Hello there,
I have bought an Allwinner A23 7" Tablet from Amazon: www . amazon . de/gp/product/B00KD930W8
The hardware works fine, but there are Virus and Adware in the ROM, identified by Sophos anti virus tool
com.android.server - Andr/Closer-A
Google - Andr/Sivu-A
service provider (Adware)
com.softwinner.videotest (Low reputation app)
DragonFire-v2.3 (Low reputation app)
DragonPhone (Low reputation app)
Sophos doesn't remove that and it's still there after wiping to factory settings.
When I open the built in Browser app, it's start page is always some other website, not possible to change that.
From time to time random ads pop up out of nowhere.
While booting, it shows a PHROG7 logo, not sure if it's relevant.
Model number: P7-0001X-TP
Processor type: DualCore-A23
Android version: 4.4.2
Firmware version: 4.4v2.0
Kernel version: 3.4.39 [email protected] #273 Sat Aug 2 12:17:58 CST 2014
Build number: polaris_p1-eng 4.4.2 KVT49L 20140802 test-keys
Q1) Is there a way to get rid of that malware?
Q2) Where can I find a clean compatible ROM for this hardware (preferrable CM)
Q3) Which of the lots of HowTos is the correct one for me?
Not sure what you mean by malware but the ads are from apps installed from play store. Many free games and free launchers has ads. I recommend to factory reset from the settings. Did you bought it used or new?
Sent from my HTC One_M8 using Tapatalk
No, it is firmware-borne adware
badboy47 said:
Not sure what you mean by malware but the ads are from apps installed from play store. Many free games and free launchers has ads. I recommend to factory reset from the settings. Did you bought it used or new?
Sent from my HTC One_M8 using Tapatalk
Click to expand...
Click to collapse
This is different from the ads in the apps. I get it in my one too - same basic device (AllWinner A23 9 inch tablet in my case). Factory reset, no apps installed and still got ads popping up. I'm about to try installing some new firmware on mine to see if that fixes the problem - although I suspect the more likely outcome is a bricked (or partially bricked) device.
deerbrook tablet off amazon has same spyware
I recently purchased an A23 powered tablet that had the same issues. I got it off Amazon from a company named deerbrook. Had the same questionable apps that OP mentioned, in addition to adware built in to the stock android firmware. I would love to find a ROM that would work on this tablet and get rid of the spyware. For the $38 I paid on amazon, the hardware is pretty decent but the software makes it unusable for me, since I'm not open to using a device that could be hijacking my wifi network.
my little a23 story
N8000 Samsung 64GB outside (a23 256MB 2GB 9")
first of all I've rooted it.
But better way is to backup the system (for now only this way) at first.
Hopefully I had not anough space on internal flash, so I made nand{a..h} backups and init script, leaving nandj for what_if_im_lucky (so that happened).
Hope this instruction works, although I've used VRoot.
with chinese kingUser some superCleaner has installed, so in it i've cleaned PlayMarket and GoogleServices cache and updates (hope this stopped that every-couple-of-minutes Play Services error).
Also manually (.apk) installed LBE Security Master. It now is working erroneous. But I've tried to limit apps paranoidally.
With SuperCleaner (I'd recommend some lighter SW) some of those apps were deleted: com.softwinner.videotest, DragonFire-v2.3, DragonPhone and many more preinstalled games etc. With LBE SM turned off autostart and all abilities of com.android.server.
Also through PlayMarket installed build.prop script modifier and changed screen size to 9 (from7) and dpi to 160, on 9 inch tab that is much better.
At the beginning I had hope to find suitable ROM. I've read many posts about bricked and/or incorrectly working HW with those ALota Chinese ROMs. I think it's impossible to get off stock ROM (even backed it up and restored after all) and get full HW functionality. The same situation is with Play Services and PlayMarket (on Allwinner chinese pads). So I decided to root and clean.
I had same problem with malware from 2 Deer Brook tablets purchased on Amazon. Factory reset did not remove it. It kept bring up a website for smartdrones no matter how I changed the start page in the browser. Also 5 programs kept installing without my consent, and every time I removed them, they came back. My son gave up on it, and is waiting until I figure out how to get this junk off. I DID today. I work in a computer repair shop and today was the day. I found a program free called PhoenixCard that allows you to put a image onto a mini SD card, then reboot with that in the tablet. It worked! no more hijacked browser, and I am able to do what I want without the same 5 programs installing themselves.......GOOD LUCK !!!!
Related
I have noticed these chinese apps some how self installing on my S2.
Any idea how to get to the source of these unauthorized installs? (Lookout & AVG & NetQin don't detect them as malicious or find any reason for how they are getting on there).
