Related
Hi folks,
Just wondering if running a program to root an Android can install malware (record or spy on my data, messages, etc.), and if so, are there any suggestions on how to find it? I've run 'Anti Spy Mobile Free' and have Avast! installed, with nothing found, and from the searches I've done, the main thing that came back was that the risk for getting infected with bad stuff increases when you root...but nothing about the actual process being bad.
I found the program on this site, so, I'm guessing it's fine. Just being a bit paranoid haha.
(I rooted it a few months ago, and don't remember what it was called, sorry)
Thanks for any help!
Anti Spy Mobile will give you warning or malware if there are any packages that has escalated spyware permissions - read SMS, record voice calls, etc. However even on rooted phones every process (service or background process) comes from an app (I mean if you are sure in the ROM that you are using and the apps installed, there's nothing to worry about). There are some exploits on Android but they can escalate the user permissions, and if they are used with separate spyware, the spyware should be an apk too. Many of the spywares are "hidden" (e.g. they don't have launcher activity) and they don't show on your launcher phone desktop - but you will still see them at the installed apps list. Both anti spy mobile and avast are searching through all installed packages.
Phone, in my experience is quite hard to get virus, provided you don't go anywhere pornographic or whatnot. Recommend avast if you are really paranoid.
Moved to General Q&A.
Thanks a lot!
install antivirus or antimalware to be sure!
Hello guys, i have a problem as reported above with 2 bloatware apps on my android phone: Gfirewall and Gsearch.
My phone model is UBTEL U8 (MTK model, china phone) and i'm running Android 4.2.2 ROOTED. I have no custom rom/firmware installed.
These 2 apps appeared magically about 2/3 months ago, and i thought they were safe beacuse of Google logo and name. Nothing happened in these months except for some phone crashes and restarts, but 2 days ago a banner ad appeared in my home screen at phone restart and/or phone unlock. I use AdAway (similar to AdBlock) to disable ALL TYPES of banner, ads and related on my phone, browser and apps. When i went to AdAway i noticed that was disabled: i enabled it again and restarted the phone.. but banner ads still showing.. so i went again in AdAway and it was disabled.. again!
I have a similar problem with 3G/H connection with Vodafone. Everytime i disable internet connection, it gets activated again in 1 minute max.. so i can't disable internet.. never!
I removed these 2 bloatware apps today and fortunatly they didn't show up again or get reinstalled.. ads and AdAway blocks are disappeared. I started a lot of antivirus controls with Avira and nothing showed up.. so i thought i was fine, BUT the internet problem persists.. i can't disable internet everytime i want. Someone of you could help me to solve this problem? I hope there is an alternative method to solve this without format/reset the phone!
I have the same problem with Gfirewall and Gsearch in my STAR N9800
Same full screen banner ad in my home screen.
In my phone there is Trend Micro Worry Free Business Security Services as antivirus, but nothing was found after a full scan.
If I find something new, I'll write here
user064 said:
I have the same problem with Gfirewall and Gsearch in my STAR N9800
Same full screen banner ad in my home screen.
In my phone there is Trend Micro Worry Free Business Security Services as antivirus, but nothing was found after a full scan.
If I find something new, I'll write here
Click to expand...
Click to collapse
Hello! I solved with hard reset.. if you want to try i suggest you to use titanium backup for your safe apps, so you'll not lose anything
MatthewTaylor92 said:
Hello! I solved with hard reset.. if you want to try i suggest you to use titanium backup for your safe apps, so you'll not lose anything
Click to expand...
Click to collapse
I am facing the same issues, I do not think a hard reset will solve the problem, these two apps are embedded in the firmware, they lie dormant for a while then kick in, after a while, about 3months after purchase.
I have tried uninstalling & they just re-install, if you phone is rooted, you can hybernate them with ''App Quarantine''
I am struggling to deal with them, as my phone is not currently rooted.
FYI: CM security now shows Gsearch as a virus.
Any solutions please??
Cheers Martin
martinzx13 said:
I am facing the same issues, I do not think a hard reset will solve the problem, these two apps are embedded in the firmware, they lie dormant for a while then kick in, after a while, about 3months after purchase.
I have tried uninstalling & they just re-install, if you phone is rooted, you can hybernate them with ''App Quarantine''
I am struggling to deal with them, as my phone is not currently rooted.
FYI: CM security now shows Gsearch as a virus.
Any solutions please??
Cheers Martin
Click to expand...
