I have a Xgody X200 MKT android manufactured by Zoppo. running 6.0 marshmellow. MT6735 chipset. My question is: I have 3 apps that keep downloading to my phone.
1. Chomes [logo looks similar to chrome.
2. Mail [ looks the same as Gmail but logo is blue and white instead of red and white.
3. Settings [ logo looks the the same]
I have manually uninstalled them only to have them reappear in 5 minutes or so.
So I decided to get Norton security. Norton detected them as malware and I have to uninstall them. My event log for having to remove them is insane! These apps started showing up 3 weeks ago. Any ideas as to how to permanently get rid of them? Thanks.
H779 said:
I have a Xgody X200 MKT android manufactured by Zoppo. running 6.0 marshmellow. MT6735 chipset. My question is: I have 3 apps that keep downloading to my phone.
1. Chomes [logo looks similar to chrome.
2. Mail [ looks the same as Gmail but logo is blue and white instead of red and white.
3. Settings [ logo looks the the same]
I have manually uninstalled them only to have them reappear in 5 minutes or so.
So I decided to get Norton security. Norton detected them as malware and I have to uninstall them. My event log for having to remove them is insane! These apps started showing up 3 weeks ago. Any ideas as to how to permanently get rid of them? Thanks.
Click to expand...
Click to collapse
you will have to kill them first then remove them
if you can post the log to see what's happening exactly
the log only shows how many times these malwares have been uninstalled. Can you tell me how to kill them on this MKT device? Thanks for getting back to me.
H779 said:
the log only shows how many times these malwares have been uninstalled. Can you tell me how to kill them on this MKT device? Thanks for getting back to me.
Click to expand...
Click to collapse
what are the names of the 3 packages ??
can you check, by the way are you rooted ?
i cleared the log but as I said it just says uninstall over and over again. I am not rooted, in fact I posted in answers and questions was there anything current for rooting newer MTK devices. I've tried MTKDroid, Kingroot ect. but they didn't work. The ones I used are dated 2012-2013. I need root in order to find out more in depth. But as of yesterday I haven't heard back on that post. Thanks
Related
A few days ago out of the blue my homepage in Chrome was changed from https://www.google.com to http://portal.fly2tech.com/?channel=13#!/, without me doing so. So i ran a malware check with Malwarebytes and nothing, so better safe than sorry i start looking at apps, com.android.partnerbrowsercustomizations.example is showing as a normal app, whereas before it was a hidden system app. My phone is running stock MM 6.0.1 with Nov 2016 security patches. Not rooted with stock recovery. As a precaution I did a factory reset, and everything was fine then just about an hour ago it changed again, to the fly2tech portal as homepage, i went into apps and the com.android.partnerbrowsercustomizations.example program was showing again, i selected the three dot menu in upper right and clicked uninstall update, at which point i was prompted if i wanted to revert a system app to previous version, I clicked yes, and it disappeared from apps back to hidden system app. I uninstalled chrome just to make sure I was getting a clean copy and so far no more fly2tech portal. I have fired off a support request to Alcatel. I certainly hope they are not pushing this garbage out to customers. Or there is a vulnerability that needs fixed!!! A google search has indicated this has happened to one touch devices from all I have seen....
Anybody else having this problem??
oops, Clicking that link crashed a few apps on my Chrome. Weird how that could be an Alcatel thing.
Huskied said:
oops, Clicking that link crashed a few apps on my Chrome. Weird how that could be an Alcatel thing.
Click to expand...
Click to collapse
It did it again, i rolled back system app, they have also pushed an update to their updater app, I have disabled automatic updating of system and system apps, hopefully it doesn't do it again. I called Alcatel support today, they didn't deny it was them, but they created a ticket and will get back with me.
So I just got a phone call from Alcatel support, they are investigating, the guy said they are in touch with the dept in charge of FOTA updates to see if its something they are pushing or if there is a vulnerability at play. At least they are interested enough to actually call me for details....
