Hello there!
I am facing the following problem:
A colleague of mine asked me to remove some malware from his very cheap no-name android phone. Actually it does have a name, it is a Yezz Andy 3.5EI (DDMBrands Andy 3.5EI).
I managed to remove some of it, but some seem to be manufacturer bloatware that are infected somehow. I tried kingoroot to root the phone and remove these applications / packages, but basically at every restart it removes the root binary and reinstalls all the malware again (the optimizing app x/y message appears at restarts and basically it's doing it for the malware).
The most annoying one is an application called MonkeyTest that randomly installs during use, part of the package com.android.wp.net.log (with the apk in /data/app/com.android.wp.net.log-1.apk). So obviously without root access I cannot remove that package (and some others with it that install some adware / random popups etc) .
This is the strange part, because if the phone wasn't rooted and it's internal OS memory is protected.. the only obvious way these packages could've gotten there is through a legit manufacturer update (at least that's how I imagine it)
The best solution would be to somehow root it and find a compatible clean Android and flash that or at least some way to remove all the malware. I searched all over the internet, but it's really hard to find anything for this 'brand'.. so maybe someone with more experience can help me out here.
Phone details: Model no.: Andy 3.5EI / Android version: 4.2.2 (the newer ones according to the manufacturer site have 4.4) /Basebrand v: MOLY.WR8.W1315.MD.WG.MP.V1.F1.P2 9,2013/10/30 14:14 / Kernel version: 3.4.5 (Jun 18 2014) / Build no.: ALPS.JB3.MP.V1 / Custom build version: YEZZ_ANDY_35EI_FR_V06_20140618
Any help would be appreciated as I'm kinda new to phones (used to be a developer, but never did anything mobile related)
Thanks in advance!
Well have you tried factory resetting it sometimes it will fix it but you did say something about bloatware so you are going to have to root your phone and I prefer using root uninstaller
---------- Post added at 04:03 PM ---------- Previous post was at 04:03 PM ----------
To uninstall the bloatware or really malware causing it
---------- Post added at 04:07 PM ---------- Previous post was at 04:03 PM ----------
Have you tried an antivirus software google play has great ones try it and has your friend installed any application other then the play store or has he/she downloaded any files like music, pictures, documents, etc.
Of course I tried factory resets and antivirus apps they remove them but they will just auto-reinstall after a few moments. And after reboot they all install.
fsimon01 said:
Of course I tried factory resets and antivirus apps they remove them but they will just auto-reinstall after a few moments. And after reboot they all install.
Click to expand...
Click to collapse
These are built into alot of devices from places like China. The only way to prevent it is to flash an AOSP based image. The main issue there is that there normally isn't anything available for them
zelendel said:
These are built into alot of devices from places like China. The only way to prevent it is to flash an AOSP based image. The main issue there is that there normally isn't anything available for them
Click to expand...
Click to collapse
Yes it really seems like it, though I remember when he bought the phone last year I helped him set it up for the first time and I don't recall noticing these so I'm pretty sure they came with an update, also here's some additional info that I noticed since:
There is a service called 'TimeService' that belongs to a package called com.android.provider.down2-1.apk which was downloaded last month and I think that is the one causing all the issues. When I rooted with kingo-root and before I rebooted (root kindof 'works' till I restart, but is still limited) I tried uninstalling some of the built in apps, such as the yezz appstore and others with root uninstaller. It actually worked on those and they're gone now. Even after a factory reset they don't show up, however I cannot remove that TimeService thing. This gave me the idea to try a unix console app to actually see the message I get.
I gave the console app root permission with kingo and I could walk through the system files. I located that package and tried manually deleting it but I got the Operation failed, permission denied message.. I tried chmod, chown on the file but no use, even tried switching to the 'system' user that the file belongs to, but that can't do anything with it either.
The thing is that if it actually let me remove stuff such as the manufacturers appstore and others, this is really strange. It is acting like a legit computer virus, which I have never seen for mobile phones before It keeps installing the MonkeyTest app which is apparently a trojan, and if I remove it, it just reinstalls it after a few seconds and also everytime the phone reboots it installs a few other apps: BatteryBot, Perfect Cleaner and some others to which I also get notifications for being malicious.
One other thing that happened is that out of nowhere (the phone was just sitting on my desk and was working before) when I picked it up the screen was black so I had to remove the battery since I couldn't do anything with it. After I reinserted the battery I was greeted with a different startup screen that said 'factory mode' then a list appeared written in chineeze characters.. I pressed the power button it took a photo with the back and front cameras, then started activating the GPS.. so I removed the battery again. When I reinserted it, the phone just started normally.