Click to collapse
remove them after rooting your phone!!! seems soo unimaginable that they are embedded in your rom :/
pushkardua said:
remove them after rooting your phone!!! seems soo unimaginable that they are embedded in your rom :/
Click to expand...
Click to collapse
Yes you are very likely to be correct, I was kinda hoping, for a solution without rooting? Any ideas? Anyone?
Cheers Martin :angel::angel:
Same problem , rooted phone and uninstalled gsearch and gfirewall but in one or two days they auto-reinstall
Play Store
There is a app in the rom called Play Store (Not Google Play Store!) and Opera Service
Remove those apps from the rom to prevent advertisements at screen unlocking.
To remove Play Store and Opera service your phone needs to be rooted (use Titanium backup fi). You can check this by using a firewall like droidwall.
If you can't root your device:
Use a firewall like mobiwol if your device is not rooted (is creates an internal vpn where it can filter your traffic).
Suspicious files found running at background
I have the same problem with the two files reinstalling by itself after I delete them. I have a Chinese made smartphone Tronsmart PS7 running Android 4.2.2 rooted. After digging deeper into the files running at the background, I noticed there are files that have complete access to all the privilege rights in my phone other than android system, they are android.cube, AdupsFotaReboot, RebootAndWriteSys and Common Data Service. I have tried to force these files to stop and it seems the problem is solved, Anyone has any ideas what these 4 files are for?
I don't think to do any hard reset, if these are hard coded in ROM, this is not a stable solution
IMHO there are only two exit ways:
1) do a virus submission request
I've done this request 1 minute ago.
2) flash the device with another ROM (4.2.2 is getting older, anyway...)
You can see the manifests of Gsearch and Gfirewall, are identical:
Not so good news...
Hi all,
in my case, I found a solution. Once MTKDroidTools used to get root on the phone (root only, nothing else), I pressed the button "Delete China" and the application has removed the files from the "files_for_delete.txt" list. After this, the problems are over !!!
Another way to do this with the phone already rooted, you do it manually, and you can follow the steps of:
http://forum.xda-developers.com/showpost.php?p=44455669
or
http://electricheatingcosts.com/removing-chinese-smartphone-spyware/
Best regards.
No more Gsearch and Gfirewall
I had the same problem with my Chinese new teca n9900 and I found the same apps on my phone that you mentioned. I force stopped android.cube, AdupsFotaReboot, Common Data Service, and RebootandWriteSys in app manager in the setting and now Gfirewall and Gsearch stopped automatically installing. I can't seem to enable them back to restart even after I reboot the phone except for "android.cube" that app will restart after I reboot the phone which may be the app causing them to reinstall. I'm not sure what exactly these apps do but my phone seems to work perfectly without them running. Thank you.
Pete636 said:
I had the same problem with my Chinese new teca n9900 and I found the same apps on my phone that you mentioned. I force stopped android.cube, AdupsFotaReboot, Common Data Service, and RebootandWriteSys in app manager in the setting and now Gfirewall and Gsearch stopped automatically installing. I can't seem to enable them back to restart even after I reboot the phone except for "android.cube" that app will restart after I reboot the phone which may be the app causing them to reinstall. I'm not sure what exactly these apps do but my phone seems to work perfectly without them running. Thank you.
Click to expand...
Click to collapse
It seems like now i don't have Gfirewall anymore but Gsearch got reinstalled and i've got an add displayed again so this solution doesn't really work
uninstall gsearch en gfirewall.
I had the same troubles with my phone (elephone P8). First I stopped the software, then I uninstalled it. So far so good.. Did'nt get popupsuntill now..
Succes..
Arthur
Netherlands
MatthewTaylor92 said:
Hello guys, i have a problem as reported above with 2 bloatware apps on my android phone: Gfirewall and Gsearch.
My phone model is UBTEL U8 (MTK model, china phone) and i'm running Android 4.2.2 ROOTED. I have no custom rom/firmware installed.
These 2 apps appeared magically about 2/3 months ago, and i thought they were safe beacuse of Google logo and name. Nothing happened in these months except for some phone crashes and restarts, but 2 days ago a banner ad appeared in my home screen at phone restart and/or phone unlock. I use AdAway (similar to AdBlock) to disable ALL TYPES of banner, ads and related on my phone, browser and apps. When i went to AdAway i noticed that was disabled: i enabled it again and restarted the phone.. but banner ads still showing.. so i went again in AdAway and it was disabled.. again!
I have a similar problem with 3G/H connection with Vodafone. Everytime i disable internet connection, it gets activated again in 1 minute max.. so i can't disable internet.. never!
