hi everyone !
so i'm having dificult now , my system has got infected with some malware , it keep install apps when conect to internet
u'm using malwarebyte to scan and it say that i got trojan on search.apk , setting and update software
i try to hard reset my phone but not work , ai know that root can delet system but i can't delete it becouse it in setting how can i delet setting?
ist there is a way beside flashing to fix this ?
also my phone is lolipop 5.1 and unroot
Rootkit on an android? Now that's rare. If you tried every conventional method, I doubt anything is going to work. You can try disconnecting from the internet, check your running processes and services, kill them if found, scan with Malwarebytes and attempt to locate problematic files manually using explorer. There have to be some specific apps that are being installed, can you name them?
And full factory reset did not help you?
Josh Ross said:
Rootkit on an android? Now that's rare. If you tried every conventional method, I doubt anything is going to work. You can try disconnecting from the internet, check your running processes and services, kill them if found, scan with Malwarebytes and attempt to locate problematic files manually using explorer. There have to be some specific apps that are being installed, can you name them?
And full factory reset did not help you?
Click to expand...
Click to collapse
full factory reset doesn't work
idk what is rootkit , but yeah im already disconect my internet , i'm already scan and this is what i found ,
imagebam. com/image/a5668f584241333
imagebam. com/image/80f2c2584241513
imagebam. com/image/77efcb584241423
(i can't post link)
i mean this malware infected setting so it change system (like permission to install from outside play store) also my setting icon changed too
here is list apps being installed : uc browser , ucnews , some cleaner , some launcher and lock screen
Related
hey all,
first post, apologies if this might be in the wrong place.
i've just picked up the kobo vox, and it's awesome, but i can't figure out how to get the android market running. i've got the apk installed, but the device doesn't give me the option to add a google account. the kobo vox explicitly says it supports the android marketplace, so i'm hoping i'm doing something wrong.
thanks!
I'm in the same state. I've looked about and managed to use some of Cyanogen's packages to install a few core stuff like the framework and the market app itself, but trying to run the Market asks me to register a Google account, which always fails saying there was a connection issue. On a further reboot android.process.acore decided to crash every five seconds and I had to reset the device to factory settings.
This kinda sucks because the device is fairly solid, but the default "market" is a joke. I'm already annoyed by the fairly large amount of preinstalled apps (which can't be uninstalled, as usual), but not having proper Market access would probably be a deal killer.
Please use the Q&A Forum for questions Thanks
Moving to Q&A
What about Rooting?
I have run into the same problem. I think that before you can install the full android market we will have to Root the tablet. Has anyone tried the Gingerbreak.apk? Or is there some other way to Root the tablet?
Syncmaster700nf said:
I have run into the same problem. I think that before you can install the full android market we will have to Root the tablet. Has anyone tried the Gingerbreak.apk? Or is there some other way to Root the tablet?
Click to expand...
Click to collapse
I've tried GingerBreak on my Kobo Vox and it seems to have installed, however I'm not certain the SU access is working properly. When I try repairing permissions in ROM Manager, I get the message "An Error occured trying to run priviledged commands!". It also fails when I try to backup my ROM.
This is honestly the first Android device I've ever owned so I'm not certain that I'm doing everything correctly. I did make sure to allow SuperUser permissions to ROM Manager, but I'm still getting errors. Any help from a Veteran Android user would be appreciated.
Can't get past the Android Login
After rooting and installing Busybox I was able to install the Android Market but every time I try to login the app will not connect to the Market to confirm my ID, it seems to time out. Any Ideas on what I can try?
Turns out my inability to repair permissions was simply due to me not having busybox installed. I can attest that GingerBreak does successfully root the tablet.
I'm hoping I can find a way to install Clockwordmod recovery in order to install the google apps from CM7. I tried simply copying the files into place without success.
So, did you manage to install busybox? What version and where?
Tell me if you manage to install the recovery, the vox don't seem to have one by default.
