I found out this little fella under system apps first, I deleted, then somehow it installed it self back to user apps, and giving plenty of permissions to it self, like make calls, read send sms, mms, internet. Dr. Web or Malwarebytes didn't notice this fella but it is pretty suspicious. I freeze it. Because uninstalling doesn't work, it installed it self back after few hours. It disguise it self as an google service also.
System
Android 6.0 aosp base, homtom zoji z6, Stock except supersu. But it was there before rooting. File attached below
https://drive.google.com/file/d/0B2-w2KbX27LtMzdYczhjYzFJcTA/view?usp=drivesdk
asterius said:
I found out this little fella under system apps first, I deleted, then somehow it installed it self back to user apps, and giving plenty of permissions to it self, like make calls, read send sms, mms, internet. Dr. Web or Malwarebytes didn't notice this fella but it is pretty suspicious. I freeze it. Because uninstalling doesn't work, it installed it self back after few hours. It disguise it self as an google service also.
System
Android 6.0 aosp base, homtom zoji z6, Stock except supersu. But it was there before rooting. File attached below
https://drive.google.com/file/d/0B2-w2KbX27LtMzdYczhjYzFJcTA/view?usp=drivesdk
Click to expand...
Click to collapse
Root your phone, you will be able to uninstall it then. Otherwise, factory reset your phone, however, I doubt whether factory reset would work on this chap.
Mate, it is already rooted. And I can Uninstall it, but it comes back after few hours later. It came with factory state rom, so factory reset is not an solution.
I wanted to warn community about this malware also
Thanks for the info
Damn thing is on my ZOJI Z7 too.
Didn't rooted the phone, but tried everything else.
Keeps coming back whatever I do.
asterius said:
I found out this little fella under system apps first, I deleted, then somehow it installed it self back to user apps, and giving plenty of permissions to it self, like make calls, read send sms, mms, internet. Dr. Web or Malwarebytes didn't notice this fella but it is pretty suspicious. I freeze it. Because uninstalling doesn't work, it installed it self back after few hours. It disguise it self as an google service also.
System
Android 6.0 aosp base, homtom zoji z6, Stock except supersu. But it was there before rooting. File attached below
https://drive.google.com/file/d/0B2-w2KbX27LtMzdYczhjYzFJcTA/view?usp=drivesdk
Click to expand...
Click to collapse
Does sound fishy..
You could alwys try flashing a custom rom
kushfighter2 said:
Does sound fishy..
You could alwys try flashing a custom rom
Click to expand...
Click to collapse
I wish there was a custom rom for my device. Indeed it is an exotic device, couldn't find any custom rom.
This is really fishy, check out the attachment, now some how an app trying to install it self but android permissions prevent it. It pops up randomly during daily use, couldn't find the root of it.
If you know how to post a log file, please do
Or see google .It will be much easier for everyone to see exactly what is happening
Else you can try to root, and in superSU select the option "trust system app"
So you have to select each system app for it to get root permission
Select which one is doing this and bam! Uninstall.
But I recommend you make a backup
Sonkilli said:
Damn thing is on my ZOJI Z7 too.
Didn't rooted the phone, but tried everything else.
Keeps coming back whatever I do.
Click to expand...
Click to collapse
asterius said:
I wish there was a custom rom for my device. Indeed it is an exotic device, couldn't find any custom rom.
This is really fishy, check out the attachment, now some how an app trying to install it self but android permissions prevent it. It pops up randomly during daily use, couldn't find the root of it.
Click to expand...
Click to collapse
A guy on the Zoji Z7 thread says ads stop if you disable turbobattery & keyboard
https://forum.xda-developers.com/general/general/zoji-z7-4g-smartphone-t3613364/page2
Edit try debloater to freeze app if not rooted, my links in this post https://forum.xda-developers.com/general/security/malware-disguised-app-how-to-remove-t3686283
No guarantee it will work, well act least rooting this phone is possible
I have this one to, and have the same problem. I have located the issue to the launcher. It seems that that's the one downloading the malware and installs it. I installed a firewall to block Internet access to it, and got rid of the problem. Unfortunately there's no way to freeze the launcher. I use another one anyway though.
---------- Post added at 10:23 PM ---------- Previous post was at 10:20 PM ----------
asterius said:
Mate, it is already rooted. And I can Uninstall it, but it comes back after few hours later. It came with factory state rom, so factory reset is not an solution.
I wanted to warn community about this malware also
Click to expand...
