Jump to content


  • Content Count

  • Joined

  • Last visited

Community Reputation

0 Neutral

About cjvmoore

  • Rank
    New Member

Recent Profile Visitors

The recent visitors block is disabled and is not being shown to other users.

  1. It wasn't sufficient Clockc was installed. I'll report back if I find the culprit. For the moment I suspect
  2. @Akos When "NoRoot Firewall" is active, a key icon appears at the top of my screen. In your screenshot it is not present. Are you sure that it is active? After running successfully for a few days blocking the "System UI" category, I googled some of the blocked IP addresses. It seems that is known as a malware vector. In fact it seems that Malwarebytes should block it. Maybe it can't if the access is from a system application. Anyway I am currently just blocking in "Global Filters/Pre-Filter". For the moment I have no malware but I shall only be certain a
  3. @Akos Thank you. I also installed "NoRoot Firewall" and blocked the category with "System UI". it seems to be a good workaround
  4. I had the same problem I read somewhere that you can't edit a post until you have posted 25 (or 50?) times. IMHO this is stupid
  5. PS I just noticed that my phone is in 6.0 but this seems to be for 7.1.2 and may well be incompatible
  6. Thank you. It looks interesting I would give it a try but I don't think I can just replace it in place as my telephone is not rooted. I guess it could be replaced in the original ROM and flashed but I am rather afraid of reflashing my telephone. Any ideas on how to easily replace it?
  7. Thank you, Nathan. Unfortunately this is the same build number as that on my telephone. So I guess it is also infected It would be great if you could find a clean System UI which I can install (my phone isn't rooted).
  8. On the 4pda.ru site there is a THL T9 Pro forum topic with a link to what is claimed to be virus-free firmware. I haven't tried it but it may be worth a try. Unfortunately I can't read Russian and the Google translation is often unintelligible
  9. SystemUI is indeed in /system/priv-app/ (Initially I thought "priv" was for private but I guess it must be for privileged.) I bit the bullet and attacked com.android.systemui. I first tried "pm disable" but I got a "Permission Denial". (I suppose this is because my telephone isn't rooted.) So I tried "pm uninstall -k --user 0". I got the repeated message "Unfortunately System UI has stopped." and was unable even to reboot via the telephone. So I rebooted via adb. On rebooting luckily there were icons on screen but I lost the top pull down menu and the bottom pull up soft
  10. Bad news: TelephonyDev (com.conterx.umora) was automatically installed today. It locks itself full screen in the foreground So I am back to square one Also, unlike Coordinator, it isn't detected as malware by Malwarebytes I have sent an Apps Report and I received the ticket 2458794. So it looks as though I must attack com.android.systemui Googling seems to indicate that without it the system won't boot completely. I guess systemui is System User Interface so there will probably be no touchscreen. If this is the case do you think that adb will still work? I was thi
  11. Actually they show up as "Not installed for this user". (Translated from French.) Thank you for your detailed explanation.
  12. Thank you for your PM. The situation is much better after uninstalling com.adups.fota and com.adups.fota.sysoper I watched Coordinator for a while and it did start using a small quantity of data So I uninstalled it yesterday. Since then no new malware has been installed I shall avoid messing with com.android.systemui unless the situation deteriorates. I notice that "pm uninstall -k --user 0" doesn't actually uninstall the package but just seems to disable its use, I suppose by user 0 (I guess 0 is system or root). There is also a "pm disable" command. What is the dif
  13. Actually there does seem to be an improvement: Coordinator was installed but seems to be dormant. It no longer locks itself full screen in the foreground and hasn't yet consumed any data Malwarebytes detects it as malware (Android/Trojan.HiddenAds.Moo). In that case shouldn't Malwarebytes have prevented its installation?
  14. The download on the THL website has the same version as that on my telephone. So I guess it also has the malware
  15. Unfortunately Coordinator was installed overnight It seems to be in the com.peony.mochi package. I have sent the Apps Report you requested and I received the ticket 2457510. If you wish I could also send a screenshot and even possibly the apk. So uninstalling com.adups.fota and com.adups.fota.sysoper is not sufficient. Is it safe to uninstall com.android.systemui or will I brick my telephone?
Back to top
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.