Jump to content

Unable to remove "android/trojan.ztorg.a" this trojan

Recommended Posts

I Have use "Lenovo Tab 2 A7-30 HC" tablet with Android 4.2.2 Kitkat OS.



A Trojan Virus attack on my tab.I have use "Malwarebytes".It can detect the virus can not delete this.

When i have connect to wifi then "firewallservice" is showing problem.


Malware found:  android/trojan.ztorg.a
File:  /system/priv-app/.gma.apk
App name:  FirewallService
Please help me.................




Link to post
Share on other sites

I solved (I think) a similar problem a couple of days ago on a 4.2.2 Android Jellybean low budget rooted phone. I followed a procedure similar to the one found here: http://forum.xda-developers.com/general/general/fix-monkey-test-time-service-virus-t3194907


and I removed the following files

/etc/install-recovery.sh (a file install_recovery.sh wasn't related to the virus)

The names of the Viruses in the case I describe were: TimeService, SecurityService and FirewallService
Your tablet has Kitkat 4.4.2. The phone had 4.2.2.
If your tablet is rooted and you install (from PlayStore) Root Browser from JRummyApps, Busybox Installer from JrummyApps and Terminal Emulator from Jack Palevich
you may be able to remove (for example)  system/priv-app/.gma.apk with the following commands in Terminal Emulator
adb shell
mount -o remount,rw /system
cd /system/priv-app
chattr -iaA /system/priv-app/.gma.apk
rm /system/priv-app/.gma.apk

See also the link on xda-developers.
I have no relationship with Malwarebytes. Ask for a second opinion before doing anything of those I describe because there are dangers from human errors.
Link to post
Share on other sites

  • 2 weeks later...
You will need busybox from JRummy Apps Inc. (install that installer, open it, select BusyBox v1.20 and tap install)
Now you can use following command in terminal emulator (ideally from Jack Palevich):
adb shell
mount -o remount,rw /system
cd /system/xbin
chattr -iaA .gap
rm .gap


I have used Stubborn Trojan Killer before this command too and it has deleted almoust everything of the virus, there stayed just .gap file, which I heve delete in command.. ;)

Link to post
Share on other sites

Hi Tataros87,


This has become a big problem with cheaper priced Devices coming from China, they come preinstalled with malicious apps and the apps cannot be removed using Android's uninstaller.
These apps on your device should not be trusted, there are a few things you can do.
- Disable the app – Can be done via Android Settings -> Apps -> bad app -> Force stop/disable
        This will prevent the app and any associated services from running.
- Root your device and uninstall the malicious apps. Usually reserved for advanced users, please do at your own risk.
- Install different, trusted, ROM to replace infected one. Usually reserved for advanced users, please do at your won risk.
- Return device where purchased.
I wish there were more options but where Android's openness and built in security collide; openness, anyone can flash a device with a custom ROM, security, you can't uninatll system apps.
Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.