Click to collapse
You have rooted Zoji Z6? How you do that, haven't found any rooting solution myself yet.
zynexx said:
I have this one to, and have the same problem. I have located the issue to the launcher. It seems that that's the one downloading the malware and installs it. I installed a firewall to block Internet access to it, and got rid of the problem. Unfortunately there's no way to freeze the launcher. I use another one anyway though.
---------- Post added at 10:23 PM ---------- Previous post was at 10:20 PM ----------
You have rooted Zoji Z6? How you do that, haven't found any rooting solution myself yet.
Click to expand...
Click to collapse
I have a rooting guide for Z6, @chinadevices.com forum, also files that you will need for. Also same instructions of me at forum hovatek
asterius said:
I have a rooting guide for Z6, @chinadevices.com forum, also files that you will need for. Also same instructions of me at forum hovatek
Click to expand...
Click to collapse
Crap! It worked! Thanks a million, time to debloat it
Hello, Im a user of an Innjoo Halo 4 and today Clean Master found a trojan called pservices, I deleted it but it comes again. Next y used Avast and Kaspersky too, but they didnt found anything. Anyone whith the same problem?
marracio said:
Hello, Im a user of an Innjoo Halo 4 and today Clean Master found a trojan called pservices, I deleted it but it comes again. Next y used Avast and Kaspersky too, but they didnt found anything. Anyone whith the same problem?
Click to expand...
Click to collapse
Don't delete it, disable it (if you can) then it won't be active & it shouldn't come back.
It may be a false positive or a new variant or even that some AV companies may not flag it if it's official app from manufacturer, despite it's behaviour. Check or submit it to virustotal & see who & how many AV companies flag it, make a decision, if you haven't already.
I have rooted my Z6, and removed almost every system app that is not crucial to the system. The malware still appears. It seems that it's embedded deep inside the system and the only option is to flash the entire firmware with someting else to get rid of it. What I know of, there is no AOSP for this device.
My conclusion? Never ever by a China developed mobile. This was my first one, and definitely my last.
More news
Hello. Before I talked about the same virus, but today I saw that the virus (before disable) has uninstall it self and it install 2 programs more called: com.apply.googlea.cation2 and com.apps.systom.sulots
I know that this is very rare.
I disable the 2 apps.
Any suggestion?
I can say, Chinese mtk devices are ground zero for this pservices malware. And yet it is very strange for me to first to mention this malware at xda quite possibly on the internet.
It is been a month almost but no real solution from known security companies. Only malwarebytes suggest to uninstall, and only malwarebytes catches it. And it is not a false positive believe me! This is new and real.
Best I can suggest is to disable pservices and install malwarebytes with real-time scan on also Netguard by M.Bokhorst to control what is communicating with internet.
Regards.
Edit : also forgot to mention all adups.fota update etc. any app with adups and fota name in it should be uninstalled, disabling doesn't work. That helps a little bit, but still keeps background com.
This is worst than we thougth.
Today i scan my mobile with malwarebytes an it found 2 versions of Guerrilla malware and 1 of Riskware.
I think PServices is evolving into many other virus.
I have a theory, I dont know if this is posible but here is. There are some filles that controls the status of PServices, If it is disable it ejecutates a backup from the cloud or something like this.
I dont know what this virus can do, but anything good.
In this moment Guerrilla is inside the microSD and I coud disable the riskware (Inside the sistem is colled FotaProvider)
This could be something big and dangerous.
marracio said:
Hello. Before I talked about the same virus, but today I saw that the virus (before disable) has uninstall it self and it install 2 programs more called: com.apply.googlea.cation2 and com.apps.systom.sulots
I know that this is very rare.
I disable the 2 apps.
Any suggestion?
Click to expand...
Click to collapse
I think more likely you have another virus, probably a China centric one... not surprising on aChinese phone
http://www.hisecuritylab.com/reportsDetail/1/5BC56A5338116DF4C9CD85DEA28CAA55
I have the same Zoji Z6 phone and a similar problem regarding loads of adware and slow down. Is there any malware-free ROM out there yet for this phone ?
Related
While working on my Toggle 2G app, I found that I can run an app in the CM6 system process by signing it with the CM6 cert. If you download the apk from my app thread, and install it, you will see that the app will have access to your entire phone and all permissions are listed. This is a good thing since it actually tells you that it will have all permissions.
