be following up with a complaint to the consumer watchdog.
I never bought hardware with the knowledge an innocent bloatware provider app would turn rouge with root permissions for ad revenue.
My phone will most likely be thrown at the wall so "File Manager" doesn't get another 1000 or so false positive downloads in the playstore from me.
Had 3 myself
Not happy said:
Cheers, I might have a look at rooting (pain seeing I bought 4 of these for myself and fam). I have reported the appin the playstore for being installed with root permissions bypassing the expected android user settings and will be following up with a complaint to the consumer watchdog.
I never bought hardware with the knowledge an innocent bloatware provider app would turn rouge with root permissions for ad revenue.
My phone will most likely be thrown at the wall so "File Manager" doesn't get another 1000 or so false positive downloads in the playstore from me.
Click to expand...
Click to collapse
I hear ya, I bought 3 of these.
I am very careful what I install on my device and read the manifest files on EVERYTHING so you can imagine how angry I was when my own phone manufacturer pushed unwanted adware/possible-probable spyware on to my device with no warnings or asking my permission.
Another odd thing is that after I uninstalled the Facebook app I had 2 apps appear (or were left over?) com.facebook.appmanager.apk and com.facebook.system.apk that were using up data and could not be removed until tonight after rooting.
Interesting article here: https://forum.xda-developers.com/tmobile-lg-v10/help/suspicious-apps-apps-section-facebook-t3415876
I have been studying computer and mobile security as a hobby for some time and have found that these "antivirus" and 'cleaner" apps on Android are the worst offenders of privacy of them all.
Scanning all your files, installed apps, contacts etc etc and sending all that data back to God knows where!
I have found that almost every single app that I have downloaded from the Play Store has some form of data mining and/or analytics.
Unfortunately, it's a catch 22 in Android..rooting your device breaks what little security is built into the system but it's the only way to remove pre-installed crapware.
---------- Post added at 06:02 AM ---------- Previous post was at 05:53 AM ----------
Also, good luck trying to get anything done with Google or Alcatel.
I battled with Google for almost 8 months straight trying to stop an unscrupulous advertiser that was using FAKE virus warnings to trick users into installing an "antivirus" app on the Play store and just got sent around in circles.
Google is complicit!
I was finally successful in stopping the fraudulent activity after I contacted the Federal Trade Commission.
http://smisecurity.altervista.org/DFNDR.html
Data mining is a given these days which is why I have Pi-hole for my home dns and ubuntu for my home box, gotta do what you can. As for this phone I wouldn't do much on it unless I re flash it which is why I am angry with it.
As for Android taking the normal software stance of do nothing unless legally required, this time is interesting to me because they are effectively allowing the bypassing of the playstore agree feature to Install an app, being side loaded from Alcatel like this one would think breaks the playstore terms so knowledge should be enough for action in this case from the android or playstore devs. Doubt it but.
Also apon sale did not mention android as being adapted software that over rides expected android and playstore behaviour but did advertise android and use their logo so most likely a trademark vialation also.
The problem is Alcatel are adapting android and side loading apps to bypass security and privacy user settings to double dip on the customer for income despite the final result, android and the playstore can bury their heads in the sand all they want but they have been made aware of the risks.
Went over it again for peace of mind (sorry) but I wish you the best in your education as we need more people shinning the light on privacy simply because we are in the rise of the machines, not long before people worldwide ask what happened to all the jobs and when did the need for conventional ID actually dissapear.
Not happy said:
The problem is Alcatel are adapting android and side loading apps to bypass security and privacy user settings to double dip on the customer for income despite the final result, android and the playstore can bury their heads in the sand all they want but they have been made aware of the risks.
.
Click to expand...
Click to collapse
Very well said!
The supervisor I spoke to at Alcatel tried to say that I/we agreed to the terms by using their devices which allowed them to push this on to our phones but I disagreed with him.
At one point I even thought of ditching my phone and getting an iPhone or an Android device that is compatible with the Replicant OS https://www.replicant.us/
I have a few Raspberry PI's laying around but never used one as an access point. (I'm assuming that's what your doing?)
I just sent a very nasty email to the developer "[email protected]" and referenced this thread.
Keep us updated if you get anywhere and I will be fighting this from my end and posting any updates as well.
Will do, I don't plan on not continuing with this one because my hardware and android do not operate as advertised.
The day I can rely on Linux for a phone OS is the day android gets ditched but will definatly check out your link also.
Pi-hole is basically a collection of hosts files that block ads and known bad domains on the DNS level, point the home router to it and bam the whole household gets an adblocker by default. Runs smooth but added a few commands to auto upgrade the lists with a Cron job.
