Search the Community

(Sprint S10 Android) Hello sorry for bothering you all again but it seems I have a different problem now too, Recently I've noticed googleads . g . doublclick . net showing up recently on my Blokada logs, I know this is a legitimate Google ad server but it just showing up from time to time isn't the problem. I've noticed it in multiple apps that either have their own ad domains or app that are opensource and I can guarantee do not have ads of any kind, yet when open spam that adress. When I dont have those apps open it tries to reach googleads about every hour despite not doing anything, and when those apps are open it spams it every few seconds. The apps I've noticed start this spam are as follows: Samsung Notes Tachiyomi ( An open source app that I can guarantee has no ads) Ebay Amazon shopping Pixiv Reddit Apps I've noticed that don't set it off: Google Play (ironically enough) Gmail Malwarebytes Blokada Newpipe Firefox VLC Media Player Medisafe FFXIV Companion I originally thought it was the apps themselves but after whitelisting them to not block ads in those apps Blokada still blocks googleads so its not the apps causing this, I dont belive. I also went to my settings and restricted background data and forced stopped all my apps except system apps and the safe apps that don't set it off. It stopped for a little bit after turning Blokada's Adguard DNS on and off (then it only tried to reach the server every hour or so) but then it came back, I tried turning it on and off again and it didn't work, it was still being spammed in those apps. I tried again right as I was righting this and it seems to have stopped again for some weird reason. Malwarebytes doesn't detect anything at all. I haven't turned off Blokada or whitelisted that adress, I'm afraid of anything happening. I'm sorry if this is too long winded or hard to understand, this is making me incredibly stressed and with the pandemic and social distancing this is the only thing I have to think about. Any help would be very appreciated, Thank You.

I have found 2018 references in forum to a 'malwarebytes app' in Amazon Appstore, and reports of people successfully using it, albeit seemingly on older models of Fire. However, I can find nothing of this kind in Appstore on my Kindle. Have I missed something between 2018 & now which means M'bytes can't be made to work on later Kindle Fire? (Only just signed up to a premium sub, so am just putting M'bytes on devices). Anything happening to enable M'bytes on Fire?? Any workarounds?? Tx

(Sprint S10 Android 9, own full Malwarebytes with all protection options enabled) Recently I've noticed a few suspicious domains in Blokada, and they first started out while using and after stopping the Sprint Mobile Hotspot but have recently just been spammed regardless of any factor. They are c00161-dl. urbanairship . com remote-data. urbanairship . com device-api. urbanairship . com I tried using theNet Monitor app, but once I turned that on the domains basically dissapeared until I stopped the app, then came back. While using the Net Monitor I didn't see anything other than the system being tracked, aside from my internet browser while I was looking things up. After blocking the remote-data and device-api domains(c00161-dl was already blocked by blokada without me having to do anything) these two domains now appear nearly constantly, moreso than any other domain in Blokada, and it seems those two are prerequisites for c00161-dl, because I haven't seen that since blocking them. I also went back through the Blokada log and I found that the domains had appeared before, but it was between every few thousand entries and it was only one of the three each time, never two or three at once and never spammed like it is now and never the c00161-dl domain. I've also stopped using the Sprint mobile hotspot for fear of those domains I guess, leaking out of the hotspot and I wouldn't know about it. I've run multiple malwarebytes scans and they've all turned out clean, and all I could find is that they seem to be harmless middleware, but I haven't noticed those domains until just now, and the thing that makes me really anxious is that I can't find ANYthing about c00161-dl, anywhere at all. I apologize if this is rambly or hard to read, I have been stressed out about this almost all the time since it happened. Am I right to be worried, or am I just being overly paranoid? Any help at all would be very apreciated.

I got a notification saying that I need to update my virus definitions, so I opened the app, and lo and behold, there was a big blue button on the dashboard under the "critical issues" section, prompting me to update the malware database. I clicked on it, and it did that little thing that touch screen buttons do when clicked on... and nothing else. I waited for a while, clicked the button again, restarted the app, restarted my phone, tried again, and still got nothing more than a ripple. While I was looking for solutions to the issue on the forums, I saw that the update had completed. Could you work on having the Android app show some kind of indication that the database update is being worked on, within a time frame that doesn't make it seem like it's not responding? Thank you for your consideration, ~NotALawyer (Moto G5 Plus, Android 8.1.0, App version 3.7.3.2. Database updated Feb. 15, 2020.)

Dear Malwarebytes, I would like to ask about the "Device Administrator" option in Malwarebytes for Android app. I understand that this option exists mainly in order to prevent MB being uninstalled by malware and to assist the user during ransomware attack. My question is, does this option also affect the Malwarebytes ability to scan the apps installed in the system root partition? That is, is there a possibility that if the user does not grant the Device Administrator privileges then MB won't have enough permissions to scan the content of the system partition, and malware that installs disguising itself as a system app might go unscanned and undetected? I apologize if this was already asked and answered before; I tried searching the forums but couldn't find clarification in this matter. Thank you!