However when I posted this app to the market, and installed it, it only showed the 1 permission! This means that anyone running a custom ROM, like CM6, with a key that is available to anyone can download an app from the market that has full access to your phone without you knowing it.
Discuss....
TheMasterBaron said:
While working on my Toggle 2G app, I found that I can run an app in the CM6 system process by signing it with the CM6 cert. If you download the apk from my app thread, and install it, you will see that the app will have access to your entire phone. This is a good thing!
However when I posted this app to the market, and installed it, it only showed the 1 permission! This means that anyone running a custom ROM, like CM6, with a key that is available to anyone can download an app that has full access to your phone without you knowing it.
Discuss....
Click to expand...
Click to collapse
Have you checked this with TeamDouche?
No, I don't think it specific to CyanogenMod. Any custom ROM signed with a cert that's publicly available could has this problem.
i don't see how that's a good thing...
that is most likely a bad thing considering they can put malicious code into your phone without you even knowing it.
mr_billionaire said:
i don't see how that's a good thing...
that is most likely a bad thing considering they can put malicious code into your phone without you even knowing it.
Click to expand...
Click to collapse
What I was saying is that it's a good thing that if you install the apk from your sd card, you are correctly warned of all the permissions the app will have access to.
It's when installing from the market that you don't get warned of all the permissions the app will have access to. That's the bad thing.
TheMasterBaron said:
What I was saying is that it's a good thing that if you install the apk from your sd card, you are correctly warned of all the permissions the app will have access to.
It's when installing from the market that you don't get warned of all the permissions the app will have access to. That's the bad thing.
Click to expand...
Click to collapse
I don´t like what your saying here...but there´s no way out (yet), right?
I think it would be up to Google to fix the Android Market app to properly list all the permissions an app will inherit instead of just listing the ones that the app has explicitly specified.
Another option is have all ROM coders add code to prevent apps from installing from the market if they share a process with system apps.
the CM team could have the cert only on the build server, it's only accessable by those we trust to build the roms, I'd be happy with that.
Any updates on this issue, as it is a security concern?
Just read the user comments. If it is malicious, people will say so. I never read the permissions anyway.
At the end of download Nod terminates it saying trojan virus ,is it safe to download ?
I have nod32 too and it doesn't say that it's a virus! i flashed the rom there is nothing wrong with it.
Ok ,i saw another user also had the same problem ,maybe it's false as he said. In the sixth post of the thread he wrote:
"Downloading and...
my antivirus report an Android trojan: Plankton.I (variant)
I think I'm not gonna flash...
[EDIT] it's the flash_player_installer.apk who seems to have the trojan"
nedst said:
At the end of download Nod terminates it saying trojan virus ,is it safe to download ?
Click to expand...
Click to collapse
Kingdomds said:
I have nod32 too and it doesn't say that it's a virus! i flashed the rom there is nothing wrong with it.
Click to expand...
Click to collapse
nedst said:
Ok ,i saw another user also had the same problem ,maybe it's false as he said. In the sixth post of the thread he wrote:
"Downloading and...
my antivirus report an Android trojan: Plankton.I (variant)
I think I'm not gonna flash...
[EDIT] it's the flash_player_installer.apk who seems to have the trojan"
Click to expand...
Click to collapse
I flashed the ROM a day ago and my antivirus didn't say anything. However, I opened the Flash Player Installer app after flashing the ROM and ads in the notification tray started to appear. Scaned my phone via Lookout Ad Network detector and it detected Air Push and another thing that I don't remember. Uninstalled the Flash Player installer and no ads in the notification tray anymore. I think the Air Push and the other thing are causing some Antivirus apps to show the installer as a trojan. Just delete the .apk from the .zip in system/apps and it should be everything alright.
Thanks,i can try that ,i am now on desire xs rom ,so far the best( sense) rom for me,and i have a nandroid backup for that and always return to it after trying many .
hi there.
having only had a skim through a few of the samsung s3 developer pages i realise in severely out of my depth here, so please take it easy with me
i have just bought a samsung galaxy s3 and it has been rooted. neatrom v8.2, android 4.3.
i went for the rooted option because i was led to believe that it would then be possible to use something like adblock or ublock [popup blocker] as i use on my laptop. i watch football on a streaming site so adblock [of some kind] is kind of essential.
it came with an adblock app installed but it didnt do the job, and i have since tried a couple of others and neither seemed satisfactory.
so what i need to know is;
1, is it possible to get an adblock type of app [google play store] that will do the job required.
