Phone carrier E-Plus (Alditalk)
Phone brand and model (i.e. Samsung Galaxy S8+) Siemens GS270
Which Android operating system you are running 8.1.0 ScUpD: 05 Okt 2019 kernel 3.18.79+ (gcc version 6.3.1.20170109) Update run today
If your phone is rooted I dont know
If you are running any other security software Not
it seems I caught malware, malwarebytes can not find. What does it do and why do I think I have it, even, if malwarebytes says "you are clean"?
It started with a hijacking of my Whatsapp. I recognized, because I was blocked for spamming. After re - verifying my number I saw, that several people from Singapore, who I don't know, answered to a message, I did not send.
Also every 3 to 4 hours, my browsers (first BBQ, now Firefox) where hijacked: New tabs are automatically opened and lead me to game - websites.
Also my "SMS - receive" function was deactivated. This may have been the reason, why Whatsapp first did not accept my phone number for verifying.
I run 3 different free antivirus programs, that all where de-installed after. All of them found malware and removed it. However all 3 to 4 hours the malware will be installed and found again. 2 of these programs told me, that there was found a piece of software called "Update" (with version number) inside my system partition, that cannot be removed. They recommended to deactivate it with the Androit System function,- witch I tried. However it can not be deactivated,- the button was gray. Later I found a way inside malwarebytes to deactivate it. I also removed some games and some Chinese Software, that I can not remember to have installed and that I found suspicions. The situation did not change: Still after a few hours my browser pops up and shows websites for curious games. Of course I never click there and close the tab asap.
Also malwerbytes keeps finding Apps like xiaoan, gem, Tayase, and it shows for example an app com.yhn4621.ujm0317 that I find syspicious, but can not find to remove (not in my settings, nor in malwarebytes)
I cleaned the cash of the browser with no success of getting rid of this.
I cleaned my data storage.
Of cause I could install some firefox add on to block these websites, however my system is already very slow and I am afraid, that this would slow down my sytem even more.
Maybe I should remove this "update" Sotware (it has a white cloud on blue background as symbol) with malwarebytes? Does anyone know it?
In other reports I read, that I will have to change the libc.so-file. However I don t know how and I don't know if this advice is valid for my system.