Pre Installed Malware

[MJRoajs]

I'm currently using Malwarebytes for PC and Android Phone, Few days ago while Scanning my Android Phone , Malwarebytes just detected a Malware the malware name is Android/PUP.Riskware.Autoins.Fota I just wanna ask if this malware is dangerous and what the virus can do to me and my phone. I search the virus name in google but the result is nothing. 

 

Hoping to get an answer.

[pad201234]

I'm having the same issue! I wanted to make a post on this forum about this today. I think this might be a false positive. But we need to wait for an answer

 

[pad201234]

Update: I just factory reset my phone. The app is still there and malewarebytes is detecting it. This started happening after the newest update. Seems like a false positive. But I dont know for sure

[MAM]

Hello, maybe you can upload the App, here too for analyzing?

Thanks.

MAM

[pad201234]

I cannot do that. My phone is not rooted. I think this is a system app

 

[MAM]

Hello, which model are you use?

MAM

 

[MAM]

The Name of the smartphone.

MAM

[pad201234]

Im using allview x2 xtreme

 

[MAM]

Hello, can you not directly upload the App here in the forum from your smartphone?

Sign up here on the forum with your smartphone, and upload this avoidable app. Is not that possible?

MAM

[pad201234]

Nope. My phone is not rooted. As I said, this app was pre-installed on my phone. I'm very confused as to what to do since this never happend before. I dont want to use my phone until this is reseolved.

[MAM]

Well, i am out here to help you in this issue. Please wait here for the expert´s. Ok?

Or, you have a deeper look on this for the first, ---> http://www.hardreset.info/devices/allview/allview-x2-xtreme/faq/tips-tricks/how-to-recover-contacts/

MAM

[MAM]

Hello, or you can dry this for the first, https://guardianproject.info/tag/checkey/

Please read the instructions there exactly !

If you have any access to this app.

And let her check there.

Good Luck!

MAM

[pad201234]

This is really weird. There are 2 files. FWUprage_com.fw.upgrade_16_1.1... witch virus total says its ok, and then there's FWUprageProvider.apk which has a 14/60 detection ratio. I'm going to do a second factory reset to make sure the file is pre-installed. I'm very confused here. I'll probably contact allview support.

[MAM]

Ok, good luck finding out what's really going on ....

Maybe other experts here say something else.

MAM

[MJRoajs]

my Phone brand name is O+ Compact Pro

[mbam_mtbr]

Hi @MJRoajs & @pad201234,

This is a well known Adups app: Mobile Menace Monday: Adups, old and new

Adups is preinstalled malware, which is becoming more of an issue -> Mobile Menace Monday: Preinstalled adware and sometimes worse

Instructions to disable are in the blog post linked above.

Nathan

[bumblebee]

I've got the same issue as the OP, exactly the same "malware". However I can't disable the responsible app only "Force Stop" is available to click, the "Disable" button is greyed out and unclickable. I got the phone earlier this year from a reputable company so I'm surprised about this preinstalled "malware". I've read the articles helpfully posted by mbam_mtbr but the advice is to click the "Disable" button which I can't do.

MJRoajs - have you found a solution?

Does anyone have any further advice?

[bumblebee]

I've got the same issue as the OP, exactly the same "malware". However I can't disable the responsible app only "Force Stop" is available to click, the "Disable" button is greyed out and unclickable. I got the phone earlier this year from a reputable company so I'm surprised about this preinstalled "malware". I've read the articles helpfully posted by @mbam_mtbr but the advice is to click the "Disable" button which I can't do.

@MJRoajs @pad201234 have either of you found a solution?

Does anyone have any further advice?

[mbam_mtbr]

Hi @bumblebee,

Just so everyone doesn't think I'm ignoring you, I'll state that we discussed this matter over PM

Nathan

[java_man]

Even we have done wipe our Redmi Pro, and do not install any application except malwarebytes, and we run, still wrote PUP.Riskware.Autoins.Fota caught there, so it is true that the default from xiaome and exist in its system

[pad201234]

I have contacted my phones support. They said that that app is indeed a system app that's used by google play. I don't think that's true. They probably got that information from the manufacturer. I read some more about this issue and it's common with cheaper chineese phones. They said that If I want to I can send the phone in and they will check it, wich I will not do because I will get the same information. I bought a new phone now. To the rest of you with this issue I would suggest just using the phone since I've been using mine for over a year not even knowing the app was there, turs out there are alot more of those apps on my phone. So just keep using your phone or install a new rom of android.

[Felipe2]

I've also started getting this Fota detected as of about 2 weeks ago.

File /system/app/FWUpgradeProvider/FWUpgradeProvider.apk

on a Lenovo Tab 2 A7-10F (upgraded to official Lenovo Android 5.0 months ago)

Edited December 11, 2017 by Felipe2
Clarity

[Felipe2]

I bought my Lenovo Tab 2 from a reputable store in unopened original packaging and have only updated from Lenovo OTA from Android 4.3.3 to 5.0. 

It's detected multiple times because I copied the file to the SD card.

False positive? Or something to worry about?

Forgot to mention that Norton Mobile Security fails to pick up either the original or the copy.

 

Edited December 11, 2017 by Felipe2
Additional info

[mbam_mtbr]

Hi @Felipe2,

PM sent.

Nathan

[jarvis123]

I'm having the same issue with my xperia C4 and it's not fixed after 2 factory resets

Android/PUP.Riskware.Autoins.Fota

/system/app/FWUpgradeProvider/FWUpgradeProvider.apk

@mbam_mtbr Should i be worried? do you have a solution for that?

Thanks