jayanta

Hi Armando, Hope that you are very well. I did a scan with MBAM on my new android phone, and got the following detections:- 1.Android/Trojan.Agent.gc /system/app/File Explorer/File Explorer.apk 2.Android/Trojan.Spy.SMSThief.de /system/app/ OLX_Helper_Micromax_v.2.5/ OLX_Helper_Micromax_v2.5 apk MBAM could not install these two trojans. A scan with Stubborn Trojan Killer found "General Trojan(Android Sync Service Pro)". It wanted root to remove this. My questions are:- 1.How dangerous are the above trojans? 2.I disabled File Explorer app and deleted OLX app, but MBAM still detecting these trojans 3.Is the Stubborn Trojan Killer trojan one of the two MBAM trojans, or a different one altogether? 4.Will rooting the phone enable me to get rid of these trojans, or are they too difficult to remove? Many thanks and regards, Jayanta

Hi Armando, Just to update you on the situation, we have sold our Lenovo phones and got ourselves Lumia Windows phones, and are running them without installing any anti-virus. Actually we were feeling uncomfortable that our data was getting reported back to Lenovo, for reasons best known to them. To top it, there was this total licence on the part of Lenovo's staff, in their forum and elsewhere, about Luespy. We feel quite safe with Windows 8.1 compared to Android. We feel that there may be other entities like Lenovo who may also be doing the same, installing UE apps in their phones without explaining to the buyers what exactly these apps may be used for. And then maintaining a total silence. Thanks for your valuable advice in this matter. Best Regards, Jayanta

Hi Armando, I have been doing some research in the past few days, on how to deactivate this User Experience app in some other way, since it cannot be de-activated on the phone by its own settings. I came across an app on Google Play called NoRoot Firewall, which can be installed in android phones, and where we can select which apps can send out data from the phone, and which apps cannot. In other words, all apps including User Experience need permission to use the phone's internet connection. Could you be so kind as to check out this app, whether it will be effective in blocking this User Experience app in the phone, from sending out our data from the phone to wherever (most probably to Lenovo). And so the risk to our data may be eliminated. Many thanks in advance, Jayanta

Hi Armando, Thank you very much for your reply. I do not recall the User License Agreement of this app. It must be there, since you mention it, and maybe like other such Agreements, we ticked the box without reading it properly, thinking that there may not be anything wrong. I wonder if anyone has a choice to leave it un-ticked, since it is a part and parcel of the phone. It is reassuring to know that It appears that the app does not collect personal data like email, contacts etc., and it is mostly related to events that take place through day to day use. I wonder if the other phone manufacturers collect all such data from the customers' phones. Is it the done thing? Specially when there is a possibility of data leakage for which they will not be responsible, as mentioned in their EULA. We feel like some type of human guinea pigs, for the benefit of Lenovo Surely they can do this in some other way, without endangering the data of their customers! You may recall the Superfish malware which they installed in their computers, earlier this year. All this does not give a good feeling about the company. From our limited knowledge, it seems that disabling the app would entail rooting our phones. But we do not know how to go about doing it. Could you please inform us, if Windows 8.1 phones could also have pre-installed trackers/monitors/trojans etc. installed in them? Or it is not possible for the manufacturer to do this, because it is supposed to be very secure compared to Android? And also, is there any anti-virus for Windows 8.1 phones, because we could not find it in the Store of Windows 8.1? We would be grateful for your advice. We thank you very much for taking the time to deal with this issue very effectively, which further increases our respect for MBAM. Best Regards, Jayanta

Hi Armando, thanks for prompt response. The Disable option is always grayed out, and never becomes available, even after tapping the Force Stop. The Force Stop itself gets grayed out if you tap it, and comes back alive again after a few minutes. This is happenning in the Lenovo A6000 phones which I and many of my friends have bought. The last update provided by Lenovo was in the first week of May, and after that and upto 22.05.15, when this detection of Luespy was made by MBAM mobile in these phones, there was no detection by MBAM mobile. So we found it a bit surprising when the detection happened on 22.05.15. These phones have been bought by us a couple of months ago, so you may understand our problem. We do not know if we should ignore this detection and keep using these phones, but we are not comfortable with this, since we consider MBAM as the topmost anti-malware programme, and do not want to take their detection of trojan lightly. So we have stopped using these phones, till MBAM gives us the green signal. In fact, when we bought the phones, the first thing we did, as we always do, was to run the MBAM mobile scan, and were very happy when it said "there is no malware in your device". We also do not have any clue as to what the User Experience app does in these phones. If they are tracking our phone activity, what all they may be tracking, why they may be tracking, as we all have email accounts etc. in these phones, which we do not want to be compromised. So we really look forward to your advice, since as I said, we consider MBAM to be the best. Thanks, Jayanta

my previous post is for Mr. Armando Orozco, Senior Malwarebytes Staff. Thanks.

Hello Experts, We cannot disable the User Experience App in Lenovo smartphone, via App setting. Can Force Close the UE App, but It keeps getting active and MBAM keeps detecting it as a LuespyTrojan. Another thing, I and some of my friends got this detection on our Lenovo phones, on 22.05.15, many days after we started using our Lenovo phones. So it was not as a result of any Lenovo update. It was the result of a routine MBAM scan. We have stopped using our Lenovo phones, some of them quite new, and are wondering what to do next. Do we get rid of the phones? Is it safe to use them, in spite of the MBAM repeated detection of Luespy Trojan? Your conclusive reply would be appreciated. Thanks in advance.