Strange (and very annoying) issue: Hidden Anti-Virus/Anti-Malware app.
When using xplore pro in wifi file xfer mode, tried to copy an ad-blocker apk file from my old S4 over to my shiny new S9+. To my surprise. a pop-up appeared saying the apk is either virus or malware, yada-yada, x-fer aborted! Doh! Google config has all file scanning TURNED OFF so wtf? Does this stock rom have some kind of hidden file filter built in? ... Pulled SD chip out of the S9+ and put the apk there, reinserted and then installed tht ad-block vpn app ok. hmmmmm.... Tried the xplore x-fer with other apk's known to be frowned apon by Google but NOT viruses. or malware, same result, x-fer aborted. -{confused}- Does anyone else have similar problems?
.
-[Hummer]-
Sent from my SM-G965W using XDA Premium HD app
Maybe related to this (Settings - Device Management - Security), though outside of a package disabler app I don't know how to disable it.
Either that, or your file manager app runs things against Google Play Protect automatically View attachment 4461650
Sent from my SM-G965W using Tapatalk
Thanx for your reply. I use Xplore file mgr's wifi sharing feature to x-fer files. There's no virus/malware detection with this app. It's the damn S7+ and Google! I've since dumped that unrootable, Knox-crippled, salinux-locked Samsunk hunk of junk and got a Sony XA-2 Ultra instead. Problem solved! Xplore has no problem doing the same file x-fer to my shiny new XA2-U. Spammy-Sammy is off my shopping list henseforth!
-[ Hummer ]-
Sent from my Sony XA2 Ultra/H3223 using XDA Premium HD app
Related
I have noticed these chinese apps some how self installing on my S2.
Any idea how to get to the source of these unauthorized installs? (Lookout & AVG & NetQin don't detect them as malicious or find any reason for how they are getting on there).
Currently using KH3 + CFRoot.
Why do people give so little information when they post?
What Chinese apps? (Please provide a screen shot if the app name is in Chinese) .
This sounds really really bad.
Has this happened to any one else?
It should not be possible for this to happen.
Does your phone have any connection with China or have you installed any Chinese software?
If this is happening then you must have done something yourself to start the process. Nothing can install itself without your consent, unless there's malicious software that's bypassing the system and installing for you, but you would have had to install that first.
So, as above, a lot more information is needed. Personally, I'd just do a complete wipe and hard reset and never install anything from untrusted sources again, including warez, 3rd party app stores and the Chinese Market, which is known to have had dodgy software before now.
My friend got an S2 from China and it was preloaded with all those Chinese apps. Examples include QQ Security Suite and some other apps. I used Titanium Backup to uninstall but after each restart, the app re-appears!
I was surprised that Titanium couldn't uninstall. It says it uninstalled successfully but it just re-appears. The only thing I could do is to do a re-flash to a Hong Kong firmware without all those pre-loaded Chinese apps.
But before you wipe everything, please help us try and find out how it happened?
Again has this happened to any one else? Because I want to know if this could happen to my phone!
Mine also did this on stock rom i would uninstall samsung apps reboot and it would reappear on my menu. Is it possible the rom comes with an auto install script for the preloaded apps?
Sent from my GT-I9100 using XDA App
otester said:
I have noticed these chinese apps some how self installing on my S2.
Any idea how to get to the source of these unauthorized installs? (Lookout & AVG & NetQin don't detect them as malicious or find any reason for how they are getting on there).
Currently using KH3 + CFRoot.
Click to expand...
Click to collapse
If you have CF-Root, you have super user installed. Review your permissions. You can also install LBE privacy guard and set permissions for all apps as well, including many system apps (you'll need to 'untrust' them first).
Sent from my GT-I9100 using XDA App
Sorry for the little information guys, was 5am and very tired
I deleted the second incarnation of the app as soon as I saw it (worried about personal details being taken etc.) however it if it reappears again then I will screenshot it.
Virus scanners don't detect them as malicious, when the program opened (after stealth install) I went through it, albeit in Chinese it looked like a legit program and the menu worked etc.
