Jump to content

UpgradeSys virus (unremovable)


Recommended Posts

Hello, yesterday at about 18:00 Mcaffe security (Preinstalled antivirus with Lenovo) rang me a notification and told me there was a treath. Confused i clicked on that and it showed me something called "UpgradeSys". Since i assumed this is a system file i thought it could have been a false positive, so i tried checking it with MalWareBytes, which also tells me it is a virus (Trojan). Giving up on thinking and wanting it gone, i try to remove it, yet Malwarebytes tells me to disable it so that it can be whitelisted and it is a system app, while Mcaffe cannot remove it even when it prompts me to and i confirm it.

 

After doing a factory reset, the first thing i do is recheck if it is still there, and to my suprise, it still is. I have done a FULL factory reset which means all of my storage has been cleaned (Of my games , videos pictures etc) because the backup one didn't work either. I'd need some help with this.

Link to post
Share on other sites

Hi Nathan, many thanks for that.  I managed to work through the instructions, the only real hiccup was that I had a message saying my phone wouldn't allow blocking so they would have to disable\stop instead.  After I'd finished I reran Malwarebytes but it still found it and told me to manually disable.  I rebooted but same thing.  Looks like every time I reboot I'll have to go into settings and manually force stop UpgradeSys. Unless there's anything more I can do?

Link to post
Share on other sites

  • 3 weeks later...

Hey Everyone,

If the method of using the debloater tool does not work, unfortunately there is nothing we can do.  As stated in the "Disabling Adups via Debloater (FWUpgradeProvider.apk)" post, Adups is preinstalled.  Preinstalled means it comes already installed on a mobile device at the system level.  Thus, it cannot be removed by any malware scanners.

At this point, all you can do is start sending support tickets to you phone manufacturers demanding they remove Adups.  Feel free to reference my latest blog on the subject: https://blog.malwarebytes.com/cybercrime/2017/12/mobile-menace-monday-upping-the-ante-on-adups-fwupgradeprovider/

Nathan

Link to post
Share on other sites

  • 1 month later...
  • 1 month later...
  • 5 months later...
On 1/16/2018 at 6:55 PM, mbam_mtbr said:

Hey Everyone,

If the method of using the debloater tool does not work, unfortunately there is nothing we can do.  As stated in the "Disabling Adups via Debloater (FWUpgradeProvider.apk)" post, Adups is preinstalled.  Preinstalled means it comes already installed on a mobile device at the system level.  Thus, it cannot be removed by any malware scanners.

At this point, all you can do is start sending support tickets to you phone manufacturers demanding they remove Adups.  Feel free to reference my latest blog on the subject: https://blog.malwarebytes.com/cybercrime/2017/12/mobile-menace-monday-upping-the-ante-on-adups-fwupgradeprovider/

Nathan

Could rooting the phone be possible solution? I have the same thing and I'm using android 5.1

Link to post
Share on other sites

  • 4 months later...
  • 4 months later...

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.