mbam_mtbr Posted December 12, 2017 ID:1191071 Share Posted December 12, 2017 Hi @jarvis123 Here's a potential solution: Link to post Share on other sites More sharing options...
Lutzkhie Posted January 10, 2018 ID:1198483 Share Posted January 10, 2018 i got the same problem, but i cant disable or force stop it both are greyed out, after a couple of days, 2 unknown apps were installed automatically when i went online, the apps are "infoprovided" and "enginee" both are found virus Link to post Share on other sites More sharing options...
Lutzkhie Posted January 10, 2018 ID:1198484 Share Posted January 10, 2018 On 12/12/2017 at 11:06 PM, mbam_mtbr said: ok what is adups because i dont have one installed only FWupgrade which is found to be a malware Link to post Share on other sites More sharing options...
mbam_mtbr Posted January 10, 2018 ID:1198629 Share Posted January 10, 2018 Hi @Lutzkhie, Please see our blog post about Adups for more info: Mobile Menace Monday: upping the ante on Adups Nathan Link to post Share on other sites More sharing options...
Lutzkhie Posted January 11, 2018 ID:1198826 Share Posted January 11, 2018 its installed the enginee app again, ang requesting for location, storage, it could hack my device maybe my accounts Link to post Share on other sites More sharing options...
Engr_DR_LA Posted January 14, 2018 ID:1199727 Share Posted January 14, 2018 On 1/10/2018 at 1:17 PM, Lutzkhie said: i got the same problem, but i cant disable or force stop it both are greyed out, after a couple of days, 2 unknown apps were installed automatically when i went online, the apps are "infoprovided" and "enginee" both are found virus have the same problem just recently with my android phone, "infoprovided" and "enginee" keeps on being installed even if I uninstall them several times, these viruses even used so much data when installed. Link to post Share on other sites More sharing options...
Lutzkhie Posted January 14, 2018 ID:1199869 Share Posted January 14, 2018 12 hours ago, Engr_DR_LA said: have the same problem just recently with my android phone, "infoprovided" and "enginee" keeps on being installed even if I uninstall them several times, these viruses even used so much data when installed. its becoming a problem, it must be taken care of as soon as possible to prevent leak of information Link to post Share on other sites More sharing options...
Gusmoreno Posted January 29, 2018 ID:1209764 Share Posted January 29, 2018 Greetings, i've been having the same issue postes here, i definitively bought a cheap phone from a shady source, (i live in Venezuela, those are the only ones we have) i ran the antimalware, it showed the threat, but i can't disable the app, in my phone appears as "upgrade.sys" and i just can stop it for a while because it starts again of its own... Help please... Link to post Share on other sites More sharing options...
MAM Posted January 29, 2018 ID:1210047 Share Posted January 29, 2018 Hello, please tell us the exact name of your smartphone, the version of the AndroidOs, and so one. MAM Link to post Share on other sites More sharing options...
Gusmoreno Posted January 29, 2018 ID:1210226 Share Posted January 29, 2018 5 hours ago, MAM said: Hello, please tell us the exact name of your smartphone, the version of the AndroidOs, and so one. MAM Hello my phone is a Hyundai L500 with android 6.0, as i said before, as cheap as a phone can be... Link to post Share on other sites More sharing options...
mbam_mtbr Posted January 30, 2018 ID:1210400 Share Posted January 30, 2018 Hi @Gusmoreno, Unfortunately, at this time there isn't much we can do, but we are still looking for a solution. Please see our blog post about Adups for more info: Mobile Menace Monday: upping the ante on Adups Nathan Link to post Share on other sites More sharing options...
Gusmoreno Posted January 31, 2018 ID:1210837 Share Posted January 31, 2018 11 hours ago, mbam_mtbr said: Hi @Gusmoreno, Unfortunately, at this time there isn't much we can do, but we are still looking for a solution. Please see our blog post about Adups for more info: Mobile Menace Monday: upping the ante on Adups Nathan Thanks anyway... Link to post Share on other sites More sharing options...
valtf Posted March 31, 2018 ID:1228809 Share Posted March 31, 2018 (edited) Hi there. I get here looking for a solution for same/similar issue. Although I understand, now we have no a real solution, I share some captures of my device with detected apps by malwarebytes. I have a doubt. If I decided root my device, when I will delete system dangerous files I share below, are these affected to the system when reboot it? I can see "settings" and "shell", and I'm not sure if these files are included on Android version or perhaps was modified by these virus/malware. I'm running Android 4.4.2 of a Primux Omega6 (spanish brand mobile). Regards Edited March 31, 2018 by valtf Link to post Share on other sites More sharing options...
mbam_mtbr Posted April 5, 2018 ID:1230150 Share Posted April 5, 2018 HI @valtf, If you could send me an Apps Report, I can look further into your issue. 1.Open the Malwarebytes for Android app. 2.Tap the Menu icon. 3. Tap Your apps. 4. Tap three lines icon in upper right corner. 5. Tap Send to support Choose an email app to send Apps Report. Your email app will open with the Apps Report included. Send the Apps Report to create a ticket. Thanks, Nathan Link to post Share on other sites More sharing options...
valtf Posted April 5, 2018 ID:1230233 Share Posted April 5, 2018 (edited) Thank you Natham. I just sent you the report. I comment below What I did after I sent my last message last saturday. When I do a Factoy reset, Virus appear at first connection to Internet again. I reached to install Malwarebytes and perform first scanner. In it was detected Shell and Settings as malware/trojan but I couldn't unistall it. With debloater I stopped all apps detected by debloater and performed a Safe reboot. Then I run Malwarebytes (in safe mode) and reached remove/ stopped viruses warning settings.apk com.android.settiogs FWUpgrade.apk com.adups.fota FWUpgradeProvider.apk com.adups.sysoper xy_1_0904_icon.apk com.google.wallpapers (all detected by malwarebytes as malware) I also had an alert of "IW service has stoped" and this has disappeared too after I reset this app. I stopped other suspicious apps, but something I didn't right because at this moment some apps as gmail and others don't update to last version. I have a complete list of apps in the device that debloater show me. Do you want I send these here/private message o take a look? Edited April 5, 2018 by valtf Link to post Share on other sites More sharing options...
mbam_mtbr Posted April 5, 2018 ID:1230238 Share Posted April 5, 2018 Hi @valtf, Could you Private Message me the email used to submit and/or the ticket # issued? Thanks Nathan Link to post Share on other sites More sharing options...
