Hello guys, i have a problem as reported above with 2 bloatware apps on my android phone: Gfirewall and Gsearch.
My phone model is UBTEL U8 (MTK model, china phone) and i'm running Android 4.2.2 ROOTED. I have no custom rom/firmware installed.
These 2 apps appeared magically about 2/3 months ago, and i thought they were safe beacuse of Google logo and name. Nothing happened in these months except for some phone crashes and restarts, but 2 days ago a banner ad appeared in my home screen at phone restart and/or phone unlock. I use AdAway (similar to AdBlock) to disable ALL TYPES of banner, ads and related on my phone, browser and apps. When i went to AdAway i noticed that was disabled: i enabled it again and restarted the phone.. but banner ads still showing.. so i went again in AdAway and it was disabled.. again!
I have a similar problem with 3G/H connection with Vodafone. Everytime i disable internet connection, it gets activated again in 1 minute max.. so i can't disable internet.. never!
I removed these 2 bloatware apps today and fortunatly they didn't show up again or get reinstalled.. ads and AdAway blocks are disappeared. I started a lot of antivirus controls with Avira and nothing showed up.. so i thought i was fine, BUT the internet problem persists.. i can't disable internet everytime i want. Someone of you could help me to solve this problem? I hope there is an alternative method to solve this without format/reset the phone!
I have the same problem with Gfirewall and Gsearch in my STAR N9800
Same full screen banner ad in my home screen.
In my phone there is Trend Micro Worry Free Business Security Services as antivirus, but nothing was found after a full scan.
If I find something new, I'll write here
user064 said:
I have the same problem with Gfirewall and Gsearch in my STAR N9800
Same full screen banner ad in my home screen.
In my phone there is Trend Micro Worry Free Business Security Services as antivirus, but nothing was found after a full scan.
If I find something new, I'll write here
Click to expand...
Click to collapse
Hello! I solved with hard reset.. if you want to try i suggest you to use titanium backup for your safe apps, so you'll not lose anything
MatthewTaylor92 said:
Hello! I solved with hard reset.. if you want to try i suggest you to use titanium backup for your safe apps, so you'll not lose anything
Click to expand...
Click to collapse
I am facing the same issues, I do not think a hard reset will solve the problem, these two apps are embedded in the firmware, they lie dormant for a while then kick in, after a while, about 3months after purchase.
I have tried uninstalling & they just re-install, if you phone is rooted, you can hybernate them with ''App Quarantine''
I am struggling to deal with them, as my phone is not currently rooted.
FYI: CM security now shows Gsearch as a virus.
Any solutions please??
Cheers Martin
martinzx13 said:
I am facing the same issues, I do not think a hard reset will solve the problem, these two apps are embedded in the firmware, they lie dormant for a while then kick in, after a while, about 3months after purchase.
I have tried uninstalling & they just re-install, if you phone is rooted, you can hybernate them with ''App Quarantine''
I am struggling to deal with them, as my phone is not currently rooted.
FYI: CM security now shows Gsearch as a virus.
Any solutions please??
Cheers Martin
Click to expand...
Click to collapse
remove them after rooting your phone!!! seems soo unimaginable that they are embedded in your rom :/
pushkardua said:
remove them after rooting your phone!!! seems soo unimaginable that they are embedded in your rom :/
Click to expand...
Click to collapse
Yes you are very likely to be correct, I was kinda hoping, for a solution without rooting? Any ideas? Anyone?
Cheers Martin :angel::angel:
Same problem , rooted phone and uninstalled gsearch and gfirewall but in one or two days they auto-reinstall
Play Store
There is a app in the rom called Play Store (Not Google Play Store!) and Opera Service
Remove those apps from the rom to prevent advertisements at screen unlocking.
To remove Play Store and Opera service your phone needs to be rooted (use Titanium backup fi). You can check this by using a firewall like droidwall.
If you can't root your device:
Use a firewall like mobiwol if your device is not rooted (is creates an internal vpn where it can filter your traffic).
Suspicious files found running at background
I have the same problem with the two files reinstalling by itself after I delete them. I have a Chinese made smartphone Tronsmart PS7 running Android 4.2.2 rooted. After digging deeper into the files running at the background, I noticed there are files that have complete access to all the privilege rights in my phone other than android system, they are android.cube, AdupsFotaReboot, RebootAndWriteSys and Common Data Service. I have tried to force these files to stop and it seems the problem is solved, Anyone has any ideas what these 4 files are for?
I don't think to do any hard reset, if these are hard coded in ROM, this is not a stable solution
IMHO there are only two exit ways:
1) do a virus submission request
I've done this request 1 minute ago.