Same problem
Have you found a solution for this "Time Service"? I got the same problem since May 5th and i did everything i could think to fix it, with no positive results... Please, if you know anything about fixing it, send me a message to [email protected]. I don´t know what else can i try :c
Karlmex said:
Have you found a solution for this "Time Service"? I got the same problem since May 5th and i did everything i could think to fix it, with no positive results... Please, if you know anything about fixing it, send me a message to [email protected]. I don´t know what else can i try :c
Click to expand...
Click to collapse
Hello there,
Unfortunately I only had the phone here for a few days and this was all I could do. I am still pretty sure (more than 90%) that it was part of an official update from the manufacturer in May so I'm guessing it was either intentional on their part or they got hacked or something. What I finally did was using kingo root (without a restart, it gives you some temporary access) and root uninstaller to remove most of the original bloatware (even the yezz app store and a bunch of others) to balance out the phone slowing down. I set up the webroot mobile anti-virus app to prevent new ones in the future.. and I set the 3 remaining ones on ignore (the ones that always reinstalled on startup: timeservice, monkeytest and I think batterybot).
The phone is now running fairly smoothly and my collegue can use it.. though I warned him to try to avoid using it for banking services etc... as I don't know what exactly the remaining ones do (though I think all they do is try to install more ads... )
You could try contacting the manufacturer to see if they have anything to say about this.. and maybe update this thread if you find out anything new (I kinda avoided that since judging from the website and the fact that their update installs viruses I doubt it's a serious company)
Imo the only real solution would be the one posted by zelendel and that is flashing a new clean image on it, but unless you get one from the manufacturer along with some help on how to actually root it effectively I doubt you'd find anything on the internet, at least I couldn't
Cheers!
Related
Hey guys....here's my situation.
I bought a Blu Touch Book 7.0 plus off of Amazon. Got it two nights ago. It's a true phablet. 512 RAM / 512 ROM - I was a little concerned but figured as long as I could root it, I was good to go.
Anyways - no I am not looking for a root. I was able to root it relatively easily after an initial failed attempt which required a factory reset - if anyone is interested, it required PDANET+ & UnlockRoot, SuperOneClick and other methods failed. I threw in a class 10 SD, and modded Android so all apps would be downloaded/installed to my SD card (I did this using the SDK & command prompt in USB debugging mode). I had researched apps previously and began to furiously download and tweak. I threw in a T-Mobile SIM, and everything was going well, I was very happy. It actually seems to be a well made device, though it's a little bulky and the phone function works much better with a bluetooth headset.
Then, I deleted Phone.apk. Despite all apps being downloaded/installed to my SD card, space was still at a premium and I had downloaded a third party dialer. I figured worst case, I could do a factory reset and/or could simply re-download the file (I was actually about to download a good backup program tonight after work, I've been busy the past two days and my anxiety to set up other stuff got the better of me). There was no immediate issue, but shortly later I got the dreaded 'com.android.apk has stopped' (or what not) message popping up constantly. I reset the device, it booted up but it was not reading my sim, and was missing icons. That's when I did something stupid-er. I found a Phone.apk file on the net, downloaded to my device, and copied it to the relevant directory.
Since then, when I boot up, first it shows that Android is upgrading, then it shows the 'unfortunately, the process com.android.apk has stopped.' I click 'Okay,' and it keeps popping up. I wasn't able to delete the wrong Phone.apk as there was not enough time for a longpress between error messages. I was able to initiate a factory reset - I was rather relieved - I had learned a bit the past day or two via trial and error, and I would be able to re-do everything perfectly this time.
But the factory reset did not revert to the right 'Phone.apk' file. So the problem still exists....
If anyone can help me, I would be oh so grateful....thanks...
A factory reset clears all user data & apps. If you deleted the phone app from system, you will have to reflash a stock zip, which I'm assuming you don't have, or find the stock apk and put it back in the right place as a system app.
If you have Titanium Backup you can use that to do it, provided you can find the stock phone apk.
Well, a problem is, I doubt that I will be able to find any ROMs or Phone.apk's for my device. At least not for a little while. There are some ROMs out there I believe for the original Blu Touch Book - but the original has a diff processor and is running Froyo rather than ICS.
Now, if I somehow can find a workable Phone.apk or a workable ROM, how do I go about flashing/copying? I can hook up to a PC (though I'm not aware of any USB storage mode that I can turn on), but the phone itself is just about unusable unless I can manage to delete the wrong Phone.apk file, as long as the file is simply missing it will boot up without the relevant features. And - let me repeat that I did a factory reset to try and fix this - it didn't fix my problem but it erased my apps and my root access....I can probably restore root but it won't stop the warning notification from popping up non-stop.
