Jump to content

IanH2

Members
  • Posts

    5
  • Joined

  • Last visited

Reputation

0 Neutral

Recent Profile Visitors

The recent visitors block is disabled and is not being shown to other users.

  1. Hi Nathan, no, I didnt spot that app with the chinese character this time, perhaps I should reinstall the image with the running malware and see if it appears again - perhaps I didnt give it time to install. I have reflashed the pre malware breakout rom, and run the commands to remove com.adups.fota.sysoper and com.adups.fota as explained . (they were present), and verified that they have been removed. ( I also removed mtklogger for good measure, as it is alleged to be another malware*, and I remember mtk something messing with the su root app) Hopefully the phone will be OK now. The mystery is what the mechanism is for the malware to become active, I wondered if I could fool it into waking up be installing an image with an old date on the phone, and then letting it wake up and discover months have passed and its time to release the demons. Tried that and it didnt summon them. Anyway. Thanks. Ian *https://www.blackhat.com/docs/us-17/wednesday/us-17-Johnson-All-Your-SMS-&-Contacts-Belong-To-Adups-&-Others.pdf
  2. .. and one more note, when using twrp to back up the phone with malware active , it could not back up the first system entity because of corruption. Did the malware modify it?.
  3. Backed up the active malware phone with TWRP (and verified that when I restore the latest (active malwared) backup the nastiness returns). With malware running rampant both eset and malwarebytes are unable to see a problem, presumably because the malware got root permissions. I re-installed an earlier backup with the presumed sleeping, latent malware, malwarebytes gave it a clean bill of health - initially eset reports the following problems: android/agent,BOA android/agent.AZS android/triada.JA trojandropper.agent.dzf android.Hiddad.AEV Android/Agent.bnh trojandropper.agent.DKI (multiple times?) trojandropper.agent.der android.agent.blb Oddly enough, when I re-installed the same backup again with presumed sleeping malware, and ran eset againit saw .... nothing!. Should have been the exact same set of issues as it was exactly the same rom/data , but none showed up the second time?. Very odd. This time round the new chinese app( mentioned in the original post of this thread) in the apps list has not appeared. Time for a new non-factory rom. However I can re-install the Doogee malware with it running/latent with twrp whenever needed.
  4. After restoring from a twrp backup it has happened again today!, this time I noticed some funny business with super su being woken up and fake button presses by an app calling itself mtk factory tools or some such, (which isnt installed), when I look at the supersu log it has no record of the activity, at the moment the only problem is the browser being unusable due to ads, it hasnt got to the stage of locking the screen with ads, yet... I think this thing is in the factory rom and is on a time delay. Thanks Doogee!. Malwarebytes doesnt see a problem. I have emailed an apps report to malware bytes, and will send twrp backup images, if needed. Ian
  5. I had exactly the same problem today, I have an x5 max pro (with factory rom 3.18.19+ doogee info@doogee.cc 20180319), and the the chinese virus app as above was present and not removable. the full screen ads " 'interesting for you' by mgid" could not be closed, and locked even the power button. So i removed the battery and installed a backup with twrp. Is this malware preinstalled, and coming to life on a timer, or does it come via recently installed apps as a sideload?, the only app I installed recently was 'scanner pro' from the play store, I doubt it was responsible. I have malwarebytes on my phone, and it didnt see it, I also tried avg to no effect. After installing the backup the chinese character app is gone - but will it return?.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.