Interesting....
That's what is usurp my stock browser for over a month. I set homepage to google.com but it'salways changed autonomous to this portal thing. It's like some mw on Windows doing it's job. Weird.
Sent from my 6045K using Tapatalk
Nikola Jovanovic said:
That's what is usurp my stock browser for over a month. I set homepage to google.com but it'salways changed autonomous to this portal thing. It's like some mw on Windows doing it's job. Weird.
Click to expand...
Click to collapse
At this point I'm convinced Alcatel is pushing the customization, via the system update, and not any malware.... But they have no right to choose my homepage. I have blocked automatic updates to system and system apps so I'm going to run a few days and see if that fixes it...
I'm not sure that is the case cause mine have been disabled long time before this happened...
Sent from my 6045K using Tapatalk
Nikola Jovanovic said:
I'm not sure that is the case cause mine have been disabled long time before this happened...
Click to expand...
Click to collapse
Well the problem has not repeated itself, since disabling automatic system app updates. I'm still waiting to hear back from Alcatel USA. I find it hard to believe they would force a customization on a phone that is not subsidized, and I could be entirely wrong about it being them, regardless if it's them or not, I don't think I should be forced into using a portal that keeps resetting itself to the homepage. If it's Alcatel, they need to stop, if it's a security vulnerability I hope they patch it.
I doesn't make sense. I've checked my updates to found out that i freezed the update app in titanium backup prior this homepage changes.
Sent from my 6045K using Tapatalk
Nikola Jovanovic said:
I doesn't make sense. I've checked my updates to found out that i freezed the update app in titanium backup prior this homepage changes.
Click to expand...
Click to collapse
Well i spoke too soon, it has happened again, i guess until I get an answer I'm, just going to have to keep uninstalling updates to com.android.partnerbrowsercustomizations.example. which really stinks. If it gets too bothersome I'll just get a new phone
Weird stuff. I'm looking towards note7r
Sent from my 6045K using Tapatalk
So Alcatel wants to send me another Idol 3 and wants to analyze my current phone... I'm glad they are taking this seriously
I have just discovered the same thing on mine. I'm going to freeze com.android.partnerbrowsercustomizations.example in Titanium Backup, and see what happens.
Fiasco said:
I have just discovered the same thing on mine. I'm going to freeze com.android.partnerbrowsercustomizations.example in Titanium Backup, and see what happens.
Click to expand...
Click to collapse
I have to call back the rep from alcatel us support Tomorrow afternoon, they want to examine my phone, not sure how comfortable I am sending my phone back to them, I will remove as much sensitive info as I can, but don't want to strip it bare, I want them to get to the bottom of the problem, but not sure how invasive they will be, but if it helps to stop the problem I guess it's worth it.... They are going to send me another Idol 3 to use while they investigate.... I thought about just doing an OOB restore via Mobile Upgrade Q, but if it's a vulnerability eventually it will creep back up on me, I guess the best bet for all of us is to let Alcatel disect my phone and determine how they can plug it....
Alcatel can always pull your info anytime anywhere you have connection to internet, as google and app developers.. so don't trip you are already been examined.
Sent from my 6045K using Tapatalk
It's not a "bug" it's intentional. I froze it with Titanium Backup then after a couple of days I removed it completely. No more homepage jacking.
Of course, you must be rooted to do this.
Fiasco said:
It's not a "bug" it's intentional. I froze it with Titanium Backup then after a couple of days I removed it completely. No more homepage jacking.
Of course, you must be rooted to do this.
Click to expand...
Click to collapse
Ok so Alcatel is acknowledging the issue and has asked that I refrain from making any modifications to device, including restore via Mobile Upgrade Q. At this point im sure someone at TCL has dropped the bomb, but I'm getting the feeling even the US support team knows this isn't gonna fly. If they want to force it, then push your own browser, don't mess with Chrome, I like my settings just the way they are. I'm giving it another week tops, then I shall root and set up my phone where it can't be violated. I can see a phone company forcing customizations on subsidized phones, but not on an unlucked phone bought outright....
