Jump to content

Recommended Posts

Hello, yesterday at about 18:00 Mcaffe security (Preinstalled antivirus with Lenovo) rang me a notification and told me there was a treath. Confused i clicked on that and it showed me something called "UpgradeSys". Since i assumed this is a system file i thought it could have been a false positive, so i tried checking it with MalWareBytes, which also tells me it is a virus (Trojan). Giving up on thinking and wanting it gone, i try to remove it, yet Malwarebytes tells me to disable it so that it can be whitelisted and it is a system app, while Mcaffe cannot remove it even when it prompts me to and i confirm it.

 

After doing a factory reset, the first thing i do is recheck if it is still there, and to my suprise, it still is. I have done a FULL factory reset which means all of my storage has been cleaned (Of my games , videos pictures etc) because the backup one didn't work either. I'd need some help with this.

Share this post


Link to post
Share on other sites

I have the same problem. I can't remove the "UpgradeSys" with Trojan. I have done factory reset, but I can't remove it.

Please, help me too.

Share this post


Link to post
Share on other sites

Hi Nathan, many thanks for that.  I managed to work through the instructions, the only real hiccup was that I had a message saying my phone wouldn't allow blocking so they would have to disable\stop instead.  After I'd finished I reran Malwarebytes but it still found it and told me to manually disable.  I rebooted but same thing.  Looks like every time I reboot I'll have to go into settings and manually force stop UpgradeSys. Unless there's anything more I can do?

Share this post


Link to post
Share on other sites

Well okay, so i did everything on that list, it found my device in the debloater , told me it does not support block mode or whatever BUT IT CANNOT FIND

 

com.adups.fota and/or com.adups.fota.sysoper

 

What am i supposed to do now?

Share this post


Link to post
Share on other sites

Nathan, no it didn't disable.  I reran debloater to check the correct ones were ticked and they still were.  I'm afraid I gave up and added them to malwarebytes' whitelist so at least it wouldn't detect them from now on.  

Share this post


Link to post
Share on other sites
Posted (edited)

I'm having exactly the same problem, except Disable is greyed out, all I can do is Force Stop, but malwarebytes still can't resolve it

Edited by helenaid

Share this post


Link to post
Share on other sites

I am having the same problem. I managed to clear Palm play and Touch Pal that were being detected as Malware by Malwarebytes but The UpgradeSys doesn't wanna go.

What should i do? I hate Malware and Virus!!!!!

 

Share this post


Link to post
Share on other sites

Hi Nathan
Thank you I could stopped Android / PUP.Riskware.Autoins.Fota, I restart my smartphone and run malwarebytes and no detected anything.

Mil gracias por el gran apoyo!!!.

Sincerely

Xavy

Share this post


Link to post
Share on other sites

Am disappointed with these guys. I noticed that my mobile data was depleted too quickly and wondered what was happening. Little did I know that there were background apps using my data, downloading and updating stuff!!!

Share this post


Link to post
Share on other sites

Hey Everyone,

If the method of using the debloater tool does not work, unfortunately there is nothing we can do.  As stated in the "Disabling Adups via Debloater (FWUpgradeProvider.apk)" post, Adups is preinstalled.  Preinstalled means it comes already installed on a mobile device at the system level.  Thus, it cannot be removed by any malware scanners.

At this point, all you can do is start sending support tickets to you phone manufacturers demanding they remove Adups.  Feel free to reference my latest blog on the subject: https://blog.malwarebytes.com/cybercrime/2017/12/mobile-menace-monday-upping-the-ante-on-adups-fwupgradeprovider/

Nathan

Share this post


Link to post
Share on other sites

Hi guys, when I was looking for a solution for Upgradesys malware I found an advice to use app Noroot firewall. It solved my problem, I blocked some system apps access to internet and voila - no more unwanted app installations. Not a perfect solution, but usable:)

Share this post


Link to post
Share on other sites
On 1/16/2018 at 6:55 PM, mbam_mtbr said:

Hey Everyone,

If the method of using the debloater tool does not work, unfortunately there is nothing we can do.  As stated in the "Disabling Adups via Debloater (FWUpgradeProvider.apk)" post, Adups is preinstalled.  Preinstalled means it comes already installed on a mobile device at the system level.  Thus, it cannot be removed by any malware scanners.

At this point, all you can do is start sending support tickets to you phone manufacturers demanding they remove Adups.  Feel free to reference my latest blog on the subject: https://blog.malwarebytes.com/cybercrime/2017/12/mobile-menace-monday-upping-the-ante-on-adups-fwupgradeprovider/

Nathan

Could rooting the phone be possible solution? I have the same thing and I'm using android 5.1

Share this post


Link to post
Share on other sites

Hi @Supreem,

Technically, yes.  However, I can't recommend rooting since there is a potential to damage your device permanently, and could open it up to host of other issues.  Therefore, doing so is at your own risk.

Nathan

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

  • Recently Browsing   0 members

    No registered users viewing this page.

×

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.