Jump to content

Android/Trojan.Agent.ASH - .apk/Settings/RV Parky app


Recommended Posts

Hello, 

I'm hoping to get some assistance.

A family member recently come back from a trip aboard and now her phone is infected.

She told me a couple of different people at least used her phone to try to set up WIFI at the hotel they were staying at so one of them most have done something.

I installed Malwarebytes and it detected a few things see below...

1. App installation: Settings 

Malwarebytes detects and removes this but it re-installs itself.

2. App installation: RV Parky

This app wasn't installed on the phone before, Malwarebytes doesn't recognize it as a threat but when i uninstall the app it re-installs itself.

3. File monitor

Scanned: 1 file - /mnt/sdcard//jm/Cool4100_1000_1003_2_1513241684921.xde.apk 

This was picked up by Malwarebytes and removed, doesn't look to be back.

4. The phone will randomly launch the default web browser and chrome trying to load this website - https;//15.instantgame.net

I have cleared data and cache in chrome and disabled it, Default browser after the data and cache clear is still having the same issue of randomly launching and trying to open that web link also manually opening the browser usually gives a 'Permission denied' then closes the web browser.

I have sent the app report already so let me know who to PM the used email address to. 

any advice on this would be appreciated!

Thanks

Link to post
Share on other sites

Hi @Magpul_,

These may be getting re-installed by what is known as Adups.  I would follow this guide:

Afterwards, uninstall these again:

package name: com.rvparky.android2      app name: RV Parky 

package name: com.comona.bac      app name: Settings 

Fyi, RV Parky isn't malicious, but still shouldn't be getting re-installed.

Nathan

 

Link to post
Share on other sites

I followed your instructions and the Adups pakages wasn't in the package list.

RV Parky(com.rvparky.android2) wasn't there either even tho i see it installed on the phone in apps.

Settings (com.comona.bac) i was able to uninstall via cmd and then i removed from the phone along with RV Parky however i was still having issues with the browser auto opening trying to open that web link.

Unfortunately Settings and the File on the SD card were once again flagged  by malwarebytes and RV Parky re-installed itself.

Link to post
Share on other sites

Maybe your instructions did work, but i have now also removed all user installed apps and restarted the phone. so far so good!

Not had RV Parky re-install itself (I did the cmd to uninstall it even though it didn't show in the package list).

Settings which was detected by malwarebytes and the Google Play scan has so far not re-installed itself (This was in the package list).

The browser auto opening to that web link has also now stopped.

I'll keep an eye on it but i think all is good now i hope.

Thanks

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Recently Browsing   0 members

    No registered users viewing this page.

Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.