a_Mbam

Hi Urmask, The Cerberus detection is warn people who might have it installed without their knowledge, apps like this can be used to spy or stalk people. It's classified as a PUP (Potentially Unwanted Program) and people who knowingly installed and are aware of its power can ignore the detection and add to MBAMM's scanner Whiitelist. for reference http://www.npr.org/sections/alltechconsidered/2014/09/15/346149979/smartphones-are-used-to-stalk-control-domestic-abuse-victims Regards, -Armando

Hi NonaGregory, You have a similar problem as other recent forum visitors. This has become a big problem with coming preinstalled with malicious apps and the apps cannot be removed using Android's uninstaller. These apps on your device should not be trusted, there are a few things you can do. - Disable the app – Can be done via Android Settings -> Apps -> bad app -> Force stop/disable This will prevent the app and any associated services from running. - Root your device and uninstall the malicious apps. Usually reserved for advanced users, please do at your own risk. - Install different, trusted, ROM to replace infected one. Usually reserved for advanced users, please do at your won risk. - Return device where purchased. I wish there were more options but where Android's openness and built in security collide; openness, anyone can flash a device with a custom ROM, security, you can't uninatll system apps. Regards, -Armando

Hi Jfgunter, The detection was a false positive, we have fixed. So there wasn't any malware, unless you have a new detection. Regards, -Armando

Hi Oceansview, Yeah, I was lost on adding an image also, hehe. You need to add as an attachment. What app are you scanning with, could you scan with MBAM Mobile and show how it's detected there. Regards, -Armando

Thanks for the additional information and your patience. We've pushed an update with a fix for this issue, please update your database to v2015.12.03.01. Please let us know if you continue to see the alert after the update. Regards, -Armando

Hi Oceanviews, Sorry for the confusion, someone else posted a question in your thread. Check your app installs the Gedma app might be called SmsReg or Device Management and have icons like one of these two I've attached. Next: Disable – Can be done via Android Settings -> Apps -> bad app -> Force stop/disable This will prevent the app and any associated services from running. Regards, -Armando

Hi All, Are these Trackphone devices you're seeing this alert on, if not what's the make and model you have? Regards, -Armando

Hi FireJbrix, Yeah, it seems like you got a bad one, I would see if you could return and exchange for something better. There were a batch of bad ones on Amazon http://www.digitaltrends.com/mobile/cloudsota-trojan-malware-on-cheap-tablets-amazon/. Or, you can try to install a custom ROM if on is available for your device. Regards, -Armando

Hi Novice101, Do you have an app called 'Adult Browser' installed, I suggest looking in App settings and uninstall the app to see if that removes the error. What is the device you have, make and model? Regards, -Armando

Hi Dmarti25, This has become a big problem with cheaper priced Devices originating from China, they come preinstalled with malicious apps and cannot be removed using Android's uninstaller because they are installed as a system app. These apps on your device should not be trusted, there are a few things you can do. - Disable the app – Can be done via Android Settings -> Apps -> bad app -> Force stop/disable This will prevent the app and any associated services from running. - Root your device and uninstall the malicious apps. Usually reserved for advanced users, please do at your own risk. - Install different, trusted, ROM to replace infected one. Usually reserved for advanced users, please do at your won risk. - Return device where purchased. I wish there were more options but where Android's openness and built in security collide; openness, anyone can flash a device with a custom ROM, security, you can't uninatll system apps. Regards, -Armando

Hi Oceanviews This has become a big problem with cheaper priced Devices originating from China, they come preinstalled with malicious apps and cannot be removed using Android's uninstaller because they are installed as a system app. These apps on your device should not be trusted, there are a few things you can do. - Disable the app – Can be done via Android Settings -> Apps -> bad app -> Force stop/disable This will prevent the app and any associated services from running. - Root your device and uninstall the malicious apps. Usually reserved for advanced users, please do at your own risk. - Install different, trusted, ROM to replace infected one. Usually reserved for advanced users, please do at your won risk. - Return device where purchased. I wish there were more options but where Android's openness and built in security collide; openness, anyone can flash a device with a custom ROM, security, you can't uninatll system apps. Regards, -Armando

Hi Nonnymouse, What device do you have? Unfortunately some of these "grayware" apps come preinstalled and be can't removed easily because it is installed at the system level, but you can disable via Android's App Settings. Dirty tricks by some distributors. You can also whitelist the detection in MBAM Mobile by choosing 'Ignore Always" on detection. Regards, -Armando

