Jump to content

Pre Installed Malware


Recommended Posts

  • 4 weeks later...
On 1/10/2018 at 1:17 PM, Lutzkhie said:

i got the same problem, but i cant disable or force stop it both are greyed out, after a couple of days, 2 unknown apps were installed automatically when i went online, the apps are "infoprovided" and "enginee" both are found virus

have the same problem just recently with my android phone, "infoprovided" and "enginee" keeps on being installed even if I uninstall them several times, these viruses even used so much data when installed. 

Link to post
Share on other sites

12 hours ago, Engr_DR_LA said:

have the same problem just recently with my android phone, "infoprovided" and "enginee" keeps on being installed even if I uninstall them several times, these viruses even used so much data when installed. 

its becoming a problem, it must be taken care of as soon as possible to prevent leak of information

Link to post
Share on other sites

  • 2 weeks later...

Greetings, i've been having the same issue postes here, i definitively bought a cheap phone from a shady source, (i live in Venezuela, those are the only ones we have) i ran the antimalware, it showed the threat, but i can't disable the app, in my phone appears as "upgrade.sys" and i just can stop it for a while because it starts again of its own... Help please...

Link to post
Share on other sites

  • 2 months later...

Hi there. I get here looking for a solution for same/similar issue. Although I understand, now we have no a real solution, I share some captures of my device with detected apps by malwarebytes.

I have a doubt. If I decided root my device, when I will delete system dangerous files I share below, are these affected to the system when reboot it? I can see "settings" and "shell", and I'm not sure if these files are included on Android version or perhaps was modified by these virus/malware.

I'm running Android 4.4.2 of a Primux Omega6 (spanish brand mobile).

Regards

Screenshot_2018-03-31-15-49-47.png

Screenshot_2018-03-31-15-49-52.png

Edited by valtf
Link to post
Share on other sites

HI @valtf,

If you could send me an Apps Report, I can look further into your issue.

1.Open the Malwarebytes for Android app.

2.Tap the Menu icon.

3. Tap Your apps.

4. Tap three lines icon in upper right corner.

5. Tap Send to support

Choose an email app to send Apps Report.

Your email app will open with the Apps Report included. Send the Apps Report to create a ticket.

Thanks,

Nathan

Link to post
Share on other sites

Thank you Natham. I just sent you the report. I comment below What I did after I sent my last message last saturday.

When I do a Factoy reset, Virus appear at first connection to Internet again.
I reached to install Malwarebytes and perform first scanner. In it was detected Shell and Settings as malware/trojan but I couldn't unistall it.

With debloater I stopped all apps detected by debloater and performed a Safe reboot. Then I run Malwarebytes (in safe mode) and reached remove/ stopped viruses warning 

settings.apk            com.android.settiogs
FWUpgrade.apk           com.adups.fota
FWUpgradeProvider.apk   com.adups.sysoper
xy_1_0904_icon.apk    com.google.wallpapers (all detected by malwarebytes as malware)

I also had an alert of "IW service has stoped" and this has disappeared too after I reset this app.

I stopped other suspicious apps, but something I didn't right because at this moment some apps as gmail and others don't update to last version. I have a complete list of apps in the device that debloater show me. Do you want I send these here/private message o take a look?

Edited by valtf
Link to post
Share on other sites

  • 3 months later...

I had a challenging experience on the morning of July 23rd, 2018. I recently purchased a tablet from a Chinese manufacturer and, to my surprise, it came pre-installed with a potentially malicious application called "Upgradesys". Though my anti-virus (Eset) and anti-malware (Malwarebytes) applications found and warned me of the malware, neither was able to remove nor disable it nor any of the associated APKs. After extensive investigation I determined that two other pre-installed applications were likely associated with the malware, none of which were able to be disabled nor removed by Eset nor Malwarebytes. I decided to embark on debugging my tablet which can yield terrible effects on the tablet. I downloaded the most current version of Debloater (3.90) as well as its most current upgrade from XDA. I installed Debloater onto my PC and then upgraded it. I then enabled Developer mode on my tablet and enabled USB Debugging. All of the warnings flashed as I enabled each but it's a brand new system for me and if anything went wrong I figured I could simply resort to a factory reset. By the way, a factory reset would not fix the problem since the malware came pre-installed from the factory and is part of the factory reset. I then connected my tablet to my PC via a USB cable and allowed the connection. I then ran Debloater and it found my tablet via the USB cable. I then asked it to scan for all applications of which there were 171 of which three (3) were considered to be of risk. One of the three was installed as part of Antutu Benchmark which is a highly regarded system benchmarking tool pre-installed by the manufacturer. The other two were found labeled as FWUpgrade.apk and FWUpgradeProvider.apk. I placed a checkmark in the boxes to the left of each of the applications and then hit "Apply" to make the changes. Whatever would be, would be. I then disconnected the tablet from the PC and then disabled USB Debugging as well as Developer Mode. I then rebooted my tablet and crossed my fingers. A moment later the usual image appeared indicating that it was rebooting properly. As soon as the password prompt appeared an unfamiliar blue screen appeared with a digital countdown timer. I was able to back out of the countdown timer to enter the usual boot screen and from there I checked to see if the APKs of these malicious files were disabled and I was quite pleased to see that the files were indeed disabled. I then ran my anti-virus and anti-malware packages in in-depth mode and they no longer reflected the presence of any malware. Yahoo!

As of this morning, July 25th, 2018, I still have no malware. The issue has, in my case, been permanently resolved.

Link to post
Share on other sites

It was flawless. I'm very pleased. Thank you.

By the way, the brand name of my tablet (phone enabled with two (2) SIM slots) is LLLC and the Model # is TYD-108H. My Android version is 6.0. I believe it to be a MediaTec product.

Edited by Gerano
Pertinent Data
Link to post
Share on other sites

  • 4 months later...

Hi, my husband bought our helper a Micromax phone, it's running on Lollipop 5.1 and thanks to Malwarebytes we found that below PUP was pre-installed into her phone:

Android/PUP.Riskware.Autoins.Fota.

We've tried following all the steps in the thread that tells us it can be removed via adb but we're stuck at step no. 5 below because we do not know what drive the device is on. It just states that it's under portable devices. We tried downloading the debloater by Gatesjunior as well but still the device can't seem to be detected. Please help cause I'm so close to smashing both the phone and the pc (running on windows 7) due to frustration. 

5. Use the following command to list all apps on the device and confirm existence of package name(s) com.adups.fota and/or com.adups.fota.sysoper

adb shell pm list packages -f

Link to post
Share on other sites

On 12/1/2018 at 1:22 AM, narsclaw said:

Hi, my husband bought our helper a Micromax phone, it's running on Lollipop 5.1 and thanks to Malwarebytes we found that below PUP was pre-installed into her phone:

Android/PUP.Riskware.Autoins.Fota.

We've tried following all the steps in the thread that tells us it can be removed via adb but we're stuck at step no. 5 below because we do not know what drive the device is on. It just states that it's under portable devices. We tried downloading the debloater by Gatesjunior as well but still the device can't seem to be detected. Please help cause I'm so close to smashing both the phone and the pc (running on windows 7) due to frustration. 

5. Use the following command to list all apps on the device and confirm existence of package name(s) com.adups.fota and/or com.adups.fota.sysoper

adb shell pm list packages -f

HI @narsclaw,

You shouldn't have pick a drive.  The adb command line will detect the mobile device automatically.  You may want to check that you set up an environment variable path properly (this step will be under "What you'll need").

Nathan

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.