Not happy said:
Pi-hole is basically a collection of hosts files that block ads and known bad domains on the DNS level, point the home router to it and bam the whole household gets an adblocker by default. Runs smooth but added a few commands to auto upgrade the lists with a Cron job.
Click to expand...
Click to collapse
Very cool!
I'll have to check that out.
I altered the hosts file on both my laptop and my other rooted phone to block ads and apps I used to have.
This is a small sample of IP's I blocked in the hosts file after running NETSTAT scans, there are a TON more that I added from MVP hosts (it is against MVP's EULA to post their blocked IP's)
http://winhelp2002.mvps.org/hosts.htm
127.0.0.1 localhost
127.0.0.1 search.vip.gq1.yahoo.com
127.0.0.1 a96-6-122-162.deploy.akamaitechnologies.com
127.0.0.1 a-0001.a-msedge.net
127.0.0.1 yahoo.com
127.0.0.1 rtr3.l7.search.vip.gq1.yahoo.com
127.0.0.1 c.amazon-adsystem.com
127.0.0.1 yandex.st
127.0.0.1 mc.yandex.ru
127.0.0.1 c1.popads.net
127.0.0.1 c1.popads.net/pop.js
127.0.0.1 google-analytics.com
127.0.0.1 google-analytics.com/analytics.js
::1 localhost #[IPv6]
---------- Post added at 01:40 PM ---------- Previous post was at 12:54 PM ----------
Wow! that PI-hole block list on Git Hub is a LOT larger than the one I was using!
Him guys and thanks again for the thread. Anyone found a solution? This app is wasting 20 percent of my battery, which does not last me a whole day anymore, it's outrageous. I also sent a report to Google and the app developers.
Cheers
Guys, I found someone with a solution, just see this post: https://forum.xda-developers.com/showpost.php?p=73642381&postcount=4
Cheers
That is not much of a solution unfortunately. The REAL solution is to install TWRP recovery on the adware/spyware infested Alcatel phone and flash to a different operating system. There is an (unofficial) ROM of Lineage 14 Nougat that is pretty decent that can be found on the XDA site.
sloshnmosh said:
That is not much of a solution unfortunately. The REAL solution is to install TWRP recovery on the adware/spyware infested Alcatel phone and flash to a different operating system. There is an (unofficial) ROM of Lineage 14 Nougat that is pretty decent that can be found on the XDA site.
Click to expand...
Click to collapse
It solved my problems
It's easy to solve the problem. Just go to applications. Select file manager uninstall upgrades, it will revert it back to factory version, no more spam !
I was getting really annoyed by the app that stealthily installed itself and called itself File Manager for my Alcatel POP 4. It constantly wanted to clean, boost, virus-protect, be a flashlight and camera app with it’s own toolbar and playing an ad whenever you asked any of those actions to be performed. The beauty of it was that it could not be disabled or uninstalled. I was desperately looking for a way to get rid of it without drastic measures, like a full factory reset or rooting my device. I found a suggestion on the net to install AppMgrIII from the Play Store. I did it as I was determined to try anything at that point. It offered me to replace the app with a “factory version”. I accepted that and sure enough, a normal-looking File Manager with no ads or toolbars appeared, all the rockets, boosts, virus-protection, cleaning brushes gone! I hope it won’t reinstall itself magically. In a perfect world I would prefer to have no file manager on my machine at all and a choice of installing one that I prefer but at least the nightmare of this intrusive monster seems to be over. I hope it stays that way.
Update: reverting back to factory version stopped the spam but it all came back with the next update. Now I reverted it back again and stopped automatic updates on Google Play for all apps. I will pick apps to be updated manually.
Related
model number : lenovo a5500-hv
android version: 4.4.2
baseband version: a5500-hv.v34, 2014/05/08 22:28
kernel version: 3.4.67
build number: a5500hv_a442_000_011_140508_row
As shared in subject, my tab ANDROID is infected by malware where multiple issues have starting lately
a) Constant popup message stating" Unfortunately, com.system.update has stopped"
b) Constant popup message stating" Unfortunately, org.snow.down.update has stopped"
c) Constant popup displaying to INSTALL application" com.android.keyguard"
d) Automatic checking (on) in Settings> Security> Allow installation of apps from unknown sources, despite my regular check off( its gets reactivated again). Device Administrators viewed are Android Device Manager (ticked), Daemon Service( twice listed- unchecked).
e) Installed Malwarebytes Anti-malware, upon scanning detected these 11 malwares, which it is unable to delete ( Norton is unable to detect those even). Any open app which I try to use after some seconds are abruptly closed.