I have market 3.1.3 installed (got the apk off the internet) and a few apps that got removed from the market place (torrent clients and certain games I couldn't find etc.) so it could well have been put in them.
I'm thinking about a hard reset, not using titan backup to avoid it coming back and a re-flash.
Also my phone has no connection with China (purchased in the UK), this has only happened recently.
Is there any more info needed before reset etc.?
Looks like the suspect apps removed from the market may have been the cause.
Does anybody know if running as root alows all download apps to run with root permissions?
LouisJB said:
Looks like the suspect apps removed from the market may have been the cause.
Does anybody know if running as root alows all download apps to run with root permissions?
Click to expand...
Click to collapse
Issue is the damage seems to have been done, looks like I have no choice but to reflash etc. Need a virus scanner that has root so it can do a deeper scan.
Superuser is a lot like UAC on Windows Vista/7, it will popup and ask you to allow/deny.
Also is there any way to wipe the device while re flashing to ensure this gets removed?
I found a folder on my Internal Storage "QinqiQuan" (Google Image search pinpoints this as one of the apps) which translates in Chinese to English as "Infringement", however the app itself appears to be a legitimate Chinese social app so I'm not sure of my original concern regarding "Infringement" being copyright related etc.
Another few suspicious folders were "the9GameCenter" & "waze".
In future I'll be sticking the Market and official sites, even if that means doing without certain apps that aren't available on my handset/region
Isnt waze a community based sat nav app?
poults said:
Isnt waze a community based sat nav app?
Click to expand...
Click to collapse
The apps themselves appear legitimate, but I didn't authorize the installs which is what worries me.
I wiped internal storage, wiped data and then re-flashed + CFRooted.
Hopefully what ever it was, won't come back
And how about the security in your computer? As we know, you can install an app in your phone via your market account using your computer. Perhaps someone is playing around with your market account. If this is the case, changing your password would be a good idea.
Sent from my GT-I9100 using XDA App
angelomaldito said:
And how about the security in your computer? As we know, you can install an app in your phone via your market account using your computer. Perhaps someone is playing around with your market account. If this is the case, changing your password would be a good idea.
Sent from my GT-I9100 using XDA App
Click to expand...
Click to collapse
Yeah I have changed my password and turned on all the Google security settings, albeit a bit of pain, does give peace of mind
Sent from my GT-I9100 using xda premium
Just downloaded this from Samsung apps,has anyone here installed this themselves? I launched it and it just runs in background so no real config required.
Just wondered if you like this app and found it useful?
sent from t'internet
It's just a background security app. You'll notice it starts up when yo restart your phone. I think I read somewhere that it stops phishing or something. I could have also made that up
Just rebooted my phone after trying a bootanimation.zip (which didn't work)
It was called "call of android" and had an "android" folder instead of "part0/part1"
normal stuff, I just tried renaming android to part0 and the same in the desc.txt file
anyway----
When I rebooted my phone (doubt anything to do with bootanimation.zip) it said in the notification bar "+" and in the pull down "You have 3 new flirts"
The + was green, anyway I clicked it thinking "uhhh?" and it opened a webpage "affiliate.add" soemthing, then i closed it, the page didn't load.
What is this and why is it on my phone? I don't play games, I come to XDA, and I use apps as tools not toys. Where'd this come from? Can I upload something from my phone that would be more detailed/help? (App list or something)
I get this too, its certain apps, they do push notification ads. I still am trying to figure out which app is doing it for me..
Use Addons Detector. Works like a charm everytime!
https://market.android.com/details?id=com.denper.addonsdetector
avidmovies said:
Use Addons Detector. Works like a charm everytime!
https://market.android.com/details?id=com.denper.addonsdetector
Click to expand...
Click to collapse
am I looking for "push notifications" ? thats what pops up atop my screen?
"Mp3 Music download" uses AirPush
Whats AdMob ? I hate all these ads in apps, no one clicks them except on accident. Useless as PC ads too bad I can't figure out how to use the adblock plus app on my phone. I read there is host files that "block" ads, do they remove all the visible junk in apps and web?
Yes push notifications are the apps that give you notification spam.