I removed these 2 bloatware apps today and fortunatly they didn't show up again or get reinstalled.. ads and AdAway blocks are disappeared. I started a lot of antivirus controls with Avira and nothing showed up.. so i thought i was fine, BUT the internet problem persists.. i can't disable internet everytime i want. Someone of you could help me to solve this problem? I hope there is an alternative method to solve this without format/reset the phone!
Click to expand...
Click to collapse
UPDATE:
I'm triyng "Disconnect Mobile" to limit the amount of data probably stolen by these two applications, and after the last unistall of Gsearch and Gfirewall, they do not auto-reinstall!
Disconnect Mobile is a privacy app inspired by our award-winning browser software. The app actively blocks the biggest mobile trackers when you use an app or browse the web using 3G, 4G, LTE, or Wi-Fi. Optional packs include ad filtering and malware protection. Does NOT require root.
Features:
- Blocks the biggest mobile trackers from tracking and collecting your info
- Blocks ads from more than 2500 ad tracking services
- Blocks thousands of websites suspected of malware, spyware, phishing scams and more
Click to expand...
Click to collapse
Like all ad-blocker apps, you can't find this on Play Store, you can find it on 1mobile, for example.
(I cannot post links)
Please let me know if this hint works on your phones
Hi all, my rooted phone is Ulefone U9592 and I found this information :
http://androidforums.com/android-applications/864435-gfirewall.html
TEXT : " My phone is rooted, i set every apk need confirm install, and wait the apk download and confirm install, i used root explorer try to search which directory is. In my phone, i found "/data/user/0/com. cube. android" have the gfirewall apk, i delete that directory, also check whose apk create this directory. The apk is Cube_CJIA01.apk in /system/app, i delete this apk. It fixed. (I think you find the name may not same Cube_CJIA01.apk)"
Well, I revised this information and the folder are : "/data/user/0/com. cube.activity" or "/data/data/com. cube.activity" and in the folder "files" I found :
"_com.gsz.own.pack.apk" and "_com.zgs.gg.pack.apk" (GSearch and GFirewall), I deleted this APK's and I think the problem is solved ..... NOT REALLY!!
If you check the folder "shared_prefs" you find various XML with the information shared at ALISOFT (Chinesse company) and specifically "ApkLoader.xml" with the URL where are downloaded GSearch and GFirewall. Only you need to delete in the XML the parts what you not are interested .... well, if you reboot the phone, the infected XML are restored. The best option is delete the file Cube_CJIA01.apk (do Backup) and reboot the phone. The mentioned folder disappears and the phone works well. Enjoy !!!
Best regards.
Hi jorfen,
I want to follow your instructions, but I need to root my phone before.
Pelase can you give me some hint (or link) to find the right software?
I don't want to install another chinese spyware (like probably VROOT), to remove GFirewall and GSearch
---------- Post added at 09:28 AM ---------- Previous post was at 08:54 AM ----------
may be I have already found the right answer to my question: Framaroot
Compatibility list:
http://www.tfq.me/rooting-almost-any-android-smartphone-without-computer/
App:
http://forum.xda-developers.com/apps/framaroot/root-framaroot-one-click-apk-to-root-t2130276
jorfen said:
If you check the folder "shared_prefs" you find various XML with the information shared at ALISOFT (Chinesse company) and specifically "ApkLoader.xml" with the URL where are downloaded GSearch and GFirewall. Only you need to delete in the XML the parts what you not are interested.
Click to expand...
Click to collapse
I found two files "ApkLoader.xml" and "ApkLoad.xml" with similar info inside, and in both of them I modified the string starting with
<string name="json">blah blah blah...</string> to <string name="json"></string>
jorfen said:
well, if you reboot the phone, the infected XML are restored. The best option is delete the file Cube_CJIA01.apk (do Backup) and reboot the phone. The mentioned folder disappears and the phone works well. Enjoy !!!
Click to expand...
Click to collapse
in my phone I found some files with different names:
_com.gsz.own.pack.apk
_com.zgs.gg.pack.apk
core.apk
gad.apk
uac.apk
uac.dex
jorfen, Cube_CJIA01.apk was in "/data/user/0/com.cube.activity/files" (or similar) in your phone?
Thanks in advance,
Federico
Hi Federico,
I think you already have rooted the phone. Well, I used for this MTKDroidTools, found in this forum (and modified for only install 'su" and "SuperUser.apk"). No problem, only is needed root for System access.