If we manage to install all the google app and the googleframeworkservice, that would make the tablet a lot better and give the possibility to install the android market.
I was able to install busybox 4.3 /system/xbin. I do not know about a recovery mode but I did manage to put the tablet into "Safe Mode" after it do stock in a loop at bootup but I am not sure how I did it. According to user help you can not update the firmware from the SDcard.
Have you tried to install Clockwordmod?
I managed to install the googleserviceframework, but I need to install some other thing that don't want to install.
I also manage to install youtube (the real one) and it work great, I just can't sign in...
In the accounts & sync settings section, I can create a google account, but It can't communicate with the google server to set up the account, it give me the error:
"Can't establish a reliable data connection to the server."
It's probably cause by some app that I didn't manage to install yet, like "onetimeinitializer", "googlepartnersetup" and some other...
I've managed to install Busybox, but have yet been unsuccessful installing the Google Framework.
I was able to install the Clockwordmod, but I have yet to find a phone or tablet on it's list that is compatible with the Kobo Vox. I'm going to do my research to see if any phones or tablets have similar specs to the Vox and see if that will work. So far I've just been picking at random and trying it.
Try the B & N Nook Color - same CPU, Memory & screen size.
That was my first thought. Unfortunately no luck. With a couple of them I can seem to get them start loading as if they're going into an update but it always errors out. I'm now just systematically going through the list and driving every version.
If you attempt to install a version of Clockwork made for another device, you'll brick it.
Don't forget that after dropping in the files to the various system directories, you also have to set permit permissions properly.
Also, would be good to request a Kobo Vox forum here: http://forum.xda-developers.com/showthread.php?t=1301121
If anyone in this thread is actually a developer who knows how to compile and so forth, Koush has a brief guide to porting Clockwork:
http://www.koushikdutta.com/2010/10/porting-clockwork-recovery-to-new.html
Manual Configuration is a must have option. Thanks
wow, pretty lame that the android market seems not to be supported despite it being touted as an official feature
on a side note, has anyone figured out how to change or remove that default dock (without rooting)? it's kind of a pain in the ass.
I've installed a couple dozen different clockwork of recoveries so far and haven't bricked it yet but maybe I should quit while I'm ahead. I'd rather not brick my shiny new Kobo.
Need Kernal Version & Build Number
I have to return my Kobo Vox because the speaker is not working. Under Privacy Settings I have done a Factory Data Reset but I am still showing the Super Icon. Does anyone have a copy of the original firmware or know how to unroot the device?
jakeopolis said:
wow, pretty lame that the android market seems not to be supported despite it being touted as an official feature
on a side note, has anyone figured out how to change or remove that default dock (without rooting)? it's kind of a pain in the ass.
Click to expand...
Click to collapse
Official marketing material says apps but doesn't say Android Market. Some media outlets misquoted and wrote Market falsely.
Sent from my Nook Color!
Syncmaster700nf said:
I have to return my Kobo Vox because the speaker is not working. Under Privacy Settings I have done a Factory Data Reset but I am still showing the Super Icon. Does anyone have a copy of the original firmware or know how to unroot the device?
Click to expand...
Click to collapse
Factory Reset just clears the data partition but doesn't reset the system partition.
Until someone properly compiles a custom recovery or finds a stock reset file, there's no safe way back.
Sent from my Nook Color!
I have oplus Xonphone 5 (Android 4.4.2). My phone is having virus/malware which have accessed root permission and made itself a system apps and now they are automatically turning wifi on/off and downloading tons of other apps (e.g. Hot cam, UC news, Ram booster etc.). Whenever i open running apps there are System.bin and systemMultimedi are running and consuming battery. sometimes they close all other apps and download malware. I have tries following thing which didn't solve my problem:
1. Soft and Hard resetting of phone.
2. Rooted my phone and using root browser tried to delete/Uninstall these files(viruses).
3. Tried uninstall all newly installed system apps by using Kingroot but they again showed up.
3. Cleared the cache partition and then hard reseted phone.
4. tried to flash the ROM but failed.