2) flash the device with another ROM (4.2.2 is getting older, anyway...)
You can see the manifests of Gsearch and Gfirewall, are identical:
Not so good news...
Hi all,
in my case, I found a solution. Once MTKDroidTools used to get root on the phone (root only, nothing else), I pressed the button "Delete China" and the application has removed the files from the "files_for_delete.txt" list. After this, the problems are over !!!
Another way to do this with the phone already rooted, you do it manually, and you can follow the steps of:
http://forum.xda-developers.com/showpost.php?p=44455669
or
http://electricheatingcosts.com/removing-chinese-smartphone-spyware/
Best regards.
No more Gsearch and Gfirewall
I had the same problem with my Chinese new teca n9900 and I found the same apps on my phone that you mentioned. I force stopped android.cube, AdupsFotaReboot, Common Data Service, and RebootandWriteSys in app manager in the setting and now Gfirewall and Gsearch stopped automatically installing. I can't seem to enable them back to restart even after I reboot the phone except for "android.cube" that app will restart after I reboot the phone which may be the app causing them to reinstall. I'm not sure what exactly these apps do but my phone seems to work perfectly without them running. Thank you.
Pete636 said:
I had the same problem with my Chinese new teca n9900 and I found the same apps on my phone that you mentioned. I force stopped android.cube, AdupsFotaReboot, Common Data Service, and RebootandWriteSys in app manager in the setting and now Gfirewall and Gsearch stopped automatically installing. I can't seem to enable them back to restart even after I reboot the phone except for "android.cube" that app will restart after I reboot the phone which may be the app causing them to reinstall. I'm not sure what exactly these apps do but my phone seems to work perfectly without them running. Thank you.
Click to expand...
Click to collapse
It seems like now i don't have Gfirewall anymore but Gsearch got reinstalled and i've got an add displayed again so this solution doesn't really work
uninstall gsearch en gfirewall.
I had the same troubles with my phone (elephone P8). First I stopped the software, then I uninstalled it. So far so good.. Did'nt get popupsuntill now..
Succes..
Arthur
Netherlands
MatthewTaylor92 said:
Hello guys, i have a problem as reported above with 2 bloatware apps on my android phone: Gfirewall and Gsearch.
My phone model is UBTEL U8 (MTK model, china phone) and i'm running Android 4.2.2 ROOTED. I have no custom rom/firmware installed.
These 2 apps appeared magically about 2/3 months ago, and i thought they were safe beacuse of Google logo and name. Nothing happened in these months except for some phone crashes and restarts, but 2 days ago a banner ad appeared in my home screen at phone restart and/or phone unlock. I use AdAway (similar to AdBlock) to disable ALL TYPES of banner, ads and related on my phone, browser and apps. When i went to AdAway i noticed that was disabled: i enabled it again and restarted the phone.. but banner ads still showing.. so i went again in AdAway and it was disabled.. again!
I have a similar problem with 3G/H connection with Vodafone. Everytime i disable internet connection, it gets activated again in 1 minute max.. so i can't disable internet.. never!
I removed these 2 bloatware apps today and fortunatly they didn't show up again or get reinstalled.. ads and AdAway blocks are disappeared. I started a lot of antivirus controls with Avira and nothing showed up.. so i thought i was fine, BUT the internet problem persists.. i can't disable internet everytime i want. Someone of you could help me to solve this problem? I hope there is an alternative method to solve this without format/reset the phone!
Click to expand...
Click to collapse
UPDATE:
I'm triyng "Disconnect Mobile" to limit the amount of data probably stolen by these two applications, and after the last unistall of Gsearch and Gfirewall, they do not auto-reinstall!
Disconnect Mobile is a privacy app inspired by our award-winning browser software. The app actively blocks the biggest mobile trackers when you use an app or browse the web using 3G, 4G, LTE, or Wi-Fi. Optional packs include ad filtering and malware protection. Does NOT require root.
Features:
- Blocks the biggest mobile trackers from tracking and collecting your info
- Blocks ads from more than 2500 ad tracking services
- Blocks thousands of websites suspected of malware, spyware, phishing scams and more
Click to expand...
Click to collapse
Like all ad-blocker apps, you can't find this on Play Store, you can find it on 1mobile, for example.