Malware name- Path
Android/ Backdoor.Triada.c - /system/priv-app/higher.apk ( File linked to be uninstalled- AppManage)
Android/ Backdoor.Triada.js - /system/priv-app/BCTService.apk ( File linked to be uninstalled- bcct_service)
Android/ Trojan.Rootnik.I - /system/priv-app/Bseting.apk ( File linked to be uninstalled- com.android.sync)
Android/ Trojan.SMSSend.ge - /system/app/com.android.token.apk ( File linked to be uninstalled- com.android.taken)
Android/ Trojan.OveeAd.F - /system/priv-app/com.mws.tqy.vsdp.apk ( File linked to be uninstalled- com.system.update)
Android/ Backdoor.Triada.J - /system/priv-app/com_android_goglemap_services.apk ( File linked to be uninstalled- GoogleMapService)
Android/Trojan.Dropper.Shedun.dc - /system/priv-app/parlmast.apk ( File linked to be uninstalled- GuardService)
Android/Trojan.Dropper.Agent.MJ - /system/priv-apk/Sooner.apk ( File linked to be uninstalled- PhoneService)
Android/Trojan.OveeAd.J - /system/priv-apk/com.tsr.eny.hyu.apk ( File linked to be uninstalled- system.bin)
Android/Trojan.Guerrilla.Q - /system/priv-apk/NAT.apk ( File linked to be uninstalled- SysTool)
Android/Trojan.Triada.m - /system/priv-apk/com.glb.filemanager.apk ( File linked to be uninstalled- UPDATE)
PS: If I try to connect to Internet, app icons are downloaded and auto open displaying porn images.
Please assist to REMOVE the MALWARE INFECTION. Tried FACTORY DATA RESET from Settings, but no help. Tab not rooted.
Solution
Last night i got some pesky malwares. For now i think i removed them. Get Avast and see what it can find. After that try to remove the files from file explorer and the most important thing - go to Settings-Security-Device Administrators. From there remove everything and now from Avast you should be able to remove the infected apps. Hope i helped
Tried cm's stubborn Trojan remover from play store and it did the trick- as in disabled the infected processes but at end took my mail ID with followup request if raised to get the device cleaned from malware. Cross checked from Malwarebytes and kaspersky, and looks seemingly clean with no active culprits. Though not checked with WiFi or data connection through sim.
Sent from my A0001 using XDA-Developers mobile app
Ashish1+1 said:
Tried cm's stubborn Trojan remover from play store and it did the trick- as in disabled the infected processes but at end took my mail ID with followup request if raised to get the device cleaned from malware. Cross checked from Malwarebytes and kaspersky, and looks seemingly clean with no active culprits. Though not checked with WiFi or data connection through sim.
Sent from my A0001 using XDA-Developers mobile app
Click to expand...
Click to collapse
Did it root your phone first? Else I can't see how it would be able to get to those apps installed as system. If so, if it was me, I'd unroot my phone at the very least & uninstall the CM apps since they do not have a good reputation so far as data snooping goes and excessive app permissions etc goes.
eg (from The Capitol Forum)
The apps require extensive access to the devices on which they run, and they are able to harvest a great deal of data about users’ interests, demographics and location. Cheetah Mobile’s business model is not significantly different from the way in which some major American tech companies such as Facebook monetise their free products. However, Cheetah Mobile is different from American tech companies in that its headquarters are located in China and its data servers are primarily located there as well, and its main business partners are major Chinese tech firms. The Chinese government, according to sources, accesses its companies’ data for internal security, economic competitiveness or other purposes. Cheetah Mobile, and similar companies, represents a major point of entry for China to access American app marketplaces and their users to gather information. However, U.S. government officials in national security and intelligence agencies are highly aware of surveillance and hacking both inside and outside China, presumably coming from actors affiliated with the Chinese state.
Click to expand...
Click to collapse
see the alteco report (about investment risks but they ran tests on other apps that didn't do anything, what battery savers don't help!!! :silly: )
https://drive.google.com/file/d/0B_zW4GWDn5wpVDBiLUpDcE9IS0E/view
Now I haven't used the app you quote but if it didn't root your phone then it can't have removed the malware and they are likely up to their old tricks ie the app doesn't really work, they have just been blocked or something. (Ask yourself why aren't there other apps from well known companies that can remove trojans in system on play store?) ANd with their dodgy reputation for ads, & selling user data if it did root your phone you may only be slightly better off!!?? But at least it should only be your user data they are gathering and not your bank account number to try and get ya money like the malware guys!
Anyhow happy for you if you really are free of malware and don't forget to change all your passwords for all accounts, your routers etc else you could be reinfected by the time you read this!