The app Cube_CJIA01.apk is in the folder "/System/app/" (the normal folder for System App's ). The folder "/data/user/0/" is a soft-link (use ln in linux) to the folder "/data/data/"). You locate in this folders the same information, and this is a default folder for working or write files, used in the APK's. Every reboot of phone regenerate information in this folder.
Best regards.
Good news from my virus submission request at Trend Micro:
The two samples are confirmed as malware.
They will be detected as AndroidOS_FakeGSearch.A
Click to expand...
Click to collapse
From now, all products coming from Trend Micro will handle this malware the right way
Hello
im facing an ad-ware issues on my htc desire 610
out of no where my phone's screen dims and an add appear (while im on my home screen and all the apps are closed)
You can see the adds in the attachment
please tell me how to locate and remove it
You could try running Malwarebytes, I've normally had quite good results with it.
It's one of the apps you're using. Go through the permissions your apps have
genius911 said:
Hello
im facing an ad-ware issues on my htc desire 610
out of no where my phone's screen dims and an add appear (while im on my home screen and all the apps are closed)
You can see the adds in the attachment
please tell me how to locate and remove it
Click to expand...
Click to collapse
i also have this problem... i guess "Clean Master" is doing it in my Z3 Compact.
I have solved this issue on canvas a116 and core duos (gt i8262)
firstly, to check the severity of the virus do this : go to settings>security>device administrators
try to remove all apps under device administrators. If u are unable to remove them implies the virus is now embedded to ur fone's firmware.
solution : 1. backup ur contacts and media only, (do not backup apps and app data)
2. now u need to do a factory reset either from recovery menu or using adb (factory reset from 'settings' wont work)
3. if u again see any app under device administrators then the only solution is to reflash ur firmware
About the virus: This virus come packed in several apps on playstore in april 2015, those apps were immediately removed from playstore. however before its removal from playstore the virus had infected around 5000 smartphones. some websites refer to it as ghosthost virus. Still some non playstore apps carry this virus with them. once you install such apps, the virus will first root ur fone, and then grant itself superuser permissions without u even knowing it. Then it will install itself into system folder so dat it appears to be a system app. Whenever u r connected to internet it will download adware and install them in system folder. Its a very powerful virus, it also hides itself by running a script. Once it is in system folder u wont be able to delete it because it imitates the file names of the system files.
There's a huge list of infected apps hosted by Google playstore. So I think it's not easy to keep our devices secure from virus infection.
AVG can be as correct the problem
Hi guys! i have a serious adware problem on my elephone p7000 and i hope you can help me out.
So it's been a few days and i haven't been able to uninstall this mofo.
Here's what the adware is doing:
-Used to open ads on homescreen. it did that disguising itself as a dancing matrioska doll (which you could move around). since i installed CM security it stopped showing this kinds of ads.
-It opens pop up windows with du batery saver or other related apps (from appstore and from non-official stores). Mostly when i browse the internet.
-it places vertical ad banners (like the normal ones on almost every app on the store) on some apps, it seems to be random, cause it doesn't always happen on the same app, but it's always placed on the lower side of the phone.
-it installs push notifications with ads
-i believe it shows app ads on google play store (i haven't installed any app in quite a while so it could be google implementing this).
i have tried a lot of apps:
-Avg
-Avira
-Avast
-Malwarebytes
-CM manager (found a stagefright vulnerability and fixed it)
-Stagefright detector (with vulnerable result)
-addons detector
-airpush detector
-trustgo ad detector
-adware
-ad clean & antivirus security
and not even has been able to remove this damn malware, they don't even spot it!
i've also tried looking for all the apps on the phone,searching for apps with all the permissions and here's the list ( i don't know if these are the problem or not):
-Aging test
-agoldFactory test
-Bluetooth
.Bluetooth Share
-Bluetoooth LE
-Common data service
-e_Compass
-Elephone launcher (apparently it's the same as X launcher mysterious)
-LocationEM2
-MTK THERMAL MANAGER
- at least 3 different phone apps, 2 with 4.4 icons and 1 with android 5.0 icon. all have access to everything (is it normal to have 3 apps with the same name but different icons? )
- settings storage
-trusted face
-ygps
i have also cleared the cache of the phone, because i've read on several places that it helps (settings -> storage -> clear cache data) but with no positive result.
i have also tried looking for admin permissions but the only things in there are CM security and android manager (which i suppose is NOT an app but part of the OS).
