Adware on android... help! - Android Q&A, Help & Troubleshooting

So I recently transferred from an s7 to an s8, but somehow within the transfer, some app either gave me adware or has adware in it. I've removed literally every single app that I do not use regularly and disabled drawing over apps on ones that don't need it, but it's still coming up. Any solutions?

Install an antivirus and remove it?

Try to see what apps are running in background. other than the apps that you trust, try to look for the apps that seems suspicious to you or any app that you no longer use and uninstall it.
one more suggestion is start using adguards. adguards are the programs help in preventing the unnecessary ads popping up in your device.
many require root for better implementation of adguard patches system wide. but w/o root variants are also available.
Hit thanks if helped

abhinavp649 said:
Try to see what apps are running in background. other than the apps that you trust, try to look for the apps that seems suspicious to you or any app that you no longer use and uninstall it.
one more suggestion is start using adguards. adguards are the programs help in preventing the unnecessary ads popping up in your device.
many require root for better implementation of adguard patches system wide. but w/o root variants are also available.
Hit thanks if helped
Click to expand...
Click to collapse
Since I'm on Samsung, they won't let you see every single process running in the background. They hide the system processes and that's where the program is hiding. I've never heard of adguards before. My phone is currently on a software that is physically unable to be rooted, so I'd have to use the non root items.
[UPDATE] I'm stupid. I didn't check dev options. This helped more after that.

Xophile said:
Install an antivirus and remove it?
Click to expand...
Click to collapse
Tried it, did diddly squat. Unless you have one with an adware remover, it won't do anything.

Related

how do i uninstall applications?

like widgets? such as "apmobiles", seems to be a newspaper sort of thing i will never read. i also can't uninstall social/music/gaming/book hubs? i'm in the setting/applications/manage applications bit.
i want to basically delete a LOT of apps then only install what I need? i'm new to smartphones, moved from a nokia keypad phone. so the galaxy s2 was a massive jump for me.
Have a search for titanium backup and root. You'll need to root your phone 1st before you can 'freeze' but not remove apps.
The phone is brand new and it will take a while before custom roms that let you remove apps are available.
If I were you I'd wait before rooting as it is still a bit complicated and simpler methods will come along soon, I'm sure. I'd use the time to read the guides and get familiar with the phone.
Bear in mind that rooting/custom roms will lose you your warranty. Also, I'm not too worried about app removal as the phone has plenty of memory for my needs. Just remove the apps you don't want from the home screen and put on the ones that you do.
Edit: just wanted to clarify that I was referring to removing pre - installed apps.
Sent from my GT-I9100 using XDA App
Thanks for that, it's that I also noticed that there are services running in the background from applications that I'm not using, like I have the apmobile service running and also a social hub service running even neither is open. And I at least want to remove app shortcuts from the menu.
You'll need to root and freeze to remove the shortcut from the app drawer. I really wouldn't do that until you've read up and are confident though.
There are other threads about the social hub, have a search. I think you'll need to reset the phone and then not add any accounts if you want to stop it from being active.
Sent from my GT-I9100 using XDA App
To add-up about removing the widgets (probably you've found it already though), you only need to hold down the widget and slide it down to an area says remove
this phone comes with a built in task manager and a widget that shows you active tasks, i use the widget on my phone's desktop to close apps as needed ( i know the phone can handle it but its just my own thing lol ) and from there, there's a tab that lets you uninstall apps as well.
ofcourse you wont be able to uninstall those that came with the phone just yet.
I rooted mine which was dead easy and was my first time so you'll be fine. Download AntTek app manager from the market its free and lets you freeze, delete and backup any apps and widgets you want. You will no longer have any of those crap apps working in the background draining your battery. Hope this helps.
Edit: Oh yeah the built in task manager doesn't show system apps working in the background or at least not all so well worth freezing or removing them.

Chinese virus?