(I cannot post links)
Please let me know if this hint works on your phones
Hi all, my rooted phone is Ulefone U9592 and I found this information :
http://androidforums.com/android-applications/864435-gfirewall.html
TEXT : " My phone is rooted, i set every apk need confirm install, and wait the apk download and confirm install, i used root explorer try to search which directory is. In my phone, i found "/data/user/0/com. cube. android" have the gfirewall apk, i delete that directory, also check whose apk create this directory. The apk is Cube_CJIA01.apk in /system/app, i delete this apk. It fixed. (I think you find the name may not same Cube_CJIA01.apk)"
Well, I revised this information and the folder are : "/data/user/0/com. cube.activity" or "/data/data/com. cube.activity" and in the folder "files" I found :
"_com.gsz.own.pack.apk" and "_com.zgs.gg.pack.apk" (GSearch and GFirewall), I deleted this APK's and I think the problem is solved ..... NOT REALLY!!
If you check the folder "shared_prefs" you find various XML with the information shared at ALISOFT (Chinesse company) and specifically "ApkLoader.xml" with the URL where are downloaded GSearch and GFirewall. Only you need to delete in the XML the parts what you not are interested .... well, if you reboot the phone, the infected XML are restored. The best option is delete the file Cube_CJIA01.apk (do Backup) and reboot the phone. The mentioned folder disappears and the phone works well. Enjoy !!!
Best regards.
Hi jorfen,
I want to follow your instructions, but I need to root my phone before.
Pelase can you give me some hint (or link) to find the right software?
I don't want to install another chinese spyware (like probably VROOT), to remove GFirewall and GSearch
---------- Post added at 09:28 AM ---------- Previous post was at 08:54 AM ----------
may be I have already found the right answer to my question: Framaroot
Compatibility list:
http://www.tfq.me/rooting-almost-any-android-smartphone-without-computer/
App:
http://forum.xda-developers.com/apps/framaroot/root-framaroot-one-click-apk-to-root-t2130276
jorfen said:
If you check the folder "shared_prefs" you find various XML with the information shared at ALISOFT (Chinesse company) and specifically "ApkLoader.xml" with the URL where are downloaded GSearch and GFirewall. Only you need to delete in the XML the parts what you not are interested.
Click to expand...
Click to collapse
I found two files "ApkLoader.xml" and "ApkLoad.xml" with similar info inside, and in both of them I modified the string starting with
<string name="json">blah blah blah...</string> to <string name="json"></string>
jorfen said:
well, if you reboot the phone, the infected XML are restored. The best option is delete the file Cube_CJIA01.apk (do Backup) and reboot the phone. The mentioned folder disappears and the phone works well. Enjoy !!!
Click to expand...
Click to collapse
in my phone I found some files with different names:
_com.gsz.own.pack.apk
_com.zgs.gg.pack.apk
core.apk
gad.apk
uac.apk
uac.dex
jorfen, Cube_CJIA01.apk was in "/data/user/0/com.cube.activity/files" (or similar) in your phone?
Thanks in advance,
Federico
Hi Federico,
I think you already have rooted the phone. Well, I used for this MTKDroidTools, found in this forum (and modified for only install 'su" and "SuperUser.apk"). No problem, only is needed root for System access.
The app Cube_CJIA01.apk is in the folder "/System/app/" (the normal folder for System App's ). The folder "/data/user/0/" is a soft-link (use ln in linux) to the folder "/data/data/"). You locate in this folders the same information, and this is a default folder for working or write files, used in the APK's. Every reboot of phone regenerate information in this folder.
Best regards.
Good news from my virus submission request at Trend Micro:
The two samples are confirmed as malware.
They will be detected as AndroidOS_FakeGSearch.A
Click to expand...
Click to collapse
From now, all products coming from Trend Micro will handle this malware the right way
Hey guy,
since there is no way right now to install a custom rom onto the P20 pro I am really concerned about the savety of my private data. What can I do to send as less data as possible to Huawei and their partners (Google,...)? Can I disable the reporting completely?
Thanks in advance!
Blumtopf
btw.: if there is a thread out there i did not see yet pls let me know =)
Don't use a smartphone at all.
Sent from my CLT-L29 using Tapatalk
Blumtopf said:
Hey guy,
since there is no way right now to install a custom rom onto the P20 pro I am really concerned about the savety of my private data. What can I do to send as less data as possible to Huawei and their partners (Google,...)? Can I disable the reporting completely?
Thanks in advance!
Blumtopf
btw.: if there is a thread out there i did not see yet pls let me know =)
Click to expand...
Click to collapse
One solution is to block internet access for installed apps and some system apps: settings - > wireless and networks - > data usage - > network access.
If this is not enough for your needs, another solution is to use Netguard and block internet access for any system app you like. It is an open source app and you can find the playstore version
https://forum.xda-developers.com/android/apps-games/app-netguard-root-firewall-t3233012 or the github version that compared to the playstore version it also has adblock using hosts files
https://github.com/M66B/NetGuard/blob/master/ADBLOCKING.md
I use the github version and it works fine in our phone. A tip to work properly in P20 pro, is to enable "manage system apps" in the Netguard's advanced options. Also, if you use the github version, disable automatic update for Netguard from playstore, otherwise you will lose adblocking. You can update the app via github whenever there is a new update.
