3 Trojan.Zitmo found in rooted International Galaxy Note 2.. help!

[siratfus]

Hey guys, what is trojan.zitmo? The scan results show:

 

1. Android/Trojan.Zitmo

/system/app/SeeContacts.apk

 

2. Android/Trojan.Zitmo

/system/app/NetworkLocation.apk

 

3. Android/Trojan.Zitmo

/system/app/torch.apk

 

Is this harmful? I tried deleting them, but they were all unsuccessful.

 

Please advise. 

[siratfus]

BTW, another option in the malwarebytes app is to add them to whitelist. What does that mean?

[jerryeight]

Hi Siratfus

 

 

When you add them to  the whitelist, Malwarebytes will not detect them as malicious software in future scans. 

 

 

Could you please tell me what operating system are you running on your Galaxy Note 2 ?  Is  it the stock rom or a custom rom, if it is a custom rom could you tell me which one you are using and where did you download it from?

 

Thanks,

Jerry Li

[siratfus]

Hi Jerry, it is 4.1.2

 

The phone was given to me and I was told it was rooted. But I actually do not know how to take advantage of a rooted phone. So I'm not sure if it was stock or custom rom. Is there a way for me to find out? Would baseband and Kernel version info help? And is it safe to display those serials in a public forum?

[jerryeight]

Hi 

 

Yes, if you could tell us the exact model number, Baseband version, kernel version, and build number  for your phone it would help us determine if you are running the stock rom or a custom rom.  It is safe to share it since it does not contain any personal information. 

 

To find this information  please  Go to  Settings > More Tab or the very bottom of the menu > Then tap  About Device or About Phone to have  all of the information view able.  

 

Thanks,

Jerry Li

[siratfus]

GT-N7100

Android 4.1.2

baseband: N7100ZCDMD3

kernal: 3.0.31-857946

se.infra@SEP-76#1

SMP PREEMPT Wed Apr 17 14.:15:44 KST 2013

Build number: GT-N7100ZCDMD3

[a_Mbam]

Hi Siratfus,

 

Thanks for reporting this and working with Jerry to help us identify the app versions for your ROM. I was able to track down suspected detection method and disable it, while I research the reason for the fp. At this time I don't suspect any malware on your ROM.

 

Please update your MBAM Mobile and let us know if the detection is still present.

 

Thanks Jerry for working with Siratfus.

 

-Armando

[siratfus]

Thank you guys! I updated the app and ran the scan again and nothing was detected. 

[ferndog]

Hi Siratfus,

 

Thank you for the update and thank you for choosing Malwarebytes. This post will now be closed.