I have noticed these chinese apps some how self installing on my S2.
Any idea how to get to the source of these unauthorized installs? (Lookout & AVG & NetQin don't detect them as malicious or find any reason for how they are getting on there).
Currently using KH3 + CFRoot.
Why do people give so little information when they post?
What Chinese apps? (Please provide a screen shot if the app name is in Chinese) .
This sounds really really bad.
Has this happened to any one else?
It should not be possible for this to happen.
Does your phone have any connection with China or have you installed any Chinese software?
If this is happening then you must have done something yourself to start the process. Nothing can install itself without your consent, unless there's malicious software that's bypassing the system and installing for you, but you would have had to install that first.
So, as above, a lot more information is needed. Personally, I'd just do a complete wipe and hard reset and never install anything from untrusted sources again, including warez, 3rd party app stores and the Chinese Market, which is known to have had dodgy software before now.
My friend got an S2 from China and it was preloaded with all those Chinese apps. Examples include QQ Security Suite and some other apps. I used Titanium Backup to uninstall but after each restart, the app re-appears!
I was surprised that Titanium couldn't uninstall. It says it uninstalled successfully but it just re-appears. The only thing I could do is to do a re-flash to a Hong Kong firmware without all those pre-loaded Chinese apps.
But before you wipe everything, please help us try and find out how it happened?
Again has this happened to any one else? Because I want to know if this could happen to my phone!
Mine also did this on stock rom i would uninstall samsung apps reboot and it would reappear on my menu. Is it possible the rom comes with an auto install script for the preloaded apps?
Sent from my GT-I9100 using XDA App
otester said:
I have noticed these chinese apps some how self installing on my S2.
Any idea how to get to the source of these unauthorized installs? (Lookout & AVG & NetQin don't detect them as malicious or find any reason for how they are getting on there).
Currently using KH3 + CFRoot.
Click to expand...
Click to collapse
If you have CF-Root, you have super user installed. Review your permissions. You can also install LBE privacy guard and set permissions for all apps as well, including many system apps (you'll need to 'untrust' them first).
Sent from my GT-I9100 using XDA App
Sorry for the little information guys, was 5am and very tired
I deleted the second incarnation of the app as soon as I saw it (worried about personal details being taken etc.) however it if it reappears again then I will screenshot it.
Virus scanners don't detect them as malicious, when the program opened (after stealth install) I went through it, albeit in Chinese it looked like a legit program and the menu worked etc.
I have market 3.1.3 installed (got the apk off the internet) and a few apps that got removed from the market place (torrent clients and certain games I couldn't find etc.) so it could well have been put in them.
I'm thinking about a hard reset, not using titan backup to avoid it coming back and a re-flash.
Also my phone has no connection with China (purchased in the UK), this has only happened recently.
Is there any more info needed before reset etc.?
Looks like the suspect apps removed from the market may have been the cause.
Does anybody know if running as root alows all download apps to run with root permissions?
LouisJB said:
Looks like the suspect apps removed from the market may have been the cause.
Does anybody know if running as root alows all download apps to run with root permissions?
Click to expand...
Click to collapse
Issue is the damage seems to have been done, looks like I have no choice but to reflash etc. Need a virus scanner that has root so it can do a deeper scan.
Superuser is a lot like UAC on Windows Vista/7, it will popup and ask you to allow/deny.
Also is there any way to wipe the device while re flashing to ensure this gets removed?
I found a folder on my Internal Storage "QinqiQuan" (Google Image search pinpoints this as one of the apps) which translates in Chinese to English as "Infringement", however the app itself appears to be a legitimate Chinese social app so I'm not sure of my original concern regarding "Infringement" being copyright related etc.
Another few suspicious folders were "the9GameCenter" & "waze".
In future I'll be sticking the Market and official sites, even if that means doing without certain apps that aren't available on my handset/region
Isnt waze a community based sat nav app?
poults said:
Isnt waze a community based sat nav app?
Click to expand...
Click to collapse
The apps themselves appear legitimate, but I didn't authorize the installs which is what worries me.
I wiped internal storage, wiped data and then re-flashed + CFRooted.
Hopefully what ever it was, won't come back
And how about the security in your computer? As we know, you can install an app in your phone via your market account using your computer. Perhaps someone is playing around with your market account. If this is the case, changing your password would be a good idea.
Sent from my GT-I9100 using XDA App
angelomaldito said:
And how about the security in your computer? As we know, you can install an app in your phone via your market account using your computer. Perhaps someone is playing around with your market account. If this is the case, changing your password would be a good idea.
Sent from my GT-I9100 using XDA App
Click to expand...
Click to collapse
Yeah I have changed my password and turned on all the Google security settings, albeit a bit of pain, does give peace of mind
Sent from my GT-I9100 using xda premium

[Q] What does 'freezing' an app exactly mean?

