TM1007- Android Sticky Viruses And Adwares - Android Q&A, Help & Troubleshooting

android sticky viruses and adwares
Hey guys.
I'm posting over there as there are developpers here and i think my problem is more about system level
stuff than user level.
on my TM1007 tablet i caught some kind of virus ( well i'd better say this virus caught my tablet ).
It's one of those things that hack the android browser forcing the homepage to open on www . gotoamazing . com
This is the visible part of the iceberg but i wonder wether this virus does or don't log keys, passes, and anything else.
I'm a former linux user and am really stunned a linux based OS like android is, is this weak and virus-open !!!!!!
ok let's go deeper in the issue.
of course i started with all the tuts showing how to get rid of viruses and adwares.... useless....
the only app that detected thingies is adwcleaner and it just does nothing but deleting the install package APK.
nevertheless, when the APK has spread it's poison over the system it's pretty useless.....
so, what i did:
-installed the few thingies for obtaining the root access
-installed a console... weeeeee best game ever on linuxes 8-D
-grepped for "gotoamazing" on root folder
and....
OMG !!!!! it's everywhere !!!
in browser cache
in browser conf
in browser database......
so the final question:
-does anyone know an app able to really search for viruses and clean the infected files instead of just and always triggering a popup sayin all is fine ?
-does anyone even know this 'gotoamazing' crap ? and fought it ? and in this case what was the solution ?
thanks a lot in advance for all you help and have a nice day !!!
regards.

bump.
noone got an idea ?

Related

[Q] Download Error

Hey Guys and respected devs,
I have been using my Nook Tablet 16GB(rooted stock) without a problem since january. I have some games, apps etc and so far i have been perfectly happy with it.
Then recently i was browsing the net using opera and came across a video i wished to download. And until then i had no trouble downloading anything videos, pics,apks etc.... But it came as "download failed" . Since then i have tried various methods ... Using other browsers, default browser, download managers, etc but NONE of them can download the files . They don't even start downloading and say a variant of Download error, unable to download etc .
I have combed google and xda and have come up with nothing even remotely close to solving this problem. Please if anyone has any views, opinions, suggestions they are very welcome.
Btw i can download apps and updates and anything of the sort via any type of market and thats about it.
Regards,
Moxdown
well, the first thing that popped into my head was "unknown sources". do you have it turned "on" or has it been clobbered somehow ? this is most strange because you can download but then you cannot download... . are you blocked OTA ? 9.9.9.9 versus 1.0.0.0 ?
hmm, maybe you just need to use 'rom manager' and fix all permissions.
hth.
old_fart said:
well, the first thing that popped into my head was "unknown sources". do you have it turned "on" or has it been clobbered somehow ? this is most strange because you can download but then you cannot download... . are you blocked OTA ? 9.9.9.9 versus 1.0.0.0 ?
hmm, maybe you just need to use 'rom manager' and fix all permissions.
hth.
Click to expand...
Click to collapse
unknown sources are for app installation
OTA block simply blocks stuff from B&N (same with the version change)
rom manager and permissions have nothing to do with this
hth is not helpful either
@ OP, are these new websites that you are trying to download from by any chance?
Cubanluke88 said:
unknown sources are for app installation
OTA block simply blocks stuff from B&N (same with the version change)
rom manager and permissions have nothing to do with this
hth is not helpful either
@ OP, are these new websites that you are trying to download from by any chance?
Click to expand...
Click to collapse
yes, unknown sources is not a good guess. yes, lame. my brain was connecting together... the os cooperates from a known source for goods and does not cooperate from an unknown.
i thought OTA and getting an un-wanted binary update from b&n may have scrambled your os.
i was guess a critical permission got flipped to 'read only' and that was causing troubles. so running a permission fix 'may' help. it helps get rid of force closes...
and then hth stands for 'hope this helps', which was my honest desire. but then @Cubanluke88 is just being a smart a$$ ( once again ) . . . but then he's super smart and maybe has your answer.
.
maybe the best answer is 'taking it back to b&n' and having them reset it.
.
when i was asleep, i thought of another answer. maybe you caught a virus ?
Cubanluke88 said:
unknown sources are for app installation
OTA block simply blocks stuff from B&N (same with the version change)
rom manager and permissions have nothing to do with this
hth is not helpful either
@ OP, are these new websites that you are trying to download from by any chance?
Click to expand...
Click to collapse
yup im using ota blocker from unknown sources.. and no i haven't caught a virus because i scanned it just a few hours ago just in case ..... Oh? websites like rapidshare, forums etc.... oh and xda of course... still looking through .... i have simply NO IDEA what's wrong...
I don't know if this is possible on the stock OS, but if you can get into manage apps in settings and perhaps clear data on the browsers and try again, that's what I would try next.
Cubanluke88 said:
I don't know if this is possible on the stock OS, but if you can get into manage apps in settings and perhaps clear data on the browsers and try again, that's what I would try next.
Click to expand...
Click to collapse
Will try it and tell you the results ... thanx for the tip
EDIT: Tried doing that but to no avail... no difference what so ever. I guess i might just have to flash a brand new rom...

