Unable to remove "android/trojan.ztorg.a" this trojan

[subhadipchanda]

I Have use "Lenovo Tab 2 A7-30 HC" tablet with Android 4.2.2 Kitkat OS.

 

 

A Trojan Virus attack on my tab.I have use "Malwarebytes".It can detect the virus can not delete this.

When i have connect to wifi then "firewallservice" is showing problem.

 

Malware found:  android/trojan.ztorg.a

 

File:  /system/priv-app/.gma.apk

 

App name:  FirewallService

 

 

 

Please help me.................

[Apostolos]

I solved (I think) a similar problem a couple of days ago on a 4.2.2 Android Jellybean low budget rooted phone. I followed a procedure similar to the one found here: http://forum.xda-developers.com/general/general/fix-monkey-test-time-service-virus-t3194907

 

and I removed the following files

/system/xbin/.gap

/system/xbin/.gap.a

 

/system/app/.gma.apk

/system/app/.gmp.apk

/system/app/.gmtgp.apk

 

/system/bin/.gap

 

/etc/install-recovery.sh (a file install_recovery.sh wasn't related to the virus)

The names of the Viruses in the case I describe were: TimeService, SecurityService and FirewallService

 

Your tablet has Kitkat 4.4.2. The phone had 4.2.2.

 

If your tablet is rooted and you install (from PlayStore) Root Browser from JRummyApps, Busybox Installer from JrummyApps and Terminal Emulator from Jack Palevich

you may be able to remove (for example)  system/priv-app/.gma.apk with the following commands in Terminal Emulator

 

adb shell

su

mount -o remount,rw /system

cd /system/priv-app

chattr -iaA /system/priv-app/.gma.apk

rm /system/priv-app/.gma.apk

See also the link on xda-developers.

I have no relationship with Malwarebytes. Ask for a second opinion before doing anything of those I describe because there are dangers from human errors.

[slippy]

I tried follow this but it doesn't affect ztorg...  any mor info or advice please?

[mendaxer]

You will need busybox from JRummy Apps Inc. (install that installer, open it, select BusyBox v1.20 and tap install)

Now you can use following command in terminal emulator (ideally from Jack Palevich):

 

adb shell

su

mount -o remount,rw /system

cd /system/xbin

chattr -iaA .gap

rm .gap

 

I have used Stubborn Trojan Killer before this command too and it has deleted almoust everything of the virus, there stayed just .gap file, which I heve delete in command..

[tataros87]

I need your help too.  I found in my tablet those trojans(file attached). Can you help what i have to type on terminal so i can remove them? Thanks in advance

[tataros87]

Any solution please? thanks a lot!

[a_Mbam]

Hi Tataros87,

 

This has become a big problem with cheaper priced Devices coming from China, they come preinstalled with malicious apps and the apps cannot be removed using Android's uninstaller.

 

These apps on your device should not be trusted, there are a few things you can do.

 

- Disable the app – Can be done via Android Settings -> Apps -> bad app -> Force stop/disable

        This will prevent the app and any associated services from running.

 

- Root your device and uninstall the malicious apps. Usually reserved for advanced users, please do at your own risk.

 

- Install different, trusted, ROM to replace infected one. Usually reserved for advanced users, please do at your won risk.

 

- Return device where purchased.

 

I wish there were more options but where Android's openness and built in security collide; openness, anyone can flash a device with a custom ROM, security, you can't uninatll system apps.

 

Regards,

 

-Armando