Currently using KH3 + CFRoot.
Why do people give so little information when they post?
What Chinese apps? (Please provide a screen shot if the app name is in Chinese) .
This sounds really really bad.
Has this happened to any one else?
It should not be possible for this to happen.
Does your phone have any connection with China or have you installed any Chinese software?
If this is happening then you must have done something yourself to start the process. Nothing can install itself without your consent, unless there's malicious software that's bypassing the system and installing for you, but you would have had to install that first.
So, as above, a lot more information is needed. Personally, I'd just do a complete wipe and hard reset and never install anything from untrusted sources again, including warez, 3rd party app stores and the Chinese Market, which is known to have had dodgy software before now.
My friend got an S2 from China and it was preloaded with all those Chinese apps. Examples include QQ Security Suite and some other apps. I used Titanium Backup to uninstall but after each restart, the app re-appears!
I was surprised that Titanium couldn't uninstall. It says it uninstalled successfully but it just re-appears. The only thing I could do is to do a re-flash to a Hong Kong firmware without all those pre-loaded Chinese apps.
But before you wipe everything, please help us try and find out how it happened?
Again has this happened to any one else? Because I want to know if this could happen to my phone!
Mine also did this on stock rom i would uninstall samsung apps reboot and it would reappear on my menu. Is it possible the rom comes with an auto install script for the preloaded apps?
Sent from my GT-I9100 using XDA App
otester said:
I have noticed these chinese apps some how self installing on my S2.
Any idea how to get to the source of these unauthorized installs? (Lookout & AVG & NetQin don't detect them as malicious or find any reason for how they are getting on there).
Currently using KH3 + CFRoot.
Click to expand...
Click to collapse
If you have CF-Root, you have super user installed. Review your permissions. You can also install LBE privacy guard and set permissions for all apps as well, including many system apps (you'll need to 'untrust' them first).
Sent from my GT-I9100 using XDA App
Sorry for the little information guys, was 5am and very tired
I deleted the second incarnation of the app as soon as I saw it (worried about personal details being taken etc.) however it if it reappears again then I will screenshot it.
Virus scanners don't detect them as malicious, when the program opened (after stealth install) I went through it, albeit in Chinese it looked like a legit program and the menu worked etc.
I have market 3.1.3 installed (got the apk off the internet) and a few apps that got removed from the market place (torrent clients and certain games I couldn't find etc.) so it could well have been put in them.
I'm thinking about a hard reset, not using titan backup to avoid it coming back and a re-flash.
Also my phone has no connection with China (purchased in the UK), this has only happened recently.
Is there any more info needed before reset etc.?
Looks like the suspect apps removed from the market may have been the cause.
Does anybody know if running as root alows all download apps to run with root permissions?
LouisJB said:
Looks like the suspect apps removed from the market may have been the cause.
Does anybody know if running as root alows all download apps to run with root permissions?
Click to expand...
Click to collapse
Issue is the damage seems to have been done, looks like I have no choice but to reflash etc. Need a virus scanner that has root so it can do a deeper scan.
Superuser is a lot like UAC on Windows Vista/7, it will popup and ask you to allow/deny.
Also is there any way to wipe the device while re flashing to ensure this gets removed?
I found a folder on my Internal Storage "QinqiQuan" (Google Image search pinpoints this as one of the apps) which translates in Chinese to English as "Infringement", however the app itself appears to be a legitimate Chinese social app so I'm not sure of my original concern regarding "Infringement" being copyright related etc.
Another few suspicious folders were "the9GameCenter" & "waze".
In future I'll be sticking the Market and official sites, even if that means doing without certain apps that aren't available on my handset/region
Isnt waze a community based sat nav app?
poults said:
Isnt waze a community based sat nav app?
Click to expand...
Click to collapse
The apps themselves appear legitimate, but I didn't authorize the installs which is what worries me.
I wiped internal storage, wiped data and then re-flashed + CFRooted.
Hopefully what ever it was, won't come back
And how about the security in your computer? As we know, you can install an app in your phone via your market account using your computer. Perhaps someone is playing around with your market account. If this is the case, changing your password would be a good idea.
Sent from my GT-I9100 using XDA App
angelomaldito said:
And how about the security in your computer? As we know, you can install an app in your phone via your market account using your computer. Perhaps someone is playing around with your market account. If this is the case, changing your password would be a good idea.
Sent from my GT-I9100 using XDA App
Click to expand...
Click to collapse
Yeah I have changed my password and turned on all the Google security settings, albeit a bit of pain, does give peace of mind
Sent from my GT-I9100 using xda premium
Hi everyone, I'm new to Android, not very knowledgeable, have got into a pickle and wonder if anyone can help me.