Trust or not to trust

Trust or not to trust
Hey budding android users hope you can settle a debate my cousin has just brought a used touchpad of Craig's list
And he's paranoid about the rom that's installed might be infected He's talking both web os and ICS must be infected and loaded with spyware malware etc etc
I said its impossible but he said how would I know and I was stumped as I did not have an answer
The operating systems are web os and android cyanogenmod ICS
He wont use any banking sites or email clients or calendar contacts Saying they will access his personal information
How do I ease him into not worrying? Ps he's also noted a Chinese app at the bottom of the apps in ICS and says it must be spyware as it say it has access to personal information and network access
He said when he tried to delete it it said are you sure you want to delete a system app
Im writing this on his behalf help me if you can I was going to suggest a full rom flash and web os flash I think using web doctor from what I read up on
And someone can you assure him cyanogen os is not loaded with virus etc and they can be trusted
Anyway thanks yo
To be honest there could be if you know how to follow instructions I would erase everything on the Touchpad uing WebOS Doctor for the HP Touchpad
http://www.webos-internals.org/wiki/WebOS_Doctor_Versions
Than reinstall CM9
Androidalways said:
Trust or not to trust
Hey budding android users hope you can settle a debate my cousin has just brought a used touchpad of Craig's list
And he's paranoid about the rom that's installed might be infected He's talking both web os and ICS must be infected and loaded with spyware malware etc etc
I said its impossible but he said how would I know and I was stumped as I did not have an answer
The operating systems are web os and android cyanogenmod ICS
He wont use any banking sites or email clients or calendar contacts Saying they will access his personal information
How do I ease him into not worrying? Ps he's also noted a Chinese app at the bottom of the apps in ICS and says it must be spyware as it say it has access to personal information and network access
He said when he tried to delete it it said are you sure you want to delete a system app
Im writing this on his behalf help me if you can I was going to suggest a full rom flash and web os flash I think using web doctor from what I read up on
And someone can you assure him cyanogen os is not loaded with virus etc and they can be trusted
Anyway thanks yo
Click to expand...
Click to collapse
99% he's got nothing to worry about. But if he wants to make sure, have him run acmeuninstaller, (there are several good, easy to follow tutorials here in the forum), then follow this guide : http://forum.xda-developers.com/showthread.php?t=1426244
Then go through the process of installing android again. I recommend the official CM9 nightlies, but there are several others to choose from. Read the forum, all the info needed is here.
chicle_11 said:
99% he's got nothing to worry about. But if he wants to make sure, have him run acmeuninstaller, (there are several good, easy to follow tutorials here in the forum), then follow this guide : http://forum.xda-developers.com/showthread.php?t=1426244
Then go through the process of installing android again. I recommend the official CM9 nightlies, but there are several others to choose from. Read the forum, all the info needed is here.
Click to expand...
Click to collapse
Thank you guys so if I run web os doctor will that not alone erase android on the partition?
And can I have the link to cm9 for touchpad so I know it's the original rom*
Normally does the about information in the menu of both android and web os this tablet can I not identify from that information if they are both legit this will save me from going through the tedious task of re flashing both roms
Do you think both roms need flashing?
Androidalways said:
Thank you guys so if I run web os doctor will that not alone erase android on the partition?
And can I have the link to cm9 for touchpad so I know it's the original rom*
Normally does the about information in the menu of both android and web os this tablet can I not identify from that information if they are both legit this will save me from going through the tedious task of re flashing both roms
Do you think both roms need flashing?
Click to expand...
Click to collapse
Please can you respond please its been a few hours and I need to found out wether or not to proceed I will have to go work tomorrow and all this will be left behind and my friend will not have a device to use
And I will not hear the end of it
Please help me out xda
Just use webos doctor and start from scratch, recreating partitions for android. I personally would just go to recovery and format system, data, cache and just load a new ROM. Less time consuming and erases all aps and data loaded.
Sent from my Galaxy Nexus using xda app-developers app
Androidalways said:
Trust or not to trust
Hey budding android users hope you can settle a debate my cousin has just brought a used touchpad of Craig's list
And he's paranoid about the rom that's installed might be infected He's talking both web os and ICS must be infected and loaded with spyware malware etc etc
I said its impossible but he said how would I know and I was stumped as I did not have an answer
The operating systems are web os and android cyanogenmod ICS
He wont use any banking sites or email clients or calendar contacts Saying they will access his personal information
How do I ease him into not worrying? Ps he's also noted a Chinese app at the bottom of the apps in ICS and says it must be spyware as it say it has access to personal information and network access
He said when he tried to delete it it said are you sure you want to delete a system app
Im writing this on his behalf help me if you can I was going to suggest a full rom flash and web os flash I think using web doctor from what I read up on
And someone can you assure him cyanogen os is not loaded with virus etc and they can be trusted
Anyway thanks yo
Click to expand...
Click to collapse
Well, it depends on your definition of "spyware".. Pretty much the entire Android/Google universe contains apps that have access to personal information and network access. In fact, in order to even download apps from the Market, you have to create a Google login which opens you up to Google's use of your information along with the apps. There are some, but not many, viruses in Android apps, and there are also apps that will scan the tablet for viruses and the like just like Windows software. Like anything internet-based, you have to be careful in letting your identity float into the cloud. If he's that paranoid about it, I suggest he follow your instructions and fully wipe the tablet (and hope you don't screw it up . Then create a completely false identity for Google (like having a 555 area code, an Indonesian home address, etc. - you get the picture).
nikeman513 said:
Just use webos doctor and start from scratch, recreating partitions for android. I personally would just go to recovery and format system, data, cache and just load a new ROM. Less time consuming and erases all aps and data loaded.
Sent from my Galaxy Nexus using xda app-developers app
Click to expand...
Click to collapse
I think I will following your time saving route did you say just to do a system restore format data but if I do this there's no need to load a new rom is there

