Search the Community
Showing results for tags 'android'.
-
I'm having an issue with my UMX android phone with some sort of adware virus I believe. I use Google Chrome as my main browser and for the last few months, when I click on Google Chrome and even when I'm not using Google Chrome it redirects me to weird websites like hastopic.com and weekhot.codeblogbt.com and random apps like ThemeLightBlue or YourTube that hijack my phone screen with some sort of Tarot game. This also makes my phone run really slow. I've cleared all chrome history and data and factory reset my phone 3 times. Each time I factory reset it, it starts doing the same thing ranging from between 3 days to a few hours. After the most recent factory reset it changed my home tab on android to something like gdd news. I've had Malwarebytes installed, it doesn't even detect YourTube as malware and says it's safe even though I didn't install it and it's not listed in the app store. These apps also try and disguise themselves as system apps. As I'm typing this an app on my phone popped up called Jungle Treasure which is actually on the Google Play app store but I did not confirm installation for.
-
(Firefox, S10) Hi, sorry for bothering everyone again but I have a few concerns I recently went to the site clinic.meijer.com (posted straight from the Blokada log) which was the first result on Google and I have noscript installed so I allowed the sites script. It ended up not working and I close the site. I then noticed on Blokada that even minutes after closing the site and even revoking the script priveleges I saw that something was still trying to access the site. Once again the sites tab was completely closed. I then thought I had just went to the site again and forgot about it, so I made sure to block the domain in Blokada and not visit the site, and it once again showed up a few minutes later, this time blocked. I have no Meijer apps installed, and this is for sure the first time I've ever seen the domain in Blokada logs (I survey the log like a hawk). I'm just wondering how the site can access itself even without scripts or human input, cookies? I have MB Premium and it hasnt detected anything, nor has Ublock Origin or Noscript, not even my own Firefox history shown anything since I originally visited the site. It's as if visiting the site affected something on the phone itself, and not the browser. And to be honest, this might sound pretty pathetic but I'm incredebly anxious and having near panic attacks about this, I've got various anxiety disorder, ocd etc. and online security is a big factor in them. Any help would be very appreciated
-
Good morning everyone, This is my first post here and the truth is that I am very concerned about an APK that has been downloaded without asking and consent from a web page, to my mobile I will explain myself. I was browsing the internet and the website I was on had pop-up windows that I obviously constantly remove. One of them seemed harmless to me, but when it pop-up again for the second time, Chrome asked me if I wanted to download it again. I got very worried, download something again? I have not downloaded anything and also in the download directory there wasnt anything. As I was already afraid of the worst, I began to do tests with that page that managed to download an APK on my mobile without permission, I discovered that it was downloaded without requesting it and that it erased itself or disappeared in a minute. I want to make it clear that I didnt install the APK, but the fact that it disappeared / deleted by itself made me worry a lot. I supposed that the system itself could be the one that was deleting it but I downloaded another different and legitimate APK(I didn't installed) and it was not deleted. Therefore, there are only two options left, the apk is activated by itself without touching anything or the system detected that the apk was malicious and deleted it. My mobile is a redmi note 9 pro, it was not rooted, it was new one, to avoid problems I have decided to do a factory reset, but I am still worried about whether the virus is still there. I also analyzed the APK with virustotal, here I leave the analysis https://www.virustotal.com/gui/file/2778fb84d1db7bb27792cf3588090c76c0f8007cdcd89af3e00dd23deaed52b4/detection I used antivirus before the factory reset like avast, avg and malwarebytes, but it didnt find anything wrong. I insist that I didnt install the APK, is my phone in danger? the factory reset is enough? Should I flash it to avoid the problem as much as possible? The thing that realy bugs me is that the apk dissapeared after the auto download. Thank you very much for your attention and your answers And sorry for my bad english
-
