Enginee App

[Lutzkhie]

Hi, i need help and i hope that someone here can help me, im currently infested by a virus or malware that keeps on coming back, it never stop it always install itself
and it has the capability to
1. read phone status and identity
2. location
3. modify/delete contents
4. find accounts on device
5. download files WITHOUT notification
6.retrieve running app and run at startup
7. draw over other apps
8. read sync settings

it looks very dangerous it could steal info from my phone, based on my research those who are infected by this app also receives msgs with links and it seems that the phone itself created that message and sends to itself

right now i have no idea on how to remove this problem, also rooting is impossible currently because my phone is not supported on any rooting services and i yes i tried everything, emailed them if they supports rooting my phone and they all say no.

i was able to grab a copy of the enginee app in apk format maybe someone is interested on simulating it on an emulator (im doing it right now actually)

Edited May 15, 2018 by AlexSmith
Removed link

[MAM]

Hello, well I guess that is Malware.

You can upload it here to check then.

---> www.virustotal.com

MAM

 

 

[MAM]

Hello, please remove your download link here on the forum.

And make please this.

MAM

[Lutzkhie]

@florinch i just tried, it didnt return... yet

@MAM i checked it on virustotal, 14/62 engines found this as infected files, i rescanned it and 22/61

Also i dont know how to edit my post to remove the download link

Edited April 30, 2018 by Lutzkhie

[Lutzkhie]

based on virustotal graph, i found a link which if you try to load it on desktop it auto download the same apk file and that is the enginee app
if i could blacklist this link on my phone it should stop the auto installing right?

[Lutzkhie]

yeah but it got my attention and started pulling some strings and i ended up in a website that make military weapons in america, its the same one sending the url for auto installation, i think their spying on us

Edited April 30, 2018 by Lutzkhie

[MAM]

Hello, Lutzkhie please wait for the expert´ s here.

And in the other problem to edit your posting: You must have at least 30 postings or more here to do this. I do not know what exactly.

MAM

[Lutzkhie]

damn the enginee is back again, there has to be something thats triggering this

[mbam_mtbr]

HI @Lutzkhie,

If you could share the link of the VirusTotal results, that would be very helpful.  Also, you can send an Apps Report and I can see what is on your device.

To send an Apps Report with Malwarebytes for Android use the following instructions.

1.Open the Malwarebytes for Android app.

2.Tap the Menu icon.

3. Tap Your apps.

4. Tap three lines icon in upper right corner.

5. Tap Send to support

Choose an email app to send Apps Report.

Your email app will open with the Apps Report included. Send the Apps Report to create a ticket.

PM the email used and/or the ticket number assigned.

Nathan

[Lutzkhie]

im not sure how to share the result but heres link
https://www.virustotal.com/#/file/7977270656abfe7ca99095817dcb35c432a7a0c7249b309054bc97b3acbffa93/detection

[Lutzkhie]

i cant send a report, theres an error, i forgot the exact words but it means that i dont have an email app to send report

also i think i found it, the source, i was monitoring my data consumption when suddenly a pre-installed app called "shell.apk" downloaded 1.5mb then a message pop up from malware about enginee as a threat i dont think its coincidence. but i still need confirmation

[mbam_mtbr]

Hi @Lutzkhie,

The virustotal link is indeed to a malicious app, and do detect as Android/Trojan.Guerrilla.AK.

I'm interested in the "shell.apk" you are speak of.  Let's try another approach.  Download/install this app: https://play.google.com/store/apps/details?id=com.makaylatech.applist

You can then send me a screenshot of the app you are referring.

Have you recently installed a custom ROM onto your phone?  I recall a case were some ROMs come with per-installed malware.

Nathan

[Lutzkhie]

@mbam_mtbr

i cant find shell.apk on the app list package, it doesnt show system apps
also i kept on monitoring my data and there is also another app that would spike 1.5mb then followed by an "enginee" notification being installed, the weird part is that this particular app doesnt show on my system apps, its called "OS Services"
 

Edited May 6, 2018 by Lutzkhie

[mbam_mtbr]

Hi @Lutzkhie,

Let's go back to the Send Apps report approach.  You may just need to set a default email address.  Here's guide to setting up default apps: https://www.tomsguide.com/us/change-default-apps-in-android,review-3309.html

If you still can't email, can you at least copy/paste the report?  Could you possibly PM me the pasted text?

Nathan

[Lutzkhie]

i was finally able to send a report, i tried disabling the shell.apk, enginee somehow stopped but a new app is auto installed something with "whone" in its name, if i remember correctly it was found adware by malwarebytes

i tried a factory reset, and it gave me an option to restore backup, how do i delete the recovery/backup file?

[mbam_mtbr]

Hi @Lutzkhie,

 

PM sent, but in cause anyone else is interested in how to manage Google backups, here's a link -> Manage & restore your device backups in Google Drive

Nathan

[Crytix]

@Lutzkhie Please remove the download link from your opening post to keep common readers from accidentally installing and infecting their device(s). And about the new application installed, can you please inform us what device you are using?

[Lutzkhie]

@Crytix i cant edit post (i already mentioned this)

[mbam_mtbr]

@Crytix & @Lutzkhie,

Mediafire has already blocked the file, so no harm.  I'll speak with a moderator and see if I can have it removed regardless.

Nathan

[Crytix]

@mbam_mtbr ,

Thank you for the update, I reported the file to mediafire yesterday since the file wasnt blocked when I checked to see if the link was dead. Thank you for the update again.

[Lutzkhie]

auto installation of enginee really cant be remove but can be block via firewall, the app shell.apk even if removed still shows up on the "access list" on the firewall. If given permission, enginee automatically installs but if blocked no auto installation occurs

[J_miller]

Hello all.

I have been dealing with this enginee and whone problem for a long time by myself. I have formated the phone several times. When I found this thread I registered because it is again on my phone and I am so tired of it. I wish someone could explain to me how to block it via firewall or something because my skills in this area are not very deep. I would also be thankful if someone could point me to good resources where I can learn, I am new to this site.

I have some comments that I would like to add:

• I have google services disabled from my phone (I wish there was a true free os for smartphones... I keep waiting for years).
• I have very little apps installed, all from f-droid.
• I have installed pocket  via Yalp Store ( I fear this might be the reason).
• On the same day that enginee appeared on my phone, something entered my laptop aswell... extrange taps open on firefox.
• I am only trying to have control over my info, are they really spying with this from a weapon company???? Why then is it so anoying?

[Lutzkhie]

On 8/3/2018 at 12:41 AM, J_miller said:

Hello all.

I have been dealing with this enginee and whone problem for a long time by myself. I have formated the phone several times. When I found this thread I registered because it is again on my phone and I am so tired of it. I wish someone could explain to me how to block it via firewall or something because my skills in this area are not very deep. I would also be thankful if someone could point me to good resources where I can learn, I am new to this site.

I have some comments that I would like to add:

• I have google services disabled from my phone (I wish there was a true free os for smartphones... I keep waiting for years).
• I have very little apps installed, all from f-droid.
• I have installed pocket  via Yalp Store ( I fear this might be the reason).
• On the same day that enginee appeared on my phone, something entered my laptop aswell... extrange taps open on firefox.
• I am only trying to have control over my info, are they really spying with this from a weapon company???? Why then is it so anoying?

hey, try "noroot firewall" and block "shell.apk"
then you can allow all other apps that you use online, I no longer have a problem from enginee and whone