The Phone - I bought my first Android phone just over a year ago, a Storex DC50G. It's a dual SIM phone running Android 4.2.2, made (or at least marketed) by a French office equipment company. Not very popular, sold mostly in southern Europe (I'm in Britain). Most of the discussion online is in French or Spanish. I understand a bit of both languages but can't find any discussion of rooting, hacks or ROMs. Some software reports the manufacturer as Alps (but they deny it). Until recently it did what I needed and I was happy with it.
The Problem - Unfortunately, I got complacent because of what I'd read about Android's good security and Google's vetting of apps on Play Store. I only installed respectable apps from Play Store, but at some point I must have installed something bad which installed more bad things. I suppose it's possible that this was one of the Chinese phones that had a trojan as it left the factory. At one stage as soon as I connected to WiFi or cellular data I'd get a blizzard of animated advertisements and new installations that made the phone unusable.
What I've Done - Booted to safe mode, with no data connection. I tried 'Factory Data Reset' via settings and via the recovery menu. That wiped all my data but the malware survived. I uninstalled all downloaded apps and removed the SD card. I found several apps that looked obviously suspicious but were installed as 'Factory Apps' so could not be uninstalled. I've disabled them. Malwarebytes detects 16 pieces of malware but can't delete them ('Do you want to delete the selected items?' -> 'Name of application Do you want to uninstall this app?' -> 'Name of application Uninstall unsuccessful'. The listed malware is:
PUP.Riskpay.Xinyin.wch
Android/Trojan.Ztorg.b
Android/Trojan.Agent.OT
Android/Trojan.Downloader.Agent.ex
Android/Trojan.lop.rp
Android/Trojan.lop.rp
Android/Trojan.lop.j
Android/Trojan.Dropper.Agent.gg
Android/PUP.Adware.Sprovider.E
Android/Trojan.Ztorg.tw
Android/Trojan.Spy.Qcarec
Android/Trojan.Ztorg.b
Android/Trojan.downloader.Guerilla.m
Android/Trojan.Ztorg.a
Android/Trojan.Dropper.Agent.FH
Android/Trojan.Ztorg.b
I've tried deleting them one by one, getting the name of the app from the error message and disabling them individually. The phone is much better now - usable for making calls, but I'm not happy to trust it with passwords, banking applications etc. and every time I unlock it I'm greeted by a naked Chinese lady who I didn't invite.
Lessons Learned - next time I'll buy a popular big name phone so I have a chance of getting support, from the community if not from the manufacturer. Android's security turned out to be just enough to prevent me from making a proper back-up and now to stop me uninstalling the malware, but not enough to keep out the nasties. I'd be tempted to root a new phone straight away so I can back up the operating system - even at the risk of invalidating the warranty.
What next? - I'm being cautious, but haven't got much to loose. I'm thinking of trying some of the general purpose rooting tools like Kingoroot, then if I get root successfully trying again to uninstall the malware (but don't know how to be sure I've spotted it all). Ideally, I'd flash a fresh, clean ROM, but since it's not a popular phone there's no such ROM and no-one seems able to give me a clean manufacturer's ROM.
Is this a sensible way forward? Is there a better way forward? Should I chuck it in the bin and go shopping for a new phone?
Install update of ROM with SP flash tool
Install ROM of storex.
xda does not let me put link ROM
Hi, apologies for any obvious errors, I've been out of android for a few years
My friend has given me her daughters Samsung J5 to sort out as she was getting pop up ads every 2 or 3 seconds rendering the phone unusable.
I've now realised the following: it's a Chinese phone which is rooted and I have no idea what software it is running but I have factory reset and run Malwarebytes which showed 2 apps as having trojans "com.mediatek.theme.mode" and "MessageData"
I've disabled both apps and the problem seems to have stopped but I'm a bit worried as they call themselves system apps, and I don't want to brick her phone!
Has anybody heard of these two so called system apps, and am I going to ruin her life of Snapchat by disabling them? I've Googled and can't find any specific info on them so I'm wondering if whatever android version it's running has had the malware written into it and they're not actual system apps?