So looks like they stopped pushing it...
Should we reset the phone to factory then? can't they just send an update?
Hi, there are now two of us in the same building with XZ Premiums which have a WarrantytimeService Notification permanently stuck on the notification bar.
I have noticed this seems to only happen when connecting the company work profile / google apps email account.
does anyone know how to get rid of this? what this is? or why its here?
This only happened after the Android 8 Orea update.
Video showing image of notification:
https://youtu.be/xP3ULyeKJwQ
Thanks
probably you are rooted so use Titanium backup and uninstall warantytimeservice.
Saadkhalid786 said:
probably you are rooted so use Titanium backup and uninstall warantytimeservice.
Click to expand...
Click to collapse
We are both running stock android without even a homescreen launcher.
My phone is a few months old, my friend just got his 2 weeks ago brand new at BestBuy.
cenkaetaya said:
We are both running stock android without even a homescreen launcher.
My phone is a few months old, my friend just got his 2 weeks ago brand new at BestBuy.
Click to expand...
Click to collapse
I got the same issue. Brand new phone. No mods.
Possibly turn off work profile in system ui tuner? Only an educated guess, I don't havd this notification.
Edit - Just watched the video and you have already tried this solution. Accept my apology.
I had the same problem when running Island, which uses the work profile to mimic a second user.
I just disabled WarrantytimeService in Island.
I'm not sure how you would do that without it though.
Reads the warranty time of the phone - Allows this application to read the warranty time of your phone
Click to expand...
Click to collapse
Couldn't you try:
Code:
adb shell pm disable-user --user 0 com.sonyericsson.warrantytime
My cell phone still is under guarantee protection but I it doesn't help. Well, I discovered few times strange app installed w/o my action with Chinese title, something like eNews or feed app. I deleted it and thought that's all. After some time I started to receive push notification with red background and yellow Chinese sign! In same time I discovered again same app and stock app Sim1 changed its name into something Chinese! After factory reset I thought everything is OK but it last just 3 weeks and same game again! Malwarebytes detect Wireless Update as culprit for this "feature" but it wasn't able to solve problem as this app is part of OS! I have read many facts about Coolpad.Coolreaper.a so I planned to remove this nasty part from my device but don't know how? Service officer didn't find out nothing suspicious after few days of observation and blamed me for click onto ads and adverts links!
Please help me!
Hey there, did you solve the problem with the Coolreaper?
I have the same problem, i just flashed with another Official ROM but Malwarebites finds again the Coolreaper. Now going to wait few days to see if its going to start installing the apps again...
https://forum.xda-developers.com/general/general/coolpad-torino-r108-max-lite-y91-u00-t3735792
ludush1 said:
My cell phone still is under guarantee protection but I it doesn't help. Well, I discovered few times strange app installed w/o my action with Chinese title, something like eNews or feed app. I deleted it and thought that's all. After some time I started to receive push notification with red background and yellow Chinese sign! In same time I discovered again same app and stock app Sim1 changed its name into something Chinese! After factory reset I thought everything is OK but it last just 3 weeks and same game again! Malwarebytes detect Wireless Update as culprit for this "feature" but it wasn't able to solve problem as this app is part of OS! I have read many facts about Coolpad.Coolreaper.a so I planned to remove this nasty part from my device but don't know how? Service officer didn't find out nothing suspicious after few days of observation and blamed me for click onto ads and adverts links!
Please help me!
Click to expand...
Click to collapse
Unfortunately its part of coolpad's system core programs and I havent found any way of removing it... Nasty piece of work from them to include something like that.. but I guess it serves me right for buying a phone made by them... I guess I will either stay away from any chinese made phone in the future - coolpad for certain, but if they are allowed to do this then I dont see what is there to stop other chinese companies from doing the same... very dissapointed.... but not surprised really...