I would reflash the stock ROM to be sure (backup ALL your pics, txts address, whatsapp etc etc)
I would also be interested to know how the app worked, if you can explain it. Did it say it would ROOT your phone? (there is nothing in their write up to say it will, Google would not allow an app that can root on play store, as far as I know) Do you have an app that can read what system apps are installed, like Link2sd? Does that show any of the malicious apk?
Thanks, No I did not root my phone but judging by the way removal came (easy) I too was bit surprised with outcome. No sooner I decided to remove the cm app Trojans and malware again became evident meaning it was just being suppressed in a way not removed and now again came back (when removed).
Sent from my A0001 using XDA-Developers mobile app
Ashish1+1 said:
Thanks, No I did not root my phone but judging by the way removal came (easy) I too was bit surprised with outcome. No sooner I decided to remove the cm app Trojans and malware again became evident meaning it was just being suppressed in a way not removed and now again came back (when removed).
Sent from my A0001 using XDA-Developers mobile app
Click to expand...
Click to collapse
Sorry to hear this. However I think it is possible that the CM app did its job as those malicious apps have probably already rooted your phone, so CM may have just used that root access without informing you, though whether or not other apps like CM app can still use that root, I'm not sure, it depends if its been left "on". I did watch a video on youtube for CM Stubborn Trojan app and the guy had to root his phone first. (You could try some/several of the root checker apps, if you want to know). So lets assume the CM app worked properly and removed trojan as it could get root without giving you a root request notification.
It's entirely possible that your reinfection is from your external SD card or via some other means eg. your router has had some ports opened or some other means. (Sorry I should have said reset router when I said change router password [do this for all routers you use & update firmware & ensure remote access is off (ref. dirty cow) while you are about it too!]
So I would reinstall CM Stubborn Trojan (lets assume it removes malware as it has root, even if it just blocks them it helps us) so you can then reflash official stock ROM for your country (& update to newest version if available), you must flash the FULL stock ROM so all partitions are reflashed. partial stock or custom ROM will not do this & potentially leave you open to reinfection! Reflash the FULL STOCK ROM is the only way to "easily" be sure you have cleaned the malware from your phone. NOTE: just doing a factory reset will NOT remove the malicious apps if they are in operating system folders, this only works for malicious apps in user data areas! Then you must make sure all possible ways you can be reinfected eg via sync, external SD cards or storage, your PC, router etc are cleaned/blocked/reset/updated
If you are not getting updates for your ROM you might want to consider installing a custom ROM (AFTER you have flashed the stock ROM!) from a reliable & trustworthy source, if available for your model, so that you get security patch updates. But you need to research and consider the risks of things like bricks, security etc for yourself first.
Hope this helps you clean your phone
Sometimes, it's times, it's the firmware itself that is infected
IronRoo said:
Did it root your phone first? Else I can't see how it would be able to get to those apps installed as system. If so, if it was me, I'd unroot my phone at the very least & uninstall the CM apps since they do not have a good reputation so far as data snooping goes and excessive app permissions etc goes.
eg (from The Capitol Forum)
see the alteco report (about investment risks but they ran tests on other apps that didn't do anything, what battery savers don't help!!! :silly: )
https://drive.google.com/file/d/0B_zW4GWDn5wpVDBiLUpDcE9IS0E/view
Now I haven't used the app you quote but if it didn't root your phone then it can't have removed the malware and they are likely up to their old tricks ie the app doesn't really work, they have just been blocked or something. (Ask yourself why aren't there other apps from well known companies that can remove trojans in system on play store?) ANd with their dodgy reputation for ads, & selling user data if it did root your phone you may only be slightly better off!!?? But at least it should only be your user data they are gathering and not your bank account number to try and get ya money like the malware guys!
Anyhow happy for you if you really are free of malware and don't forget to change all your passwords for all accounts, your routers etc else you could be reinfected by the time you read this!
I would reflash the stock ROM to be sure (backup ALL your pics, txts address, whatsapp etc etc)
I would also be interested to know how the app worked, if you can explain it. Did it say it would ROOT your phone? (there is nothing in their write up to say it will, Google would not allow an app that can root on play store, as far as I know) Do you have an app that can read what system apps are installed, like Link2sd? Does that show any of the malicious apk?
Click to expand...
Click to collapse
In my case, I have a similar issue - however, it's an infected SYSTEM file - which Malwarebytes spotted (but is unable to remove), and is NOT related to the KingRoot dodgy file. It's actually two different Trojans - both in /system/priv-app (settings.apk and smsservices.apk) - the first is the more problematical. (It's problematical because it's a critical system file/app/service - killing it without a replacement is NOT an option.) How the heck do you replace such a critical system file when it got itself hijacked?