Thanks for being patient with me!!
if the phone is rooted install twrp, make a back-up - especially the EFS one - and start to disable/remove and test
if anything wrong you can restore
and also system aps can be disabled or uninstalled - just be careful
use service disable app for samsung - think is on apkmirror
good luck
the chinese crap phones are constantly sending infos from the phone to the chinese servers
Hi i have had this Phone Micromax C1 since august 2017 and while its quite awful even at its current price point of 4000 Rs about 60$ once you root it and remove all the bloat virus and do some customizations it becomes much more bearable to the point that my peers can often be fooled into believing that it would cost 10000 to buy.
the phone has 2 major ROMs that are worth talking about both of them are technically stock ROMs of the device however while one of them is mainstream the other one is an actually a developer one to one port of android 7.0. have had both ROMs and i can tell while the developer build is much more pleasant, familiar it is terribly optimized(probably not optimized at all) and is thus slow. the mainstream stock ROM is actually quite awful in my opinion the initiator launcher is bad and the only way around it is to use a 3rd party launcher like the Google Now Launcher that I prefer to use.
Once I learnt about how magisk worked the processes of rooting was almost as simple as finding the stock boot.img since the bootloader can easily be unlocked from the developer options and then flashing can be unlocked via fastboot.
Now about what i really wanted to talk about.
i have started to "HATE" Micromax, while the phone was a gift to me since i never had a smartphone beside an even worse Micromax a102 on which i learnt about rooting and all that stuff. i still hate the C1. the hate was due to how bad everything software-wise is about the phone, not just the hardware. Since i didn't know about magisk and there is no twrp for this phone i somehow managed to find this leaked Developer ROM from a website called needrom.com (they used to give ROMs for free back then now they charge a subscription) i really liked the developer ROM because it was essentially stock android though since it was unoptimized and slow i did later switched back to the mainstream version which had virus in it. however, after finding out about magisk i had my phone rooted i was able to uninstall all the bloat that i could see on the surface level like the many Micromax and qiku apks that are either bloat or likey virus package deliverers. because of that, my experience was not that bad.
my experience was not that bad up until September of this year 2019. around this time i noticed an app that i never installed called xhelper i did some investigating about it and found out that it was a virus i tried to remove it since it was installed as a user app however it would install itself again later. around this time i learnt that cam scanner a popular document scanning app had Malicious code inside while i don't use such apps due to an emergency i had to use it and left it in my system, once i found out about the virus news i immediately uninstalled it i had uninstalled it prior to finding the xhelper app while using Greenify. this led me to believe that the virus was installed by Cam Scanner. Later on, while i did freeze it, it probably somehow manage to install another app called firewey which began to slow down my phone and show ads to me, and while i did freeze both of these apps and restrict their permissions it didn't help (there was also a 3rd virus app that i forgot its name). after this factory reset my phone a couple of times but it seemed that the virus and sunken too deep into the android system. i even used SP Flash tools to flash a fresh stock ROM but it didn't help (because Micromax had embedded the virus into the stock ROM i wast sure then but i am now), i actually reverted to the developer ROM i had mentioned earlier. which as i expected was free of virus.
however, it couldn't keep up with the load that apps in 2019 given even though i have no social media apps to speak off except whats app and Reddit (if you could even call them social media apps like Instagram, facebooks, tweeter etc). so i gave up on the developer ROM was walked back into the mainstream ROM while the first day was a breeze is nothing of note happened it was only at night that all the virus embedded into the ROM began to emerge, now i was sure that it was the ROM that was at fault since the developer and mainstream rom have different partition configurations they cannot be upgraded to and fro it requires flashing at bootloader level. this time when the virus emerged i was prepared to deal with them i had many apps that would help me quartine and locate these malicious apps like Greenify, Island, App Ops, Icebox, Link2SD, ES Explorer( and Malware bytes help find the last source of the malicious apps). Each of these apps while not mandatory with many alternatives available were a big help in the process of Quarantine and Removal.
As of now, i have my phone rooted with magisk cleaned up, in my opinion, all the malware, bloatware and malicious apps and is working well enough that it is still usable.
Apps that i think are Harmfull, have Malicious code in them or are bloatware
xhelper - com.mufc.firechi - confirmed virus
firewey - com.mufc.firewey - confirmed virus
initiator launcher - com.android.launcher3 - requires unreasonable permissions
File Browser - com.qiku.filebrowser - likely entry point of all virus since it requires too many permissions unreasonably
System Clean - com.android.sc - confirmed virus
Instruction - com.sprd.instruction.MainActivity - suspicious package name and app name, permissions
Patch System - com.android.core.patchsystem - likely entry point serves no real purpose
all Micromax and QIKU apps none of the Micromax Apps are required for the proper functioning of the device and while many of QIKU apps have suspiciously large permission requirement(because they likely spread the virus) they have better alternatives available
a note to all people who may have this device,
this had been a good device hardware-wise from its current price point of 4000 Rs. however most of its software is terrible and even harmfull to the user in case someone wants a cleaned ROM of this phone ( the one that i am using) please write bellow about your concerns and experience with this phone. while there is no way for me to extract the ROM in my Phone i can create a system partition flash image that can be flashed using the fastboot functions to allow a clean android experience.