I was able to boot into safe mode previously - but it didn't help. If there is an applicable recovery mode, I can't figure that out. To my knowledge, there is no USB Mass Storage option that I can turn on.
I purchased from Amazon, so luckily I can return the item, and worst case they review it's condition and charge a restocking fee. Of course, I was looking forward to receiving this device for more than a week and have been obsessed with it since it's arrived...and I am also temporarily back to using Sprint (in Phoenix) on a 3.5" Windows Phone (I am an ex Windows Mobile fan boy, Windows Phone disappoints) after experiencing 6 MB/s 3G speeds on T-Mobile for a day or so (on a 7 inch screen and on a prepaid plan far cheaper than what I pay Sprint). I was about to port my number. Basically I am depressed. An irony here - I'm pretty sure Amazon sold me a used device that was advertised as new. On initial boot, the Android set up program did not launch. Upon my first factory reset, the set up program launched, and the dialer skin was different than what it was out of the box. The 'refuse product if this seal is broken' sticker on the packaging was partially broken, too, although it appeared to be partially in tact. But now if I try to play that angle, I come off like a scam artist...
Anyways thank you very much for your reply...all attempts to help are appreciated quite a bit...
Taking things one step at a time, let me simplify my request:
How can I delete (or replace) a system file from my device (in this case, the incorrect Phone.apk) remotely via a USB connection? I have the sdk installed on my computer, I can connect the device to my computer, but I can't really use the device until the file is deleted. Is it possible to push via ADB? Something to that effect? Will the 'push <local> <remote>' command work even if I do not have root access? What syntax is used to specify the path? Is it possible to simply delete a file without replacing it?
Does the Phone.apk file have to be specific to my device or could it be specific simply to my mobile carrier/frequency bands and/or ICS? I realized the Phone.apk file I copied to the device earlier was for the Huawei m835, a CDMA phone running Froyo...
Or, am I simply SOL?
Thanks....
One of the things about Android devices, as a former Windows Mobile user also, is that factory resets work differently as you've found out the hard way. In WM you could delete any system file you wanted and a hard reset would restore it. On Android if a required /system file is deleted you are SOL unless you have a way of restoring a backed up version. Its highly recommended IMO to have a working recovery like CWM, TWRP and a backup before you go messing around with /system files. But with a generic android device its probably not possible to find a recovery to install. You cannot write to the /system directory without root access, adb will give you an error. You may be able to use a phone.apk from another device with the same version of android.
I did find a Phone.apk from a device with the same manufacturer, on the same frequencies, with the same screen res, running the same version of Android. I have the full System/App folder if needed.
And I may have restored root access using UnlockRoot (I have read iffy things about the program but again it's all that worked for me initially). (EDIT - I do now have root access, I was able to verify the Superuser app on the device)
However when I load the SDK and type in 'adb root,' after the 'daemon started successfully,' I quickly get an 'error: closed.' And then when I try to push the Phone.apk file to the relevant folder, I get 'failed to copy / permission denied' (EDIT as I was warned of)
Is there anything I can load onto my SD card to help? I can run probably install an APK off of my storage card. Although I am very limited in what I can do - between error messages I can only get in one quick touch of the screen (and it usually takes a few tries per touch)...I can't do anything that requires a long-click...and I had also deleted the stock keyboard and the stock browser...limits me further...
Now, if I can delete my current Phone.apk and upload the stock keyboard, I am certain I can figure this out. There has to be some way to do this....
EDIT// I packed it up to return to Amazon. If there was a solution out there, oh well...
Like I said you may have been able to use Titanium to install it as a system app and that may have taken care of things once you set it as the default app and/or removed the faulty one.
^^ Right, but the challenge was installing Titanium Backup, and then using it while the error notification popped up on the screen every split second. Unless I am missing something, only way to download it would have required me to buy a Bluetooth keyboard and struggle to pair it so I could type (I had a USB keyboard that didn't work), maybe reassociate my device with my Google account (struggling to type letter by letter between each 'OK' click), have the apk sent to my device over unsecured wifi, put the .apk on SD (or just delete the wrong apk and reboot), and then hope that I could use Titanium backup to do the trick without the ability to press anything on the screen for longer than a half second or so...
Actually, I guess that could have worked, provided the Bluetooth keyboard worked. Of course, there's the chance that the Phone.apk I found for the similar device, might not have worked. Anyways, late now. I have a new one on the way, and I was shipped a slightly used one to begin with anyways, might be for the better. I kinda feel bad that the phone is now 'defective' as a result of my impatience/etc but then again I didn't do anything that the instruction manual warned against, not to mention the instruction manual says a factory reset restores factory data, which I think infers that it restores essential system components. And as much as I was an idiot, I don't do anything which should have caused a nearly non-recoverable error. That's on Google's end. Google doesn't even really discourage rooting and if you allow Android on a device with 512MB rom...
