Jump to content

Recommended Posts

Thank you. It looks interesting :)

I would give it a try but I don't think I can just replace it in place as my telephone is not rooted.

I guess it could be replaced in the original ROM and flashed but I am rather afraid of reflashing my telephone.

Any ideas on how to easily replace it?

Link to post
Share on other sites

@Akos & @cjvmoore,

Looks like you two are going down the same paths I have been.  I tried the above SystemUI.apk from ApkMirror as well, but it didn't work on my Blu Studio XL 2.  I've also tried multiple SystemUI.apk variants, but always get the same three errors:

Failure [INSTALL_FAILED_VERSION_DOWNGRADE]
Failure [INSTALL_FAILED_UPDATE_INCOMPATIBLE]
Failure [INSTALL_FAILED_OLDER_SDK]

The errors kind of suggest that if the right version is used, it might work.  All you're really doing by replacing the old version is doing exactly what would happen if SystemUI.apk was updated with a newer version.  Thus, I don't think there is any harm trying various versions to see if it works.

If you two want to try, here's the purpose:

Install clean version over old SystemUI.apk

  • Download a clean version SystemUI.apk to PC, and then move to device
    • adb push <file path>\SystemUI.apk /sdcard/Download/SystemUI.apk
  • Uninstall old version of SystemUI.apk
    • adb shell pm uninstall -k --user 0 com.android.systemui
  • Install newer version of SystemUI.apk
    • adb shell pm install -r --user 0 /sdcard/Download/SystemUI.apk
    • See if it works
  • If new version fails to install, you can revert to old SystemUI.apk easily
    • adb shell pm install -r --user 0 /system/priv-app/SystemUI/SystemUI.apk

I also attached a clean version of SystemUI.apk from my Blu Studio XL 2 test phone running Android OS 6.0.  Password of zip file: clean

Let me know if it works,

Nathan

SystemUI.zip

Link to post
Share on other sites

Hi! I signed up just because of this topic. I have the same THL t9 Pro and experiencing the same. I monitored the network traffic and find out there is another suspicious app. There is an app called Wireless Update. Which is contacting 118.193.254.19. I found out with a little google this ip address owned by organiztion Shanghai Anchang Network Security Technology Co.,L. I don't know what this app doing so I can't exactly say it's malicious but it's suspicious.

 

I will try the systemUI above in a moment...

Link to post
Share on other sites
On 11/24/2018 at 2:03 PM, Imre4 said:

Hi! I signed up just because of this topic. I have the same THL t9 Pro and experiencing the same. I monitored the network traffic and find out there is another suspicious app. There is an app called Wireless Update. Which is contacting 118.193.254.19. I found out with a little google this ip address owned by organiztion Shanghai Anchang Network Security Technology Co.,L. I don't know what this app doing so I can't exactly say it's malicious but it's suspicious.

 

I will try the systemUI above in a moment...

I just ignored all the internet traffic from and to System UI. It was 3 days ago and since ago there wasn't any new malicious application installed.

 

Screenshot_20181126-084339.png

Link to post
Share on other sites

@Akos When "NoRoot Firewall" is active, a key icon appears at the top of my screen. In your screenshot it is not present. Are you sure that it is active?

After running successfully for a few days blocking the "System UI" category, I googled some of the blocked IP addresses. It seems that 204.11.56.48 is known as a malware vector. In fact it seems that Malwarebytes should block it. Maybe it can't if the access is from a system application.

Anyway I am currently just blocking 204.11.56.48:443 in "Global Filters/Pre-Filter". For the moment I have no malware but I shall only be certain after a few more days.

Link to post
Share on other sites

@cjvmoore : There was a problem in my firewall configuration. I denied most of the apps, which seems system apps, but aren't. There wasn't any new applications installed a day ago. It would be great if we could collect a list of IP addresses, which should be denied. In this case it would be helpful for other people too, to keep their phones clean.

Link to post
Share on other sites
  • 5 months later...

Hello I faced with this malware for months  until I discovered that additionally to the various malicious  apk described previously, the main corruption come directly  from the kernel. Blocking it's communication using the AFwall+ firewall (need root!) definitively blocks the dowlnoading of new unwanted apks.

Rooting a phone may appears a bit triky for newbies, but following all the step described  https://www.getdroidtips.com/twrp-recovery-thl-t9-pro is not so difficult.

DJP

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Recently Browsing   0 members

    No registered users viewing this page.

Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.