Hi,.. I am feeling bad and worse about this phone when I realized ,... the users of Micromax mobile are having the same problem. I am trying to uninstall and many things many times. all are helpless. I many times get angry and wanted to throw this mobile away. 3 weeks of time,.. I wasted my times to solve the problem ... to kill Xhelper and Firewey. It seems dangerous and insecure device to me. I should never buy this mobile from India.
thanapon.thailand said:
Hi,.. I am feeling bad and worse about this phone when I realized ,... the users of Micromax mobile are having the same problem. I am trying to uninstall and many things many times. all are helpless. I many times get angry and wanted to throw this mobile away. 3 weeks of time,.. I wasted my times to solve the problem ... to kill Xhelper and Firewey. It seems dangerous and insecure device to me. I should never buy this mobile from India.
Click to expand...
Click to collapse
I understand how hard can it be to get stuck with such a phone and not be able to do anything about it. it's even worse when its the only phone you have and then you get into a boot loop trying to fix the problems of the said device. one of my worst experiences with this phone is of soft bricking it while i was trying to get rid of the virus, having to wipe all user data then realizing that the 4.12 gb backup of user data is corrupted as well as my google drive backup of whats app. it turns out that my 4.12gb of user data backup that i directly made on phone got corrupted since fat32 systems cant handle more than 4gb file sizes. i concluded this was the issue since the backup was supposed to be of 4.12 GB but it was exact 4.00 GB
mx
jumbofreak said:
Do you know if the mainstream with xhelp/firewey on it still available somewhere for me to download, i have another brand with similar problem i want to check. Could you please provide link . Also, if you know could you tell me where this phone was bought and did you see ad pop ups after installing something or started on its own ?
Click to expand...
Click to collapse
I still have the xhelper or firewey titanium apps backups if that is what you were asking for. This phone was bought in Maharastra, India from an authorised dealer. the ad pop-ups started appearing on its own and even after wiping the ROM and installing the stock ROM fresh the help and firewey apks were installed automatically within half a day as long as there was an internet connection available and once the firewey app is installed the pop-ups start as well. though i should also mention that in this particular model there is also a system app called software update that also shows notification ads but is easily uninstallable with no repercussions
manav907 said:
I still have the xhelper or firewey titanium apps backups if that is what you were asking for. This phone was bought in Maharastra, India from an authorised dealer. the ad pop-ups started appearing on its own and even after wiping the ROM and installing the stock ROM fresh the help and firewey apks were installed automatically within half a day as long as there was an internet connection available and once the firewey app is installed the pop-ups start as well. though i should also mention that in this particular model there is also a system app called software update that also shows notification ads but is easily uninstallable with no repercussions
Click to expand...
Click to collapse
zz
I have an Allwinner (Winning Deal), 7 inch android tablet, DualCore-A23 'Sherav SRE706', that has a suite of suspicious-looking apps, called, 'softwinner service' app, Google Backup Transport; Settings Storage; Settings; Key Chain; Input Devices; and even 'Android System'.
They all have permissions to "directly call phone numbers"; "% this may cost you money"; and "read phone status and identity".
That seems a bit strange with regard to the 'Settings' app.
The so-called 'softwinner service' app is factory installed and cannot be uninstalled, which are supposed to be the characteristics of android system apps?
Using an app called 'Device Info', one of its tests say that the tablet is rooted, but the tablet was bought new and hasn't been rooted, suggesting that if it is actually rooted that it was rooted before sale, which seems strange.
When it was used with a Google account, before, someone tried to hack into the Google account.
There were quite a lot of third-party apps on the tablet, at that time, which had been installed indiscriminately, without due regard for requested permissions.
So the attempt to hack the Google account could have come from the indiscriminately installed, third-party apps?
On the xda-developers forum, fuzzyriver seems to have a similar problem:
"I recently purchased an A23 powered tablet that had the same issues. I got it off Amazon from a company named deerbrook. Had the same questionable apps that OP mentioned, in addition to adware built in to the stock android firmware. I would love to find a ROM that would work on this tablet and get rid of the spyware. For the $38 I paid on amazon, the hardware is pretty decent but the software makes it unusable for me, since I'm not open to using a device that could be hijacking my wifi network."
(https://forum.xda-developers.com/showpost.php?p=60057478&postcount=4)
I don't know anything about rooting or android devices, in general, so not quite sure what to do in order to be able to use the device safely?