Please help me recover my phone . Thank you in advance.
Paresh42 said:
I have oplus Xonphone 5 (Android 4.4.2). My phone is having virus/malware which have accessed root permission and made itself a system apps and now they are automatically turning wifi on/off and downloading tons of other apps (e.g. Hot cam, UC news, Ram booster etc.). Whenever i open running apps there are System.bin and systemMultimedi are running and consuming battery. sometimes they close all other apps and download malware. I have tries following thing which didn't solve my problem:
1. Soft and Hard resetting of phone.
2. Rooted my phone and using root browser tried to delete/Uninstall these files(viruses).
3. Tried uninstall all newly installed system apps by using Kingroot but they again showed up.
3. Cleared the cache partition and then hard reseted phone.
4. tried to flash the ROM but failed.v
Please help me recover my phone . Thank you in advance.
Click to expand...
Click to collapse
This is really a big problem and if not solved soon you will be in great trouble
I suggest you to first uninstall root and then flash the stock rom again
This is the last option I have
I dont think you can do anything beyond that
Regards milkyway3
---------- Post added at 07:04 AM ---------- Previous post was at 06:59 AM ----------
I will also suggest few senior members whom I know to solve your problem as soon as possible
This could even be a police case if the malware tries to do something beyond this
If you think something more suspicious than just downloading appps and toggling settings
Then I would highly recommend you to switch off your device and keep it aside until you find a solution at xda
Regards milkyway3
Phone leagoo m5, fw latest official based on freemeos. Reflashed latest rom, installed only apps which i used long time without any ads and still grtting annoying full screen ad which can't be closed 10seconds. Phone rooted, but none app aaked/granted root permissions. My only though that it's caused by os itself. There are 2 weird apps: "settings"(can be deleted, but restores after some time. Not weird settinga app(definetely part of os}) shows translated name "nustatymai") other is "app store" can't even delete. Eg. In screenshot imgur dot com/a/btCfz ad appears from time to time even if none apps is opened
gymka said:
Phone leagoo m5, fw latest official based on freemeos. Reflashed latest rom, installed only apps which i used long time without any ads and still grtting annoying full screen ad which can't be closed 10seconds. Phone rooted, but none app aaked/granted root permissions. My only though that it's caused by os itself. There are 2 weird apps: "settings"(can be deleted, but restores after some time. Not weird settinga app(definetely part of os}) shows translated name "nustatymai") other is "app store" can't even delete. Eg. In screenshot imgur dot com/a/btCfz ad appears from time to time even if none apps is opened
Click to expand...
Click to collapse
You probably used Kingroot or Kingoroot to root your device and it installed malware/adware apps your system partition. Flashing stock firmware probably doesn't wipe system during flashing instead of removing those apps and factory resetting won't work because the apps are in system and factory reset doesn't touch system, it only wipes the user partition.
If none of your apps are requesting root permission then I'd say you lost root and need to root the device again.
Try MalwareBytes app to remove those apps. If that doesn't work you need to get the device properly rooted and then look in your system/app or system/priv-app folder and delete those apps.
I DO NOT PROVIDE HELP IN PM, KEEP IT IN THE THREADS WHERE EVERYONE CAN SHARE
From twrp, wipe system and flash some rom
Sent from this galaxy
pr1jker said:
From twrp, wipe system and flash some rom
Sent from this galaxy
Click to expand...
Click to collapse
That can work...........
But.......
Assuming there are ROMs available and assuming they want to use a ROM. But what if they don't want TWRP or a custom ROM? What if they want to stay with what they have?
