Jump to content

New ransomware/malware in Android phone blocks me from disabling device administrator


Recommended Posts

Android 4.0.4
Galaxy S Relay

I have malware that resembles but is not quite the FBI ransomware. Like that malware it hid in an Adobe Flash Player app but for some reason it does not ask for anything- it just puts a screen on the phone saying it's "scanning file folders" and has not found anything. Like the other versions it is impossible to close out of and disables the homescreen key.

On rare occasions I am able to get into the phone for a while by booting up and then swiping in and launching other apps before it loads. Other times it is too fast for me. Sometimes the block disappears if an alert comes in and disrupts it. When I can get in in normal mode I have attempted to uncheck the device administrator through security settings, but when I uncheck I get an error message saying "system cannot be disabled- and then the error message itself blocks access to the phone. 
When I boot into safe mode and go to the device administrators screen it tells me that no device administrators can be found. I tried Malwarebytes Anti-Malware and it failed to find any malware on the device. Avast had more luck finding it, but it ran into the same problem with the device administrator that I did when I tried it manually.

Every single walkthrough I have seen says to remove the administrator in order to ungray the uninstall button. Nobody can tell me what to do when it also blocks access from the administrator. At the end of my rope- help! 

Link to post
Share on other sites

Hi Phaedrusnyc,

 

Yeah, these guys have become trouble. You can try disabling the app via command-line using ADB while connected with a USB. Keep in mind these are advanced steps so use at your own risk and use caution.

 
 
Or, for the full Android Development kit here: https://developer.android.com/sdk/installing/index.html
 
The trickiest part is identifying the package name because they obviously try to hide, so the name could be randomized, some adobe flash or porn variation, or one that's kind of nonsensical.
 
Best to do while device is in Safe Mode, connect the device via USB with USB debugging enabled.
 
Using adb, from a command line:
 
> adb shell
> pm list packages (identify app)
- non-root:
   > adb shell am force-stop com.mypackage (com.mypackage is the name of the app)
- with root: 
   > pm disable com.mypackage
 
Examples: 
adb shell am force-stop knhd.nduix.kvzpl
adb shell am force-stop com.porno.player
 
Next uninstall app.
 
Restart device
 
Good luck and let me know if you have trouble with the steps.
 
-Armando
Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Recently Browsing   0 members

    No registered users viewing this page.

Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.