if its not going to be possible to use an ablock popup blocker then will i really need or be able to utilize the functions of the rooted phone. should i just go back to a standard install.
so, my next question is;
2, if i wanted to go back to the original OS is this just a straightforward factory reset, as in accounts>backup and reset>factory data reset>
any help is greatly appreciated.
baitman2006 said:
hi there.
having only had a skim through a few of the samsung s3 developer pages i realise in severely out of my depth here, so please take it easy with me
i have just bought a samsung galaxy s3 and it has been rooted. neatrom v8.2, android 4.3.
i went for the rooted option because i was led to believe that it would then be possible to use something like adblock or ublock [popup blocker] as i use on my laptop. i watch football on a streaming site so adblock [of some kind] is kind of essential.
it came with an adblock app installed but it didnt do the job, and i have since tried a couple of others and neither seemed satisfactory.
so what i need to know is;
1, is it possible to get an adblock type of app [google play store] that will do the job required.
if its not going to be possible to use an ablock popup blocker then will i really need or be able to utilize the functions of the rooted phone. should i just go back to a standard install.
so, my next question is;
2, if i wanted to go back to the original OS is this just a straightforward factory reset, as in accounts>backup and reset>factory data reset>
any help is greatly appreciated.
Click to expand...
Click to collapse
Google play has stopped support for all adblockers as most the the available (free) apps are advertising based Install FDROID (market) on your phone and then install "AdAway" using FDROID.
You should avoid a gactory reset when you're running a custom rom and not familiar with flashing your phone.
For get it back to stock you can download the original Samsung firmware from SamMobile
If you like to use stock Samsung OS, you can also root it easily.
LS.xD said:
Google play has stopped support for all adblockers as most the the available (free) apps are advertising based Install FDROID on your phone and then install "AdAway" using FDROID.
You should avoid a factory reset when you're running a custom rom and not familiar with flashing your phone.
For get it back to stock you can download the original Samsung firmware from SamMobile
If you like to use stock Samsung OS, you can also root it easily.
Click to expand...
Click to collapse
many thanks... :good:
i have just installed fdroid, then from there installed adaway, opened and updated it, so running. i will check it out on a streaming site and see if it does what it says on the tin.
if it works fine then maybe the root will stay.
if not, then what is the issue with going for the factory reset. will it melt the phone?
im a little confused with the last bit, please type sloowwwweeerrr
i can get the samsung firmware [is that the operating system] from sam mobile [as in your link].
are you then saying you can then root the phone to use the samsung firmware, but it will still use fdroid and adaway.
this would have to be super basic for me to even attempt it...
baitman2006 said:
many thanks... :good:
i have just installed fdroid, then from there installed adaway, opened and updated it, so running. i will check it out on a streaming site and see if it does what it says on the tin.
if it works fine then maybe the root will stay.
if not, then what is the issue with going for the factory reset. will it melt the phone?
im a little confused with the last bit, please type sloowwwweeerrr
i can get the samsung firmware [is that the operating system] from sam mobile [as in your link].
are you then saying you can then root the phone to use the samsung firmware, but it will still use fdroid and adaway.
this would have to be super basic for me to even attempt it...
Click to expand...
Click to collapse
You can install the stock Samsung firmware, root the device and install any apps you like. Adblocker for android are doing best with in app advertising. Most websites are spam free, too. If you need a really ad free browser you can try Firefox as it supports plugins and you can install the good old "AdBlockPlus" just like its used in your computer browser.
BTW
If you factory reset a custom rom, you wil probably just have the rom itself, not even google services or play store. As for a custom setup you "pick" all the parts you need/want and install it together using a custom recovery.
LS.xD said:
You can install the stock Samsung firmware, root the device and install any apps you like. Adblocker for android are doing best with in app advertising. Most websites are spam free, too. If you need a really ad free browser you can try Firefox as it supports plugins and you can install the good old "AdBlockPlus" just like its used in your computer browser.
BTW
If you factory reset a custom rom, you wil probably just have the rom itself, not even google services or play store. As for a custom setup you "pick" all the parts you need/want and install it together using a custom recovery.
Click to expand...
Click to collapse
its not really the browser or apps that im so worried about blocking ads from, its when im watching football on a streaming site, the amount of popups for gambling an sexy lady that also try to inflict virus warfare onto you is just unreal.
i will see if the adaway will do its job. if not then maybe i need to consider other options.
thanks again. im sure i will be back for some more parental guidance :highfive:
i now have found out that every time i turn off the phone the message centre number restores to default [not my network] so unless i re-enter the number every time i turn on im unable to send a text message.
o2 are unable to fix it because it seems the root has control of the default functions and settings.