Actually I was using an app from a third party site. Scanned it with Malwarebytes and it didn't detected anything, Neither with the apk nor with the installed app. Today I scanned the apk with virustotal and it is showing me 3 detections. Here is the result: https://www.virustotal.com/gui/file/8d8271e6dfbb750d2a1e61e4cfd4b15a443c517ad13598340d940a64f47c64c5/detection I don't really understand what are these detections. Are these detections very serious? Actually I didn't gave the app any permissions by myself. Is it possible that due to these detections/malware in app it might have got access to my camera/storage by itself ? I was using this app from a while that's why I am very much panicking due to this. Really need your help. -
Good morning I wanted to consult with a member of malwarebytes to help me with a problem that I have had for a long time, it is that I have a virus that is installed only on my cell phone even after having restarted it from the factory, what happens is that applications are installed With names like Calendar, Settings, Game store and the one that always appears and apparently is the strongest one called gooysf, apart from this, the browsers only open to a page called hastopic.com and also to the playstore to applications Like alibaba, when I try to type on the keyboard sometimes it closes on its own and when I want to see all the apps I see that there is an app called settings that apparently works in the background and it also pauses the videos that I see, finally all this is It installs in the files of the system folders with names like qwusz ayzx and many (I got to delete 46) also it slows down the phone and turns it off by itself or leaves it inoperative forcing me to restart it forcibly, my t Elephone is a zte blade a315 with android 6, I would appreciate your help
-
Hi, Since a few weeks, I noticed a strange behavior in Firefox for android : at first when I when I wanted to type in the search box for example "sony", after the letters "s" an "o" were displayed, it opened the site "soamsung.com", and because I enabled URL filter in my antivirus (Dr. Web), I was redirected towards a warning page about "Not recommended websites". The same happened when I typed something beginning by "er": it opened "erbay.com", but this was blocked by URL filter as well. There was other examples like this, I begin to type, then I'm redirected. So I uninstalled Firefox and reinstalled it. I precise no malware was found in Dr. Web so I tried Malwarebytes : no malware was found either. Later, despite reinstalling, I observed the same behavior, but this time with "to": the towitter.com website opened, but was blocked. So, by curiosity, I looked into the firewall feature of Dr Web (which record all internet connections of each app) and saw something : very late in the night or very very early in the morning (when I don't use Firefox because I'm sleeping), there is connections coming from Firefox to some IPs, different from a day to another. They seem to be located anywhere on the planet (one from Madrid,Spain or another from Oregon USA...) according to whatismyip.com and the ISP is Amazon.com Inc. How can I solve this ? Thanks for helping.
-
(Sprint S10 Android) Hello sorry for bothering you all again but it seems I have a different problem now too, Recently I've noticed googleads . g . doublclick . net showing up recently on my Blokada logs, I know this is a legitimate Google ad server but it just showing up from time to time isn't the problem. I've noticed it in multiple apps that either have their own ad domains or app that are opensource and I can guarantee do not have ads of any kind, yet when open spam that adress. When I dont have those apps open it tries to reach googleads about every hour despite not doing anything, and when those apps are open it spams it every few seconds. The apps I've noticed start this spam are as follows: Samsung Notes Tachiyomi ( An open source app that I can guarantee has no ads) Ebay Amazon shopping Pixiv Reddit Apps I've noticed that don't set it off: Google Play (ironically enough) Gmail Malwarebytes Blokada Newpipe Firefox VLC Media Player Medisafe FFXIV Companion I originally thought it was the apps themselves but after whitelisting them to not block ads in those apps Blokada still blocks googleads so its not the apps causing this, I dont belive. I also went to my settings and restricted background data and forced stopped all my apps except system apps and the safe apps that don't set it off. It stopped for a little bit after turning Blokada's Adguard DNS on and off (then it only tried to reach the server every hour or so) but then it came back, I tried turning it on and off again and it didn't work, it was still being spammed in those apps. I tried again right as I was righting this and it seems to have stopped again for some weird reason. Malwarebytes doesn't detect anything at all. I haven't turned off Blokada or whitelisted that adress, I'm afraid of anything happening. I'm sorry if this is too long winded or hard to understand, this is making me incredibly stressed and with the pandemic and social distancing this is the only thing I have to think about. Any help would be very appreciated, Thank You.
