I had a challenging experience on the morning of July 23rd, 2018. I recently purchased a tablet from a Chinese manufacturer and, to my surprise, it came pre-installed with a potentially malicious application called "Upgradesys". Though my anti-virus (Eset) and anti-malware (Malwarebytes) applications found and warned me of the malware, neither was able to remove nor disable it nor any of the associated APKs. After extensive investigation I determined that two other pre-installed applications were likely associated with the malware, none of which were able to be disabled nor removed by Eset nor Malwarebytes. I decided to embark on debugging my tablet which can yield terrible effects on the tablet. I downloaded the most current version of Debloater (3.90) as well as its most current upgrade from XDA. I installed Debloater onto my PC and then upgraded it. I then enabled Developer mode on my tablet and enabled USB Debugging. All of the warnings flashed as I enabled each but it's a brand new system for me and if anything went wrong I figured I could simply resort to a factory reset. By the way, a factory reset would not fix the problem since the malware came pre-installed from the factory and is part of the factory reset. I then connected my tablet to my PC via a USB cable and allowed the connection. I then ran Debloater and it found my tablet via the USB cable. I then asked it to scan for all applications of which there were 171 of which three (3) were considered to be of risk. One of the three was installed as part of Antutu Benchmark which is a highly regarded system benchmarking tool pre-installed by the manufacturer. The other two were found labeled as FWUpgrade.apk and FWUpgradeProvider.apk. I placed a checkmark in the boxes to the left of each of the applications and then hit "Apply" to make the changes. Whatever would be, would be. I then disconnected the tablet from the PC and then disabled USB Debugging as well as Developer Mode. I then rebooted my tablet and crossed my fingers. A moment later the usual image appeared indicating that it was rebooting properly. As soon as the password prompt appeared an unfamiliar blue screen appeared with a digital countdown timer. I was able to back out of the countdown timer to enter the usual boot screen and from there I checked to see if the APKs of these malicious files were disabled and I was quite pleased to see that the files were indeed disabled. I then ran my anti-virus and anti-malware packages in in-depth mode and they no longer reflected the presence of any malware. Yahoo!
As of this morning, July 25th, 2018, I still have no malware. The issue has, in my case, been permanently resolved.