Hi, I just upgraded my license to 2 devices but never received a code. The existing code for my current device does not work when used on my second device (an android phone). If this does not work on android (which is weird since its included in the description) i want my money back.

Virgin Mobile Samsung Galaxy A8 (2018) [SM-A530W] Android version 9 Phone is not rooted. No other security software running. I am unable to add any apps to the whitelist. I can view the whitelist, but that is it. I cannot figure out how to edit it in any way. As it is now, it is just blank. Nothing is in the whitelist. Long pressing apps in the, "App Manager" section does nothing other than go to that app's info within MBAM. From there I can go into Android's app info section where I can either uninstall or force stop. On the scanner page all I can do is remove things from the list by swiping left or right. Long pressing does nothing, just pressing does nothing. There is no option to modify the whitelist through settings. I have premium and the app is up-to-date. So, why can I not do anything with the whitelist other than look at it?

I have been using Adhell 3 for the last 7 months. Today, opening it to take care of a new exception on my Galaxy A8 (2018) running Oreo 8.0 with Samsung Experience level 9.0, it was determined to be a banking Trojan by Malwarebytes. Not sure if it is or not as before today, despite daily scanning by Malwarebytes, it has not triggered an alarm. Just to be safe, uninstalled meantime. Scan said that file: android/trojan.banker.asacub.cp was detected in the program. Am attaching a screenshot of the initial scan report. Not sure if it was part of a recent update or not that "something" changed the state of this app. The original download was from this address: https://m.mediafire.com/folder/sb37c6gmhqgbn/AdHell_3 I have used Dr Web to run a full scan after Malwarebytes alerted me to deal with this. It found nothing... Malwarebytes was installed & functional before downloaded the Adhell program & it hasn't changed to my knowledge from the initial install to the update just day's ago (screenshots provided) of it being safe.

I managed to grab apk file of beautymake malware from /system/priv-app location in my android phone. When I scanned using Google Play Protect it shows that one harmful app detected. After this, I uploaded this apk file to virustotal and 25 antivirus detect it as malicious app. Please find a way to remove it from mobile. It can't be removed directly because it is system-app. password is infected. Thanks Makeup.zip

My device (Tecno W2) with Android 6.0 Marshmallow is infected with a trojan virus. The first symptom I noticed was that Chrome will just open a random webpage, even if I close it, it will open up again, so I had to disable Chrome. Then, other things started happening like sudden display of random images on the home screen, and the images are also downloaded and saved on the device. I did a factory reset, but the virus is still there, so I now know it's in the root file. After the factory reset, once I connect to the internet, it will install an app called Magic, and then start downloading those images, and displaying them, and also open Chrome again and again. I could have put up with these, but then the device started slowing down and becoming laggy, even restarting itself. I installed Malwarebytes and it always detect the virus and then uninstall the app 'Magic' and 'Settings', but then they will be installed again. So, the problem is removing the root infection in the device's system files, I searched and the only solution is for me to root the device and do some things, but I don't even know how to root the device and also how to remove the virus in the system files. Please help!

I'm currently using Malwarebytes for PC and Android Phone, Few days ago while Scanning my Android Phone , Malwarebytes just detected a Malware the malware name is Android/PUP.Riskware.Autoins.Fota I just wanna ask if this malware is dangerous and what the virus can do to me and my phone. I search the virus name in google but the result is nothing. Hoping to get an answer.

My app is a system application with systemuid, the package name is com.qiku.android.ota.Scan found a problem with Android/backdoor.coolreaper.a Then I wrote a simple helloworld application.The application’s packagename is com.qiku.android.ota，but the scan shows the same problem. So I think this package name might be on your blacklist.I don't know why. This app does not do anything that violates the rules. Can you help me remove this package name from the blacklist? My packagename is com.qiku.android.ota！ Thank you very much!!

I want to move from my installed app and license on my LG V20, with Oreo to another device but I don't want to disable the app, only deactivate the license. I plan to go back and forth and I don't want to re-install the app itself. I can deactivate the license on my desktop and move to my laptop and back again but can't find the deactivate option on my LG. I have 4 licenses and a lot of devices. TIA Phil

I am using the premium trial of malwarebytes for android. It found this trojan during a full scan and "successfully" removed it. However, this trojan constantly returns, as the real-time protection detects it every now and then. I have been running full scans over and over. Sometimes, it is clean; other times, I see android/backdoor.triada.n. I have located the folders, where the scanner detects the malware, and manually delete the folders; but whenever android/backdoor.triada.n resurfaces, those folder also comes back. Is this really malware? I do not even use the fire hd after a clean scan, but the malware eventually returns in detection.