In this case, I would agree with just a complete factory reset or ROM reflash. Like it is simply too much of an issue to try removing and recovering everything. Especially, once it's deep within your system....
Josh Ross said:
In this case, I would agree with just a complete factory reset or ROM reflash. Like it is simply too much of an issue to try removing and recovering everything. Especially, once it's deep within your system....
Click to expand...
Click to collapse
This was what I did finally, I went to service centre and spent bucks. They reloaded the firmware I suppose ( not flashing it) and instantaneously it was as good as new. I think, malware was itself part of original installation like uc browser- it was there. It just activated after some time or may be I clicked on some advertisement while running app and then the hell happened.
Any ways, its working fine, added an adblocker, restricted usage to few apps and keeping my fingers crossed for future.
Sent from my A0001 using XDA-Developers Legacy app
Yeah, the bloatware that you get with some phones nowadays is unbearable. If there is an option, go with a rooted phone, custom ROM, some couple custom solutions for protection and you will be good to go. And they work better than defaults most of the time. Good luck! Hopefully, we will only be hearing good news from you
PGHammer said:
In my case, I have a similar issue - however, it's an infected SYSTEM file - which Malwarebytes spotted (but is unable to remove), and is NOT related to the KingRoot dodgy file. It's actually two different Trojans - both in /system/priv-app (settings.apk and smsservices.apk) - the first is the more problematical. (It's problematical because it's a critical system file/app/service - killing it without a replacement is NOT an option.) How the heck do you replace such a critical system file when it got itself hijacked?
Click to expand...
Click to collapse
I'd reflash stock.
So I was looking for an app to make the top radius match the bottom radius on the corners while using the option of hiding the notch (I already have one different working app for that now). Someone suggested a very shady link to download an apk but since I'm desperate and dumb I just downloaded and installed it. However, after installation there was only a "done" button but "open" button was greyed out, there was no new app on app drawer and there was no new app in application list in settings. I started getting worried that I had just installed some bitcoin mining software or another kind of malware.
I got even more worried because if I tapped on the apk again it was asking me if I wanted to UPDATE the app instead of if I wanted to install it so it was already installed and it had permissions to access gps, phone history, and read, modify and delete USB storage.
After a while during the day, my phone started doing random noises from the speakers like audio from ads but without opening any app, then later it started opening random chit on google chrome and that is not even my default browser (my default is samsung browser), it opened those very intrusive ads that tell you you have a virus and you cannot go back you have to close the whole tab or app it also opened some ads with sexual content a few times.
I always thought all free anti-virus app on the play store were completely useless and just bloating apps but I started installing a bunch, most didn't detect absolutely anything after the option "scan all apps" I tried kaspersky, avast, AVG, Norton, etc. then I installed this (it's called "hi security" so not known brand and I thought it was going to be the worse but after opening it was powered by "McAfee" so at least McAfee is known):
https://play.google.com/store/apps/details?id=com.ehawk.antivirus.applock.wifi
And it actually detected some malware after scanning all apps, there was an app with completely blank name on device administrators that I never gave permission to become device administrator as far as I remember, so I unchecked that app from admin and then the antivirus app was able to uninstall it.
After the virus cleaner uninstalled the app I haven't had any more issues with audios or ads opening on chrome. Do you think I'm safe now or could I still have some spyware?
I posted some screenshots showing everything.
I doubt that anyone wants the apk but if a developer wants it for reverse engineering or whatever reason I can post it the the name "MALWARE_do_NOT_install.apk" or something like that
If you are afraid of malware then flashing stock room is the best bet to get rid of it
vwite said:
So I was looking for an app to make the top radius match the bottom radius on the corners while using the option of hiding the notch.
Click to expand...
Click to collapse
Well, that all sucks!
Back to your top radius matching the bottom problem, here is what your're looking for!
I saw it on some guys youtube channel
https://play.google.com/store/apps/details?id=com.thsoft.rounded.corner&hl=en_US
Bro if security is top priority dont unlock bootloader and root because if you root your device you need to be careful i use af wall and also in settings i will control the permissons of all the apps you need to be conscious because in today's world internet devloped along with it many hackers many trojan rats are devloped so first study some blogs how to use android mobile safely finally if you root and use right apps you can secure device tonhigh level .apps like x privacy lua afwall will secure your device and super user authentication should be set to promt not allow by default
surface13 said:
Well, that all sucks!
Back to your top radius matching the bottom problem, here is what your're looking for!
I saw it on some guys youtube channel
https://play.google.com/store/apps/details?id=com.thsoft.rounded.corner&hl=en_US
Click to expand...
