Jump to content

Recommended Posts

Malwarebytes found 'Android/Trojan.Dropper.Agent.AOT' in 'Com.Android.Gallery3D'. This Trojan seems to create 'Zdemo' and 'System Input Method' apps (which replace themselves even when deleted). Malwarebytes cannot delete as it is a system file, which is already forced stop and disabled (but comes back to life by itself). Any suggestions? It is on an RCA cell phone with Android 6.

Link to post
Share on other sites
  • Staff

Hi @Avis,

Are you able to disable com.android.gallery3d?  If not, you could try this method:


You would use command adb shell pm uninstall -k --user 0 com.android.gallery3d

If you like, you can send me an Apps Report to check out Zdemo and System Input Method.

To send an Apps Report with Malwarebytes for Android use the following instructions.

1.Open the Malwarebytes for Android app.

2.Tap the Menu icon.

3. Tap Your apps.

4. Tap three lines icon in upper right corner.

5. Tap Send to support

Choose an email app to send Apps Report.

Your email app will open with the Apps Report included. Send the Apps Report to create a ticket.

PM me the email used and/or the ticket number assigned.


Link to post
Share on other sites
  • Staff

Hi @Avis,

You are correct.  We detect the following already as:

zdemo — Android/PUP.Riskware.Agent.zd 
System Input Method — Android/PUP.Riskware.HiddenAds.cma

I would use the method posted above to remove com.android.gallery3d, then remove the Zdemo and System Input Method.

Sorry there isn't an easier approach,


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Recently Browsing   0 members

    No registered users viewing this page.

Back to top
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.