Hi Frightenbystage, Thanks for the suggestions, I'll pass this up the chain. We certainly would like to keep our customers protected from all vulnerabilities and will look into ways of creating an extra layer of protection for these security holes. Regards, -Armando

Hi Bobber, The "device alive" software is used buy sales people to be able to demo products, it allows customers and sellers to interact with all the phone capabilities from the phone menus. They usually are bundled with a product for resale. We flag as a PUP because it could be used maliciously by the bad guys. Unfortunately you can't remove because it is preinstalled at the system level, but you can disable via Android's App Settings. You can also whitelist the detection in MBAM Mobile by choosing 'Ignore Always" on detection. Regards, -Armando

Hi Warhiet, Yeah, I would be nice to get at these guys but they use ad networks to distribute they fake pages. Because of the millions of advertising activities on these ad networks they aren't able to track them easily and not willing to put in the resources because they represent a small footprint of all ad traffic. Lame excuse I know, but best we can do know is inform the host site to see if they can kill it. Regards, -Armando

Hi Jd99, Do they occur on some specific sites or all? These are likely browser related ads, unfortunately the pop-up blockers are mostly ineffective for these types of advertising--remember Google loves advertising revenue. I would suggest you clear out the history and cache for each, it's likely they are staying over even after the uninstall. You could also try a non-Google browser like Firefox to see if they show up there. Regards, -Armando

Hi Critical, Thanks for contacting us, our development team has fixed a lot of these scanning issues. I would suggest you try out beta version of 2.0 to see if that has fixed the crashes. MBAM Mobile Beta page https://plus.google.com/communities/102401317912771252555 Regards, -Armando

Hi jussiseppo53, I'm not familiar with that entry, do you have multiple user account for that device? I suspect it's related to a secondary user having super user privileges. Does SuperSU provide any info on the entry? Regards, -Armando

Hi Pallisvans, Thanks for bringing this to our attention, we've modified the detection triggering this FP and the fix will be published in our next db update later today. Regards, -Armando

Hi Mavibenim, This sounds like a browser based page that is popping up. I would suggest clearing out your browsers history whether it Chrome or a Samsung default browser. On Chrome you can go to Android's/Samsung Settings > Applications > Chrome > Clear Cache Regards, -Armando

Hi Kratore, Yeah, these guys have become trouble. You can try disabling the app via command-line using ADB while connected with a USB. Keep in mind these are advanced steps so use at your own risk and use caution. To get adb you can point them to http://forum.xda-developers.com/showthread.php?p=48915118#post48915118 Or, for the full Android Development kit here: https://developer.android.com/sdk/installing/index.html?pkg=tools The trickiest part is identifying the package name because they obviously try to hide, so the name could be randomized, some adobe flash or porn variation, or one that's kind of nonsensical. Best to do while device is in Safe Mode, connect the device via USB with USB debugging enabled. Using adb, from a command line: > adb shell> pm list packages (identify app)- non-root: > adb shell am force-stop com.mypackage (com.mypackage is the name of the app)- with root: > pm disable com.mypackage Examples: adb shell am force-stop knhd.nduix.kvzpladb shell am force-stop com.porno.player Next uninstall app. Restart device Good luck and let me know if you have trouble with the steps. -Armando

Hi Scoobdue2, Unfortunately there are many different app or package names this could fall under, this one sounds like it might be browser related. I would suggest clearing out all browser history and cookies. The app related ones block out all access to your device, the FBI warning becomes the active screen and is difficult to remove. Regards, -Armando

Hi Langer4567, Yes as others have mentioned these are just scams, Browlock, used to trick users into paying up. You can dismiss these pages by closing the tab and clearing out your browser history. Could you share the sites where these occured so we could research and try to shutdown, you can PM if needed? Regards, -Armando

Hi Crino_milk, Kingroot is classified as Lotoor because it is a rooting tool and uses Exploits to gain root. A lot of advanced users use these tools to root their devices, but there are also bad guys who bundle these tools with malware so they can achieve root. So, we classify to warn users of the app, if you are knowingly using then you should be ok. Regards, -Armando

Hi Stuart, I made a change to database, hopefully this resolves your issue. I think this was the result of an aggressive signature. Let me know if your app is still being detected. -Armando