Turbo-x Twister IV tablet

Hello everyone!
I got a tablet from a big chain company of my country called Turbo-x Twister IV and few days ago I got a virus that can't be deleted. I did factory reset but nothing, so it got permission to install on the system and the virus is the tablet probably.
I did research and it probably is one of these three:
Shedun, Shuanet, ShiftyBug
Also the antivirus finds the SDK client is the virus and asks every hour to uninstall, I uninstall but then it reappears always. Here is some info I found about the virus:
Package name: com.xbkpnotification
Certificate info: /C=cn/ST=guangdong/L=shenzhen/O=xiaobukuaipao/CN=yu
PERMISSIONS:
Install applications, Delete Applications, Close background processes, mount unmount file system, receive boot broadcasting, get info of the current/recent running tasks, read WIFI state.
Does anyone know what to do? Someone told me to install custom ROM but this brand name is from the company and I don't really know which ROM to add so I won't destroy my device. I have Android version 5.1.1 and I always update it so it is the latest.
I would really appreciate some help because now my tablet is useless, it doesn't even allow me to go on the google play store and download games and I definitely am not going to add my phone number to steal my information.
Thank you for reading and I am looking forward for any help!
boopity said:
Hello everyone!
I got a tablet from a big chain company of my country called Turbo-x Twister IV and few days ago I got a virus that can't be deleted. I did factory reset but nothing, so it got permission to install on the system and the virus is the tablet probably.
I did research and it probably is one of these three:
Shedun, Shuanet, ShiftyBug
Also the antivirus finds the SDK client is the virus and asks every hour to uninstall, I uninstall but then it reappears always. Here is some info I found about the virus:
Package name: com.xbkpnotification
Certificate info: /C=cn/ST=guangdong/L=shenzhen/O=xiaobukuaipao/CN=yu
PERMISSIONS:
Install applications, Delete Applications, Close background processes, mount unmount file system, receive boot broadcasting, get info of the current/recent running tasks, read WIFI state.
Does anyone know what to do? Someone told me to install custom ROM but this brand name is from the company and I don't really know which ROM to add so I won't destroy my device. I have Android version 5.1.1 and I always update it so it is the latest.
I would really appreciate some help because now my tablet is useless, it doesn't even allow me to go on the google play store and download games and I definitely am not going to add my phone number to steal my information.
Thank you for reading and I am looking forward for any help!
Click to expand...
Click to collapse
Turbo-x... I dont want to make jokes for this brand (Greek here),
Well, you tried to remove it via adb? also please, post screenshots bere.
I can make the jokes for you haha
Well I don't know anything about the tablet technology, I just owned one and added things from app store, so no I didn't try Android Debug Bridge,. It has some tutorials on youtube should I just watch one and do it? Is for all the brands the same program and procedure or needs any specifics?
GreekDragon said:
Turbo-x... I dont want to make jokes for this brand (Greek here),
Well, you tried to remove it via adb? also please, post screenshots bere.
Click to expand...
Click to collapse
boopity said:
I can make the jokes for you haha
Well I don't know anything about the tablet technology, I just owned one and added things from app store, so no I didn't try Android Debug Bridge,. It has some tutorials on youtube should I just watch one and do it? Is for all the brands the same program and procedure or needs any specifics?
Click to expand...
Click to collapse
Is same. You can search on XDA.
GreekDragon said:
Is same. You can search on XDA.
Click to expand...
Click to collapse
Thank you!
I installed all the three adb drivers on my device and I can put files from my pc now. How do I know which custom ROM is for my Turbo-x Twister IV to install with adb? Or am I supposed to do anything else? I just want to delete all the files from my tablet to remove the virus and then put new system (custom ROM or anything else equivalent) without the virus.
I would love some more guidance if you can provide. Sorry for the trouble I am new to this and I am a little confused
Hello ,its an old thread but i want to ask ,i have the same tab but adb doesn't recognise it ,pc ca see it but not adb .
Of course usb debugging is on but nothing also cant found any usb drivers for this device ,any solution ?
Thanks .