-
I have found 2018 references in forum to a 'malwarebytes app' in Amazon Appstore, and reports of people successfully using it, albeit seemingly on older models of Fire. However, I can find nothing of this kind in Appstore on my Kindle. Have I missed something between 2018 & now which means M'bytes can't be made to work on later Kindle Fire? (Only just signed up to a premium sub, so am just putting M'bytes on devices). Anything happening to enable M'bytes on Fire?? Any workarounds?? Tx -
(Sprint S10 Android 9, own full Malwarebytes with all protection options enabled) Recently I've noticed a few suspicious domains in Blokada, and they first started out while using and after stopping the Sprint Mobile Hotspot but have recently just been spammed regardless of any factor. They are c00161-dl. urbanairship . com remote-data. urbanairship . com device-api. urbanairship . com I tried using theNet Monitor app, but once I turned that on the domains basically dissapeared until I stopped the app, then came back. While using the Net Monitor I didn't see anything other than the system being tracked, aside from my internet browser while I was looking things up. After blocking the remote-data and device-api domains(c00161-dl was already blocked by blokada without me having to do anything) these two domains now appear nearly constantly, moreso than any other domain in Blokada, and it seems those two are prerequisites for c00161-dl, because I haven't seen that since blocking them. I also went back through the Blokada log and I found that the domains had appeared before, but it was between every few thousand entries and it was only one of the three each time, never two or three at once and never spammed like it is now and never the c00161-dl domain. I've also stopped using the Sprint mobile hotspot for fear of those domains I guess, leaking out of the hotspot and I wouldn't know about it. I've run multiple malwarebytes scans and they've all turned out clean, and all I could find is that they seem to be harmless middleware, but I haven't noticed those domains until just now, and the thing that makes me really anxious is that I can't find ANYthing about c00161-dl, anywhere at all. I apologize if this is rambly or hard to read, I have been stressed out about this almost all the time since it happened. Am I right to be worried, or am I just being overly paranoid? Any help at all would be very apreciated. -
I got a notification saying that I need to update my virus definitions, so I opened the app, and lo and behold, there was a big blue button on the dashboard under the "critical issues" section, prompting me to update the malware database. I clicked on it, and it did that little thing that touch screen buttons do when clicked on... and nothing else. I waited for a while, clicked the button again, restarted the app, restarted my phone, tried again, and still got nothing more than a ripple. While I was looking for solutions to the issue on the forums, I saw that the update had completed. Could you work on having the Android app show some kind of indication that the database update is being worked on, within a time frame that doesn't make it seem like it's not responding? Thank you for your consideration, ~NotALawyer (Moto G5 Plus, Android 8.1.0, App version 3.7.3.2. Database updated Feb. 15, 2020.) -
Dear Malwarebytes, I would like to ask about the "Device Administrator" option in Malwarebytes for Android app. I understand that this option exists mainly in order to prevent MB being uninstalled by malware and to assist the user during ransomware attack. My question is, does this option also affect the Malwarebytes ability to scan the apps installed in the system root partition? That is, is there a possibility that if the user does not grant the Device Administrator privileges then MB won't have enough permissions to scan the content of the system partition, and malware that installs disguising itself as a system app might go unscanned and undetected? I apologize if this was already asked and answered before; I tried searching the forums but couldn't find clarification in this matter. Thank you! -
Hi, I just upgraded my license to 2 devices but never received a code. The existing code for my current device does not work when used on my second device (an android phone). If this does not work on android (which is weird since its included in the description) i want my money back. -
Virgin Mobile Samsung Galaxy A8 (2018) [SM-A530W] Android version 9 Phone is not rooted. No other security software running. I am unable to add any apps to the whitelist. I can view the whitelist, but that is it. I cannot figure out how to edit it in any way. As it is now, it is just blank. Nothing is in the whitelist. Long pressing apps in the, "App Manager" section does nothing other than go to that app's info within MBAM. From there I can go into Android's app info section where I can either uninstall or force stop. On the scanner page all I can do is remove things from the list by swiping left or right. Long pressing does nothing, just pressing does nothing. There is no option to modify the whitelist through settings. I have premium and the app is up-to-date. So, why can I not do anything with the whitelist other than look at it?
-
I have been using Adhell 3 for the last 7 months. Today, opening it to take care of a new exception on my Galaxy A8 (2018) running Oreo 8.0 with Samsung Experience level 9.0, it was determined to be a banking Trojan by Malwarebytes. Not sure if it is or not as before today, despite daily scanning by Malwarebytes, it has not triggered an alarm. Just to be safe, uninstalled meantime. Scan said that file: android/trojan.banker.asacub.cp was detected in the program. Am attaching a screenshot of the initial scan report. Not sure if it was part of a recent update or not that "something" changed the state of this app. The original download was from this address: https://m.mediafire.com/folder/sb37c6gmhqgbn/AdHell_3 I have used Dr Web to run a full scan after Malwarebytes alerted me to deal with this. It found nothing... Malwarebytes was installed & functional before downloaded the Adhell program & it hasn't changed to my knowledge from the initial install to the update just day's ago (screenshots provided) of it being safe. -
I managed to grab apk file of beautymake malware from /system/priv-app location in my android phone. When I scanned using Google Play Protect it shows that one harmful app detected. After this, I uploaded this apk file to virustotal and 25 antivirus detect it as malicious app. Please find a way to remove it from mobile. It can't be removed directly because it is system-app. password is infected. Thanks Makeup.zip
-
My device (Tecno W2) with Android 6.0 Marshmallow is infected with a trojan virus. The first symptom I noticed was that Chrome will just open a random webpage, even if I close it, it will open up again, so I had to disable Chrome. Then, other things started happening like sudden display of random images on the home screen, and the images are also downloaded and saved on the device. I did a factory reset, but the virus is still there, so I now know it's in the root file. After the factory reset, once I connect to the internet, it will install an app called Magic, and then start downloading those images, and displaying them, and also open Chrome again and again. I could have put up with these, but then the device started slowing down and becoming laggy, even restarting itself. I installed Malwarebytes and it always detect the virus and then uninstall the app 'Magic' and 'Settings', but then they will be installed again. So, the problem is removing the root infection in the device's system files, I searched and the only solution is for me to root the device and do some things, but I don't even know how to root the device and also how to remove the virus in the system files. Please help! -
I'm currently using Malwarebytes for PC and Android Phone, Few days ago while Scanning my Android Phone , Malwarebytes just detected a Malware the malware name is Android/PUP.Riskware.Autoins.Fota I just wanna ask if this malware is dangerous and what the virus can do to me and my phone. I search the virus name in google but the result is nothing. Hoping to get an answer.