Hi,
what does it mean technically if an app is "freezed"? Is the APK moved to another location, or are the unix access rights altered, or is a reference to the app deleted from some kind of "registry" of the Android system, or what else? Can it be done manually by a file manager?
Thanks,
Stefan
It can be done using the purchased version of Titanium Backup and probably a few other apps. It basically renders the app inactive without uninstalling it. Helpful for bloatware that runs in the background but you can't decide if you want to delete it or not.
Thanks, but this was not my question...
lowandbehold said:
It can be done using the purchased version of Titanium Backup and probably a few other apps. It basically renders the app inactive without uninstalling it. Helpful for bloatware that runs in the background but you can't decide if you want to delete it or not.
Click to expand...
Click to collapse
Yes, I know, but what does it do exactly on file system level? Doesn't anybody know?
stbi said:
Yes, I know, but what does it do exactly on file system level? Doesn't anybody know?
Click to expand...
Click to collapse
Most freezing apps simply rename the app to be frozen with an extension, like in the case of Bloat Freezer (IMHO the best one) the frozen app gets a .bzw extension. It remains in place but of course cannot be executed. The nice part is that if you run into an issue you can just rename the app back to what it was (assuming that you have root).
It works!
docfreed said:
Most freezing apps simply rename the app to be frozen with an extension, like in the case of Bloat Freezer (IMHO the best one) the frozen app gets a .bzw extension. It remains in place but of course cannot be executed. The nice part is that if you run into an issue you can just rename the app back to what it was (assuming that you have root).
Click to expand...
Click to collapse
Cool, so simple - thanks! So it can be done with any file manager.
I've just successfully frozen the preinstalled "LGWorld.apk" by renaming it to "LGWorld.apk.bak". As soon as I had done this, a message popped up, saying "Deinstalled", and the icon disappeared from the app drawer, and also the update for "LG World" vanished from the Market app.
Hmm.. freezing doesn't mean rename. It is being remove from system. If.you rename yourself, the apps may failed to work.
Accidentally sent from my Google Nexus S using XDA Premium
Freezing the app works via decreasing the temperature of the app to roughly 50 Kelvin. At this point the the app's molecular structure becomes a super condensed crystal lattice. Due to the nature of the crystal lattice, android treats the super dense app as non existent. Essentially the app is deleted from your system completely. However, think of it not as a permanent deletion but rather a reversible one. Should you chose to 'restore' the app, you can defrost the app. You could defrost the app using a microwave but I for one use TB Pro as it does a far better job.
lambstone said:
Freezing the app works via decreasing the temperature of the app to roughly 50 Kelvin. At this point the the app's molecular structure becomes a super condensed crystal lattice. Due to the nature of the crystal lattice, android treats the super dense app as non existent.
Click to expand...
Click to collapse
Haha smart ass.
lambstone said:
Freezing the app works via decreasing the temperature of the app to roughly 50 Kelvin. At this point the the app's molecular structure becomes a super condensed crystal lattice. Due to the nature of the crystal lattice, android treats the super dense app as non existent. Essentially the app is deleted from your system completely. However, think of it not as a permanent deletion but rather a reversible one. Should you chose to 'restore' the app, you can defrost the app. You could defrost the app using a microwave but I for one use TB Pro as it does a far better job.
Click to expand...
Click to collapse
ha ha ha! that was hilarious man
Press THANKS
stbi said:
Hi,
what does it mean technically if an app is "freezed"? Is the APK moved to another location, or are the unix access rights altered, or is a reference to the app deleted from some kind of "registry" of the Android system, or what else? Can it be done manually by a file manager?
Thanks,
Stefan
Click to expand...
Click to collapse
Press thanks if I helped
Source - How TO Geek
Manufacturers and carriers often load Android phones with their own apps. If you don’t use them, they just clutter your system and sometimes in the background, draining resources. Take control of your device and stop the bloatware.
We’ll be focusing on disabling – also known as “freezing” bloatware here. It’s a safer process than uninstalling the bloatware completely, and is also easier to accomplish with free apps.
Uninstalling vs. Freezing
Uninstalling an app is exactly what it sounds like – the app is entirely removed from your device. Unfortunately, it’s not possible to get many of these preinstalled apps from the Play Store if you ever need them again. Uninstalling some preinstalled apps may result in problems or instability, so you could run into problems.