Click to collapse
good app, that's the one I've been using for a while It has a few issues but overall good
Manivannan9444 said:
Bro if security is top priority dont unlock bootloader and root because if you root your device you need to be careful i use af wall and also in settings i will control the permissons of all the apps you need to be conscious because in today's world internet devloped along with it many hackers many trojan rats are devloped so first study some blogs how to use android mobile safely finally if you root and use right apps you can secure device tonhigh level .apps like x privacy lua afwall will secure your device and super user authentication should be set to promt not allow by default
Click to expand...
Click to collapse
I'm not rooted at the moment, phone has been doing everything I want except HBM but I don't think I'll root just because of that because I also use samsung pay plugin for my gear s3 and don't want to risk it
First of all dont trust any antivirus app except major companies like AVG, Avira etc. Always download from playstore. Don't give permission to browser to install app (unknown sources) in 8.1.0 u can do that.
Now scan all apps.. And remove them. Malwarebytes is best to remove hidden malware on any platform.
Good luck.
If u r ready to format and clean ur internal memory then, format ur handset from settings, download whole stock rom and flash it from recovery..
Regards.
herecomesmaggi said:
First of all dont trust any antivirus app except major companies like AVG, Avira etc. Always download from playstore. Don't give permission to browser to install app (unknown sources) in 8.1.0 u can do that.
Now scan all apps.. And remove them. Malwarebytes is best to remove hidden malware on any platform.
Good luck.
If u r ready to format and clean ur internal memory then, format ur handset from settings, download whole stock rom and flash it from recovery..
Regards.
Click to expand...
Click to collapse
Thanks, as I said on first post AVG and Avira were useless for this infection but both "Hi Security" and Malwarebytes premium were able to do the job
vwite said:
Thanks, as I said on first post AVG and Avira were useless for this infection but both "Hi Security" and Malwarebytes premium were able to do the job
Click to expand...
Click to collapse
I mentioned Avira nd AVG as antivirus. Malwarebytes is best bro for malware infection. I m using it since 2009 for pc. Every time it does the job.
Also for ur round corner.. I suggest u search for "round R" a app found on xda in 2011 or 12, since then It does it job beautifully.
Regards
Hi Everyone,
Long time no see, but I'm back with a quick question: I've noticed an unknown (to me) application on my Leagoo T5c running Android 7.0 called "zdemo".
It doesn't appear in my app drawer (I use a launcher called Rootless Pixel that I like a lot, because it's extremely light and easy on the eye), only in the Application list in Parameters, and I've uninstalled it, but I suspect it could have been malware, because all of a sudden, I've started to get unwanted popups in a few application, Blue Mail among them, so I suspect it could come back.
Do any of you know of this app? I Googled it and got nowhere.
It happens to me too. I have another one named media provider or something like that, it has a fake Android logo and it can be desistaled.
Yeah, I managed to uninstall it... Twice, which means it's coming back at more or less regular intervals. I suspect it's a malware, but MalwareBytes didn't find anything wrong on my phone, so I'm a bit stumped.
I suspect those malware were bundled with Rootless Pixel Launcher, because since I've uninstalled it, they're gone and haven't returned...
Zdemo appears in conjunction with System Input Method. I think the former is a trojan and the latter adware. I keep stopping and uninstalling the apps just to have them return. I think the gallery app is the culprit but haven't figured out how to clean it yet because its a system file.
Hi Donna,
Do you own a Leagoo phone too? I've had issues with rotten ROM from that brand before, but I thought that was a thing of the past.
If the Gallery app is indeed the culprit, then there must be a bad picture or video in it that you imported, maybe a cover from a music album you downloaded?
I for one know that all the music on my phone doesn't come from CDs I ripped...
The funny thing is, before I installed those two launchers I mentioned, I had no issues whatsoever. The Rootless Pixel Launcher contacted me via Play Store and defended himself from injecting any bad code into his launcher, and says that CPL Launcher is based on his own Rootless Pixel launcher, so it could be that the repository where the APK is stored has been compromised, and the malware is added to the files before it's made available to the Google Play store, but I can't be sure.
For reasons unknown, my first reply got lost somewhere, and I don't feel like rewriting it word for word. Do you have a Leagoo phone too? If so, which ROM do you have installed on it (mine was released in March 2018)?
I suspect those two malware come bundled with the launchers I mentioned, but the dev for Rootless Pixel launcher assured me his code is clean, and I tend to believe him. I think the repo where his code is stored could have been hacked, but I have no way to prove it, of course.
EDIT: my first reply finally made it to the thread. Sorry for the double post...
UPDATE: I finally did a factory reset, reinstalled all my apps (minus a couple I never used anyway) from the Play Store, put my music back on the device (not my pictures though, because I want to sieve through them first), installed Rootless Pixel Launcher again, and so far, so good, no malware in the applications list.
