Jump to content
Slobodan

Malware infection keeps returning

Recommended Posts

Since couple of days ago, Malwarebytes Anti-Malware (paid version) keeps warning me about malware infection.

It says something like, that and that is scanned and safe to use, and then another pop-up saying infection found. It is also telling me that I have new apps that have not been scanned yet, but I have not installed any new apps.

So, I perform a scan. It finds 1 infection. I select to remove it. It says application successfully uninstalled. Then some other window appears that shows me some "recommand apps" (very dodgy). I did not tap on anything in that window (named "cordova"), just closed it. Then, Malwarebytes does not detect anything.

One day later, it all starts to happen again.

One time my phone got stuck, I barely managed to reboot it. It could be caused by that malware.

 

My phone is Cubot Note S with stock Android 6.0, and Malwarebytes app is version 3.1.1.13

Screenshot_20180102-125454.png

Screenshot_20180103-141859.png

Screenshot_20180104-194853.png

Screenshot_20180104-194953.png

Screenshot_20180104-195007.png

Share this post


Link to post
Share on other sites

Just this morning, I got it again. It was "clean" yesterday, and now it is "clean" again. But where does this come from??? :/

Screenshot_20180105-092306.png

Share this post


Link to post
Share on other sites

It got stuck at "Preparing to scan" and it is showing red?

 

I have rebooted, and after a scan it found 2 malware. It says I need to remove them manually. But I can not find those files. And I don't know if I have given Malwarebytes all the permissions as requested. Please see screenshots and please tell me how to remove this.

Screenshot_20180105-121701.png

Screenshot_20180105-121710.png

Screenshot_20180105-123407.png

Screenshot_20180105-123426.png

Screenshot_20180105-123529.png

Share this post


Link to post
Share on other sites

Hi @Slobodan,

It appears that something is re-installing these apps.  If you can send us a list of of your apps via our Apps Report we can look further into this.

To send an Apps Report with Malwarebytes for Android use the following instructions.

1.Open the Malwarebytes for Android app.

2.Tap the Menu icon.

3. Tap Your apps.

4. Tap three lines icon in upper right corner.

5. Tap Send to support

Choose an email app to send Apps Report.

Your email app will open with the Apps Report included. Send the Apps Report to create a ticket.

 

Nathan

Share this post


Link to post
Share on other sites

Thank you. I have sent it, as per instructions.

My phone is becoming unusable because of this malware. Today, I had to reboot it a few times, and last time I had to take the battery out in order to reboot it. Even now, it is very slow, as if malware is using processor at 100%.

 

I hope you can help me fix this, because I had already had to flash my phone few months ago because of malware, and then I bought this antivirus for protection. :(

 

Edit: While following your instructions, in Malwarebytes app in installed apps menu, I have noticed 4 suspicious apps with green android icons. I have not installed them myself, so I have deleted them. Now the phone is responsive again.

Edited by Slobodan

Share this post


Link to post
Share on other sites

Hi @Slobodan,

Just to re-iterate what we discussed via PM to the public, we added the following detections:

Android/Trojan.Cova.BF
Android/Trojan.Guerrilla.BJ
Android/Trojan.Guerrilla.BG

Thanks for the help on this!  I'm sure others will encounter these as well, and now they will be removed.

Nathan
 

Share this post


Link to post
Share on other sites

I can't find this file. Where is this location?

/mnt/sdcard/.tmpsicache/CliL1515313606828.apk

It is not in hidden folders either. I can not find it anywhere.

 

Screenshot_20180107-101655.png

Screenshot_20180107-101710.png

 

 

Edited by Slobodan

Share this post


Link to post
Share on other sites

Once a day, these 4 or 5 malware apps get installed (same as in previous screenshots). Malwarebytes anti-ransomwhare protection then immediately scans them and says they are safe to use, but then it says one or two malware found. Then I just go to malwarebytes app, installed apps and uninstall them. But they return every day. :/

Share this post


Link to post
Share on other sites

For now, those app are not returning. But now these malware files are returning and it says that it can't remove them, that I need to do it manually. But I can't find those files, where are they (see locations in the screenshots).

Screenshot_20180110-130823.png

Screenshot_20180110-130810.png

Screenshot_20180110-130803.png

Screenshot_20180110-130756.png

Screenshot_20180110-130750.png

Share this post


Link to post
Share on other sites

While I was in Aliexpress app, in top status bar there was some glitching (like the notifications appearing, but invisible - or like something was downloading), and then this (first screenshot) appeared. They I ran a scan, and it found 24 malware (the highest number so far).

I wanted to ask, if this is a bug? It says that those files can not be removed and I have to remove them manually (third screenshot). But then, after I ran another scan it finds nothing, and in fourth screenshot you can see it says 24 out of 24 where removed. So, is it a bug that it says it can not remove them, or is it a bug when it says that they are removed?

Also, malware had opened Play Store on its own and took me to this app (5th screenshot).

And, before all of this (in this reply), I have installed Virus Total app, that scans all apps on the phone and compares the signatures of the various anti-virus programs. It only said that one app had some infection - 4 anti-virus programs think at least (6th screenshot). I have uninstalled that app, but still have this problems.

Screenshot_20180111-173632.png

Screenshot_20180111-173949.png

Screenshot_20180111-174035.png

Screenshot_20180111-174435.png

Screenshot_20180111-174526.png

Screenshot_20180111-124852.png

Edited by Slobodan

Share this post


Link to post
Share on other sites

Hi @Slobodan,

You mentioned that you flashed your phone with a custom ROM.  I think what's going on here is that the ROM contained malware, and may have put them at the system level.  If this is the case, we can't remove.  This is considered preinstalled malware, which is becoming more of an issue -> Mobile Menace Monday: Preinstalled adware and sometimes worse.

Nathan

 

Share this post


Link to post
Share on other sites

I have sent app report again. Sorry for "SPAM", but can you please check if com.systems.apps.build2 is malware or not? It is listed under installed apps, installed (not by me) on 13.01.2018. And it is not detected as malware by the Malwarebytes scanner.

Edit: Actually, it says updated on 13.01.2018. So, it could be that it was installed (again, not by me) a day or two before.

Edit 2: Support ticket number is 2193404

Edited by Slobodan

Share this post


Link to post
Share on other sites
25 minutes ago, Didin said:

I have the exact same problem with Cubot Echo. Could it be associated with the phone brand?

Hello, well please have a deeper look on this, and give us the information we are needed.

---->

MAM

Share this post


Link to post
Share on other sites

I don't have much to say. When I say I have the exact same problem I mean it. The frequency is the same, the files that are being downloaded are the same... Everything is the same.

Share this post


Link to post
Share on other sites

Wow. It could be Cubot related (to their ROM). But could only be a coincidence. Who would know. I was not able to fix it.

I no longer use official Cubot ROM. I use a custom ROM now. For my Note S, I use ColtOS 1.4 (Android 7.1.2). If you want to switch to custom ROM too, check out what it is available for your phone on NEEDROM website.

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

  • Recently Browsing   0 members

    No registered users viewing this page.

×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.