I DO NOT PROVIDE HELP IN PM, KEEP IT IN THE THREADS WHERE EVERYONE CAN SHARE
Looks like adware installed by root app. "Supersu" caused problems. Kaspersky/malwarebytes and few other random AV didn't found any issues, then i searched with "dr. Web" it found 4 threats i deleted them(with twrp, dr web not offered option to delete) and no more issues. Thanks for pointing to right direction.
gymka said:
Looks like adware installed by root app. "Supersu" caused problems. Kaspersky/malwarebytes and few other random AV didn't found any issues, then i searched with "dr. Web" it found 4 threats i deleted them(with twrp, dr web not offered option to delete) and no more issues. Thanks for pointing to right direction.
Click to expand...
Click to collapse
Just remember, this is typical behaviour when using Chinese rooting apps and other Chinese softwares, pretty much all of them come with unwanted extras that hide themselves in your system. China is the hacker think tank of the world, they design software to invade devices and steal personal information.
I DO NOT PROVIDE HELP IN PM, KEEP IT IN THE THREADS WHERE EVERYONE CAN SHARE
wiped everything with all possible tools which twrp offers(even sdcard), then installed rom and twrp with sp flash tool(all tools took from xda or xda forum links) and adware still exist. searched google and it's not only mine problem a lot of people complains about same "triada" from stock firmware. found workaround and it fixed problem, but still need normal fix.
only few people complains about it... noone from xda don't use last firmware on leagoo m5?
i still not rooted phone, but adware already recreates it after each reboot antimalware apps only detects created bad app and deletes it, but none app can remove virus itself only it's consequences
workaround: create file /storage/emulated/0/.SDAndroid and chmod to 0600; and file /storage/emulated/0/.jm with same permssions. virus won't create folder with that name so he stops recreating it's files
I found out this little fella under system apps first, I deleted, then somehow it installed it self back to user apps, and giving plenty of permissions to it self, like make calls, read send sms, mms, internet. Dr. Web or Malwarebytes didn't notice this fella but it is pretty suspicious. I freeze it. Because uninstalling doesn't work, it installed it self back after few hours. It disguise it self as an google service also.
System
Android 6.0 aosp base, homtom zoji z6, Stock except supersu. But it was there before rooting. File attached below
https://drive.google.com/file/d/0B2-w2KbX27LtMzdYczhjYzFJcTA/view?usp=drivesdk
asterius said:
I found out this little fella under system apps first, I deleted, then somehow it installed it self back to user apps, and giving plenty of permissions to it self, like make calls, read send sms, mms, internet. Dr. Web or Malwarebytes didn't notice this fella but it is pretty suspicious. I freeze it. Because uninstalling doesn't work, it installed it self back after few hours. It disguise it self as an google service also.
System
Android 6.0 aosp base, homtom zoji z6, Stock except supersu. But it was there before rooting. File attached below
https://drive.google.com/file/d/0B2-w2KbX27LtMzdYczhjYzFJcTA/view?usp=drivesdk
Click to expand...
Click to collapse
Root your phone, you will be able to uninstall it then. Otherwise, factory reset your phone, however, I doubt whether factory reset would work on this chap.
Mate, it is already rooted. And I can Uninstall it, but it comes back after few hours later. It came with factory state rom, so factory reset is not an solution.
I wanted to warn community about this malware also
Thanks for the info
Damn thing is on my ZOJI Z7 too.
Didn't rooted the phone, but tried everything else.
Keeps coming back whatever I do.
asterius said:
I found out this little fella under system apps first, I deleted, then somehow it installed it self back to user apps, and giving plenty of permissions to it self, like make calls, read send sms, mms, internet. Dr. Web or Malwarebytes didn't notice this fella but it is pretty suspicious. I freeze it. Because uninstalling doesn't work, it installed it self back after few hours. It disguise it self as an google service also.
System
Android 6.0 aosp base, homtom zoji z6, Stock except supersu. But it was there before rooting. File attached below
https://drive.google.com/file/d/0B2-w2KbX27LtMzdYczhjYzFJcTA/view?usp=drivesdk
Click to expand...
Click to collapse
Does sound fishy..