Gerano Posted July 25, 2018 ID:1258820 Share Posted July 25, 2018 I had a challenging experience on the morning of July 23rd, 2018. I recently purchased a tablet from a Chinese manufacturer and, to my surprise, it came pre-installed with a potentially malicious application called "Upgradesys". Though my anti-virus (Eset) and anti-malware (Malwarebytes) applications found and warned me of the malware, neither was able to remove nor disable it nor any of the associated APKs. After extensive investigation I determined that two other pre-installed applications were likely associated with the malware, none of which were able to be disabled nor removed by Eset nor Malwarebytes. I decided to embark on debugging my tablet which can yield terrible effects on the tablet. I downloaded the most current version of Debloater (3.90) as well as its most current upgrade from XDA. I installed Debloater onto my PC and then upgraded it. I then enabled Developer mode on my tablet and enabled USB Debugging. All of the warnings flashed as I enabled each but it's a brand new system for me and if anything went wrong I figured I could simply resort to a factory reset. By the way, a factory reset would not fix the problem since the malware came pre-installed from the factory and is part of the factory reset. I then connected my tablet to my PC via a USB cable and allowed the connection. I then ran Debloater and it found my tablet via the USB cable. I then asked it to scan for all applications of which there were 171 of which three (3) were considered to be of risk. One of the three was installed as part of Antutu Benchmark which is a highly regarded system benchmarking tool pre-installed by the manufacturer. The other two were found labeled as FWUpgrade.apk and FWUpgradeProvider.apk. I placed a checkmark in the boxes to the left of each of the applications and then hit "Apply" to make the changes. Whatever would be, would be. I then disconnected the tablet from the PC and then disabled USB Debugging as well as Developer Mode. I then rebooted my tablet and crossed my fingers. A moment later the usual image appeared indicating that it was rebooting properly. As soon as the password prompt appeared an unfamiliar blue screen appeared with a digital countdown timer. I was able to back out of the countdown timer to enter the usual boot screen and from there I checked to see if the APKs of these malicious files were disabled and I was quite pleased to see that the files were indeed disabled. I then ran my anti-virus and anti-malware packages in in-depth mode and they no longer reflected the presence of any malware. Yahoo! As of this morning, July 25th, 2018, I still have no malware. The issue has, in my case, been permanently resolved. Link to post Share on other sites More sharing options...
mbam_mtbr Posted July 25, 2018 ID:1258885 Share Posted July 25, 2018 Hi @Gerano, That's great news! I'm glad this method worked for you! Nathan Link to post Share on other sites More sharing options...
Gerano Posted July 25, 2018 ID:1258907 Share Posted July 25, 2018 (edited) It was flawless. I'm very pleased. Thank you. By the way, the brand name of my tablet (phone enabled with two (2) SIM slots) is LLLC and the Model # is TYD-108H. My Android version is 6.0. I believe it to be a MediaTec product. Edited July 25, 2018 by Gerano Pertinent Data Link to post Share on other sites More sharing options...
narsclaw Posted December 1, 2018 ID:1284139 Share Posted December 1, 2018 Hi, my husband bought our helper a Micromax phone, it's running on Lollipop 5.1 and thanks to Malwarebytes we found that below PUP was pre-installed into her phone: Android/PUP.Riskware.Autoins.Fota. We've tried following all the steps in the thread that tells us it can be removed via adb but we're stuck at step no. 5 below because we do not know what drive the device is on. It just states that it's under portable devices. We tried downloading the debloater by Gatesjunior as well but still the device can't seem to be detected. Please help cause I'm so close to smashing both the phone and the pc (running on windows 7) due to frustration. 5. Use the following command to list all apps on the device and confirm existence of package name(s) com.adups.fota and/or com.adups.fota.sysoper adb shell pm list packages -f Link to post Share on other sites More sharing options...
mbam_mtbr Posted December 3, 2018 ID:1284550 Share Posted December 3, 2018 On 12/1/2018 at 1:22 AM, narsclaw said: Hi, my husband bought our helper a Micromax phone, it's running on Lollipop 5.1 and thanks to Malwarebytes we found that below PUP was pre-installed into her phone: Android/PUP.Riskware.Autoins.Fota. We've tried following all the steps in the thread that tells us it can be removed via adb but we're stuck at step no. 5 below because we do not know what drive the device is on. It just states that it's under portable devices. We tried downloading the debloater by Gatesjunior as well but still the device can't seem to be detected. Please help cause I'm so close to smashing both the phone and the pc (running on windows 7) due to frustration. 5. Use the following command to list all apps on the device and confirm existence of package name(s) com.adups.fota and/or com.adups.fota.sysoper adb shell pm list packages -f HI @narsclaw, You shouldn't have pick a drive. The adb command line will detect the mobile device automatically. You may want to check that you set up an environment variable path properly (this step will be under "What you'll need"). Nathan Link to post Share on other sites More sharing options...
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now