The night of the 17th, I was using the Facebook app while suddenly a download in progress icon appeared in the status bar. I pulled down the notifications screen just in time to catch a glimpse of the word "attackers" followed by a bunch of symbols like $ before it disappeared. I could not find anything in the downloads folder list, ESET premium that was monitoring my phone and all downloads hadn't even detected it, and I tried in vain to search online using only the selected phrases I had managed to glimpse.
Then by sheer luck, today, I managed to find a thread on this problem with the full details. The message had been "attackers on <b>%1$s</b> might atte..." with a download in progress while using Facebook app. Which I assume is completed as "might attempt to steal your information" or something.
I tried using this phrase to search about it on Google, and while nothing specific to this problem came up, a list of generic information results on various types of network attacks, DDos, man in the middle and zero day attacks came up, which has me really worried.
I am still using the phone as is, I really don't know much about technology related things. Please advise me what I should do now, if I should just turn off the phone or something. The person in the other thread said he had reset his phone and the problem had reappeared when he had signed into Facebook again, so now I'm not sure if a simple factory reset will help and I will probably need to install a custom ROM or something.
I'm using Android 7.0 in a Samsung Galaxy J7 Prime. I got a software update to Oreo just an hour earlier and I wonder if updating the software will help remove whatever malware/spyware/hacking application got installed.
Please help, I am logged into all my accounts through this phone and it's already been like 4 days since the message first appeared damage control is needed.
Thank you very much. If you know anything, anything, please let me know it's very urgent.
SeaMonster26 said:
The night of the 17th, I was using the Facebook app while suddenly a download in progress icon appeared in the status bar. I pulled down the notifications screen just in time to catch a glimpse of the word "attackers" followed by a bunch of symbols like $ before it disappeared. I could not find anything in the downloads folder list, ESET premium that was monitoring my phone and all downloads hadn't even detected it, and I tried in vain to search online using only the selected phrases I had managed to glimpse.
Then by sheer luck, today, I managed to find a thread on this problem with the full details. The message had been "attackers on <b>%1$s</b> might atte..." with a download in progress while using Facebook app. Which I assume is completed as "might attempt to steal your information" or something.
I tried using this phrase to search about it on Google, and while nothing specific to this problem came up, a list of generic information results on various types of network attacks, DDos, man in the middle and zero day attacks came up, which has me really worried.
I am still using the phone as is, I really don't know much about technology related things. Please advise me what I should do now, if I should just turn off the phone or something. The person in the other thread said he had reset his phone and the problem had reappeared when he had signed into Facebook again, so now I'm not sure if a simple factory reset will help and I will probably need to install a custom ROM or something.
I'm using Android 7.0 in a Samsung Galaxy J7 Prime. I got a software update to Oreo just an hour earlier and I wonder if updating the software will help remove whatever malware/spyware/hacking application got installed.
Please help, I am logged into all my accounts through this phone and it's already been like 4 days since the message first appeared damage control is needed.
Thank you very much. If you know anything, anything, please let me know it's very urgent.
Click to expand...
Click to collapse
sounds like the warning message chrome gives. The <b>%1$s</b> is variable for the website name.
https://security.googleblog.com/2015/02/more-protection-from-unwanted-software.html?m=1
found a couple of other mentions of this
see image in following thread, seems like download manager shows warning so must be Facebook downloading something from a suspect url as you say it happens using Facebook. I don't use Facebook app, you say it downloaded something by itself, without you initialising, seems dodgy, but it's a monster app as I recall, must be even bigger white more permission these days!
https://m.imgur.com/a/31Pds5y
ref
https://www.reddit.com/r/FacebookHelp/comments/9vtne6/attackers_on_b_1s_b_download/
been hampering for at least 4mths
https://www.reddit.com/r/androidapps/comments/8zq0fw/mystery_app_update_on_lg_g5_help/
see you have seen this thread also
https://forum.xda-developers.com/android/help/ineed-help-message-attackers-1s-atte-t3868724
I have an unknown random tri tone (iphone) notification (just sound) coming on my oneplus 7 pro and i cant find whats causing it, i searched online alot for a solution but cant find any. I tried uninstalling many recent apps and used antivirus scans and ccleaner but they find nothing. The notification also doesnt show up in notification history or in notification history app.