Hello,
I have the problem, that apps like Adblock Plus or Avast Mobile Security do not start automatically after booting the device.
Does anybody know the reason or what to do?
Thank you in advance.
Horst
Horst0113 said:
Hello,
I have the problem, that apps like Adblock Plus or Avast Mobile Security do not start automatically after booting the device.
Does anybody know the reason or what to do?
Thank you in advance.
Horst
Click to expand...
Click to collapse
Go into settings then Startup Manager and enable the apps you want to allow at startup. Then go to permissions manager and select the apps you want to trust.
Hi Horst
where did you buy your GEM-701L?
Thanks. Ralph
ralphrmartin said:
where did you buy your GEM-701L?
Click to expand...
Click to collapse
I bought it from Innova in Germany.
Horst
ajsmsg78 said:
Go into settings then Startup Manager and enable the apps you want to allow at startup. Then go to permissions manager and select the apps you want to trust.
Click to expand...
Click to collapse
Sorry, I don't have the Startup Manager.
Look in GooglePlay for "PM Plus" from Huawei - it's the Permission- and Startup Manager you need.
I have no idea why it isn't as default on the X2
Hi everybody !!
Got my X2 701 today.
After bootloader unlock/recovery&root everything works like a charm,but one thing doesnt...and this is THE KILLER for me.. NO APPS ARE AUTOSTARTING AFTER a reboot.
I have also installed PM plus as I read here ,but no matter what I try.. no apps are autostarting
justin22 said:
Hi everybody !!
Got my X2 701 today.
After bootloader unlock/recovery&root everything works like a charm,but one thing doesnt...and this is THE KILLER for me.. NO APPS ARE AUTOSTARTING AFTER a reboot.
I have also installed PM plus as I read here ,but no matter what I try.. no apps are autostarting
Click to expand...
Click to collapse
Flash it to a 703L B111. B111 fixed a lot of issues and I mean a LOT.
can I flash the 701 to a 703 without troubles/drawbacks ???
justin22 said:
can I flash the 701 to a 703 without troubles/drawbacks ???
Click to expand...
Click to collapse
If you follow the guide you will be able to upgrade with no problems.
I spend the morning reading all there is about 701 to 703.. and its dangerous,and not 100% documented,so I dont dare to do that.
I restored the stock recovery on my 701,I removed su,I wiped the whole thing a few times,and no matter what I do... NO APPS ARE STARTING AFTER A REBOOT...
everything works like a charm,no fc,no errors at ALL,just... when I reboot/turn the thing on.. its loading googleplay/services/gmail/... whatever it came with,but NO 3rd party apps from the store are loading on boot.
I enabled ALL apps in the startup/permission manager... but still they wont load.
WHAT ELSE is there to check/click/switch/do ??(
---------- Post added at 10:25 AM ---------- Previous post was at 09:47 AM ----------
I restored my X2 today ,so no SU/TWRP/... did a full wipe with stock recovery,still the same... I suspect,this isnt a bug... but more a feature.
No matter what I try.. NO APPS are autostarting...
(just the whole system crap like playstore/gmail/google services/bla blabla)
Cant be that Im the ONLY one with this (unsolvable ???) problem ?????
well.. turns out.. nothing is unsolveable.. besides curing human stupidity.. and NO.. Im not talking about myself
If you want an app to be 100% sure its loading when you turn on your phone or reboot it => you have to convert the app with Titanium Backup to a SYSTEM APP.
(so basically TiB just moves the .apk into system/app).
Be sure to reboot afterwards,as otherwise the app is gone from your launcher.
I tested this with 3 apps (afWALL+/allinONEgestures/wifiONoff) and all three NEVER started after a cold/warm/lukeWarm(re)BOOT,and after converting them with TiB,all 3 start now everytime.
so maybe I was/am the only one who was annoyed by this BOOTloadingBUG,but with this workaround its solved for me !
justin22 said:
well.. turns out.. nothing is unsolveable.. besides curing human stupidity.. and NO.. Im not talking about myself
If you want an app to be 100% sure its loading when you turn on your phone or reboot it => you have to convert the app with Titanium Backup to a SYSTEM APP.
(so basically TiB just moves the .apk into system/app).
Be sure to reboot afterwards,as otherwise the app is gone from your launcher.