Learning experience. One of the first things I do when I get my new one, I download a backup program and find out if there is a recovery mode. In any event, I won't make the same mistakes twice. Thanks to those who replied or considered replying. Anybody has tips for the future, that aren't obvious or easily found, feel free...
If u r rooted this is very easy.
Open sdk and type su if u get "#" then u r rooted.
If so let us know
---------- Post added at 10:05 AM ---------- Previous post was at 09:34 AM ----------
as a rethought I see u deleted system app so u were rooted
---------- Post added at 10:21 AM ---------- Previous post was at 10:05 AM ----------
Firstly adb pull the file "/proc/mounts" open it using notepad and see how system is mounted.
then remount system as rw using
"mount -o remount,rw -t yaffs2 /
<path to your system> /
system"
Now u can delete stuff or add new stuff without perm error
---------- Post added at 10:24 AM ---------- Previous post was at 10:21 AM ----------
Or just download this . Maybe it'll work http://www.totalcmd.net/plugring/android_adb.html
caponer said:
Or just download this . Maybe it'll work http://www.totalcmd.net/plugring/android_adb.html
Click to expand...
Click to collapse
Eh, I already sent the phone back to Amazon. This, however, looks like a useful something to have access to in the future. Thank you for the link...
No way. Come on,why did u send it to amazon when u had me right here we could have fixed this so easily.
thref23 said:
Hey guys....here's my situation.
I bought a Blu Touch Book 7.0 plus off of Amazon. Got it two nights ago. It's a true phablet. 512 RAM / 512 ROM - I was a little concerned but figured as long as I could root it, I was good to go.
Anyways - no I am not looking for a root. I was able to root it relatively easily after an initial failed attempt which required a factory reset - if anyone is interested, it required PDANET+ & UnlockRoot, SuperOneClick and other methods failed. I threw in a class 10 SD, and modded Android so all apps would be downloaded/installed to my SD card (I did this using the SDK & command prompt in USB debugging mode). I had researched apps previously and began to furiously download and tweak. I threw in a T-Mobile SIM, and everything was going well, I was very happy. It actually seems to be a well made device, though it's a little bulky and the phone function works much better with a bluetooth headset.
Then, I deleted Phone.apk. Despite all apps being downloaded/installed to my SD card, space was still at a premium and I had downloaded a third party dialer. I figured worst case, I could do a factory reset and/or could simply re-download the file (I was actually about to download a good backup program tonight after work, I've been busy the past two days and my anxiety to set up other stuff got the better of me). There was no immediate issue, but shortly later I got the dreaded 'com.android.apk has stopped' (or what not) message popping up constantly. I reset the device, it booted up but it was not reading my sim, and was missing icons. That's when I did something stupid-er. I found a Phone.apk file on the net, downloaded to my device, and copied it to the relevant directory.
Since then, when I boot up, first it shows that Android is upgrading, then it shows the 'unfortunately, the process com.android.apk has stopped.' I click 'Okay,' and it keeps popping up. I wasn't able to delete the wrong Phone.apk as there was not enough time for a longpress between error messages. I was able to initiate a factory reset - I was rather relieved - I had learned a bit the past day or two via trial and error, and I would be able to re-do everything perfectly this time.
But the factory reset did not revert to the right 'Phone.apk' file. So the problem still exists....
If anyone can help me, I would be oh so grateful....thanks...
Click to expand...
Click to collapse
Could you share how you did a factory reset please?
wizardofkoz said:
Could you share how you did a factory reset please?
Click to expand...
Click to collapse
Settings/Backup & reset/Factory data reset
Rooting Help
"I was able to root it relatively easily after an initial failed attempt which required a factory reset - if anyone is interested, it required PDANET+ & UnlockRoot, SuperOneClick and other methods failed."
Can you tell me how did u root it exactly because i am trying all new ways and nothing is working they just cant pick up this phablet.
androidhelp1234 said:
"I was able to root it relatively easily after an initial failed attempt which required a factory reset - if anyone is interested, it required PDANET+ & UnlockRoot, SuperOneClick and other methods failed."
Can you tell me how did u root it exactly because i am trying all new ways and nothing is working they just cant pick up this phablet.
Click to expand...
Click to collapse
I installed PDAnet+ on my phone & PC (as a means of installing a driver for the TB Plus). Then, I ran a program called 'UnlockRoot,' followed instructions, and I had root. UnlockRoot v3.1 is what is installed on my computer.
