Jump to content

Malwarebytes flags system apps on IPRO Kylin 5


Recommended Posts

Hi,

 Malwarebytes is flagging apps in /system/priv-app on my IPRO Kylin 5  phone ( running Android 6 ) . One of them is the default launcher (!) which I cannot disable. I can force stop it, remove all permissions  and delete all data but every so often it tries to restart ( It asks if it should replace Nova Launcher as the default launcher ...)

Another flagged app ( Beauty center ) can be disabled  and denied all permissions .

Finally the last app ( dualaid ) is a weird one - it is not listed in any App list as running or loaded or whatever. Not sure if it is possible to hide an app or it simply does nothing. 

Here are the signautures :

Andrid/PUP.Riskware.Cooee.H        /system/priv-app/phenixlauncher_tc28b_i950g/phenixlauncher_tc28b_i950g.apk

Android/Riskpay.Excel.lib.kxqp       /system/priv-app/dualaid-chengkai.wa/dualaid-chengkai.wa.950.apk

I haven't found where "Beauty center" hides yet.

A zip file with the offending apps is attached

                                                                      peter

 

sam.zip

Link to post
Share on other sites

Hi @s876p,

It seems these are preinstalled malware, which is becoming more of an issue -> Mobile Menace Monday: Preinstalled adware and sometimes worse

Instructions to disable are in the blog post linked above, but looks like you already figured that step out.

For the launcher, you need to replace it with another — like the suggested Nova Launcher.  Here's one provided by Google as well -> https://play.google.com/store/apps/details?id=com.google.android.launcher.   You need to have at least one launcher set as your default launcher.  Once Phenix Launcher is no longer the default, you may be able to disable it.  Here are some instructions on replacing the launcher -> https://www.androidcentral.com/how-change-default-launcher-android-lollipop

If you already have "Beauty center" disabled, I wouldn't worry about it.

For dualaid, it should be listed with an app name "Multiple Accounts". Here's a screenshot of what you should be looking for:

screenshot-2017-10-11_10_09_44_509.jpg.5fad246a56cd5aa466241bcea797ac38.jpg

Let me know if you need any more assistance,

Nathan

Link to post
Share on other sites

Thanks for the response

I can't seem to make the "default launcher" setting stick. Nor will a "force stop" or removing all data associated with it. Within a few hours phenix launcher starts up again and ask me if I want to make it the default. It is a bit annoying .

I found the "multiple accounts" app . I had disabled it when I first configured the phone.

I sent a number of emails to IPRO . They are "looking into it" .

The ultimate solution is of course rooting the darn phone but so far it has resisted all attempts.....

  peter

 

 

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.