Admob ads and such can mostly be blocked with hosts files. If you don't want to flash any rooms just use AdAway. You will need to be rooted to use it.
https://market.android.com/details?id=org.adaway
Sent from my SAMSUNG-SGH-I777 using xda premium
avidmovies said:
Yes push notifications are the apps that give you notification spam.
Admob ads and such can mostly be blocked with hosts files. If you don't want to flash any rooms just use AdAway. You will need to be rooted to use it.
https://market.android.com/details?id=org.adaway
Sent from my SAMSUNG-SGH-I777 using xda premium
Click to expand...
Click to collapse
I'm already rooted, running 12081022_exp kernel by entroy and Lite'ning Rom v6.1
Can I still put a host file in there? Whats the host file exactly?
Cool! Adaway did a hot reboot (its not under my power off options) How can I get my phone to hotreboot? Good ol boot anim
AdAway modifies your host file for ad blocking with the least background consumption, sooooo you're all set.
As for that hot reboot, no idea
Sent from my SAMSUNG-SGH-I777 using xda premium
Airpush Detector is specifically designed to target notification ads. Just uninstall the offending app.
I installed and use that boot anim as well as another guy who requested it. Don't think it was the ba.
Sent from my SAMSUNG-SGH-I777 using XDA App
TOA Duck said:
Don't think it was the ba.
Click to expand...
Click to collapse
Not even possible. It's an app that was installed. The bootanimation only contains images.
It was not the bootanim I deleted "Free Mp3 Download" app that was using "AirPush"
Do I have to turn on the Webserver for adaway to work? It removed the Ad's in the bottom of my apps, SO NICE
AdAway just downloads a new host file. Otherwise it is never actually running. I run it once every couple weeks tops, to check for updates.
So no, you don't need a internet connection to use AdAway. As long as you have at least updated once that is...
It's pretty much telling your ad's to go to something instead. Example:
ad.google.com will head to 127.0.0.1 - Since that is your local IP, and your not running a webserver, it will fail.
Here is the problem;
I have a mobile banking app on my phone. The app is in the store and can be downloaded, but it has to be activated in order to be able to use it. So every time time I change the phone (and I do that once or twice a year), I have to go to the bank to get the code. I understand that this is a security measure. However, I'm so sick of this, that I'd like to try solving it.
Now, I'd like to be able to transfer that app to another phone without going to the bank/getting the new code. Is there a way to do this?
Maybe with Titanium Backup!
No. I tried that some time ago. If I recall correctly, it just creates APK file from installed app, and this file can transfered to another device. There it installs like any other new APK. And in this case, it will ask me for an activation code. At least that's how it was last year when I tried to transfer the same app to my HD2.
So restoring data as well from TB does not work?
I'm thinking if there is any "loose" folder post activation on the sd card that isn't caught by titanium.
Sent from my GT-N7000 using Xparent ICS Tapatalk 2
I just tried. This time I used app+data. And I got behind the activation code point, but I'm stuck on PIN nr. First 2 times it said wrong pin, although I entered the same PIN I'm entering on my old phone. 3rd time it started to show various errors.
I guess it got locked somehow. It does happen if you enter the wrong PIN 3 times.
The interesting thing is that the app is still working on my old phone.
I guess they protected it well.
Just a noob here but maybe transfer the apk and the data file with Bluetooth file transfer I've used it for apks and zip files. hope this helps
Edit : and fix permissions ?
Sent from my SCH-I535 using xda app-developers app
I doubt there would be any difference in sending the files via bluetooth.
In the play store sign-in to the same email that you used. You can find all your apps synchronized and you can re-download and install on the new device.
Not true.
Not every app.
Sent from my GT-I9100 using Tapatalk 2
I don't think it would be possible because it looks that app code is linked with hardware. Whener you are going to change hardware you will need new code.
That's a good security measure, you should be grateful to your bank.
Sent from my LG-P500 using xda
Your app download history is saved to your Gmail account, so when you sync that to your new phone, all the apps will be there.
OR
Store
APK Extractor
Short press
Share
options email/bluetooth
Hi All
Since a day I have a sort of leadbolt virus that opens my browser and shows the website like below:
ad.leadboltads.net with Top Apps/Offers of the Day
This happens when I download something from the playstore or when I delete apps.