I moved on awhile ago to the Galaxy Tab 3 7.0 (Galaxy Tab 4 7.0 would be my best recommendation for a budget phablet). The Touch Book plus only held up so well (though I still have it and it still works albeit with no speaker and a screen that needs to be color-filtered due to a mysterious type of screen damage).
DOH!
thref23 said:
I installed PDAnet+ on my phone & PC (as a means of installing a driver for the TB Plus). Then, I ran a program called 'UnlockRoot,' followed instructions, and I had root. UnlockRoot v3.1 is what is installed on my computer.
I moved on awhile ago to the Galaxy Tab 3 7.0 (Galaxy Tab 4 7.0 would be my best recommendation for a budget phablet). The Touch Book plus only held up so well (though I still have it and it still works albeit with no speaker and a screen that needs to be color-filtered due to a mysterious type of screen damage).
Click to expand...
Click to collapse
After so many weeks of hunting around and asking help on forums *which no one was able to help* i stumbled across this which i hope other will find and find useful to them to!
mobiledriverfree.blogspot.com/2015/09/blu-touchbook-g7-pc-suite-and-usb.html
This not only aloud FULL root access within 3 mins, but also gave full super user, was able to retreive lost files, rebuild the software, and reboot the phone. (not to meantion remove ALL the bloatware freeing up half the phones storage)
Enjoy!!!
LeeMarden said:
After so many weeks of hunting around and asking help on forums *which no one was able to help* i stumbled across this which i hope other will find and find useful to them to!
mobiledriverfree.blogspot.com/2015/09/blu-touchbook-g7-pc-suite-and-usb.html
This not only aloud FULL root access within 3 mins, but also gave full super user, was able to retreive lost files, rebuild the software, and reboot the phone. (not to meantion remove ALL the bloatware freeing up half the phones storage)
Enjoy!!!
Click to expand...
Click to collapse
You do realise that this thread is 3+ Years old , right ?
ok so i bought the infocus m560 (m808/v5) from ebay. uk warehouse chinese seller.
When it arrived the box was unsealed however the excuse for this could be the seller removed the eu plug and put in a uk one.
as soon as i booted it up I ran malware bytes which came back clean but on browsing through settings - apps I notice something called pandoras box & pandoras box services. the second one has permissions to everything. I cannot uninstall or disable either. These seem to serve no relevance to the phone. I believe it is disguised malware.
someone on another forum reccomended netguard which i dowloaded and tried but as soon as I disable internet access for PB &PBS it AUTOMATICALLY disables web access for a lot of other things, I cannot have only PB & PBS selected.
I've been told that it seems that PB/PBS is running as a system process therefore any unrooted app won't affect it.
I read you can uninstall malware by booting into safe mode but i'm not sure if that will work in this instance?
I can find original stock rom for the m560 which doesnt seem to require root to flash - i could try flashing this which would solve the problem IF it was the 3rd party seller that added the malware, but wont if it was the manufacturer and I don't think there is any way to tell? - i can put a link to the page with the stock rom if anyone wants to check its ok
aside from the above my only other option is to root. I have never rooted before. I am a total noob. I've read the process but parts of it i dont fully understand. I do not want to brick the device. I would possibly be willing to give it a go if someone can provide step by step almost fool proof instructions/a clear guide. I've had a look for rooting on m560 and I think there are a few options available - if someone could be as kind to tell me which would be easiest
any other suggestions/solutions welcomed.
I can submit any screen shots if nescessary.
thanks for reading
So... I have an Archos 55 and well, root is dangerous, particularly when you're being annoyed with pop up adverts and want to get them gone.
TL;DR:
So basically this all started when I found that web pages and adverts were just opening. Whether I was using the device or not, they'd just magically appear, sometimes ten at a time, accessing the internet at will. I was not best pleased as I have not long purchased the phone, but true to form, Archos have no idea what customer service means, so I was left to attempt to remedy the situation myself. Ordinarily, I would have just formatted and reinstalled the O.S, I do that with linux all the time alas I knew that was difficult.
Instead I sought to find out what exactly was causing the adverts. I deleted all the apps I had installed, but still the adverts kept coming. I did a factory wipe. Still with the adverts. At this point I was a bit stuck, so I grabbed an anti-virus app. It showed a few things that were causing problems including one trojan, under com.android.settings (or something to that name). I made a few enquiries and needless to say, this wasn't a false positive, but it had meant that I had a trojan...and I really don't like trojans. Cue the rage and the not thinking properly as I deleted com.android.settings without making a backup thinking... "shouldn't be too hard to put back"...oh how wrong I was...
