ntula
-
Posts
4 -
Joined
-
Last visited
Content Type
Events
Profiles
Forums
Posts posted by ntula
-
-
also, the peel I disabled was the one that came as pre-instlaled bloatware on the phone, it cannot be deleted and may be being exploited by another party.
things to look for are running services, background data use... etc... also, check the activity log, if a virus or malware executes an external activity, like a push or system level even, it will show up unless the virus is set to delete the logs.
-
not sure exactly, I got rid of it for now, but it may come back, peel may not be the only one. ES file manager, pulled from the play store, was doing similar stuff with click fraud ware.
the other thing I found is that the malware relies on a default browser to be set, background data, and wifi when data is restricted. also, chrome cannot be deleted and in fact, when you delete the data, it keeps relaunching from a forced quit state.
I plan on just buying a new phone and suing go daddy for the expense of that and lost time. go daddy is hosting these sites while hiding the domain owners and is not taking them down per complaints. is is illegal to intentionally interfere with the use of a phone or other electronic device. slam dunk case.
-
I had the same problem and tried everything. it got so bad with attacks happening every few minutes and interfering with the phone use, which is illegal, not just annoying. antivirus and malware apps found nothing. then I started just deleting apps.. and even that did not work. until I tried the appwatch app and then by an error it showed me the culprit. it is Peel remote, the IR remote control app that comes from Samsung that you cannot delete without rooting, you can only disable. what happened was that appwatch showed me that the browser chrome was the culprit, but when I clicked on the info in the activity log output, it took me to the peel remote app settings. when I tried that again, it took me to chrome, so it is trying to hide it's activity. what I had to do was boot into safe mode, force quit, delete data and then disable the app. the reason no virus or malware apps can find it is that it is a legitimate app that was programmed with a back door to this. the irony is that this started to occur right when Samsung announced the new phones and it is a Samsung app and I had done an app update.
in the process of searching for the culprit, I even was able to find the exact name of the persons, and their physical addresses, of the persons who wrote the web pages, which contain quite of bit of "push" and data collecting code in a java script. in addition to this, the annoying pages were on topics that I had searched for, so it is clearly invading your privacy. some of the links on the pages go back to a product search on amazon for the search topics, for example I had searched for a car part and then a car info ad site appeared with a single link in the main body that took me to a general car part search on amazon. in addition to this, facebook, which I rarely use was being logged into. now peel remote was removed from the play store but Samsung still is updating it. I strongly suggest you contact the FCC and file a complaint against the "domains by proxy", owned by go daddy, that profits from these fly by night domains, peel, Samsung, amazon, and the web page authors.
things to do, delete facebook spyware app, prevent apps from other sources, do not use apps that contain ads that are not verified and if you can, just buy them.
Techofires (IdeaPlus) browser hijacker
in Malwarebytes for Android Support Forum
Posted
I think that peel has an open port for persons to exploit and infect devices and in this case may be using it or the update was either altered by someone or it was intentional. whether it is by peel is unknown, but when peel was originally bundled with Samsung products for their ir capacity, it was ad free, then it got worse with every update. this problem came to me after I updated everything via the play store. peel was on my phone from Samsung but is appears that it could either update via Samsung or the play store. things I did notice was that if I put my phone in airport mode, it would still try to open the browser page with an error, meaning that it was coming from a source besides the browser since I had the browser quit and background data restricted. since peel cannot be deleted on my Samsung phones and is in a sense protected and listed as a legit OEM app, it can get passed scans and is a optimum tool for someone to exploit for adware. it already has the permissions set to do the damage.