Jump to content

Affected by system level malware - detection impossible

Recommended Posts

I have a Samsung galaxy J7 prime device, running on android 7.0 never rooted

Since September last year, I have been facing several issues with the phone. First, the Instagram app started to freeze and crash a lot. Malwarebytes app followed suit. Then started the random reboots. Then things got even worse, and the phone would appear to shut down whenever I updated/installed/uninstalled an app. The screen would just go black midway like it does when the phone goes to sleep mode when its been idle for a while, unlike a normal shutdown I wouldn't see the Samsung logo appear or the device wouldn't vibrate signalling a shutdown, and then no matter what I tried, it wouldn't power on for several minutes, then it would finally restart with the logo screen appearing after 5 minutes. This happened twice or thrice, and I was so scared that the phone would just go dead that I had to stay away from installing/uninstalling any apps for a while. 

The random reboots still happen, every three weeks or a month. I have tried to pinpoint any malicious apps I might have installed, uninstalled a bunch of apps I don't use, even though I only install from Google playstore, tried clearing cache, scanned with multiple AV scanners including Malwarebytes and everything has failed. I haven't even gotten a detection so that I would know what I was up against, much less removal. It seems to me like whatever the malware is, it must be running at the system level and thus avoiding detection by standard AVs.

 It's been almost 6 months now, and I feel the only way now is to flash a new ROM and wipe everything from the phone. 

My concern is how should I back up my personal data before wiping the phone. I want to make sure the backups are not infected, as I will be restoring them on the phone after I'm done reflashing. I do not plan to back up anything except photos, videos, documents and chats. I have managed to back up some of the documents to Google drive, but I have a ton of photos and videos and uploading them all to drive is a very slow and data consuming process. I have visited forum after forum looking for solutions these past months, and haven't managed to get a satisfactory course of action anywhere. This is my last resort.

I can send an apps report if its okay with you, just need the instructions on how to do so, but at this point it doesn't seem that a user installed app is doing this, I'm quite cautious with what I install and mostly stick to the really well known ones on playstore, and when the problem first appeared, it had been over a month since any new apps had been installed. I have a strong suspicion now that the malware was dropped via some infected website, because that seems the only plausible thing.

Would be very grateful if you could suggest a safe and convenient method of backing up and then flashing the ROM. It's been a long time now and I really want to be over with this problem.

Muchas gracias


Link to post
Share on other sites

  • Staff

Hi @RayRay26,

This very much sounds like a hardware issue to me, and not malware.  Here's an article about how backup a Samsung J7.  You can also use Google Photos to backup photos.  I really think a new device will solve your issues, but feel free to send an Apps Report if you like.

To send an Apps Report with Malwarebytes for Android use the following instructions.

1.Open the Malwarebytes for Android app.

2.Tap the Menu icon.

3. Tap Your apps.

4. Tap three lines icon in upper right corner.

5. Tap Send to support

Choose an email app to send Apps Report.

Your email app will open with the Apps Report included. Send the Apps Report to create a ticket.

Private Message (PM) me the email used and/or the ticket number assigned.


Link to post
Share on other sites

  • 3 weeks later...

Hello @mbam_mtbr

I have sent you the apps report and PM'ed the ticket number.

I thought it was some kind of hardware issue too, but then I found out about all these nefarious threat actors that can control hardware and simulate a shutdown, when actually the phone is on and the malware is doing its job in the background. It scared me because my phone never actually goes through the shut down process when these random reboots happen, the screen just blacks out as if its just timing out from inactivity, but then when it won't turn back on I realize that it was actually a shutdown. It happened again last week, and it seems to happen most often while using google playstore to install/uninstall etc. 

I hope you can pinpoint anything if present from the apps report. I am aware Malwarebytes has already flagged two of the apps as BatMobi adware, I have been following that novelcamp thread too, but I can just uninstall them, they are not my main problem. I don't think some adware apps would be causing this kind of critical issues, and my problems started all the way back in September, when this novelcamp/batmobi issue hadn't presented itself, hence malwarebytes had never detected those apps back then.

Appreciate your help. I might just have to get a new phone at this point, but I still want to make sure I'm not carrying over any nasty malware to my new device through backups. 


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.