I have tried looking for hidden files while checking my phone on my pc but there wasn't any nor did i find any weird app NOT installed by me.
i don't know if you have any other advice on what to do, or if you can help me reduce this list of apps so i can find the culprit app.
i'm afraid this is the ghost virus everyone's talking about, it appeared out of nowhere.
i haven't browsed that much. and when i do i always go to trusted sources. apart from the netflix app which i downloaded a few days ago i haven't downloaded anything in like 1 or 2 months and didn't have this problem until a few days ago. Right after my girlfriend's phone (same model as mine) got the same problem.
We both had the "install from untrusted sources" option on because i was testing an app i am making, but i doubt that's the problem since we only activated it whenever i tried to install the app on the phone (like twice in a week).
she has sent me pictures or files through mail, whatsapp or telegram only and it's the only link between our phones, besides being under the same wifi connection, of course.
thanks in advance for the help!
This is a known issue with these types of devices. They have these ads built into the system apks.
Hi !
Thanks for that solutions !
I have a question : where could I find malwarebytes for android ?
Best regard.
Adware and infected htc desire 526 g plus
Guys I am in a pickle! :silly:
I want to wipe my HTC desire 526 plus clean of malware that is causing it to download unwanted apps without consent. The malware seems capable of modifying the inherent permissions and bypassing all security features.
I am unable to gain root access by kingoroot alone. adware is not letting me update the Superuser app and being nasty on purpose.
It can gain permission to automatically start wifi, gain pemission to install 'Unknown Apps' and sends location and data with impunity. The ads are everywhere.:crying:
I have tried stock backup but it still reinstalls all the malware and the same cycle begins again. What I want is a freash stock rom/nand backup for this menace. Surprisingly I still cant find one link on the world wide web. Please Help me find it.
I am unable to gain root access by kingoroot alone. adware is not letting me update the Superuser app and being nasty on purpose.
alokmey3 said:
Guys I am in a pickle! :silly:
I want to wipe my HTC desire 526 plus clean of malware that is causing it to download unwanted apps without consent. The malware seems capable of modifying the inherent permissions and bypassing all security features.
I am unable to gain root access by kingoroot alone. adware is not letting me update the Superuser app and being nasty on purpose.
It can gain permission to automatically start wifi, gain pemission to install 'Unknown Apps' and sends location and data with impunity. The ads are everywhere.:crying:
I have tried stock backup but it still reinstalls all the malware and the same cycle begins again. What I want is a freash stock rom/nand backup for this menace. Surprisingly I still cant find one link on the world wide web. Please Help me find it.
I am unable to gain root access by kingoroot alone. adware is not letting me update the Superuser app and being nasty on purpose.
Click to expand...
Click to collapse
Kingo root is the reason you are in this jam as it is. I don't think HTC ever released anything for this device so your best bet is to contact HTC.
ENERGYSER400 MTK 6572 virus help android 4.4.2
Bonjour, hy
For me it's exactly the same on my phone.... i have the snowfoxer folder with a lot of malicious apk on it and i don't know how to delete or erase the virus .... without wifi and google play ..... how i can flash the firmwire please
!
philjps said:
Bonjour, hy
For me it's exactly the same on my phone.... i have the snowfoxer folder with a lot of malicious apk on it and i don't know how to delete or erase the virus .... without wifi and google play ..... how i can flash the firmwire please
!
Click to expand...
Click to collapse
Find the forum that supports your device
model/carrier and post there. You'll likely find your answers there. If not someone will help you.
HTC desire 526G+ bricked
zelendel said:
Kingo root is the reason you are in this jam as it is. I don't think HTC ever released anything for this device so your best bet is to contact HTC.
Click to expand...
Click to collapse
I have deleted my priv-app folder and now I am stuck in boot loop, or just the HTC logo.
cant boot into recovery or bootloader (I tried). Tell me if you know something
model number : lenovo a5500-hv
android version: 4.4.2
baseband version: a5500-hv.v34, 2014/05/08 22:28
kernel version: 3.4.67
build number: a5500hv_a442_000_011_140508_row
As shared in subject, my tab ANDROID is infected by malware where multiple issues have starting lately
a) Constant popup message stating" Unfortunately, com.system.update has stopped"
b) Constant popup message stating" Unfortunately, org.snow.down.update has stopped"
c) Constant popup displaying to INSTALL application" com.android.keyguard"
d) Automatic checking (on) in Settings> Security> Allow installation of apps from unknown sources, despite my regular check off( its gets reactivated again). Device Administrators viewed are Android Device Manager (ticked), Daemon Service( twice listed- unchecked).
e) Installed Malwarebytes Anti-malware, upon scanning detected these 11 malwares, which it is unable to delete ( Norton is unable to detect those even). Any open app which I try to use after some seconds are abruptly closed.