It Makes crazy and I have tried some things alrdy so fix it without any succes.
- Downloaded and installed virusscannen, no succes
- Downloaded and installed ad detector, found a app with leadbolt, deleted it but didn't solve the problem
Hopefully someone can help me too fix this annoying problem
Me too!!!
This is so annoying! My browser keeps opening to the leadbolts site with a bunch of apps on it....Please someone help!
+1. From where come this shlt ?
Shaundiesel said:
Me too!!!
This is so annoying! My browser keeps opening to the leadbolts site with a bunch of apps on it....Please someone help!
Click to expand...
Click to collapse
I'm also having the problem and have not found a solution yet.
The only difference for me is I have adaway installed so the webpage never gets to display. Just opens the browser.
I've tried different ad detector apps from google play, but nothing is fixed this problem. Almost ready to reflash the rom and start from scratch.
UPDATE: I fixed the problem.
When the browser hijacking occurred, it happened after installing or updating a program from any source. Google Play, Amazon or a standalone APK. That meant the virus had control over my installer.
Using Lookout's Ad Detector, I identified some potential culprits (Go Launcher EX being at the top of the list) and uninstalled them. That didn't work.
What actually fixed the problem was resetting the defaults for all the apps. Settings > More > Application Manager. Hit the menu key and choose Reset app preferences.
You don't loose any data. You just get prompted for choosing a default app when you run certain applications. I choose to use Lookout's installer instead of the default android installer when I got prompted to install updates.
Haven't had the issue since. Hope this helps.
markmi300 said:
What actually fixed the problem was resetting the defaults for all the apps. Settings > More > Application Manager. Hit the menu key and choose Reset app preferences.
You don't loose any data. You just get prompted for choosing a default app when you run certain applications. I choose to use Lookout's installer instead of the default android installer when I got prompted to install updates.
Haven't had the issue since.
Click to expand...
Click to collapse
Hi everybody. (First sorry for my english but I speak french)
This is a solution but it workn't very good.
After the downloading and installation from a update or a program, AndroƮd ask me if I want to finish the task with the default browser or Chrome ? So I can't see this f*cking page more but I must always put my choice between the 2 browsers.
I thank you for your solutions....
+1 to lookout fixing. Had the same problem, ripped it right out.
Sent from carbon note 2 on XDA premium app
shbaldw said:
+1 to lookout fixing. Had the same problem, ripped it right out.
Sent from carbon note 2 on XDA premium app
Click to expand...
Click to collapse
Glad I was able to help.
See the solution at
http://forum.xda-developers.com/showthread.php?t=2525965
#@!%&#! 'ad.leadboltads.net' Malware
shbaldw said:
+1 to lookout fixing. Had the same problem, ripped it right out.
Click to expand...
Click to collapse
Lookout Security & Antivirus found mine in ChargeBar Free Edition,
ChargeBar came embedded in the NottachTrix 2.3.0 ROM.
I installed it (NottachTrix) and it (ChargeBar) didn't update for 3 months, then, BANG.
I've deleted ChargeBar's update, moved it from system apps to apps, deleted it, and the browser pop open 'ad.leadboltads.net' still persists.
Lookout Security & Antivirus can not find the new location of the malware, they do not have a forum.
By the very definition and behaviour, this is malware, and, ChargeBar (Asgard Casino Apps) is involved in the distribution of malware.
Asgard Casino Apps distributes 34 apps that behave this way.
They are using Google to distribute this malware, abet, that app is benign in its origin, its a pipeline, or conduit for malware.
Sneaky F##kers aren`t they.........
#1) I would like to get this crap off my phone.
#2) I need to bring this to Google's attention, and have the developer and apps banned from the Play store.
Sooo, starting with #1,,,how do I get this crap off my phone!
NOTE:
I will be linking to this post in the NottachTrix post, I'm asking the developers to to move ChargeBar from the ROM zip.
My MBAM forum post: https://forums.malwarebytes.org/index.php?showtopic=138306#entry764184