Jump to content
XixZ

Malware wireless update

Recommended Posts

Malwarebytes detected this malware called wireless update if it tries to remove it crashes the application is a system application that is pre installed rooting is not a option cause there is no root available for my phone does anyone know how to remove it my phone name is v7 Zyro

Share this post


Link to post
Share on other sites
On 9/12/2017 at 9:14 AM, Vabadus said:

@XixZ if that's a system application unfortunately we cannot remove it. However you can disable it.

Here's a blog post related to those types of malware: https://blog.malwarebytes.com/cybercrime/2017/03/mobile-menace-monday-preinstalled-adware-and-sometimes-worse/

I have a Hisense U989 Pro. I have disabled this app many times before, but it enables itself again. Is there anything else I can do? 

Share this post


Link to post
Share on other sites

This Is Not A Virus. This Is A App That Is Already Installed On Phone It Updates  Your WiFi and Cellular So If You Have a WiFi Or Cellular error it will update and  fix or improve siganl coverage when phone company update there coverage

iPhone don't have this app because it updates by itself in the background

So stop saying it's a virus people that don't know about technical just know how to say virus because they don't recognize apps it's stupid and ignorant.

Share this post


Link to post
Share on other sites
22 minutes ago, RaZerIsloveHoe said:

This Is Not A Virus. This Is A App That Is Already Installed On Phone It Updates  Your WiFi and Cellular So If You Have a WiFi Or Cellular error it will update and  fix or improve siganl coverage when phone company update there coverage

iPhone don't have this app because it updates by itself in the background

So stop saying it's a virus people that don't know about technical just know how to say virus because they don't recognize apps it's stupid and ignorant.

This is a virus. I contacted Hisense and the service agent did not disagree with me when I said that this is a virus. Secondly, he suggested that I simply connect my phone to my PC or laptop, find the folder that the file is in, and delete it. If this was a proper system file I doubt very strongly that he would suggest this course of action and he would have defended his employer and brand against the statement that I made regarding the FACT that, on this specific phone, this is a virus. 

Also, RaZerIsloveHoe, don't call people stupid or ignorant - ignorant people think they know better than everybody else... You have NO IDEA what other people know, so please don't be irrational and assume you know why people make the statements that they make. 

Share this post


Link to post
Share on other sites
On 3/18/2019 at 3:50 PM, I_am_me said:

This is a virus. I contacted Hisense and the service agent did not disagree with me when I said that this is a virus. Secondly, he suggested that I simply connect my phone to my PC or laptop, find the folder that the file is in, and delete it. If this was a proper system file I doubt very strongly that he would suggest this course of action and he would have defended his employer and brand against the statement that I made regarding the FACT that, on this specific phone, this is a virus. 

Also, RaZerIsloveHoe, don't call people stupid or ignorant - ignorant people think they know better than everybody else... You have NO IDEA what other people know, so please don't be irrational and assume you know why people make the statements that they make. 

The problem is, this can very likely prevent your phone from updating towards the latest recommended software/firmware versions, at least for my phone. (which is an Access Wireless Android version 7.1.1 Model TW801. I can confirm this because before removing this app, I had a software update notification after going to System updates from under the About phone section. However, once I found out that Malwarebytes detected as pup.riskware.autoins.fota.ins under an app called Wireless Update, I had to remove it via command prompt using the commands adb shell pm uninstall -k --user 0 com.fota.wirelessupdate after finding it's path: package:/system/priv-app/SystemFota/SystemFota.apk=com.fota.wirelessupdate (because so far it was the only way I can remove it according the information below) I get a notification error saying "wizard keeps stopping" which is basically preventing me from updating the phone.

It's really a sketchy pickle to be in. I don't want to use my phone with malware stuck on it forever, but at the same time, I don't want to leave it vulnerable without the latest updates. Either malwarebytes has to do further investigations to ensure this file is not a false positive or if it is virus, someone over at Access Wireless needs has to do some digging of their and at least provide some kind of patch in future updates to fix this issue.

Share this post


Link to post
Share on other sites

I'm new to Android and I believe I have the "Wireless Update" malware and within the app is another app called "Hidden Menu".  The only symptom that I have observed is that it is a browser hijacker and causes Chrome to pop up randomly, especially after charging and it directs to cheesy websites that offer to sell or play videogames.  I can disable the app, but it reactivates by itself.  Clearing histories etc does not stop it and I've done a factory reset twice to no avail. 