You could alwys try flashing a custom rom
kushfighter2 said:
Does sound fishy..
You could alwys try flashing a custom rom
Click to expand...
Click to collapse
I wish there was a custom rom for my device. Indeed it is an exotic device, couldn't find any custom rom.
This is really fishy, check out the attachment, now some how an app trying to install it self but android permissions prevent it. It pops up randomly during daily use, couldn't find the root of it.
If you know how to post a log file, please do
Or see google .It will be much easier for everyone to see exactly what is happening
Else you can try to root, and in superSU select the option "trust system app"
So you have to select each system app for it to get root permission
Select which one is doing this and bam! Uninstall.
But I recommend you make a backup
Sonkilli said:
Damn thing is on my ZOJI Z7 too.
Didn't rooted the phone, but tried everything else.
Keeps coming back whatever I do.
Click to expand...
Click to collapse
asterius said:
I wish there was a custom rom for my device. Indeed it is an exotic device, couldn't find any custom rom.
This is really fishy, check out the attachment, now some how an app trying to install it self but android permissions prevent it. It pops up randomly during daily use, couldn't find the root of it.
Click to expand...
Click to collapse
A guy on the Zoji Z7 thread says ads stop if you disable turbobattery & keyboard
https://forum.xda-developers.com/general/general/zoji-z7-4g-smartphone-t3613364/page2
Edit try debloater to freeze app if not rooted, my links in this post https://forum.xda-developers.com/general/security/malware-disguised-app-how-to-remove-t3686283
No guarantee it will work, well act least rooting this phone is possible
I have this one to, and have the same problem. I have located the issue to the launcher. It seems that that's the one downloading the malware and installs it. I installed a firewall to block Internet access to it, and got rid of the problem. Unfortunately there's no way to freeze the launcher. I use another one anyway though.
---------- Post added at 10:23 PM ---------- Previous post was at 10:20 PM ----------
asterius said:
Mate, it is already rooted. And I can Uninstall it, but it comes back after few hours later. It came with factory state rom, so factory reset is not an solution.
I wanted to warn community about this malware also
Click to expand...
Click to collapse
You have rooted Zoji Z6? How you do that, haven't found any rooting solution myself yet.
zynexx said:
I have this one to, and have the same problem. I have located the issue to the launcher. It seems that that's the one downloading the malware and installs it. I installed a firewall to block Internet access to it, and got rid of the problem. Unfortunately there's no way to freeze the launcher. I use another one anyway though.
---------- Post added at 10:23 PM ---------- Previous post was at 10:20 PM ----------
You have rooted Zoji Z6? How you do that, haven't found any rooting solution myself yet.
Click to expand...
Click to collapse
I have a rooting guide for Z6, @chinadevices.com forum, also files that you will need for. Also same instructions of me at forum hovatek
asterius said:
I have a rooting guide for Z6, @chinadevices.com forum, also files that you will need for. Also same instructions of me at forum hovatek
Click to expand...
Click to collapse
Crap! It worked! Thanks a million, time to debloat it
Hello, Im a user of an Innjoo Halo 4 and today Clean Master found a trojan called pservices, I deleted it but it comes again. Next y used Avast and Kaspersky too, but they didnt found anything. Anyone whith the same problem?
marracio said:
Hello, Im a user of an Innjoo Halo 4 and today Clean Master found a trojan called pservices, I deleted it but it comes again. Next y used Avast and Kaspersky too, but they didnt found anything. Anyone whith the same problem?
Click to expand...
Click to collapse
Don't delete it, disable it (if you can) then it won't be active & it shouldn't come back.
It may be a false positive or a new variant or even that some AV companies may not flag it if it's official app from manufacturer, despite it's behaviour. Check or submit it to virustotal & see who & how many AV companies flag it, make a decision, if you haven't already.
I have rooted my Z6, and removed almost every system app that is not crucial to the system. The malware still appears. It seems that it's embedded deep inside the system and the only option is to flash the entire firmware with someting else to get rid of it. What I know of, there is no AOSP for this device.