Malware name- Path
Android/ Backdoor.Triada.c - /system/priv-app/higher.apk ( File linked to be uninstalled- AppManage)
Android/ Backdoor.Triada.js - /system/priv-app/BCTService.apk ( File linked to be uninstalled- bcct_service)
Android/ Trojan.Rootnik.I - /system/priv-app/Bseting.apk ( File linked to be uninstalled- com.android.sync)
Android/ Trojan.SMSSend.ge - /system/app/com.android.token.apk ( File linked to be uninstalled- com.android.taken)
Android/ Trojan.OveeAd.F - /system/priv-app/com.mws.tqy.vsdp.apk ( File linked to be uninstalled- com.system.update)
Android/ Backdoor.Triada.J - /system/priv-app/com_android_goglemap_services.apk ( File linked to be uninstalled- GoogleMapService)
Android/Trojan.Dropper.Shedun.dc - /system/priv-app/parlmast.apk ( File linked to be uninstalled- GuardService)
Android/Trojan.Dropper.Agent.MJ - /system/priv-apk/Sooner.apk ( File linked to be uninstalled- PhoneService)
Android/Trojan.OveeAd.J - /system/priv-apk/com.tsr.eny.hyu.apk ( File linked to be uninstalled- system.bin)
Android/Trojan.Guerrilla.Q - /system/priv-apk/NAT.apk ( File linked to be uninstalled- SysTool)
Android/Trojan.Triada.m - /system/priv-apk/com.glb.filemanager.apk ( File linked to be uninstalled- UPDATE)
PS: If I try to connect to Internet, app icons are downloaded and auto open displaying porn images.
Please assist to REMOVE the MALWARE INFECTION. Tried FACTORY DATA RESET from Settings, but no help. Tab not rooted.
Solution
Last night i got some pesky malwares. For now i think i removed them. Get Avast and see what it can find. After that try to remove the files from file explorer and the most important thing - go to Settings-Security-Device Administrators. From there remove everything and now from Avast you should be able to remove the infected apps. Hope i helped
Tried cm's stubborn Trojan remover from play store and it did the trick- as in disabled the infected processes but at end took my mail ID with followup request if raised to get the device cleaned from malware. Cross checked from Malwarebytes and kaspersky, and looks seemingly clean with no active culprits. Though not checked with WiFi or data connection through sim.
Sent from my A0001 using XDA-Developers mobile app
Ashish1+1 said:
Tried cm's stubborn Trojan remover from play store and it did the trick- as in disabled the infected processes but at end took my mail ID with followup request if raised to get the device cleaned from malware. Cross checked from Malwarebytes and kaspersky, and looks seemingly clean with no active culprits. Though not checked with WiFi or data connection through sim.
Sent from my A0001 using XDA-Developers mobile app
Click to expand...
Click to collapse
Did it root your phone first? Else I can't see how it would be able to get to those apps installed as system. If so, if it was me, I'd unroot my phone at the very least & uninstall the CM apps since they do not have a good reputation so far as data snooping goes and excessive app permissions etc goes.
eg (from The Capitol Forum)
The apps require extensive access to the devices on which they run, and they are able to harvest a great deal of data about users’ interests, demographics and location. Cheetah Mobile’s business model is not significantly different from the way in which some major American tech companies such as Facebook monetise their free products. However, Cheetah Mobile is different from American tech companies in that its headquarters are located in China and its data servers are primarily located there as well, and its main business partners are major Chinese tech firms. The Chinese government, according to sources, accesses its companies’ data for internal security, economic competitiveness or other purposes. Cheetah Mobile, and similar companies, represents a major point of entry for China to access American app marketplaces and their users to gather information. However, U.S. government officials in national security and intelligence agencies are highly aware of surveillance and hacking both inside and outside China, presumably coming from actors affiliated with the Chinese state.
Click to expand...
Click to collapse
see the alteco report (about investment risks but they ran tests on other apps that didn't do anything, what battery savers don't help!!! :silly: )
https://drive.google.com/file/d/0B_zW4GWDn5wpVDBiLUpDcE9IS0E/view
Now I haven't used the app you quote but if it didn't root your phone then it can't have removed the malware and they are likely up to their old tricks ie the app doesn't really work, they have just been blocked or something. (Ask yourself why aren't there other apps from well known companies that can remove trojans in system on play store?) ANd with their dodgy reputation for ads, & selling user data if it did root your phone you may only be slightly better off!!?? But at least it should only be your user data they are gathering and not your bank account number to try and get ya money like the malware guys!