I of course tried to make amends by grabbing a "copy" of settings from another site (and possibly a different phone) but I was told that it was ROM and no amount of permission changing was going to change that (I tried and I apparently failed, I may have possibly been doing something wrong, but I don't think my chown/chmod skills are `that` shabby).
The problem:
- No access to settings. Settings doesn't exist. (No access to USB Debugging either because that requires tapping the about phone bit and guess what...)
- Can't install apps as something has "Stopped".
- No access to WiFi
- Using Linux (Ubuntu something or other...15 I think).
- Mobile Tinkering Newb (But I'm not totally tech illiterate).
I do have access to fastboot mode apparently.
So what I think I need is a way to reinstall lollipop 5.1 so I can get back to square one, without (at least initially) using ADB (because I've tried and my device just refuses to show). I've also tried a few "needrom" things but, of course, they don't work because linux.
If anyone could possibly help me, I would be greatly appreciative in any way. I just want wifi back really. (I can see that wifi works and a network is available I just can't edit the settings to access it). If I can provide more information, please ask and I shall provide.
[SOLUTION]
Back up your device <- Essential
Grab a rom from NeedRom
Enable Fastboot.
Enable USB Debugging etcetera.
Use custom software (provided by NeedRom) (I know this seems dodgy but you try anything when you're desperate enough and this works so...if you're worried then take precautions and make a backup of your own phone first.) to open up the .pac file. Check where the files have been opened up to.
Copy the files to a more stable area (i.e from Temp to your Data drive), they should be in .img format as .pac basically appears to be some kind of archive that groups them all into one.
Use Fastboot (you might need to enable this so make sure you do it) and flash the .img files to the phone and sparse them to about 250MB.
Restart the phone.
Check phone works properly.
If works properly, consider donating to NeedRom.
Anyone?
Trojan
I have the same problem, but I didn't uninstall the setting, did your Trojan installed random apps too? Like MyApps or something like that?
Seeing the same problem I think the problem is that the device comes with it, but I haven't found anything else to do apart from installing avast to tell me when unknown sources get on to install a random app.
Talasa said:
Anyone?
Click to expand...
Click to collapse
Hey I fixed it, I have Uninstalled settings and successfully installed them again, no pop ups since.
Message me so I can tell you how to do it.
Fantasma198 said:
Hey I fixed it, I have Uninstalled settings and successfully installed them again, no pop ups since.
Message me so I can tell you how to do it.
Click to expand...
Click to collapse
Hi! How did you solve the problem? Please let me know
It appears to involve installing an apk installer from the Google Play stores (any will do it seems). Then by installing a copy of the Settings.apk.
Neither of which I am able to do as, due to getting rid of settings Google Play won't work. So....
Edit. I managed to get Google Play installed and then installed an APK installer. However installing settings is restricted as security won't let me install unofficial apps. >.>
How do u get rid of pop ups
Fantasma198 said:
Hey I fixed it, I have Uninstalled settings and successfully installed them again, no pop ups since.
Message me so I can tell you how to do it.
Click to expand...
Click to collapse
How do u get rid of them my phone is plaqued with them they are so annoying I didn't even root my phone just done a simple software update thanx
R3b3l3k8 said:
How do u get rid of them my phone is plaqued with them they are so annoying I didn't even root my phone just done a simple software update thanx
Click to expand...
Click to collapse
Hi,
What you have here is a virus.... and like me, it's probably embedded in settings. I.e It comes with the device.
There is no way to get rid of those adverts....except...by voiding your warranty. You will need to wipe your device and reinstall a rom, preferably not your original. (That or send it back to Archos). Taking your phone back to the store and demanding a refund is an option before I proceed further and this is the solution I recommend.
Take this moment to back up all your data.
What I did however and what seems to have gotten rid of them is firstly head over to NeedRom (search) and acquire a freely provided Rom of someone else's phone. There are two versions for the Archos Platinum 55 and it will depend on your specific phone.
Now you will need to flash (this will destroy all data on your phone so make sure you get it backed up) your rom. You can use the ADB solution but that couldn't work for me. So I used Fastboot instead, however to use this the rom provided by needrom is in a .pac file format, you need to get the .img file from it. You can do this by loading up the software provided by NeedRom (named FactoryUpload or something like that) load the .pac file and look at the file path locations. The one I checked was for System. I then went to where it said it was, in my case a Temp folder, copied and pasted all the data to somewhere not temp (all the .img files I needed were there).
