Jump to content

mbam_mtbr

Honorary Members
  • Posts

    1,457
  • Joined

  • Last visited

Everything posted by mbam_mtbr

  1. Hi @Feurtel, The re-install is so you can check for updates since the same app that is an Auto Installer is also the system updater. You must have a slightly different path then the one I posted. No worries though, since this is easy to track down. Run this command: adb shell pm list packages -f -u You can copy/paste the output into a text editor like Notepad and search for com.redstone.ota.ui for the correct path. Just make sure to uninstall for current user again after checking for updates. Nathan
  2. Hi @BostonBerry, We sure do! We detect as Android/Trojan.Spy.FakeSysUpdate. Our blog team also created a write-up about it: Android “System Update” malware steals photos, videos, GPS location Nathan
  3. Hi @moritz, I looked at the ticket, and it appears you have a pre-installed Auto Installer. On some devices, the Update app causes malware apps known as HiddenAds to be auto installed. Because Update is a pre-installed app, you cannot remove using traditional methods. However, we can use the method below to uninstall Update (com.redstone.ota.ui) for current user (details in link below): Use this command during step 7 under Uninstalling Adups via ADB command line to remove: adb shell pm uninstall -k --user 0 com.redstone.ota.ui At this point, run a Malwarebytes for Android scan to remove any remaining HiddenAds malware apps. To periodically check for system updates, you will need to re-install Update. You can reinstall with this command: adb shell pm install -r --user 0 /system/priv-app/ThirdPartyRSOTA/ThirdPartyRSOTA.apk Nathan
  4. Hi @stungy, Just to be clear, the browser isn't popping up by itself to clinic.meijer.com, it's just showing up in Blokada logs, right? I would just clear your history and cache within the browser. In addition, clear the Storage & Cache within the browser's App Info itself: Go to Settings > App Info Go to your browser app icon in App info list (such as Chrome) and click on it Once in your browser’s App info, go to Storage & cache Click Clear Storage Click Clear cache Nathan
  5. Hi @Mark-Herzog, If you can send an Apps Report, I can check to see what's going on here. To send an Apps Report with Malwarebytes for Android use the following instructions. Open the Malwarebytes for Android app. Tap the Menu icon. Tap Your apps. Tap three lines icon in upper right corner. Tap Send to support Choose an email app to send Apps Report. Your email app will open with the Apps Report included. At this point, it would be very helpful to mention you are submitting via recommendation from the Malwarebytes forum. This allows our support staff to know where to direct it. By sending the Apps Report, you will create a ticket in our support system. Private Message (PM) me the email used and/or the ticket number assigned. Next, even though I know you already cleared the browsers cache, make sure you clear both history and cache in the browser. In addition, clear the Storage & Cache within the browser's App Info: Go to Settings > App Info Go to your browser app icon in App info list (such as Chrome) and click on it Once in your browser’s App info, go to Storage & cache Click Clear Storage Click Clear cache Nathan
  6. Hi @neotericnepal, I would send in an Apps Report and we can see what's going on here. To send an Apps Report with Malwarebytes for Android use the following instructions. Open the Malwarebytes for Android app. Tap the Menu icon. Tap Your apps. Tap three lines icon in upper right corner. Tap Send to support Choose an email app to send Apps Report. Your email app will open with the Apps Report included. At this point, it would be very helpful to mention you are submitting via recommendation from the Malwarebytes forum. This allows our support staff to know where to direct it. By sending the Apps Report, you will create a ticket in our support system. Private Message (PM) me the email used and/or the ticket number assigned. Nathan
  7. Hi @Seheung, Thanks for bringing this to our attention. This issue has been resolved and will no longer be detected in future database versions. Thanks again, Nathan
  8. Hi @Dges, If you didn't install, you are probably fine. However, if you want me to double check, you can send me an Apps Report. To send an Apps Report with Malwarebytes for Android use the following instructions. Open the Malwarebytes for Android app. Tap the Menu icon. Tap Your apps. Tap three lines icon in upper right corner. Tap Send to support Choose an email app to send Apps Report. Your email app will open with the Apps Report included. At this point, it would be very helpful to mention you are submitting via recommendation from the Malwarebytes forum. This allows our support staff to know where to direct it. By sending the Apps Report, you will create a ticket in our support system. Private Message (PM) me the email used and/or the ticket number assigned. Nathan
  9. Hi @PatM1, Unfortunately, the version available on Google PLAY requires Android OS 6.0 and up. Nathan