My conclusion? Never ever by a China developed mobile. This was my first one, and definitely my last.
More news
Hello. Before I talked about the same virus, but today I saw that the virus (before disable) has uninstall it self and it install 2 programs more called: com.apply.googlea.cation2 and com.apps.systom.sulots
I know that this is very rare.
I disable the 2 apps.
Any suggestion?
I can say, Chinese mtk devices are ground zero for this pservices malware. And yet it is very strange for me to first to mention this malware at xda quite possibly on the internet.
It is been a month almost but no real solution from known security companies. Only malwarebytes suggest to uninstall, and only malwarebytes catches it. And it is not a false positive believe me! This is new and real.
Best I can suggest is to disable pservices and install malwarebytes with real-time scan on also Netguard by M.Bokhorst to control what is communicating with internet.
Regards.
Edit : also forgot to mention all adups.fota update etc. any app with adups and fota name in it should be uninstalled, disabling doesn't work. That helps a little bit, but still keeps background com.
This is worst than we thougth.
Today i scan my mobile with malwarebytes an it found 2 versions of Guerrilla malware and 1 of Riskware.
I think PServices is evolving into many other virus.
I have a theory, I dont know if this is posible but here is. There are some filles that controls the status of PServices, If it is disable it ejecutates a backup from the cloud or something like this.
I dont know what this virus can do, but anything good.
In this moment Guerrilla is inside the microSD and I coud disable the riskware (Inside the sistem is colled FotaProvider)
This could be something big and dangerous.
marracio said:
Hello. Before I talked about the same virus, but today I saw that the virus (before disable) has uninstall it self and it install 2 programs more called: com.apply.googlea.cation2 and com.apps.systom.sulots
I know that this is very rare.
I disable the 2 apps.
Any suggestion?
Click to expand...
Click to collapse
I think more likely you have another virus, probably a China centric one... not surprising on aChinese phone
http://www.hisecuritylab.com/reportsDetail/1/5BC56A5338116DF4C9CD85DEA28CAA55
I have the same Zoji Z6 phone and a similar problem regarding loads of adware and slow down. Is there any malware-free ROM out there yet for this phone ?
I was installed some s8 random apps (downloaded from appmirror) by the following tricks from this forum.
Quote:
Originally Posted by Vyshakh Babu
I'm done it on my non-rooted S7 edge
These are the steps I done
1. Add a shortcut of the apk to the home screen from the my files app
2.Power off the phone.
3. Cleared the cache partition.
4. Restarted the phone.
5. Quickly installed the Apk by accessing the shortcut from home screen.
(Now it's installed )
6. But the launcher keeps force stopping.
So I cleared touchwiz home's data and cache from app manager.
7. Now it's working fine.
I also installed Bixby app through the same process.
Hope this solution works for all those who face the conflicting signature problem.
Click to expand...
Click to collapse
For some reason i was reset(hard) my phone (by wiping data + cash partition). After successfully reset when device is turned on i found an unexpected error like below:
Device Locked
Device Management has restricted certain features on your device.
Please contact the administrator to re-install Device Management to recover your restriction.
Now I can't access CAMERA(security policy restricted camera), SD-Card not found(showing not inserted), Bluetooth is also disabled. USB-debug is also disabled although DEVELOPER OPTIONS is enabled. Screen-shoot is also disabled. I have flashed my mobile multiple times after that occurrence with proper updated files(AP,BL,CP,CSC,pit). But my problem is still remain. I really don't know what to do. Plz help me out. Thanks in advanced.
N.B: I have also used a fresh gmail account but problem still remain. I have a backup EFS folder but i can't root my phone as usb-debug is disabled. I was tried multiple times to root my phone by CF-Auto root for sm-g930k but it stuck on KT logo and as a result i have flashed it again and again. :crying:
Sorry for my bad english.
Sent from my SM-G930K