Sent from my Huawei P20 pro using Tapatalk
I'll just post my answer on a similar question.
Two things:
1. You really need to understand better what is your concern. "Reporting" (such as "Digital Balance" or "User experience improvement program") don't collect data that can identify you as an actual person, it can just identify your phone usage patterns and general info. Most of those can just be disabled in various settings.
2. If you want to go full paranoid (not using Google or any other cloud service accounts, not using cloud backups and syncs, cutting your phone from data network) you will be owning a smartphone without actually using any of its "smart" features. In this case you are really better off, just buy an old feature-phone and save yourself some money.
Hi All,
I'd like some recommendations on steps for locating a stubborn adware infestation that virus scanners don't seem to be able to find on my mobile. System is:
- Samsung SM-G900F
- Android 6.0.1
- unrooted
I get advertising redirects several times per day. It isn't clear where they are coming from. Have tried complete system reset. Uninstalled all downloaded apps. Disabled app auto updating. Ran a Malwarebytes scan. It found nothing.
Is there somewhere a log file for browser calls? At least I could find the app that requests the unwanted URLs.
thunderslug said:
Hi All,
I'd like some recommendations on steps for locating a stubborn adware infestation that virus scanners don't seem to be able to find on my mobile. System is:
- Samsung SM-G900F
- Android 6.0.1
- unrooted
I get advertising redirects several times per day. It isn't clear where they are coming from. Have tried complete system reset. Uninstalled all downloaded apps. Disabled app auto updating. Ran a Malwarebytes scan. It found nothing.
Is there somewhere a log file for browser calls? At least I could find the app that requests the unwanted URLs.
Click to expand...
Click to collapse
you could turn on logging in developer options, though you'll need a little tech skill to use & set up.
Probably an easier way is to use a no root firewall eg
https://play.google.com/store/apps/details?id=eu.faircode.netguard
while the log feature is not free as you only want to find one potential app you can set notifications for internet connection attempts to on, then manually check app & ip address it's trying to connect to win you get popup.
Also you could use this app (it's NOT a proper antivirus app, but a useful 2nd opinion to your actual antivirus), it just allows you to easily see app status from virustotal.com & manually submit any that are suspicious or have not yet been submitted,
https://play.google.com/store/apps/details?id=com.funnycat.virustotal
btw even if you really have uninstalled all 3rd party apps one of the bloatware adk's may have a dodgy ad sdk within it. If so you can (probably) block this with the above firewall if you pay for that feature, without having to root your phone or freeze dodgy app. (Also boot phone into safe mode disables all 3rd polarity apps & see if it still happens)
Note: if system is infected by malware factory reset won't help, you need to reflash the FULL (eg 4 or 5 files inside) Samsung factory ROM with complete wipe. Though as I guess the S5 is not receiving updates anymore, I'd be looking into installing LineageOS to get up to date security patches (after first reinstalling stock ROM asuming you have malware as custom roms are not full roms like samsung factory rom)
thunderslug said:
Hi All,
I'd like some recommendations on steps for locating a stubborn adware infestation that virus scanners don't seem to be able to find on my mobile. System is:
- Samsung SM-G900F
- Android 6.0.1
- unrooted
I get advertising redirects several times per day. It isn't clear where they are coming from. Have tried complete system reset. Uninstalled all downloaded apps. Disabled app auto updating. Ran a Malwarebytes scan. It found nothing.
Is there somewhere a log file for browser calls? At least I could find the app that requests the unwanted URLs.
Click to expand...
Click to collapse
Could be xhelper, mostly Chinese phones (what a surprise ?) it seems but at least one Samsung running 6.0.X like you
https://threatpost.com/android-malware-45k-devices-mystery/149654/
Hello everybody,
I was curious about which server my apps on mi Xiaomi Red Mi 6A get connected since a recent report said Xiaomi was tracking users. I've installed: NetGuard and TrackerControl and there are a few apps which I should not remove but are still connecting to the following directions:
Google:
firebaseremoteconfig.googlrapis.com
infinitedata-pa.googleapis.com
play.googleapis.com
Xiaomi:
api.ad.intl.xiaomi.com
data.mistat.intl.xiaomi.com
globalapi.ad.xiaomi.com
sdkconfig.ad.intl.xiaomi.com
My question: Is there a way to block all that addresses instead blocking the entire app?
