Jump to content

Recommended Posts

Uninstalling Adups and other preinstalled malware via ADB command line tool

Updated October 2018: New method now uninstalls, not just disables Adups.  Credit given to user Hashux for pointing out this updated method.

Adups Background

Adups has been found preinstalled on mobile devices from manufacturers such as BLU, and other mobile devices typically found on online stores such as Amazon.  Adups is a well-known threat, as addressed in Mobile Menace Monday: upping the ante on Adups.  It is considered a preinstalled PUP and/or malware, which is becoming more of an issue as written in Mobile Menace Monday: Preinstalled adware and sometimes worse.

Adups has a couple components:

  • Android/PUP.Riskware.Autoins.Fota – Auto installer that runs with system level privileges, which allows it to install apps and update without user's knowledge; package names com.adups.fota.sysoper and com.fw.upgrade.sysoper, name in app list UpgradeSys; name of APK FWUpgradeProvider.apk
    • Important Note: PUP (Potentially Unwanted Program) is not malware; thus it is not nearly as harmful
  • Android/Backdoor.Agent - Information stealer that captures user data such as text messages, location, and unique device identifiers, package name com.adups.fota;name(s) in app list System Update, Wireless Update, others; name of APK adupsfota.apk
  • Android/Trojan.Downloader.Fota.e - Downloader, package name com.adups.fota; name(s) in app list System Update, Wireless Update, others; name of APK adupsfota.apk

Adups cannot be uninstalled/disabled easily

Preinstalled means it comes already installed on a mobile device at the system level.  Thus, it cannot be removed, only disabled through a device’s app information page.  Unfortunately, it has come to our attention that the preinstalled PUP and/or Malware known as Adups cannot be disabled through a mobile device’s app information page either.

Uninstalling Adups and other preinstalled malware manually via ADB command line tool

Although it cannot be uninstalled/disabled via conventional methods, we have discovered a method to uninstall Adups apps that does not involve rooting your mobile device. This method involves using the ADB command line tool provided through Android Studio

Uninstall Note: Uninstalling is done via command adb shell pm uninstall -k --user 0.  The portion of the command, --user 0, is the current user.  So technically, it's only uninstalling for the current user, and not all the users.  Thus, the app(s) will still reside on the device, although they will no longer appear in the app information page.  However, since they still reside on the device, a factory reset will restore.  There is another method as well; see Restoring apps onto the device below.

Disclaimer: Proceed at your own risk!  I, nor Malwarebyes, can guarantee this will not damage your mobile device.  Uninstalling system apps has the potential to permanently damage your device, rendering it unusable.  However, by uninstalling only the Adups apps listed in this guide, I can’t see how any damage would occur. Also, as noted in the Uninstall Note above, a factory reset will restore any apps uninstalled using this method. Still, if you value your mobile device, this option may not be worth the risk.

What you’ll need:

  • Mobile device infected with Adups apps (or other preinstalled malware)
  • Android Studio and any additional files it needs to function
    • Another option is to install the standalone SDK Platform Tools; especially if PC storage space is a concern
  • Setting an environment variable path to ADB after Android Studio installation
    • Path is usually C:\Users\<username>\AppData\Local\Android\Sdk\platform-tools\
    • For standalone SDK Platform Tools option, wherever you unzip, make into the environment variable
  • USB to connect mobile device to PC
  • Google USB Drivers
  • Some basic technical ability, and willingness to remove Adups at all costs — or at least the cost of “bricking” your mobile device, although unlikely

Uninstalling Adups via ADB command line

  1. Enable USB debugging on mobile device
  2. Plug mobile device into your PC
  3. In the mobile device’s notifications, tap “USB for…” and select Transfer files.
  4. Open Command Prompt on PC
  5. Use the following command to list all apps on the device and confirm existence of package name(s) com.adups.fota and/or com.adups.fota.sysoper
    1. adb shell pm list packages -f
      1. Easiest way is to copy/paste into text editor and search for com.adups.fota and/or com.adups.fota.sysoper
  6. STOP — Before the next steps, make sure to copy/paste the path of the apk somewhere in case you want to re-install; see Restoring apps onto the device below.
  7. Use the following commands to uninstall Adups
    1. adb shell pm uninstall -k --user 0 com.adups.fota
    2. adb shell pm uninstall -k --user 0 com.adups.fota.sysoper
      1. You should receive a Success after each command
      2. You can use adb shell pm list packages -f again to ensure the Adups apps are removed from the list

Other Preinstalled Malicious Apps

This method can also be used on other stubborn preinstalled malicious apps as well.  You would just replace the command(s) above with the appropriate package name.

adb shell pm uninstall -k --user 0 <package name>

Warning: Before doing so, I suggest rereading the disclaimer above, and being extra cautious before uninstalling any system apps!

Restoring apps onto the device (without factory reset)

As stated in the Uninstall Note above, the uninstall is only for the current user.  Thus, the app(s) will still reside on the device. As a result, they can be restored using a factory reset, or another very helpful adb command:

adb shell pm install -r --user 0 <full path of the apk>

Note: You must install using the full path of the apk. Examples:

/system/app/AdupsFota/AdupsFota.apk

/system/app/AdupsFotaReboot/AdupsFotaReboot.apk

Using the package name like you did on uninstall will not work.  Thus, make sure to copy/paste any full path of apk you like to uninstall from command adb shell pm list packages -f in a safe place before proceeding.

Feedback Appreciated

The method above was successfully tested on BLU Studio XL 2 running Android OS 6.0.  Please feel free to PM me (mbam_mtbr) with your success/failure of this method to further help the Android community!

Good luck,

Nathan

 

Edited by mbam_mtbr
Link to post
Share on other sites

  • mbam_mtbr locked this topic
  • AlexSmith pinned this topic
  • mbam_mtbr unlocked and locked this topic
  • mbam_mtbr unlocked and locked this topic
  • mbam_mtbr unlocked, locked, unlocked, locked, unlocked and locked this topic
  • mbam_mtbr unlocked, locked, unlocked and locked this topic
  • mbam_mtbr unlocked, locked, unlocked and locked this topic
  • mbam_mtbr unlocked and locked this topic
  • mbam_mtbr unlocked and locked this topic
  • mbam_mtbr unlocked and locked this topic
  • mbam_mtbr unlocked, locked, unlocked, locked, unlocked and locked this topic
  • mbam_mtbr unlocked and locked this topic
  • mbam_mtbr unlocked and locked this topic
  • mbam_mtbr unlocked, locked, unlocked, locked, unlocked, locked and unlocked this topic
  • mbam_mtbr locked and unlocked this topic
  • mbam_mtbr unlocked and locked this topic
  • mbam_mtbr unlocked and locked this topic
Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.