-
My app is a system application with systemuid, the package name is com.qiku.android.ota.Scan found a problem with Android/backdoor.coolreaper.a Then I wrote a simple helloworld application.The application’s packagename is com.qiku.android.ota,but the scan shows the same problem. So I think this package name might be on your blacklist.I don't know why. This app does not do anything that violates the rules. Can you help me remove this package name from the blacklist? My packagename is com.qiku.android.ota! Thank you very much!! -
I want to move from my installed app and license on my LG V20, with Oreo to another device but I don't want to disable the app, only deactivate the license. I plan to go back and forth and I don't want to re-install the app itself. I can deactivate the license on my desktop and move to my laptop and back again but can't find the deactivate option on my LG. I have 4 licenses and a lot of devices. TIA Phil
-
I am using the premium trial of malwarebytes for android. It found this trojan during a full scan and "successfully" removed it. However, this trojan constantly returns, as the real-time protection detects it every now and then. I have been running full scans over and over. Sometimes, it is clean; other times, I see android/backdoor.triada.n. I have located the folders, where the scanner detects the malware, and manually delete the folders; but whenever android/backdoor.triada.n resurfaces, those folder also comes back. Is this really malware? I do not even use the fire hd after a clean scan, but the malware eventually returns in detection.
-
I have the full version of Malwarebytes on Android. The database is now over 2 weeks out of date. The app shows a warning telling me I must update, but when I press the update button nothing happens. This has been the case for quite a few days now, is this a known issue? -
Hi everyone, I'd like to know if there is a way to detect special spyware. malware, trojans, keyloggers..and more...created by the biggest ethical hackers worlwide for government's agencies like cia, nsa, all secret agencies worlwide? I ask that question because in the deepweb, some black hat are selling malicious spyware, trojans, keyloggers and many more, and the contract tells that compagnies like norton, avast, yours and all anti-malware haven't got these tools added into their database, and cannot detect them in any way... It's written that these tools are done by the biggest ethical hackers (before they were black hat for most of them) for Goverments and black hat activities, that's why as soon as they are added into your database, they create a new one, to bypass any test... check wikileaks about it.... Is that real or fiction?if yes, how can we be online and be sure 100% that no one is spying us? Please if someone really knows about that, reply with all informations needed. Please no scam, or spam.. Yours truly, corethical/SWITZERLAND -
Good day, Some of our clients have come across a problem on our website, please can you clean all the malware off of www.acdc.co.za. Kind Regards, Janine
-
I disabled it in settings, but I don't know what else I can do to clean this up. If I attempt to 'remove it it says 'cannot remove a system file and tells me to whitelist it. Thanks, Harrison -
I have Amazon's Appstore and Malwarebytes on both my phone (LG G5) and Tablet (Nvidia Shield K1). Both are running Android 7.0. Only difference is on my phone's Amazon Appstore was installed from Google Play Store and on my tablet I installed the APK from Amazon's website (https://www.amazon.com/gp/mas/get/android/ref=get_appstore?ie=UTF8&appName=appstore&ref_=mas_sms_dl) ^Exact URL used Any scan results do not indicate anything on either device, however after turning my tablet's screen off for several minutes and turning it back on I keep getting ransomware notifications from Malwarebytes about the Amazon Appstore (I'm assuming because it is not from the play store and has control over the apps installed from it in some fashion) Wouldn't be too big of a problem if Malwarebytes didn't add an HTML file to my tablet's home screen every time. I'd would uninstall Amazon Appstore from my tablet but, being my gaming tablet and running games smoother than my phone, I really don't want to (nice to have access to apps I bought from Amazon on my tablet too. And some of the free apps are not available in the Play Store for my tablet, but are on Appstore and install/run fine on my tablet for example) Anyway to get Malwarebytes Mobile to ignore Appstore when installed from Amazon's site or can someone from Support look into it and fix it in a future database update?