I need help! Android effected with virus.

Hello! I have (eSTAR GRAND HD QUAD CORE 3G [MID1058G] S/N: 1058142300251 , by downloading apps from internet i somehow managed to get a virus. I got this app called "clean master" which after searching for viruses it found some trojan viruses but even if i disable the service it would still work , and i wasin't abble to delete it because it was system app. that make my tab to lag and go insane( open diffrent windows, automaticlly scroling and stuff, typing by it self) and wierd apps like omniConnect , and porn apps has been installed. The problem is that even if i delete them after reboot or even hard reset the apps are still there and no effect at all!(when rebooting the phone is show that phone is updating evry single time) By doing so reaserch the thing i need to do is reinstall my rom but i can't even find a custom recovery it's probably because my tab is not that popular so popular creators like , clockworkMod , TWRP don't support my device. Then i found this forum know alot about this stuff like flashing roms and stuff so i decided to make a post.
If anyone know how to fix my problem with viruses please let me know.
If you say that i need to reinstall my rom please tell me how because im not really good with androids so i don't really know how to do it.
natoakbar said:
Hello! I have (eSTAR GRAND HD QUAD CORE 3G [MID1058G] S/N: 1058142300251 , by downloading apps from internet i somehow managed to get a virus. I got this app called "clean master" which after searching for viruses it found some trojan viruses but even if i disable the service it would still work , and i wasin't abble to delete it because it was system app. that make my tab to lag and go insane( open diffrent windows, automaticlly scroling and stuff, typing by it self) and wierd apps like omniConnect , and porn apps has been installed. The problem is that even if i delete them after reboot or even hard reset the apps are still there and no effect at all!(when rebooting the phone is show that phone is updating evry single time) By doing so reaserch the thing i need to do is reinstall my rom but i can't even find a custom recovery it's probably because my tab is not that popular so popular creators like , clockworkMod , TWRP don't support my device. Then i found this forum know alot about this stuff like flashing roms and stuff so i decided to make a post.
If anyone know how to fix my problem with viruses please let me know.
If you say that i need to reinstall my rom please tell me how because im not really good with androids so i don't really know how to do it.
Click to expand...
Click to collapse
Ummm I don't think so android cannot get virus that much easily if u r facing virus related problem then just install an affective paid antivirus like avast etc and yes if your problem remain then flash your stock ROM with the help of your PC
AdityaAg said:
Ummm I don't think so android cannot get virus that much easily if u r facing virus related problem then just install an affective paid antivirus like avast etc and yes if your problem remain then flash your stock ROM with the help of your PC
Click to expand...
Click to collapse
I know the problem is that i can't find one even if i wanted to. The antivirus can't delete it after evry single reboot the phone ****ing updates it self and gets the programms back. And every single time you reboot more and more apps apear.
natoakbar said:
I know the problem is that i can't find one even if i wanted to.
Click to expand...
Click to collapse
Then you should go to the service centre and get your job done bro.
AdityaAg said:
Then you should go to the service centre and get your job done bro.
Click to expand...
Click to collapse
i bought the tab of the internet and all of the peapole that i know who fix androids and stuff where not abble to fix this ****nig ****ty ass tab.
natoakbar said:
i bought the tab of the internet and all of the peapole that i know who fix androids and stuff where not abble to fix this ****nig ****ty ass tab.
Click to expand...
Click to collapse
umm

Malware filled phone?

