a_Mbam
Honorary Members-
Posts
533 -
Joined
-
Last visited
Content Type
Events
Profiles
Forums
Everything posted by a_Mbam
-
Cerberusapp for Android receives false positive
a_Mbam replied to urmask's topic in Malwarebytes for Android Support Forum
Hi Urmask, The Cerberus detection is warn people who might have it installed without their knowledge, apps like this can be used to spy or stalk people. It's classified as a PUP (Potentially Unwanted Program) and people who knowingly installed and are aware of its power can ignore the detection and add to MBAMM's scanner Whiitelist. for reference http://www.npr.org/sections/alltechconsidered/2014/09/15/346149979/smartphones-are-used-to-stalk-control-domestic-abuse-victims Regards, -Armando -
Two unremovable malwares on Samsung S4
a_Mbam replied to NonaGregory's topic in Mobile Malware Removal Help & Support
Hi NonaGregory, You have a similar problem as other recent forum visitors. This has become a big problem with coming preinstalled with malicious apps and the apps cannot be removed using Android's uninstaller. These apps on your device should not be trusted, there are a few things you can do. - Disable the app – Can be done via Android Settings -> Apps -> bad app -> Force stop/disable This will prevent the app and any associated services from running. - Root your device and uninstall the malicious apps. Usually reserved for advanced users, please do at your own risk. - Install different, trusted, ROM to replace infected one. Usually reserved for advanced users, please do at your won risk. - Return device where purchased. I wish there were more options but where Android's openness and built in security collide; openness, anyone can flash a device with a custom ROM, security, you can't uninatll system apps. Regards, -Armando -
MBAMM Can't remove Trojan
a_Mbam replied to mrbooey11's topic in Malwarebytes for Android Support Forum
Hi Jfgunter, The detection was a false positive, we have fixed. So there wasn't any malware, unless you have a new detection. Regards, -Armando -
Hi Oceansview, Yeah, I was lost on adding an image also, hehe. You need to add as an attachment. What app are you scanning with, could you scan with MBAM Mobile and show how it's detected there. Regards, -Armando
-
MBAMM Can't remove Trojan
a_Mbam replied to mrbooey11's topic in Malwarebytes for Android Support Forum
Thanks for the additional information and your patience. We've pushed an update with a fix for this issue, please update your database to v2015.12.03.01. Please let us know if you continue to see the alert after the update. Regards, -Armando -
Hi Oceanviews, Sorry for the confusion, someone else posted a question in your thread. Check your app installs the Gedma app might be called SmsReg or Device Management and have icons like one of these two I've attached. Next: Disable – Can be done via Android Settings -> Apps -> bad app -> Force stop/disable This will prevent the app and any associated services from running. Regards, -Armando
-
MBAMM Can't remove Trojan
a_Mbam replied to mrbooey11's topic in Malwarebytes for Android Support Forum
Hi All, Are these Trackphone devices you're seeing this alert on, if not what's the make and model you have? Regards, -Armando -
Hi FireJbrix, Yeah, it seems like you got a bad one, I would see if you could return and exchange for something better. There were a batch of bad ones on Amazon http://www.digitaltrends.com/mobile/cloudsota-trojan-malware-on-cheap-tablets-amazon/. Or, you can try to install a custom ROM if on is available for your device. Regards, -Armando
-
Hi Novice101, Do you have an app called 'Adult Browser' installed, I suggest looking in App settings and uninstall the app to see if that removes the error. What is the device you have, make and model? Regards, -Armando
-
Android/trojan/dropper.age
a_Mbam replied to dmarti25's topic in Mobile Malware Removal Help & Support
Hi Dmarti25, This has become a big problem with cheaper priced Devices originating from China, they come preinstalled with malicious apps and cannot be removed using Android's uninstaller because they are installed as a system app. These apps on your device should not be trusted, there are a few things you can do. - Disable the app – Can be done via Android Settings -> Apps -> bad app -> Force stop/disable This will prevent the app and any associated services from running. - Root your device and uninstall the malicious apps. Usually reserved for advanced users, please do at your own risk. - Install different, trusted, ROM to replace infected one. Usually reserved for advanced users, please do at your won risk. - Return device where purchased. I wish there were more options but where Android's openness and built in security collide; openness, anyone can flash a device with a custom ROM, security, you can't uninatll system apps. Regards, -Armando -
Hi Oceanviews This has become a big problem with cheaper priced Devices originating from China, they come preinstalled with malicious apps and cannot be removed using Android's uninstaller because they are installed as a system app. These apps on your device should not be trusted, there are a few things you can do. - Disable the app – Can be done via Android Settings -> Apps -> bad app -> Force stop/disable This will prevent the app and any associated services from running. - Root your device and uninstall the malicious apps. Usually reserved for advanced users, please do at your own risk. - Install different, trusted, ROM to replace infected one. Usually reserved for advanced users, please do at your won risk. - Return device where purchased. I wish there were more options but where Android's openness and built in security collide; openness, anyone can flash a device with a custom ROM, security, you can't uninatll system apps. Regards, -Armando
-
Hi Nonnymouse, What device do you have? Unfortunately some of these "grayware" apps come preinstalled and be can't removed easily because it is installed at the system level, but you can disable via Android's App Settings. Dirty tricks by some distributors. You can also whitelist the detection in MBAM Mobile by choosing 'Ignore Always" on detection. Regards, -Armando
-
Detect MP4/MP3/3GP etc. files with stagefright?