I know I can remove bloatware rooting the phone or with the adb console, but these are system apps the phone needs to work properly. I also understand some apps may need to get connected to the Google api servers in order to work, but (I think) Xiaomi doesn't have anything to do here.
Regards!
MiguelRbls said:
Hello everybody,
I was curious about which server my apps on mi Xiaomi Red Mi 6A get connected since a recent report said Xiaomi was tracking users. I've installed: NetGuard and TrackerControl and there are a few apps which I should not remove but are still connecting to the following directions:
Google:
firebaseremoteconfig.googlrapis.com
infinitedata-pa.googleapis.com
play.googleapis.com
Xiaomi:
api.ad.intl.xiaomi.com
data.mistat.intl.xiaomi.com
globalapi.ad.xiaomi.com
sdkconfig.ad.intl.xiaomi.com
My question: Is there a way to block all that addresses instead blocking the entire app?
I know I can remove bloatware rooting the phone or with the adb console, but these are system apps the phone needs to work properly. I also understand some apps may need to get connected to the Google api servers in order to work, but (I think) Xiaomi doesn't have anything to do here.
Regards!
Click to expand...
Click to collapse
I'm willing to bet that if you did remove them, it will break things on your device and certain features/functions will no longer work, or worse yet, it may cause your device to not work properly.
Sent from my SM-S767VL using Tapatalk
I see these tracking sites getting blocked on my Adguard home filter and the phone still works fine.
api.ad.intl.xiaomi.com
tracking.intl.miui.com
app-measurement.com
ssl.google-analytics.com
googleads.g.doubleclick.net
I've also tried Netguard and TrackerControl but I still see these tracking and ad sites leaking through. I've tried different hosts files on Netguard too.
Is there a better solution without rooting/custom rom? It would be exposed once I leave the home network. I've already debloated the MIUI 13.0.13.
play store auto installing apps on all devices
Whenever I install something on my s22, it will install it on my galaxy tablet.
How can I prevent this.
In Playstore settings change to update by wifi only and disable wifi. I normally keep Playwhore package blocked and firewall blocked unless needed. Once a Playstore paid for app is activated I firewall block it as well if it doesn't need internet access. I avoid Playstore as much as possible and create installable backups for all the apps from Playstore so I never need to use Playstore again when reloading except for paid apps. It streamlines reloads and they go much faster.
I also use more Playstore alternatives now but always scan them first with Virustotal. A Playstore app may be clean when installed only to download it's payload latter as an "update". Another reason I don't allow updates or an internet connect if not needed. Playstore updates can and do ruin once working apps. Tired of that bs.
Thanks for your thoughts.
But this did not ever happen before.
I've always had a Samsung mobile and Samsung tablet and the mobile app never auto-installed on the tablet till now.
I don't want to turn off auto-update because thats not a real fix.
Need to find out why its auto-installing.
I checked playstore on mobile and on tablet and on browser - but theres no mention of auto-install on all devices.
CorruptedSanity said:
Thanks for your thoughts.
But this did not ever happen before.
I've always had a Samsung mobile and Samsung tablet and the mobile app never auto-installed on the tablet till now.
I don't want to turn off auto-update because thats not a real fix.
Need to find out why its auto-installing.
I checked playstore on mobile and on tablet and on browser - but theres no mention of auto-install on all devices.
Click to expand...
Click to collapse
You can manually install updates from Playstore which is a wiser way to do it. One of the reasons I can run Pie securely is I use vetted apps, some are 6 yo and I firewall block them. Updates bring trouble far too often. Once a system is running fast, stable and fulfilling its mission updates serve no purpose most of the time. Auto updates bring rude surprises and make troubleshooting much harder in tracking down the offender.
In 2.5 years (that's how old this current load is) I've had no malware but spent a lot of time undoing damage updates have caused including a firmware "upgrade" for my Buds+ that trashed the sound. That pair now needs to be reflashed and it's a pain to do. meh.
If you try unmark one or more of your devices before instalation on the app, did it help?
See the pictures.
Same, annoying feature, as on iPhone. On the other device go to settings/network preferences and disable auto update.
Simply manually periodically check for updates on tablet and it will check and update any apps installed if necessary
Monipeev said:
If you try unmark one or more of your devices before instalation on the app, did it help?
See the pictures.
Click to expand...
Click to collapse
that was exactly it!
both devices were checked
many thanks to you!!
raul6 said:
Same, annoying feature, as on iPhone. On the other device go to settings/network preferences and disable auto update.
Simply manually periodically check for updates on tablet and it will check and update any apps installed if necessary
Click to expand...
Click to collapse
see above solution