It’s safer to “freeze” apps instead of uninstalling them. A frozen app is disabled completely – it won’t appear in your app drawer and it won’t automatically start in the background. A frozen app cannot run in any way until you “unfreeze” it. Freezing and unfreezing are instant processes, so it’s easy to undo your changes if you end up freezing a necessary app.
If you really must uninstall apps, you should freeze them first and wait a few days to ensure that your phone or tablet works properly without them.
You can’t uninstall or freeze preinstalled bloatware apps without root access and third-party app managers. Try and you’ll find the options grayed out in the standard Android interface.
klacenas said:
ha ha ha! that was hilarious man
Click to expand...
Click to collapse
I understand and have frozen quite a few apps with TB Pro. My issue is there are shine pre-installed apps that I like to use, but when I run the task killer, they're always running. Is there a way I can fix them where they don't keep starting immediately after killing them, but still having them available when I want to use them?
donnebonn said:
I understand and have frozen quite a few apps with TB Pro. My issue is there are shine pre-installed apps that I like to use, but when I run the task killer, they're always running. Is there a way I can fix them where they don't keep starting immediately after killing them, but still having them available when I want to use them?
Click to expand...
Click to collapse
you can try greenify it will hibernate the apps and hence the app will be available for you any time
donnebonn said:
I understand and have frozen quite a few apps with TB Pro. My issue is there are shine pre-installed apps that I like to use, but when I run the task killer, they're always running. Is there a way I can fix them where they don't keep starting immediately after killing them, but still having them available when I want to use them?
Click to expand...
Click to collapse
Another app called greenify. Or using an autostart manager to prevent them from running without ykur intervention.
sangalaxy said:
you can try greenify it will hibernate the apps and hence the app will be available for you any time
Click to expand...
Click to collapse
Thx a bunch. I dwld and installed the grenify app and disabled them, however, when I run my task killer the gallery app is always running. I wanted to greenify it, but it's not showing up in the greenify app, even when I did a search for it, it just took me to my home screen. I clicked on the app and it just opened but I didn't see any options to greenify it. Any suggestions? Thx for ur help.
so at the end is freezing and renaming the same thing? no one cleared that up, i usually just rename to BAK and thats it, what does TItanium apart from renaming?
ok i answer myself, freezing is the same as going to app manager, and selecting DISABLE
or from a root terminal using:
pm disable {package_name} (e.g. # pm disable com.android.browser)
wich calls:
/system/bin/pm
wich in turn contains:
# Script to start "pm" on the device, which has a very rudimentary
# shell.
#
base=/system
export CLASSPATH=$base/framework/pm.jar
exec app_process $base/bin com.android.commands.pm.Pm "[email protected]"
what it does is set a flag for a component to some of different values:
COMPONENT_ENABLED_STATE_DEFAULT
COMPONENT_ENABLED_STATE_DISABLED
among others. (http://developer.android.com/reference/android/content/pm/PackageManager.html)
where does it store this flag: I DONT KNOW
is this flag a value inside some manifest/ini file? : IDK
is this flag st in the file system? IDK
can someone show me the light?
edit: I DONT KNOW for sure but i think it stores it in : /data/system/packages.xml
that is generated by package manager taking info fro each app manifest. i hope i am right, but dont take my word as absolute truth since it was a quick google research lol
Renaming the apk file can result in unwanted behaviour... I learned by trial&error! I'm running MIUI 6 and wanted Google Play as default app store and not the MI Market. Renaming the apk file for the Mi Market gave me the result I wanted: launching Google Play whenever I clicked a link to a certain app. But that was until I rebooted the phone... it got stuck on the MI startup logo. After renaming the Mi Market apk file in twrp recovery, my phone booted again.
So might try freezing it to see if it will do the job properly.
Freezing Mi Market with AppFreezer worked like a charm!
el_jefe said:
Renaming the apk file can result in unwanted behaviour... I learned by trial&error! I'm running MIUI 6 and wanted Google Play as default app store and not the MI Market. Renaming the apk file for the Mi Market gave me the result I wanted: launching Google Play whenever I clicked a link to a certain app. But that was until I rebooted the phone... it got stuck on the MI startup logo. After renaming the Mi Market apk file in twrp recovery, my phone booted again.
So might try freezing it to see if it will do the job properly.
Click to expand...
Click to collapse
Depends what you mean by "renaming." Changing the extension from .apk to .apkold or .bak or something like that will harmlessly freeze the app since it's no longer seen as an apk by the system. Renaming the app itself is another thing entirely.
I renamed the extension to .noapk and Miui wouldn't boot anymore.
Good stuff