a_Mbam replied to frightenedbystage's topic in Malwarebytes for Android
Hi Frightenbystage, Thanks for the suggestions, I'll pass this up the chain. We certainly would like to keep our customers protected from all vulnerabilities and will look into ways of creating an extra layer of protection for these security holes. Regards, -Armando -
PUP.HackTool.DeviceAlive.a
a_Mbam replied to Bobber's topic in Mobile Malware Removal Help & Support
Hi Bobber, The "device alive" software is used buy sales people to be able to demo products, it allows customers and sellers to interact with all the phone capabilities from the phone menus. They usually are bundled with a product for resale. We flag as a PUP because it could be used maliciously by the bad guys. Unfortunately you can't remove because it is preinstalled at the system level, but you can disable via Android's App Settings. You can also whitelist the detection in MBAM Mobile by choosing 'Ignore Always" on detection. Regards, -Armando -
Hi Warhiet, Yeah, I would be nice to get at these guys but they use ad networks to distribute they fake pages. Because of the millions of advertising activities on these ad networks they aren't able to track them easily and not willing to put in the resources because they represent a small footprint of all ad traffic. Lame excuse I know, but best we can do know is inform the host site to see if they can kill it. Regards, -Armando
-
Broservice and Linervice apps removal
a_Mbam replied to jd99's topic in Malwarebytes for Android Support Forum
Hi Jd99, Do they occur on some specific sites or all? These are likely browser related ads, unfortunately the pop-up blockers are mostly ineffective for these types of advertising--remember Google loves advertising revenue. I would suggest you clear out the history and cache for each, it's likely they are staying over even after the uninstall. You could also try a non-Google browser like Firefox to see if they show up there. Regards, -Armando -
App crashes on One Plus One (OxygenOS 1.0.0)
a_Mbam replied to critical's topic in Malwarebytes for Android Support Forum
Hi Critical, Thanks for contacting us, our development team has fixed a lot of these scanning issues. I would suggest you try out beta version of 2.0 to see if that has fixed the crashes. MBAM Mobile Beta page https://plus.google.com/communities/102401317912771252555 Regards, -Armando -
Hi jussiseppo53, I'm not familiar with that entry, do you have multiple user account for that device? I suspect it's related to a secondary user having super user privileges. Does SuperSU provide any info on the entry? Regards, -Armando
-
Hi Kratore, Yeah, these guys have become trouble. You can try disabling the app via command-line using ADB while connected with a USB. Keep in mind these are advanced steps so use at your own risk and use caution. To get adb you can point them to http://forum.xda-developers.com/showthread.php?p=48915118#post48915118 Or, for the full Android Development kit here: https://developer.android.com/sdk/installing/index.html?pkg=tools The trickiest part is identifying the package name because they obviously try to hide, so the name could be randomized, some adobe flash or porn variation, or one that's kind of nonsensical. Best to do while device is in Safe Mode, connect the device via USB with USB debugging enabled. Using adb, from a command line: > adb shell> pm list packages (identify app)- non-root: > adb shell am force-stop com.mypackage (com.mypackage is the name of the app)- with root: > pm disable com.mypackage Examples: adb shell am force-stop knhd.nduix.kvzpladb shell am force-stop com.porno.player Next uninstall app. Restart device Good luck and let me know if you have trouble with the steps. -Armando
-
Hi Scoobdue2, Unfortunately there are many different app or package names this could fall under, this one sounds like it might be browser related. I would suggest clearing out all browser history and cookies. The app related ones block out all access to your device, the FBI warning becomes the active screen and is difficult to remove. Regards, -Armando
-
Hi Langer4567, Yes as others have mentioned these are just scams, Browlock, used to trick users into paying up. You can dismiss these pages by closing the tab and clearing out your browser history. Could you share the sites where these occured so we could research and try to shutdown, you can PM if needed? Regards, -Armando
-
Hi Crino_milk, Kingroot is classified as Lotoor because it is a rooting tool and uses Exploits to gain root. A lot of advanced users use these tools to root their devices, but there are also bad guys who bundle these tools with malware so they can achieve root. So, we classify to warn users of the app, if you are knowingly using then you should be ok. Regards, -Armando