  10. Hi @Phil_S, If you could send an Apps Report, that would be the easiest way to track down the exact app that is being detected. To send an Apps Report with Malwarebytes for Android use the following instructions. Open the Malwarebytes for Android app. Tap the Menu icon. Tap Your apps. Tap three lines icon in upper right corner. Tap Send to support Choose an email app to send Apps Report. Your email app will open with the Apps Report included. At this point, it would be very helpful to mention you are submitting via recommendation from the Malwarebytes forum. This allows our support staff to know where to direct it. By sending the Apps Report, you will create a ticket in our support system. Private Message (PM) me the email used and/or the ticket number assigned. Nathan
  11. Hi @Gals, It takes some time for our DB to sync to all servers. You can force an update to speed up the process. This is how to force update Malwarebytes for Android: Manually update database in Malwarebytes for Android Nathan
  12. Hi @Gals, No need to send a sample after all. This issue has been resolved and will no longer be detected in future database versions. Thanks again, Nathan
  13. Hi @Gals, Could you please provide the exact APK sample for analyze? You can send via Private Message (PM) Thanks for reaching, Nathan
  14. HI @HisokaRyu, Subscriptions are out of the scope of what we can help with on the forums. but our support staff can take care of you: Malwarebytes Support Thanks for reaching out, Nathan
  15. Hi @Flaws39, I would try the method of clearing everything on all browsers installed on the mobile device just in case. Let me know know if the pop ups still occur after uninstalling opera. Nathan
  16. Hi @miamaelia, What is the make/model of your mobile device? What Android OS version are you running? You may want to check your battery usage to see what is running on your mobile. Nathan
  17. That is browser related ads. Which can be resolved with this method: Clearing your history and cache within the browser. In addition, clearing the Storage & Cache within the browser itself also helps: Go to Settings > App Info Go to your browser app icon in App info list (Opera in your case) and click on it Once in your browser’s App info, go to Storage & cache Click Clear Storage Click Clear cache If this is not the case, then there has to be an app on your mobile device causing this to occur. The obvious starting point would be Opera. If it's still occurring after uninstalling, then we know we need to look at other apps. But after checking each app one by one, I did not find anything else that could be causing this. Because you re-installed all apps from before the factory reset, then the app that is causing this is still on your mobile device. Nathan
  18. Hi @Flaws39, I don't think there's any virus. I think your Opera app is seriously asking you to update. We'll be able to tell if that's the case or not once it is uninstalled. Nathan
  19. Hi @Flaws39, Have you tried Brave Browser? https://play.google.com/store/apps/details?id=com.brave.browser Maybe try that for a couple of days, and see what happens with the pop ups. Nathan
  20. Hi @Flaws39, Let's try uninstalling all versions of Opera completely. If it's still occurring, we'll know it's something else. Nathan
  21. Hi @miamaelia & @iBeleave, First step is sending an Apps Report so we can see what has been installed on you mobile device. To send an Apps Report with Malwarebytes for Android use the following instructions. Open the Malwarebytes for Android app. Tap the Menu icon. Tap Your apps. Tap three lines icon in upper right corner. Tap Send to support Choose an email app to send Apps Report. Your email app will open with the Apps Report included. At this point, it would be very helpful to mention you are submitting via recommendation from the Malwarebytes forum. This allows our support staff to know where to direct it. By sending the Apps Report, you will create a ticket in our support system. Private Message (PM) me the email used and/or the ticket number assigned. Next step, in order to build a case against UMX, we need to track down exactly what is installing apps. We can do this by using My Google Activity. Google tracks activity on your mobile device that we can leverage in our favor. On your UMX, go here: https://myactivity.google.com/ You can see if an app is installed, and what installed it. Finally, I suggest a firewall that can block/track apps internet traffic. I personally use NoRoot Firewall: https://play.google.com/store/apps/details?id=app.greyshirts.firewall&hl=en With the firewall on you can see what apps are accessing the internet and block them. Warning though, NoRoot Firewall is very chatty! Therefore, you are going to need to allow a lot of things, especially when first using. Nathan PS Sorry @iBeleave that adb process is so complex. Trust me, I would love to see a simpler method, but it's all we have for now.
  22. Yes, the last report was clean. And yes, there are a lot of bogus malware scanners that aren't really doing anything. They usually just flag apps with various permissions as "suspicious". Thus, they aren't really doing anything malicious themselves. They pretty much make their many from in-app ads. Nathan
  23. Certainly not out of the realm of possibly. Regardless, if it was truly browser related pop ups then clearing the cache/storage should do the trick. Nathan
  24. The micro SD may be holding downloaded APKs, but once installed they are on the native storage. Pretty much the same installed apps from before since you re-installed them from backup. No need to send another report. Nathan
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.