Jump to content

Recommended Posts

Hi, i need help and i hope that someone here can help me, im currently infested by a virus or malware that keeps on coming back, it never stop it always install itself
and it has the capability to
1. read phone status and identity
2. location
3. modify/delete contents
4. find accounts on device
5. download files WITHOUT notification
6.retrieve running app and run at startup
7. draw over other apps
8. read sync settings

it looks very dangerous it could steal info from my phone, based on my research those who are infected by this app also receives msgs with links and it seems that the phone itself created that message and sends to itself

right now i have no idea on how to remove this problem, also rooting is impossible currently because my phone is not supported on any rooting services and i yes i tried everything, emailed them if they supports rooting my phone and they all say no.

i was able to grab a copy of the enginee app in apk format maybe someone is interested on simulating it on an emulator (im doing it right now actually)

Edited by AlexSmith
Removed link
Link to post
Share on other sites

yeah but it got my attention and started pulling some strings and i ended up in a website that make military weapons in america, its the same one sending the url for auto installation, i think their spying on us

Edited by Lutzkhie
Link to post
Share on other sites

HI @Lutzkhie,

If you could share the link of the VirusTotal results, that would be very helpful.  Also, you can send an Apps Report and I can see what is on your device.

To send an Apps Report with Malwarebytes for Android use the following instructions.

1.Open the Malwarebytes for Android app.

2.Tap the Menu icon.

3. Tap Your apps.

4. Tap three lines icon in upper right corner.

5. Tap Send to support

Choose an email app to send Apps Report.

Your email app will open with the Apps Report included. Send the Apps Report to create a ticket.

PM the email used and/or the ticket number assigned.

Nathan

Link to post
Share on other sites

i cant send a report, theres an error, i forgot the exact words but it means that i dont have an email app to send report

also i think i found it, the source, i was monitoring my data consumption when suddenly a pre-installed app called "shell.apk" downloaded 1.5mb then a message pop up from malware about enginee as a threat i dont think its coincidence. but i still need confirmation

Link to post
Share on other sites

Hi @Lutzkhie,

The virustotal link is indeed to a malicious app, and do detect as Android/Trojan.Guerrilla.AK.

I'm interested in the "shell.apk" you are speak of.  Let's try another approach.  Download/install this app: https://play.google.com/store/apps/details?id=com.makaylatech.applist

You can then send me a screenshot of the app you are referring.

Have you recently installed a custom ROM onto your phone?  I recall a case were some ROMs come with per-installed malware.

Nathan

Link to post
Share on other sites

@mbam_mtbr

i cant find shell.apk on the app list package, it doesnt show system apps
also i kept on monitoring my data and there is also another app that would spike 1.5mb then followed by an "enginee" notification being installed, the weird part is that this particular app doesnt show on my system apps, its called "OS Services"
 

Edited by Lutzkhie
Link to post
Share on other sites

Hi @Lutzkhie,

Let's go back to the Send Apps report approach.  You may just need to set a default email address.  Here's guide to setting up default apps: https://www.tomsguide.com/us/change-default-apps-in-android,review-3309.html

If you still can't email, can you at least copy/paste the report?  Could you possibly PM me the pasted text?

Nathan

Link to post
Share on other sites

i was finally able to send a report, i tried disabling the shell.apk, enginee somehow stopped but a new app is auto installed something with "whone" in its name, if i remember correctly it was found adware by malwarebytes

i tried a factory reset, and it gave me an option to restore backup, how do i delete the recovery/backup file?

Link to post
Share on other sites

  • 1 month later...

auto installation of enginee really cant be remove but can be block via firewall, the app shell.apk even if removed still shows up on the "access list" on the firewall. If given permission, enginee automatically installs but if blocked no auto installation occurs

Link to post
Share on other sites

  • 1 month later...

Hello all.

I have been dealing with this enginee and whone problem for a long time by myself. I have formated the phone several times. When I found this thread I registered because it is again on my phone and I am so tired of it. I wish someone could explain to me how to block it via firewall or something because my skills in this area are not very deep. I would also be thankful if someone could point me to good resources where I can learn, I am new to this site.

I have some comments that I would like to add:

  • I have google services disabled from my phone (I wish there was a true free os for smartphones... I keep waiting for years).
  • I have very little apps installed, all from f-droid.
  • I have installed pocket  via Yalp Store ( I fear this might be the reason).
  • On the same day that enginee appeared on my phone, something entered my laptop aswell... extrange taps open on firefox.
  • I am only trying to have control over my info, are they really spying with this from a weapon company???? Why then is it so anoying?
Link to post
Share on other sites

  • 2 months later...
On 8/3/2018 at 12:41 AM, J_miller said:

Hello all.

I have been dealing with this enginee and whone problem for a long time by myself. I have formated the phone several times. When I found this thread I registered because it is again on my phone and I am so tired of it. I wish someone could explain to me how to block it via firewall or something because my skills in this area are not very deep. I would also be thankful if someone could point me to good resources where I can learn, I am new to this site.

I have some comments that I would like to add:

  • I have google services disabled from my phone (I wish there was a true free os for smartphones... I keep waiting for years).
  • I have very little apps installed, all from f-droid.
  • I have installed pocket  via Yalp Store ( I fear this might be the reason).
  • On the same day that enginee appeared on my phone, something entered my laptop aswell... extrange taps open on firefox.
  • I am only trying to have control over my info, are they really spying with this from a weapon company???? Why then is it so anoying?

hey, try "noroot firewall" and block "shell.apk"
then you can allow all other apps that you use online, I no longer have a problem from enginee and whone

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.