Anyhow happy for you if you really are free of malware and don't forget to change all your passwords for all accounts, your routers etc else you could be reinfected by the time you read this!
I would reflash the stock ROM to be sure (backup ALL your pics, txts address, whatsapp etc etc)
I would also be interested to know how the app worked, if you can explain it. Did it say it would ROOT your phone? (there is nothing in their write up to say it will, Google would not allow an app that can root on play store, as far as I know) Do you have an app that can read what system apps are installed, like Link2sd? Does that show any of the malicious apk?
Thanks, No I did not root my phone but judging by the way removal came (easy) I too was bit surprised with outcome. No sooner I decided to remove the cm app Trojans and malware again became evident meaning it was just being suppressed in a way not removed and now again came back (when removed).
Sent from my A0001 using XDA-Developers mobile app
Ashish1+1 said:
Thanks, No I did not root my phone but judging by the way removal came (easy) I too was bit surprised with outcome. No sooner I decided to remove the cm app Trojans and malware again became evident meaning it was just being suppressed in a way not removed and now again came back (when removed).
Sent from my A0001 using XDA-Developers mobile app
Click to expand...
Click to collapse
Sorry to hear this. However I think it is possible that the CM app did its job as those malicious apps have probably already rooted your phone, so CM may have just used that root access without informing you, though whether or not other apps like CM app can still use that root, I'm not sure, it depends if its been left "on". I did watch a video on youtube for CM Stubborn Trojan app and the guy had to root his phone first. (You could try some/several of the root checker apps, if you want to know). So lets assume the CM app worked properly and removed trojan as it could get root without giving you a root request notification.
It's entirely possible that your reinfection is from your external SD card or via some other means eg. your router has had some ports opened or some other means. (Sorry I should have said reset router when I said change router password [do this for all routers you use & update firmware & ensure remote access is off (ref. dirty cow) while you are about it too!]
So I would reinstall CM Stubborn Trojan (lets assume it removes malware as it has root, even if it just blocks them it helps us) so you can then reflash official stock ROM for your country (& update to newest version if available), you must flash the FULL stock ROM so all partitions are reflashed. partial stock or custom ROM will not do this & potentially leave you open to reinfection! Reflash the FULL STOCK ROM is the only way to "easily" be sure you have cleaned the malware from your phone. NOTE: just doing a factory reset will NOT remove the malicious apps if they are in operating system folders, this only works for malicious apps in user data areas! Then you must make sure all possible ways you can be reinfected eg via sync, external SD cards or storage, your PC, router etc are cleaned/blocked/reset/updated
If you are not getting updates for your ROM you might want to consider installing a custom ROM (AFTER you have flashed the stock ROM!) from a reliable & trustworthy source, if available for your model, so that you get security patch updates. But you need to research and consider the risks of things like bricks, security etc for yourself first.
Hope this helps you clean your phone
Sometimes, it's times, it's the firmware itself that is infected
IronRoo said:
Did it root your phone first? Else I can't see how it would be able to get to those apps installed as system. If so, if it was me, I'd unroot my phone at the very least & uninstall the CM apps since they do not have a good reputation so far as data snooping goes and excessive app permissions etc goes.
eg (from The Capitol Forum)
see the alteco report (about investment risks but they ran tests on other apps that didn't do anything, what battery savers don't help!!! :silly: )
https://drive.google.com/file/d/0B_zW4GWDn5wpVDBiLUpDcE9IS0E/view
Now I haven't used the app you quote but if it didn't root your phone then it can't have removed the malware and they are likely up to their old tricks ie the app doesn't really work, they have just been blocked or something. (Ask yourself why aren't there other apps from well known companies that can remove trojans in system on play store?) ANd with their dodgy reputation for ads, & selling user data if it did root your phone you may only be slightly better off!!?? But at least it should only be your user data they are gathering and not your bank account number to try and get ya money like the malware guys!
Anyhow happy for you if you really are free of malware and don't forget to change all your passwords for all accounts, your routers etc else you could be reinfected by the time you read this!
I would reflash the stock ROM to be sure (backup ALL your pics, txts address, whatsapp etc etc)
I would also be interested to know how the app worked, if you can explain it. Did it say it would ROOT your phone? (there is nothing in their write up to say it will, Google would not allow an app that can root on play store, as far as I know) Do you have an app that can read what system apps are installed, like Link2sd? Does that show any of the malicious apk?
Click to expand...