I'll give it a day or two, just to be on the safe side, then I'll modify my incendiary comment on the Play Store about Rootless Pixel Launcher...
Somebody created this code to bug people, had probably nothing to do uses your ip to track and install his popup window.
If I disconnect my wifi and use my phone without an internet connection zdemo and system input method don't come back. I should try on another wifi or in another country. Wonder if it could be tracked and maybe interesting to see where it leads. Could it be stashed on google play store? It seems curious that there is little info on the web about this problem as if somebody in a key position really f...-up
Yeah, I too find it hard to believe that those two malware aren't better documented on the Web. However, if you scan your device with MalwareBytes and look up the entire name of both, you find ***partial*** references, stating that they aren't "real" malware, just PUPs, which I find intriguing too.
On my phone, I've noted unwanted popups that were hard to close when they were installed, but nothing untoward once I got rid of them, so they're definitely adware, either separately, or working jointly, I don't know.
I've never rooted an Android. One of the warnings I see over and over is that rooted devices are more vulnerable to malware. I don't see any solutions for this though.
What extra measures will I need to take to keep my Android safe?
I use Norton 360 on my PC and Androids. Will this be of any help?
Are there any apps I can install to help with this issue?
Are there any system settings I should use for this particular problem?
Thank you
With stock or rooted the biggest threat is the user themselves. Most either install or download the malware themselves. A fully updated stock Android isn't invulnerable; there's no saving dumb bunnies...
Side loaded apps are high risk; at the least scan with online Virustotal and consider the results before installing. Keep email in the cloud and be careful if you choose to download anything.
All downloads stay in the download folder until vetted. Jpeg's and png's are suspect; open them there first before moving them and watch for strange behavior in that folder. Check the download folder daily for anything you didn't download, if found do not open, delete.
Keep thrash social media apps off the phone, all of them. They are targets and vectors for malware of all types.
Use a good firewall and police what apps are doing. Revoke internet access to all apps that don't need it. Know what apps have run at start permissions; do they need it? Updates and upgrades can cause more lost time then malware trying to find work arounds. Lock auto updates down, and download them only if needed. Updates and firmware upgrades can and do break things...
Most importantly cover your six and be prepared.
Critical data can not be lost, protect it!
Redundantly backup all critical data to at least 2 hdds that are physically and electronically isolated from each other and the PC. Be ready to do a full reload if needed.
If malware is found or suspected, isolate the phone and if it can't be completely deleted in an hour or two, nuke that load. Be ready to change passwords and secure accounts.
Never trust antivirus apps to detect malware or save you, mostly they just waste resources on an Android.
Thank you!
I'm already doing a lot of those things, especially social media apps.
One of the reasons I want to root my phone is that I can't uninstall, force stop, disable or take away permissions for some apps, like Facebook, Facebook App installer, FB app manager Google, ad nauseum. The same goes for the millions of preinstalled Samsung bloatware apps. They dont stay disabled and routinely restore permissions. Im sick of having to routinely check them all. I'll never buy another Saamsung again.
You're welcome. Welcome to XDA
I run 2 stock N10+'s, one on Pie, the other on 10.
I use package disabler to kill bloatware and services I don't want to run at bootup. You can also use a adb editing app to disable apks. Don't go too nuts; be wary of disabling any Samsung system apps. Most of these apps just sit unless needed. Dependencies... actions have consequences; understand what the app does and what other apps, services or UI functions are dependent on it!
Google play Services can be disabled when not needed; disable find my device as System Administrator first.
On Pie Karma Firewall is fully functional but not on Android 10 and up, although it will still block access. It uses virtually no battery.
Once you sort it out (learning curve ahead) stock Samsung's especially older ones like the N10+ are easy to run. They are the most customizable stock Android on the planet with an excellent UI. The current load on this one will be 2 yo this June; still fast, stable and fulfilling its mission. Security is simply not an issue.
blackhawk said:
You're welcome. Welcome to XDA
I run 2 stock N10+'s, one on Pie, the other on 10.
I use package disabler to kill bloatware and services I don't want to run at bootup. You can also use a adb editing app to disable apks. Don't go too nuts; be wary of disabling any Samsung system apps. Most of these apps just sit unless needed. Dependencies... actions have consequences; understand what the app does and what other apps, services or UI functions are dependent on it!
Google play Services can be disabled when not needed; disable find my device as System Administrator first.
On Pie Karma Firewall is fully functional but not on Android 10 and up, although it will still block access. It uses virtually no battery.
Once you sort it out (learning curve ahead) stock Samsung's especially older ones like the N10+ are easy to run. They are the most customizable stock Android on the planet with an excellent UI. The current load on this one will be 2 yo this June; still fast, stable and fulfilling its mission. Security is simply not an issue.