One problem I'm facing is that neither Malwarebytes or Sophos find any malware on the phone so I may be having difficulty targeting the problem on my own.

I have followed instructions to use ADB to uninstall what I think is the package from both a PC and a Linux and it says not installed for this user.  (user 0)

the path is: /system/priv-app/SystemFota/SystemFota.apk    I considered just deleting the package through the Android Studio gui, but was in doubt that it would actually uninstall the app.

Any help is greatly appreciated.

Share this post


Link to post
Share on other sites
On 11/8/2019 at 3:43 AM, stvvv said:

I'm new to Android and I believe I have the "Wireless Update" malware and within the app is another app called "Hidden Menu".  The only symptom that I have observed is that it is a browser hijacker and causes Chrome to pop up randomly, especially after charging and it directs to cheesy websites that offer to sell or play videogames.  I can disable the app, but it reactivates by itself.  Clearing histories etc does not stop it and I've done a factory reset twice to no avail. 

One problem I'm facing is that neither Malwarebytes or Sophos find any malware on the phone so I may be having difficulty targeting the problem on my own.

I have followed instructions to use ADB to uninstall what I think is the package from both a PC and a Linux and it says not installed for this user.  (user 0)

the path is: /system/priv-app/SystemFota/SystemFota.apk    I considered just deleting the package through the Android Studio gui, but was in doubt that it would actually uninstall the app.

Any help is greatly appreciated.

This is the exact problem I’m having, it keeps opening up to a flash game site called ggdays.com and nothing I do helps. It always happens every hour or so, sometimes when I’m using it and other times it’ll open up when I unlock my phone. I can never actually find the wireless update application thing but the Malwarebytes app keeps finding it somewhere. I haven’t tried to disable it yet cause it don’t want it to cause any other problems. Maybe it was made to trick the phone into thinking it’s a vital program so people won’t or can’t uninstall it the traditional way, idk, but I just want the damn hijacker done. Any help would be greatly appreciated.

Share this post


Link to post
Share on other sites

I worked with Malwarebytes on this problem and at the time Malwarebytes wasn't detecting it, but I knew that I had Adups because of the browser hijack.  If you look at your apps list you should see a green icon with a yellow center with an arrow or something called "Wireless Update" and within it is another app called "Hidden Menu"  I tried to remove it by following the "How to remove adups" above, but it didn't work.  They figured out the "real names" of the app.  When I first went through the removal, I think the browser hijack came back, but I reset my phone to factory settings and immediately went through the procedure and the past few days I haven't seen any sign of it.

You need to use a pc, mac or linux computer to execute the commands over USB to your phone after setting it all up in developer mode as described in the memo above.  But the important thing was knowing what to target.  So if you have ADB on your computer and your phone all ready to go, these are the commands that I entered:

  mail?url=https%3A%2F%2Fcontent.invisioncic.com%2FMmalware%2Fmonthly_2017_12%2FMB_ICON_TRANS_BKGD%28L%29.thumb.png.038508c2c373a62bb14a6b64d8029356.png&t=1573522227&ymreqid=cc45a130-449a-8a31-1ce6-d10105016400&sig=ilcHUVq4sxjBu1OvJvfhig--~C  

Hi @stvvv,

Okay, I got:

com.dtinfo.tools      Wireless Update 

To remove, you would use this command:

adb shell pm uninstall -k --user 0 com.dtinfo.tools

As far as HiddenMenu, use this:

adb shell pm uninstall -k --user 0 com.teleepoch.hiddenmenu

 

Apparently if you reset your phone, it will all come back since they are system apps so if you ever factory reset your phone you will have to do this again.  Once you uninstall it, it will still appear in your apps list but it will say uninstalled for this user.

Share this post


Link to post
Share on other sites

Sorry, I just pasted that in from email and it looks like there is a vertical line of code to the left, if your seeing that too just ignore.

Share this post


Link to post
Share on other sites
7 minutes ago, stvvv said:

Sorry, I just pasted that in from email and it looks like there is a vertical line of code to the left, if your seeing that too just ignore.

It’s ok, thanks. :)

Share this post


Link to post
Share on other sites

It actually looks like the result of malware in and of itself.  Malwarebytes, please look at this.  Code to the left after posting from yahoo mail.  ecp.yusercontent.com.

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

  • Recently Browsing   0 members

    No registered users viewing this page.

×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.