Jump to content

Trojan reinstalls after factory reset on phone.


Recommended Posts

Hi,
I'm new to this forum. I think I'm in the right forum for my issue. My phone was infected with what I think is a type of auto rooting trojan. Though my phone still shows not rooted,  but it put a file and modified one in  root/recovery areas. I was looking for info on an app I'm using called Duraspeed. I came across this website that started throwing popups at me saying my phone had tons of viruses, which was a lie. By the time I could break free from the drive by attacks, it was too late. I started getting sluggish performance on my phone and popup ads randomly. Even though it somehow gained root access, my phone is not rooted. Never was. Its still not! Because I checked with several apps off the playstore to confirm this. Long story short:

It put a file called "ads_popup-release.apk"
in my root folder /system/priv-app/

And modified a file called "8e710bb7.0"
in root folder /system/etc/security/cacerts/
or put (installed) the file there I'm not sure.

The file running on the phone as a system app is called "ad_surface"

I can only force stop and disable ad_surface without the ability to uninstall. I have to repeat this process every time I reboot. This stops the ads from popping up. Funny thing is, even though the force stop button in app settings is greyed meaning it was stopped and disabled, my OS Monitor app that shows running processes shows ad_surface is still running. Yet, it does stop the random popup ads by doing it this way. I've tried 360 AV, Avast, AVG, Malwarebytea, kaspers, stubborn rootkit remover, a lot of antivirus programs but nothing detects it. I'm using Total Commander File Manager to view the device system partitions. I even copied the two trojan files to a folder on the user partition to see if any of the antivirus programs could check them there away from the root areas. But nothing. My guess is that I need to root my phone so I can gain access to the apk file and delete it. I haven't done a factory reset because I realize that apk file is in the recovery partition in order to reinstall itself. I've never rooted a phone before, but I have Kingroot installed. I downloaded it from XDA. I just don't have the guts to use it in fear of bricking. Do you think it would work with my phone? Does it abort the root procedure if it can't do it? Here are my phone specs:

Vortex Beat 8
Software build: 8_V1.5_20171011
Chipset: MT6580M Cortex-A7
CPU Architecture: ARMv7 Processor Rev 3(V71)

Cores: 4 1300MHz
Kernal Version: 3.18.19
Total Ram: 459MB
Internal ROM: 8GB (4GB for user)

That's about it. If there's anything anybody who could recommend how to go about this I would greatly appreciate the help. Thank you...
 
 
Link to post
Share on other sites

12 minutes ago, SecretSociety68 said:
Hi,
I'm new to this forum. I think I'm in the right forum for my issue. My phone was infected with what I think is a type of auto rooting trojan. Though my phone still shows not rooted,  but it put a file and modified one in  root/recovery areas. I was looking for info on an app I'm using called Duraspeed. I came across this website that started throwing popups at me saying my phone had tons of viruses, which was a lie. By the time I could break free from the drive by attacks, it was too late. I started getting sluggish performance on my phone and popup ads randomly. Even though it somehow gained root access, my phone is not rooted. Never was. Its still not! Because I checked with several apps off the playstore to confirm this. Long story short:

It put a file called "ads_popup-release.apk"
in my root folder /system/priv-app/

And modified a file called "8e710bb7.0"
in root folder /system/etc/security/cacerts/
or put (installed) the file there I'm not sure.

The file running on the phone as a system app is called "ad_surface"

I can only force stop and disable ad_surface without the ability to uninstall. I have to repeat this process every time I reboot. This stops the ads from popping up. Funny thing is, even though the force stop button in app settings is greyed meaning it was stopped and disabled, my OS Monitor app that shows running processes shows ad_surface is still running. Yet, it does stop the random popup ads by doing it this way. I've tried 360 AV, Avast, AVG, Malwarebytea, kaspers, stubborn rootkit remover, a lot of antivirus programs but nothing detects it. I'm using Total Commander File Manager to view the device system partitions. I even copied the two trojan files to a folder on the user partition to see if any of the antivirus programs could check them there away from the root areas. But nothing. My guess is that I need to root my phone so I can gain access to the apk file and delete it. I haven't done a factory reset because I realize that apk file is in the recovery partition in order to reinstall itself. I've never rooted a phone before, but I have Kingroot installed. I downloaded it from XDA. I just don't have the guts to use it in fear of bricking. Do you think it would work with my phone? Does it abort the root procedure if it can't do it? Here are my phone specs:

Vortex Beat 8
Software build: 8_V1.5_20171011
Chipset: MT6580M Cortex-A7
CPU Architecture: ARMv7 Processor Rev 3(V71)

Cores: 4 1300MHz
Kernal Version: 3.18.19
Total Ram: 459MB
Internal ROM: 8GB (4GB for user)

That's about it. If there's anything anybody who could recommend how to go about this I would greatly appreciate the help. Thank you...
 
 

I copied this post of mine from XDA developers to here. It mentions I haven't done a factory reset yet, but I have now, and the Trojan did reinfect...

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share

  • Recently Browsing   0 members

    No registered users viewing this page.

Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.