Please help
Thanks
mad3mad said:
I have an unknown random tri tone (iphone) notification (just sound) coming on my oneplus 7 pro and i cant find whats causing it, i searched online alot for a solution but cant find any. I tried uninstalling many recent apps and used antivirus scans and ccleaner but they find nothing. The notification also doesnt show up in notification history or in notification history app.
Please help
Thanks
Click to expand...
Click to collapse
Have you turned off all notifications on the phone to eliminate the possibility you're overlooking a notification? The stock OP7 does make distinct sounds on boot, and on charging.
Is the phone rooted?
I ask because one plus 7 phones have alot of spyware, bloatware, and .xml files on the stock non-rooted OS that your phone could be hacked.
I have 3 of these, all rooted, OP 7T, OP 7 Pro, & Mclaren OP 7 Pro. The amount of work to clean & secure them is substantial. By default they have apps connecting to AWS & UK (ses) servers.
If you can run 'tcpdump' or 'ss -atrep', it could reveal some rogue connections that may be why it makes as you say "iphone tone".
Also, every app on the phone has a default type '''firewall''',
you can turn off "background data", "wifi access" & "data access" for all the apps, including system ones. Turning those off per testing may also solve the issue.
Xpltr said:
Have you turned off all notifications on the phone to eliminate the possibility you're overlooking a notification? The stock OP7 does make distinct sounds on boot, and on charging.
Is the phone rooted?
I ask because one plus 7 phones have alot of spyware, bloatware, and .xml files on the stock non-rooted OS that your phone could be hacked.
I have 3 of these, all rooted, OP 7T, OP 7 Pro, & Mclaren OP 7 Pro. The amount of work to clean & secure them is substantial. By default they have apps connecting to AWS & UK (ses) servers.
If you can run 'tcpdump' or 'ss -atrep', it could reveal some rogue connections that may be why it makes as you say "iphone tone".
Also, every app on the phone has a default type '''firewall''',
you can turn off "background data", "wifi access" & "data access" for all the apps, including system ones. Turning those off per testing may also solve the issue.
Click to expand...
Click to collapse
Hi,
The phone is not rooted, but i think the notification started after i installed an apk from google chrome although i uninstalled the apps but the notification is still coming, i even cleared the cache files. Its so weird idk what to do and can you tell me how to get ride of the hack files and the apps that have those connections? Are they oneplus apps? Also Tcpdump needs root and ss atrep i cant find it
Thanks for your time i appreciate it
I suggest using a 'adb' [Android Debugger] shell to uninstall the packages. I don't know if you're familiar with "adb", its another learning curve for you if not. But, you can "disable" the packages through the default "Apps" section of "Settings" ->"system apps". These 3 definitely need to be uninstalled.
1. net.oneplus.odm
2. net.oneplus.odm.provider
3. com.oneplus.ses
The bloatware is extensive in these phones, so here are some links to get you started.
OnePlus Bloatware List | Remove Bloatware on OnePlus
Using our bloatware list you can safely remove OnePlus bloatware. You can also use Oxygen OS Debloater to uninstall system apps on OnePlus devices.
technastic.com
Oneplus 7T /7T Pro bloatware adb uninstall
Hi All, Below you may find a step-by-step tutorial how to uninstall system apps which are causing battery drain in the background. Step #1: Enable developer mode + USB Debugging go to the OnePlus 7 Pro device ‘Settings’ > scroll down and open...
forum.xda-developers.com