I tested this with 3 apps (afWALL+/allinONEgestures/wifiONoff) and all three NEVER started after a cold/warm/lukeWarm(re)BOOT,and after converting them with TiB,all 3 start now everytime.
so maybe I was/am the only one who was annoyed by this BOOTloadingBUG,but with this workaround its solved for me !
Click to expand...
Click to collapse
That explain a lot of the trouble I experienced with my X2 device.
And, yes, I agree with you about human stupidity (growing more and more around us).
Thanks for your explanation of this BUG !.
Phone leagoo m5, fw latest official based on freemeos. Reflashed latest rom, installed only apps which i used long time without any ads and still grtting annoying full screen ad which can't be closed 10seconds. Phone rooted, but none app aaked/granted root permissions. My only though that it's caused by os itself. There are 2 weird apps: "settings"(can be deleted, but restores after some time. Not weird settinga app(definetely part of os}) shows translated name "nustatymai") other is "app store" can't even delete. Eg. In screenshot imgur dot com/a/btCfz ad appears from time to time even if none apps is opened
gymka said:
Phone leagoo m5, fw latest official based on freemeos. Reflashed latest rom, installed only apps which i used long time without any ads and still grtting annoying full screen ad which can't be closed 10seconds. Phone rooted, but none app aaked/granted root permissions. My only though that it's caused by os itself. There are 2 weird apps: "settings"(can be deleted, but restores after some time. Not weird settinga app(definetely part of os}) shows translated name "nustatymai") other is "app store" can't even delete. Eg. In screenshot imgur dot com/a/btCfz ad appears from time to time even if none apps is opened
Click to expand...
Click to collapse
You probably used Kingroot or Kingoroot to root your device and it installed malware/adware apps your system partition. Flashing stock firmware probably doesn't wipe system during flashing instead of removing those apps and factory resetting won't work because the apps are in system and factory reset doesn't touch system, it only wipes the user partition.
If none of your apps are requesting root permission then I'd say you lost root and need to root the device again.
Try MalwareBytes app to remove those apps. If that doesn't work you need to get the device properly rooted and then look in your system/app or system/priv-app folder and delete those apps.
I DO NOT PROVIDE HELP IN PM, KEEP IT IN THE THREADS WHERE EVERYONE CAN SHARE
From twrp, wipe system and flash some rom
Sent from this galaxy
pr1jker said:
From twrp, wipe system and flash some rom
Sent from this galaxy
Click to expand...
Click to collapse
That can work...........
But.......
Assuming there are ROMs available and assuming they want to use a ROM. But what if they don't want TWRP or a custom ROM? What if they want to stay with what they have?
I DO NOT PROVIDE HELP IN PM, KEEP IT IN THE THREADS WHERE EVERYONE CAN SHARE
Looks like adware installed by root app. "Supersu" caused problems. Kaspersky/malwarebytes and few other random AV didn't found any issues, then i searched with "dr. Web" it found 4 threats i deleted them(with twrp, dr web not offered option to delete) and no more issues. Thanks for pointing to right direction.
gymka said:
Looks like adware installed by root app. "Supersu" caused problems. Kaspersky/malwarebytes and few other random AV didn't found any issues, then i searched with "dr. Web" it found 4 threats i deleted them(with twrp, dr web not offered option to delete) and no more issues. Thanks for pointing to right direction.
Click to expand...
Click to collapse
Just remember, this is typical behaviour when using Chinese rooting apps and other Chinese softwares, pretty much all of them come with unwanted extras that hide themselves in your system. China is the hacker think tank of the world, they design software to invade devices and steal personal information.
I DO NOT PROVIDE HELP IN PM, KEEP IT IN THE THREADS WHERE EVERYONE CAN SHARE
wiped everything with all possible tools which twrp offers(even sdcard), then installed rom and twrp with sp flash tool(all tools took from xda or xda forum links) and adware still exist. searched google and it's not only mine problem a lot of people complains about same "triada" from stock firmware. found workaround and it fixed problem, but still need normal fix.
only few people complains about it... noone from xda don't use last firmware on leagoo m5?
i still not rooted phone, but adware already recreates it after each reboot antimalware apps only detects created bad app and deletes it, but none app can remove virus itself only it's consequences
workaround: create file /storage/emulated/0/.SDAndroid and chmod to 0600; and file /storage/emulated/0/.jm with same permssions. virus won't create folder with that name so he stops recreating it's files