[Q] [Q&A] why need to root android phone?

Hi guys!
Anyone can tell me why pls? I dont know exactly what i can do after that.
Subzeromot said:
Hi guys!
Anyone can tell me why pls? I dont know exactly what i can do after that.
Click to expand...
Click to collapse
I would recommend reading the official XDA introduction guide to rooting that will answer all your questions and more on root found here. Let me know if you have any additional questions I'll be happy to answer them for you.
Subzeromot said:
Hi guys!
Anyone can tell me why pls? I dont know exactly what i can do after that.
Click to expand...
Click to collapse
There are many articles on the internet that explain this. I'll give you the gist of them though:
Debloating. "Bloat" is unwanted/unneeded apps. They take up space, they slow things down, and they bug you for updates. You can't always delete what you don't want because these apps are installed by the manufacturer or carrier as "system" apps, rather than "user" apps. With root access you can uninstall system apps. Be careful in what you delete though, and always do a back-up first.
Back-ups. With apps like Titanium, ROM Tool Box, and Helium, you can do full back-ups of your apps. It's a good idea to do a back-up before updating some apps, as you might prefer the older version vs the new one. Or, you can back-up a game that doesn't save to a server/cloud and you don't lose your progress. And you can back up system apps before deleting them so you can always restore them if things go awry.
Ad blocking. With apps like AdAway you can block ads within apps/games and also ads within your web browsers. Besides making things cleaner and less annoying, this improves load times and reduces data usage because the ads don't have to load.
Customization. Root access can let you use certain apps to customize the appearance and function of your OS. Most notable is the Xposed framework, an extremely powerful tool that utilizes individual modules to not only change how your phone looks, but how it can fundamentally operate.
Performance. Even without a custom kernel, you can still use a kernel controller app to tweak your phone for better performance or better battery life. Exactly what can be done and by how much depends on the phone.
Free wifi tethering. There are apps that bypass your carrier and phone's built-in tether provisioning.
Tasker. Tasker is an app that can automate your phone to do whatever you want whenever you want it to happen. It's nearly limitless.

Question Disable "dangerous app, uninstall ?"

So I have APKure on my phone.
I regularly swiped the play Protect message wanting it to uninstall APKure.
I got annoyed so I disabled Play Protect.
I still got that annoying pop-up saying "hey I'm here, uninstall that app"
This drives me nuts !
How can I get rid of play Protect or create some exceptions to get rid of these popups?
Thx a lot
In your settings you can turn off play protect
Like this ?
Still getting that message ...
In this case, just delete google play store from your phone if you are deciding to stick with apkpure
Try clearing app and system cache.
Package Disable Playstore or firewall block it.
Playstore is a parasite, I rarely use it...
blackhawk said:
Package Disable Playstore or firewall block it.
Click to expand...
Click to collapse
None of these two. I mean delete delete it, not disabling it, since if you are gonna use apkpure instead of google play store then there is no need for it to interrupt your installations and etc.
Delete it using ADB Appcontrol. Package name: com.android.vending (google play store)
WooBLOATERRRR said:
None of these two. I mean delete delete it, not disabling it, since if you are gonna use apkpure instead of google play store then it's no need for it to interrupt your installations and etc.
Click to expand...
Click to collapse
Not necessary to uninstall it. Occasionally you may want to use Playwhore.
Side loading is the best way to get malware or worse. Scan all side loads with online Virustotal before installing and reject any download if there's the slightest question of its integrity. Do not allow apps to update unless completely vetted and trusted like Malwarebytes. Most apps don't need to update. Firewall block all apps that don't need internet access to perform their core function. Most apps don't need internet access.
blackhawk said:
Not necessary to uninstall it. Occasionally you may want to use Playwhore.
Side loading is the best way to get malware or worse. Scan all side loads with online Virustotal before installing and reject any download if there's the slightest question of its integrity. Do not allow apps to update unless completely vetted and trusted like Malwarebytes. Most apps don't need to update. Firewall block all apps that don't need internet access to perform their core function. Most apps don't need internet access.
Click to expand...
Click to collapse
If you wanna disable then do that, otherwise what I would do is to delete it since I know where I get my apps safe and etc. Just more peace for me
WooBLOATERRRR said:
If you wanna disable then do that, otherwise what I would do is to delete it since I know where I get my apps safe and etc. Just more peace for me
Click to expand...
Click to collapse
I use Package Disabler and Karma Firewall so it's easier to just pull the plugs on Playstore.
I use ApkExport to save my apps so Playstore isn't needed on a reload.
Any app install carries risks unless fully vetted. Playstore has been breached multiple times in different ways, other sites carry similar risks. Best to avoid new downloads whenever possible.
This one of the reasons the current load on this N10+ will be 3 yo in June. Still fast and very stable. No firmware upgrades or updates in over 3 years.
That app is a cancer. Use APK Mirror or use official sources. If you need an XAPK installer, there are plenty on the Play Store that are much more trustworthy. There was even a malware distributed with the official APKPure app before.
APKPure is not safe, distributes Trojans
The APKPure app store for Android has been infected by a malicious module that downloads Trojans to users’ devices.
usa.kaspersky.com

Categories

Resources