Random fullscreen ads Galaxy S6 Edge

[NeoDoug1]

Hi! New member here, so please be gentle! 

My partner is having some issues with full-screen pop-up ads on her Samsung Galaxy S6 Edge (running Android 6.0.1). They appear randomly, sometimes on the home screen, and sometimes while running other apps or games. When the ad appears, we can press the app-switch button, and it appears as an item at the bottom of the list of running apps, but with no title. This means that we don't know what app is producing the ads... We have tried several apps to try to find what is putting the ads up, but nothing is ever found. When using Malwarebytes (our first choice, naturally!) the result is 0 results found, which I find hard to believe, as there is certainly something on there! We have also tried Lookout, Eset, Kaspersky and a couple more, but nothing is found... The only app recently installed before this started was a Polish version of something a bit like Gumtree, but that has been uninstalled, and the apps still appear... 

Any idea how we can find out what's happening?

Many thanks!

Doug

[gradinaruvasile]

If you want to see what app initiated the fulscreen ads you can do it via adb logcat using the phone's USB debugging mode. Now the set up of ADB is your task please look it up, the method of finding the malware is described here:

http://blog.teamleadnet.com/2015/06/how-to-remove-adware-browser-hijack-or.html

Basicall you install ADB and USB drivers, launch logcat and reproduce the issue (stop logging with CTRL+C) then sift the logs (which are very detailed) for something like this (fullscreen ads might use WebView instead of Chrome):

03-20 21:04:42.310 23448 23722 I ActivityManager: START u0 {act=android.intent.action.VIEW dat=http://crapeta.com/... flg=0x10000000 pkg=com.android.chrome cmp=com.android.chrome/com.google.android.apps.chrome.Main} from uid 10022 from pid 23613 on display 0

Take the uid number and 

adb shell "dumpsys package | grep -A6 'userId=UIDNUMBER'"

This will return something like this:

userId=10022
sharedUser=SharedUserSetting{de1a2e5 android.uid.systemui/10022}
pkg=Package{ad251ba com.android.systemui}
codePath=/system/priv-app/SystemUI
resourcePath=/system/priv-app/SystemUI
legacyNativeLibraryDir=/system/priv-app/SystemUI/lib

And that is the package that initiated the ads. Now you can go into the codePath and see what is there with "adb shell ls -al thecontentsofcodepath". If you see an .apk file there you can download it with "adb pull filenamewithfullpath" to your computer and you can upload it to virustotal.

 

Now in case of fullscreen ads i suppose you don't know the exact URL but searching for the "START u0" or "dat=http://" string you probably find it somewhere.

The above while taken from a valid case might and probably IS different from your issue.

Edited March 26, 2017 by gradinaruvasile

[kimsandiego]

I am having the same problem but is there a solution that a normal non programmer person can use? None of that makes any sense to me. Might as well be speaking Martian.

[NeoDoug1]

17 hours ago, kimsandiego said:

I am having the same problem but is there a solution that a normal non programmer person can use? None of that makes any sense to me. Might as well be speaking Martian.

I never received a notification about gradinaruvasile's post, so I hadn't seen it until now, and as grateful as I am for the help, I have no idea what it means either!. 

We have since solved the problem, by completely wiping the phone, and starting from fresh, so unfortunately there's no way to find out what the culprit was... 

[Anish_s]

Install a good Antivirus. Link below

[url=http://www.alladsclassifiesd.com] top ten classified websites [/url]

Spoiler

Spoiler

Spoiler

 

 

 

 

Edited June 20, 2017 by Anish_s

[NeoDoug1]

On 2017-6-20 at 1:56 PM, Anish_s said:

Install a good Antivirus. Link below

[url=http://www.alladsclassifiesd.com] top ten classified websites [/url]

  Hide contents

  Reveal hidden contents

  Reveal hidden contents

 

 

 

 

Er, that link doesn't look like it for an antivirus app, so I won't be clicking on it... Nice try tho! 

[nialfb2510]

I assume that if the popups are being generated from an app that you have allowed, and given permissions to, it is not then Malware so Malwarebytes will not detect it. Again, neither is it a virus - I have run AVG Antivirus Pro and also Malwarebytes and neither reported any issues. To try and solve the issue I have spent a few minutes uninstalling any app I don't recognise and any app that I have recently installed. I'm testing now but so far, so good. It was strange that when I clicked on the Uber app to uninstall it the games popup started immediately - I'm not pointing the finger at Uber but it was a bit suspicious.

[MAM]

Hello, well you can try Addons Detector to find out what´s going one.

Addons Detector ----> https://public.addonsdetector.com/

MAM

 

 

[nialfb2510]

On my Galaxy S6 the full screen games adverts were coming from the 'Peel Smart Remote' app. Deleted the app and all is peace and harmony again.