Click to expand...
Click to collapse
The more annoying Samsung apps I was referring to are the Bixby apps, AR doodle, Smarter things... those kind of apps. If they didn't re-enable themselves restore permissions, I wouldn't mind them so much. But they DO.
I won't be using that phone much longer anyway. I'm going back to Motorola.
I always buy factory or globally unlocked phones. That helps some. But Motorola recently started forcing FB. I can uninstall it, however I have to review updates to make sure it doesn't end up on my phone again. But then I review all updates before installing them anyway..
I always look up the system apps before making any changes. Like Google Easter Egg. Everything I could find says it's unnecessary.
All those mentioned apps can be safely disabled.
Bixby Vision is used for barcode scanning though.
Try the free Galaxy store icon packs, themes and the Good Lock family of apps including One Handed Operation plus.
Chose theme>icon pack>whatever wallpaper you want. The native high contrast theme looks good.
Play with it...
blackhawk said:
All those mentioned apps can be safely disabled.
Bixby Vision is used for barcode scanning though.
Try the free Galaxy store icon packs, themes and the Good Lock family of apps including One Handed Operation plus.
Chose theme>icon pack>whatever wallpaper you want. The native high contrast theme looks good.
Play with it...
Click to expand...
Click to collapse
I actually already ordered a new Moto. It will be here tomorrow. Well, it's after 1am, so I guess it'll be here later today.
I've disabled multiple Samsung apps, restricted data and battery, taken away permissions, not just in app settings, but in permissions setting, special access permissions... And all the other weird ways I keep finding out about that you wouldn't think would be a place to remove permissions. When my phone starts to slow down, or the battery isn't lasting very long, sure enough, Samsung has gone behind my back and reset my preferences again. I never had issues like this any of the Motorola phones I've had.
play store auto installing apps on all devices
Whenever I install something on my s22, it will install it on my galaxy tablet.
How can I prevent this.
In Playstore settings change to update by wifi only and disable wifi. I normally keep Playwhore package blocked and firewall blocked unless needed. Once a Playstore paid for app is activated I firewall block it as well if it doesn't need internet access. I avoid Playstore as much as possible and create installable backups for all the apps from Playstore so I never need to use Playstore again when reloading except for paid apps. It streamlines reloads and they go much faster.
I also use more Playstore alternatives now but always scan them first with Virustotal. A Playstore app may be clean when installed only to download it's payload latter as an "update". Another reason I don't allow updates or an internet connect if not needed. Playstore updates can and do ruin once working apps. Tired of that bs.
Thanks for your thoughts.
But this did not ever happen before.
I've always had a Samsung mobile and Samsung tablet and the mobile app never auto-installed on the tablet till now.
I don't want to turn off auto-update because thats not a real fix.
Need to find out why its auto-installing.
I checked playstore on mobile and on tablet and on browser - but theres no mention of auto-install on all devices.
CorruptedSanity said:
Thanks for your thoughts.
But this did not ever happen before.
I've always had a Samsung mobile and Samsung tablet and the mobile app never auto-installed on the tablet till now.
I don't want to turn off auto-update because thats not a real fix.
Need to find out why its auto-installing.
I checked playstore on mobile and on tablet and on browser - but theres no mention of auto-install on all devices.
Click to expand...
Click to collapse
You can manually install updates from Playstore which is a wiser way to do it. One of the reasons I can run Pie securely is I use vetted apps, some are 6 yo and I firewall block them. Updates bring trouble far too often. Once a system is running fast, stable and fulfilling its mission updates serve no purpose most of the time. Auto updates bring rude surprises and make troubleshooting much harder in tracking down the offender.
In 2.5 years (that's how old this current load is) I've had no malware but spent a lot of time undoing damage updates have caused including a firmware "upgrade" for my Buds+ that trashed the sound. That pair now needs to be reflashed and it's a pain to do. meh.
If you try unmark one or more of your devices before instalation on the app, did it help?
See the pictures.
Same, annoying feature, as on iPhone. On the other device go to settings/network preferences and disable auto update.
Simply manually periodically check for updates on tablet and it will check and update any apps installed if necessary
Monipeev said:
If you try unmark one or more of your devices before instalation on the app, did it help?
See the pictures.
Click to expand...
Click to collapse
that was exactly it!
both devices were checked
many thanks to you!!
raul6 said:
Same, annoying feature, as on iPhone. On the other device go to settings/network preferences and disable auto update.
Simply manually periodically check for updates on tablet and it will check and update any apps installed if necessary
Click to expand...
Click to collapse
see above solution