Jump to content

Search the Community

Showing results for tags 'pup.riskware.autoins.fota'.



More search options

  • Search By Tags

    Type tags separated by commas.
  • Search By Author

Content Type


Forums

  • Announcements
    • Malwarebytes News
    • Beta Testing Program
  • Malware Removal Help
    • Windows Malware Removal Help & Support
    • Mac Malware Removal Help & Support
    • Mobile Malware Removal Help & Support
    • Malware Removal Self-Help Guides
  • Malwarebytes for Home Support
    • Malwarebytes for Windows Support Forum
    • Malwarebytes for Mac Support Forum
    • Malwarebytes for Android Support Forum
    • Malwarebytes for iOS Support
    • Malwarebytes Browser Guard
    • False Positives
    • Comments and Suggestions
  • Malwarebytes for Business Support
    • Malwarebytes Endpoint Protection
    • Malwarebytes Incident Response (includes Breach Remediation)
    • Malwarebytes Endpoint Security
    • Malwarebytes Business Products Comments and Suggestions
  • Malwarebytes Tools and Other Products
    • Malwarebytes AdwCleaner
    • Malwarebytes Junkware Removal Tool Support
    • Malwarebytes Anti-Rootkit BETA Support
    • Malwarebytes Techbench USB (Legacy)
    • Malwarebytes Secure Backup discontinued
    • Other Tools
    • Malwarebytes Tools Comments and Suggestions
  • General Computer Help and Security Updates
    • BSOD, Crashes, Kernel Debugging
    • General Windows PC Help
  • Research Center
    • Newest Rogue-Ransomware Threats
    • Newest Malware Threats
    • Newest Mobile Threats
    • Newest IP or URL Threats
    • Newest Mac Threats
    • Report Scam Phone Numbers
  • General
    • General Chat
    • Forums Announcements & Feedback

Find results in...

Find results that contain...


Date Created

  • Start

    End


Last Updated

  • Start

    End


Filter by number of...

Joined

  • Start

    End


Group


AIM


MSN


Website URL


ICQ


Yahoo


Jabber


Location


Interests

Found 1 result

  1. Uninstalling Adups and other preinstalled malware via ADB command line tool Updated October 2018: New method now uninstalls, not just disables Adups. Credit given to user Hashux for pointing out this updated method. Adups Background Adups has been found preinstalled on mobile devices from manufacturers such as BLU, and other mobile devices typically found on online stores such as Amazon. Adups is a well-known threat, as addressed in Mobile Menace Monday: upping the ante on Adups. It is considered a preinstalled PUP and/or malware, which is becoming more of an issue as written in Mobile Menace Monday: Preinstalled adware and sometimes worse. Adups has a couple components: Android/PUP.Riskware.Autoins.Fota – Auto installer that runs with system level privileges, which allows it to install apps and update without user's knowledge; package names com.adups.fota.sysoper and com.fw.upgrade.sysoper, name in app list UpgradeSys; name of APK FWUpgradeProvider.apk Important Note: PUP (Potentially Unwanted Program) is not malware; thus it is not nearly as harmful Android/Backdoor.Agent - Information stealer that captures user data such as text messages, location, and unique device identifiers, package name com.adups.fota;name(s) in app list System Update, Wireless Update, others; name of APK adupsfota.apk Android/Trojan.Downloader.Fota.e - Downloader, package name com.adups.fota; name(s) in app list System Update, Wireless Update, others; name of APK adupsfota.apk Adups cannot be uninstalled/disabled easily Preinstalled means it comes already installed on a mobile device at the system level. Thus, it cannot be removed, only disabled through a device’s app information page. Unfortunately, it has come to our attention that the preinstalled PUP and/or Malware known as Adups cannot be disabled through a mobile device’s app information page either. Uninstalling Adups and other preinstalled malware manually via ADB command line tool Although it cannot be uninstalled/disabled via conventional methods, we have discovered a method to uninstall Adups apps that does not involve rooting your mobile device. This method involves using the ADB command line tool provided through Android Studio. Uninstall Note: Uninstalling is done via command adb shell pm uninstall -k --user 0. The portion of the command, --user 0, is the current user. So technically, it's only uninstalling for the current user, and not all the users. Thus, the app(s) will still reside on the device, although they will no longer appear in the app information page. However, since they still reside on the device, a factory reset will restore. There is another method as well; see Restoring apps onto the device below. Disclaimer: Proceed at your own risk! I, nor Malwarebyes, can guarantee this will not damage your mobile device. Uninstalling system apps has the potential to permanently damage your device, rendering it unusable. However, by uninstalling only the Adups apps listed in this guide, I can’t see how any damage would occur. Also, as noted in the Uninstall Note above, a factory reset will restore any apps uninstalled using this method. Still, if you value your mobile device, this option may not be worth the risk. What you’ll need: Mobile device infected with Adups apps (or other preinstalled malware) Android Studio and any additional files it needs to function Another option is to install the standalone SDK Platform Tools; especially if PC storage space is a concern Setting an environment variable path to ADB after Android Studio installation Path is usually C:\Users\<username>\AppData\Local\Android\Sdk\platform-tools\ For standalone SDK Platform Tools option, wherever you unzip, make into the environment variable USB to connect mobile device to PC Google USB Drivers Some basic technical ability, and willingness to remove Adups at all costs — or at least the cost of “bricking” your mobile device, although unlikely Uninstalling Adups via ADB command line Enable USB debugging on mobile device Plug mobile device into your PC In the mobile device’s notifications, tap “USB for…” and select Transfer files. Open Command Prompt on PC Use the following command to list all apps on the device and confirm existence of package name(s) com.adups.fota and/or com.adups.fota.sysoper adb shell pm list packages -f Easiest way is to copy/paste into text editor and search for com.adups.fota and/or com.adups.fota.sysoper STOP — Before the next steps, make sure to copy/paste the path of the apk somewhere in case you want to re-install; see Restoring apps onto the device below. Use the following commands to uninstall Adups adb shell pm uninstall -k --user 0 com.adups.fota adb shell pm uninstall -k --user 0 com.adups.fota.sysoper You should receive a Success after each command You can use adb shell pm list packages -f again to ensure the Adups apps are removed from the list Other Preinstalled Malicious Apps This method can also be used on other stubborn preinstalled malicious apps as well. You would just replace the command(s) above with the appropriate package name. adb shell pm uninstall -k --user 0 <package name> Warning: Before doing so, I suggest rereading the disclaimer above, and being extra cautious before uninstalling any system apps! Restoring apps onto the device (without factory reset) As stated in the Uninstall Note above, the uninstall is only for the current user. Thus, the app(s) will still reside on the device. As a result, they can be restored using a factory reset, or another very helpful adb command: adb shell pm install -r --user 0 <full path of the apk> Note: You must install using the full path of the apk. Examples: /system/app/AdupsFota/AdupsFota.apk /system/app/AdupsFotaReboot/AdupsFotaReboot.apk Using the package name like you did on uninstall will not work. Thus, make sure to copy/paste any full path of apk you like to uninstall from command adb shell pm list packages -f in a safe place before proceeding. Feedback Appreciated The method above was successfully tested on BLU Studio XL 2 running Android OS 6.0. Please feel free to PM me (mbam_mtbr) with your success/failure of this method to further help the Android community! Good luck, Nathan
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.