Jump to content

Really annoying Malware....on Brand new Samsung A71


Recommended Posts

Hi guys its been a long time since I posted. 

I was hoping the Malwarebyes team can help me yet again as hey have done for many many years. I have seen allot of encouraging posts of guys posting here in the past and getting direct hands on assistance with locating and removing pesky malware that has managed to install on an android device.

I have what I believe is highly likely to be malware on a brand new samsung A7 phone i just ordered from samsung directly.... It is causing allot of problems.

 

The pages move by themself, the notifications tab at the top of the screen jumps up and down by itself. Screen will scroll webpages and instagram on its own allot.

 

Also when i try yo clear the google cookies, cache and temp files etc, basically everything ticked to delete....it keeps showing this message

 

Clear Site Storage? this will clear data for all sites, including

11kbw.com

khinsider.com

 

Now no matter how many times I delete everything in privacy settings of chrome browser, and clear the cache from app settings and also factory rest the phone twice......these two links still will show up whenever i try to clear chrome browser!  (i do not know if this is the malware)

I am unsure if an application downloaded and installed itself in the background, I have been to many sites, but none I would expect problems from.

 

 I do not know if the above is the cause however.

 

I deleted all the apps when i factory reset (yes i also deleted the cache) , and i made sure then when I restored my files from the samsung backup, i did not select apps encase one was infected. So i only restored contacts, notes, everything else etc. I then reinstalled the safe and commonly used apps from the playstore directly, facebook, insta, snapchat etc etc.... I then selected to delete my backup from samsung to ensure all the apps in that backup before the factory reset are erased. I then did a new backup with the freshly installed apps installed after the factory restore. 

 

To clarify i have not rooted the device, I have run it as is without any modifications straight from the samsung factory.....ive only had it for 3 weeks!! 

 

This virus whatever it is is driving me absolutely insane.

 

Really hope someone can help me solve this mystery.

 

Love K x 

 

Link to post
Share on other sites

Hi @khayamster,

Let's start with an Apps Report to see if there are any apps (perhaps pre-installed) causing issues.  

To send an Apps Report with Malwarebytes for Android use the following instructions.

1.Open the Malwarebytes for Android app.

2.Tap the Menu icon.

3. Tap Your apps.

4. Tap three lines icon in upper right corner.

5. Tap Send to support

Choose an email app to send Apps Report.

Your email app will open with the Apps Report included.

At this point, it would be very helpful to mention you are submitting via recommendation from the Malwareybtes forum.  This allows our support staff to know where to direct it.

By sending the Apps Report, you will create a ticket in our support system.

Private Message (PM) me the email used and/or the ticket number assigned.

Nathan

Link to post
Share on other sites

  • 5 months later...

Hi Nathan,

My Xiaomi Mi A3 has almost the same issues, except that Malwarebytes only detects possible ransomeware after I grabbed the APK's from my phone for google play services and systemui out of the system apps I grabbed so far, I know for sure that my phone has malware in the system apps. I came across your blog

https://blog.malwarebytes.com/android/2020/02/new-variant-of-android-trojan-xhelper-reinfects-with-help-from-google-play/

while searching for help because my apps keep updating on their own even with play store disabled and install from unknown sources turned off for all apps.

Sometimes it downloads a .jar file using dna_data file folder inside the play store app. I installed Virus total and got hits on some of the system apps as well. Please help!

Also my screen flashes, phone restarts by itself, and my system apps keep sending stuff to some chinese/china based dns links

Screenshot_20200928-112440.png

Screenshot_20200928-112519.png

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.