Then I used Fastboot to flash the rom entirely there are much better Fastboot tutorials out there than I can explain myself. This flash included System, Recovery, Cache and basically everything, however it wouldn't let me do it all at once. I had to use a particular "flag" or "switch" so that it would `sparse` all the files over 250MB (that was the number I chose) and it worked after that.
This is the only way without returning the phone to get rid of the adverts *if* the virus is indeed in Settings. There's no way to remove Settings safely. I tried.
Hello, I have a Redmi Note 3 Pro running sMiUI (based on the Xiaomi.eu ROM) but this seems to be irrelevant.
while this strange behaviour doesn't seem to be limited to this device, being noted here and here, it does seem that the symptoms are the same.
In the SuperSU logs i found that firstly Whatsapp tried to gain root and was denied, followed by zygote requesting 3 times over the following few hours. The log for each is blank.
I have just rebooted my device and after unlocking whatsapp immediately requested root. Yet to see zygote request root again but I'll update you should it appear.
UPDATE: Whatsapp has again requested root.
UPDATE2: WhatsApp continues to request, however zygote has not. It appears to be happening every half-hour (ish)
U3: uninstalled WhatsApp, will see what happens at the half-hour mark.
Anyone know what's going on?
Also some probably irrelevant weirdness but I'll write it anyway given this only started appearing after this happened:
My phone did something weird earlier, I restarted, and normally on my ROM it just has a spinning little loading thingy in the middle of an otherwise blank screen, then goes off and reboots, showing the Mi logo, this time however it randomly showed a kinda-pulsating android logo shortly after the usually " spinning loading icon" and then continued to the usual Mi logo. Given I'm running sMiUI I've never seen it display a large android logo before like this. I just rebooted again and this behaviour was not repeated.
Try xiaomi.eu rom, or stock rom. Or might be you're just installed modified WhatsApp and zygote apk from untrusted source. I don't use sMIUI
immns said:
Try xiaomi.eu rom, or stock rom. Or might be you're just installed modified WhatsApp and zygote apk from untrusted source. I don't use sMIUI
Click to expand...
Click to collapse
The struggle I went through to get off of the vendor ROM, I'm not going back to stock. sMiUI was based on the Xiaomi.eu ROM, so the zygote is probably straight out of that.
I have installed WhatsApp from Google Play so I assume it doesn't get more secure than that. I've made no attempt to replace zygote, I don't really know what it does, something about starting apps.
The ROM I'm using doesn't seem to be remotely relevant to this, given it's happened on 3 different devices from different brands as I can see from the links I provided.
It doesn't make any sense. WhatsApp is used to not request any root permission unless it's infected by mallware. You can try to use xiaomi.eu rom alongside with 3rd party mods instead of use pre-moded rom from sMIUI.
immns said:
It doesn't make any sense. WhatsApp is used to not request any root permission unless it's infected by mallware. You can try to use xiaomi.eu rom alongside with 3rd party mods instead of use pre-moded rom from sMIUI.
Click to expand...
Click to collapse
Indeed, last WhatsApp update was 13th December, so I would have seen this happening before today if it was in normal WhatsApp. This is nothing to do with sMiUI, I've had this ROM installed for many months now with no issues.
And as previously stated it is based on Xiaomi.eu ROM.
But yes my suspicion is malware, however it's not specific to MIUI or any varients as this was also occurring on a Galaxy S5 and another device.
Everyone: Please read the entire thread before replying so I don't have to keep restating facts
Hey, i have same problem too, im using redmi note 2, today i get notif, whatsapp need access root, after several minute, zygote need access root too, now i deny that access at super su
first time root/customrom/kernel etc.
Ive had the same thing happen..First time I thought it was strange though and denied permision was with the zygote thing asking permission...ive granted whatsapp and whatsapp extensions permisson for example cause i thought that was just the way it worked. ive granted LMT permission and a couple more apps
thought it was more of a windows type "" do you trust this program to do things" type thing.
things is my, installation is pretty fresh. and I dont get where I should've gotten malware from
htcm8/Viperrom/elementalx kernel
bunch of file explorers (sdmaid /totalcommander) and terminals all from the playstore. Xposed installer and a couple modules that all seemed reputable with ongoing xda threads and downloaded from the original source. amplify/bootmanager(something with that maybe?)/chromepie/secure settings for a tasker profile/minminguard.
you see something we have in common on the phone?
phone is running fine..nothing strange. The zygote i got for the first time today and I denied and hopped on google...whatsapp is in my rootlog constantly. i see the greybox popping up every once in a while that root was granted. never thought anything of it.
today I installed termux ternimal from the playstore...maybe thats where the zygote su request comes from?