Hey guys, how are y'all doing?
Here's a little background on my problem:
A year ago bought a cheap-ass smartphone for my mom, from a big supermarket chain in my country that was selling french phones cheaply, it was only 60€ and my mom needed a phone, so there it is!
Anyway cut to the present, the phone is riddled of what I suspect is malware that installs itself as soon as I remove it such as Free Games, com.google.toolkit, MiniChrome, N62Androidpt, System Component, adservice, and a couple others.
It also keeps switching wi-fi off, and turning on that option that allows apps to be installed from unknown sources, and worst of all it keeps opening the phone in built browser with adds, and even porn sites on occasion, which is really not desirable as my very young aged nieces love stealing the phone and try to use it.
I installed malwarebytes, also did a factory reset to no avail it fixed nothing.
So I decided to flash a stock rom to see if I could get rid of it, searched around and found a repository of stock roms or firmwares or whatever it's called (I'm not too familiar with this side of smartphones), which I'd love to post, but apparently can't because I've last than 10 posts: doc-doapi.com/EM/selecline/smartphone/
It has a lot of roms for different models of my brand.
Used the UpgradeDownload - R2.9.2015 tool that was in that folder and flashed it successfully.
After I turned on the device it opened the new phone setup process, logged in to my google account, and restores my stuff like contacts, and a few trusted google apps from before the flash, but it soon started again to install those malware apps I stated up there on it's own, and it was soon in the same state as before...
Anyway here's some info about my phone that probably should've gone to the top.
It's a Selecline phone
Model S4S5in3g
Android version: 5.1
Kernel version: 3.10.65
Compilation number: S3S5in3g.V1.2_20160307
At the back it has a sticker and another model number 870712 which I used to find the folder on that repository of stock roms.
And that's all in a big nutshell, anyone has any tips?
Thanks.
lil' bump
Do you have login credentials for this Auchan website where you found the ROMs? It is asking for a login ID and password. I need ROM for Model S6S5IN3G.
Quick tip for getting rid of Malware even before they start. Go to Settings and check Data Usage. See which apps are using lots of data (downloading junk into your device). Note if there are any strange sounding apps that are downloading a lot of data, especially if it is not an app that you yourself were directly using.
Next, flash the stock ROM again. Once you flash the new ROM, you have to find a way to root the device. Try KingRoot. Then after the phone is rooted, go to Playstore and download SD Maid. Run SD Maid and give it root access. In the settings for AppControl of SD Maid, allow it to show system apps. Then run app control and freeze any strange-looking user apps (or anyone that was downloading a lot of data) and system app that are not required.
Please, let me know about the website and how to access the ROMs.
As mentioned before, install a clean room again. Copy virustotal app from the attachment of these post (https://forum.xda-developers.com/showpost.php?p=77053739&postcount=11) to SD-card and install it. Turn wifi on and let it run. Control every app and the system-apps. Post a screenshot of the findings. If there are findings, then the room is infected. The only way to deal with this, is to root it, install rootexplorer an kill the infected app. This can be dangerous, if for example, the lauchner is infected, an alternative launcher must first be installed and set as default, before you can kill the infected one (otherwise you will own a useless phone until you flash it again ;o).
Hey guys, thanks for trying to help.
I tried literally everything before, I've even somehow got a kitchen up and running and I removed everything that looked suspicious and all those bran add-ons from the rom, but even then I'd still get infected.
I didn't really try the antivirus route though and to be honest I already shelved that phone, but I'm kinda bored, so I'll try y'all suggestions, an extra working phone can always come in handy.
CVAngelo said:
Do you have login credentials for this Auchan website where you found the ROMs? It is asking for a login ID and password. I need ROM for Model S6S5IN3G.
Click to expand...
Click to collapse
I'd love to help you mate, I found that repository in a forum maybe forum.gsmhosting, and I've tried to access it earlier, and I'm also denied access.

Categories

Resources