mbam_mtbr

Hi @Brickstin, Yes, definitely burn it and take a hammer to it. 🤣 But first, maybe try reading what I posted in this link: Make UMX phone more tolerable Are you experiencing Android/Trojan.HiddenAds being installed without your knowledge/permission? If not, then just follow my recommendations and it should make things more tolerable. Nathan

It's not really getting infected in route. What happens a lot of time is a legitimate app developer puts a free app on Google PLAY, and uses what is called an Ad SDK to gain revenue through ads. The Ad SDK is simply a piece of code that is added into there app. There are many good, reputable Ad SDKs that display ads within the app when it is opened. However, sometimes these Ad SDK get a bit aggressive, and suddenly we have to flag it as Adware. In this case, the Ad SDK must be removed with the code to not get flagged. Another method is a legitimate app is introduced to Google PLAY, a

Thanks for letting me know. I'm confident that if he fixes the issues, our detection will not detect a cleaned up version. Nathan

Hi @Bogg, The threat Android/PUP.Riskware.SMSreg.ANFEN is a Potentially Unwanted Program (PUP). This particular riskware is known a SMSReg due to it's ability to register a device via SMS. It's a pretty low level threat, and certainly wouldn't cause the screen issues you are having. It may be a good idea to see what's running in the background and remove apps that use a lot of performance. However, it sounds like it could be a hardware issue with the touchscreen. Nathan

Hi @Sniktbub, I'm not showing the Google PLAY version of Nawigacja Plus as being detected. Could you possibly send a screenshot of us detecting it and/or send an Apps Report? To send an Apps Report with Malwarebytes for Android use the following instructions. 1. Open the Malwarebytes for Android app. 2. Tap the Menu icon. 3. Tap Your apps. 4. Tap three lines icon in upper right corner. 5. Tap Send to support Choose an email app to send Apps Report. Your email app will open with the Apps Report included. At this point, it would be very h

@stvvv, that's exactly what I'm experiencing on my test UMX. Thanks for sharing this so I know that I got all the bases covered. @gadgetboyj, make sure to update the phone to the latest version before disabling Wireless Update. We know the default version has the dropper malware we saw last year. Nathan

Hi @Nyebodnye, We just added detection for a so-called "Barcode scanner" last week: My guess this was the same culprit for you. Nathan

Big thanks to @Anon00 for the help on this! We got a detection added for that Barcode Scanner: Android/Adware.AdQR.FBG Thanks everyone for pointing this one out! Nathan

Great job community! And awesome malware research @Anon00! If someone could PM me the link to this QR Scanner I'll add a detection for it. Another option if you still are experiencing issues is to send an Apps Report. To send an Apps Report with Malwarebytes for Android use the following instructions. 1. Open the Malwarebytes for Android app. 2. Tap the Menu icon. 3. Tap Your apps. 4. Tap three lines icon in upper right corner. 5. Tap Send to support Choose an email app to send Apps Report. Your email app will open with the Apps Report included.

Great to hear the work arounds are working for you! I would periodically reenable Wireless Update (com.dtinfo.tools) to check for updates. You can re-install using this command: adb shell pm install -r --user 0 /system/priv-app/SystemFota/SystemFota.apk Nathan

Hi @stvvv, I suspect you may be running a UMX phone. If this is the case, I have a better solution posted here: Nathan

Hey Everyone, Anyone have luck with uninstalling Wireless Update (com.dtinfo.tools)? Did it stop HiddenAds from installing? We went ahead and added detection Android/TrojanDropperAgent.UMXrv which is the Settings app per everyone's request (99% sure this is what is dropping HiddenAds). Since you can't remove the Settings app due to it being needed for the phone to function, there isn't much we can do other than flag it so people are aware. It's up to UMX to resolve as they did last time. However, here are some things you can do if you are not getting HiddenAds installed to make th

Hi @stvvv, On some phone models, g21news.com comes default at the default browsers (usually Chrome) homepage. Here's how to change the homepage on Chrome: Settings > Homepage Change the Open this page to Chrome's homepage or change the g21news.com link to whatever URL you like If you've already done this, and it keeps making the homepage g21news.com, then there could be something else going on. What make/model of phone do you have? Nathan

@exile360 Okay, I get what you're saying. We are checking the Apps Report now for PUP/malware. Thanks, Nathan

@exile360, yes, it is true that the site is malicious. This is why the site was blocked/flagged before any damage was done to @Flaws39. If malware was downloaded, it would have needed to be explicitly installed. In addition, there would have been a notification of detection of the downloaded malware before the install even took place. Therefore, I am confident that there is no infection on the device. Once again, I can double check this if an Apps Report is submitted. Nathan