---------- Post added at 10:05 PM ---------- Previous post was at 09:39 PM ----------
from what I see elsewhere the whatsapp extension module in xposed, which is a root app might have something to do with the whatsapp requests. I dont exactly know how these things work but the altering might explain app doing thing they normally dont do.
dont know about zygote...got it one time and it has not been back
Same here.
I'm on a fresh install and this zygote su request wasn't appearing until I reinstalled all my apps.
Another forum states that zygote is run at such a raw level that it simply would never request root.
I am for now denying su requests with little to no adverse effects.
Can anyone confirm for certain that zygote should never need to request root? Is there anyway to dig out the rogue source/apk when av apps are showing nill?
As I have nothing Whatsapp on my phone, thinking it may be an xposed mod. Might be a good idea for us to list are xposed mods so we can cross reference. Not sure?
samsung i9505 | resurrection remix | android 6
Hey guys, how are y'all doing?
Here's a little background on my problem:
A year ago bought a cheap-ass smartphone for my mom, from a big supermarket chain in my country that was selling french phones cheaply, it was only 60€ and my mom needed a phone, so there it is!
Anyway cut to the present, the phone is riddled of what I suspect is malware that installs itself as soon as I remove it such as Free Games, com.google.toolkit, MiniChrome, N62Androidpt, System Component, adservice, and a couple others.
It also keeps switching wi-fi off, and turning on that option that allows apps to be installed from unknown sources, and worst of all it keeps opening the phone in built browser with adds, and even porn sites on occasion, which is really not desirable as my very young aged nieces love stealing the phone and try to use it.
I installed malwarebytes, also did a factory reset to no avail it fixed nothing.
So I decided to flash a stock rom to see if I could get rid of it, searched around and found a repository of stock roms or firmwares or whatever it's called (I'm not too familiar with this side of smartphones), which I'd love to post, but apparently can't because I've last than 10 posts: doc-doapi.com/EM/selecline/smartphone/
It has a lot of roms for different models of my brand.
Used the UpgradeDownload - R2.9.2015 tool that was in that folder and flashed it successfully.
After I turned on the device it opened the new phone setup process, logged in to my google account, and restores my stuff like contacts, and a few trusted google apps from before the flash, but it soon started again to install those malware apps I stated up there on it's own, and it was soon in the same state as before...
Anyway here's some info about my phone that probably should've gone to the top.
It's a Selecline phone
Model S4S5in3g
Android version: 5.1
Kernel version: 3.10.65
Compilation number: S3S5in3g.V1.2_20160307
At the back it has a sticker and another model number 870712 which I used to find the folder on that repository of stock roms.
And that's all in a big nutshell, anyone has any tips?
Thanks.
lil' bump
Do you have login credentials for this Auchan website where you found the ROMs? It is asking for a login ID and password. I need ROM for Model S6S5IN3G.
Quick tip for getting rid of Malware even before they start. Go to Settings and check Data Usage. See which apps are using lots of data (downloading junk into your device). Note if there are any strange sounding apps that are downloading a lot of data, especially if it is not an app that you yourself were directly using.
Next, flash the stock ROM again. Once you flash the new ROM, you have to find a way to root the device. Try KingRoot. Then after the phone is rooted, go to Playstore and download SD Maid. Run SD Maid and give it root access. In the settings for AppControl of SD Maid, allow it to show system apps. Then run app control and freeze any strange-looking user apps (or anyone that was downloading a lot of data) and system app that are not required.
Please, let me know about the website and how to access the ROMs.
As mentioned before, install a clean room again. Copy virustotal app from the attachment of these post (https://forum.xda-developers.com/showpost.php?p=77053739&postcount=11) to SD-card and install it. Turn wifi on and let it run. Control every app and the system-apps. Post a screenshot of the findings. If there are findings, then the room is infected. The only way to deal with this, is to root it, install rootexplorer an kill the infected app. This can be dangerous, if for example, the lauchner is infected, an alternative launcher must first be installed and set as default, before you can kill the infected one (otherwise you will own a useless phone until you flash it again ;o).
Hey guys, thanks for trying to help.
I tried literally everything before, I've even somehow got a kitchen up and running and I removed everything that looked suspicious and all those bran add-ons from the rom, but even then I'd still get infected.
I didn't really try the antivirus route though and to be honest I already shelved that phone, but I'm kinda bored, so I'll try y'all suggestions, an extra working phone can always come in handy.
CVAngelo said:
Do you have login credentials for this Auchan website where you found the ROMs? It is asking for a login ID and password. I need ROM for Model S6S5IN3G.
Click to expand...
Click to collapse
I'd love to help you mate, I found that repository in a forum maybe forum.gsmhosting, and I've tried to access it earlier, and I'm also denied access.