Click to collapse
In my case, I have a similar issue - however, it's an infected SYSTEM file - which Malwarebytes spotted (but is unable to remove), and is NOT related to the KingRoot dodgy file. It's actually two different Trojans - both in /system/priv-app (settings.apk and smsservices.apk) - the first is the more problematical. (It's problematical because it's a critical system file/app/service - killing it without a replacement is NOT an option.) How the heck do you replace such a critical system file when it got itself hijacked?
In this case, I would agree with just a complete factory reset or ROM reflash. Like it is simply too much of an issue to try removing and recovering everything. Especially, once it's deep within your system....
Josh Ross said:
In this case, I would agree with just a complete factory reset or ROM reflash. Like it is simply too much of an issue to try removing and recovering everything. Especially, once it's deep within your system....
Click to expand...
Click to collapse
This was what I did finally, I went to service centre and spent bucks. They reloaded the firmware I suppose ( not flashing it) and instantaneously it was as good as new. I think, malware was itself part of original installation like uc browser- it was there. It just activated after some time or may be I clicked on some advertisement while running app and then the hell happened.
Any ways, its working fine, added an adblocker, restricted usage to few apps and keeping my fingers crossed for future.
Sent from my A0001 using XDA-Developers Legacy app
Yeah, the bloatware that you get with some phones nowadays is unbearable. If there is an option, go with a rooted phone, custom ROM, some couple custom solutions for protection and you will be good to go. And they work better than defaults most of the time. Good luck! Hopefully, we will only be hearing good news from you
PGHammer said:
In my case, I have a similar issue - however, it's an infected SYSTEM file - which Malwarebytes spotted (but is unable to remove), and is NOT related to the KingRoot dodgy file. It's actually two different Trojans - both in /system/priv-app (settings.apk and smsservices.apk) - the first is the more problematical. (It's problematical because it's a critical system file/app/service - killing it without a replacement is NOT an option.) How the heck do you replace such a critical system file when it got itself hijacked?
Click to expand...
Click to collapse
I'd reflash stock.
I went on a website that i later found out was known for installing rootkits . I was on firefox and have ublock origin installed. I didnt know about the third party filter settings so those werent up to date. And the page was saying how it was scanning my browser and initiating a dd something. I backed out before more stuff could load. And i cleared my cookies and downloaded several antivirus apps from the appstore and they all said im fine. But those dont scan for rootkits. I dont think theres a app that does that. I didnt click anything on the site but idk i something downloaded to my phone. Would i see it in my downloaded history or my download folder?
Tldr i just want to know if i may have gotten a rootkit by visiting a malicious website on my android phone.
I have a samsung galaxt s6
poopcycles said:
I went on a website that i later found out was known for installing rootkits . I was on firefox and have ublock origin installed. I didnt know about the third party filter settings so those werent up to date. And the page was saying how it was scanning my browser and initiating a dd something. I backed out before more stuff could load. And i cleared my cookies and downloaded several antivirus apps from the appstore and they all said im fine. But those dont scan for rootkits. I dont think theres a app that does that. I didnt click anything on the site but idk i something downloaded to my phone. Would i see it in my downloaded history or my download folder?
Tldr i just want to know if i may have gotten a rootkit by visiting a malicious website on my android phone.
I have a samsung galaxt s6
Click to expand...
Click to collapse
yes you could have got malware, though normally you would have had to interact with it to enable install. If it did gain root then nothing may show in downloads etc. If your rom is up to date or you backed out quickly you have a good chance you may be ok.
You could try a few root checker apps, but bear in mind it could have unrooted itself once installed as a system app. Else look out for any signs of strange behaviour or changes to system eg admin being added (maybe also try hidden admin finder app), install a firewall and check logs ....
go to virustotal or similar website and look for (or submit) that domain and see what malware it is being distributed, that might give you an idea where/what to look for (assuming it's still serving the same malware if you just submited url)
IronRoo said:
yes you could have got malware, though normally you would have had to interact with it to enable install. If it did gain root then nothing may show in downloads etc. If your rom is up to date or you backed out quickly you have a good chance you may be ok.
You could try a few root checker apps, but bear in mind it could have unrooted itself once installed as a system app. Else look out for any signs of strange behaviour or changes to system eg admin being added (maybe also try hidden admin finder app), install a firewall and check logs ....
go to virustotal or similar website and look for (or submit) that domain and see what malware it is being distributed, that might give you an idea where/what to look for (assuming it's still serving the same malware if you just submited url)
Click to expand...
Click to collapse
Why are you giving fake info ??? He couldnt had got malware on android when he hadnt installed anything!