• After 15+ years, we've made a big change: Android Forums is now Early Bird Club. Learn more here.

Malware app keeps reinstalling itself

B

Bootstraps

Lurker
So recently I've been getting notifications that an app called "Chromes" is malware and it being clearly fake I uninstalled it but it keeps reinstalling itself and I can't get rid of it at all and it has permission to access everything on my phone. I've tried loads of different anti virus apps but all they do is uninstall it and a few hours later its back and even tried resetting my phone and it still persists. Can anyone help me get rid of this please? Thanks
 

Attachments

  • OneShot_20171030_191818.png
    OneShot_20171030_191818.png
    86.4 KB · Views: 627
Of the app keeps reinstalling itself, it sounds like it possibly used an exploit to give itself root access. This would mean that it's on the system level and a factory reset wouldn't solve the problem as a factory reset only wipes user data and doesn't touch the system partition.

You can certainly try a factory reset first, but if that doesn't work you will likely need to reflash the stock firmware.

I found some information here that supposedly has the stock firmware for your device:
http://www.phonetweakers.com/2017/01/downloadfirmware-nomu-s10-and-nomu-s20.html?m=1#more

Let us know how it goes.
 
The problem with anti-virus/anti-malware apps you install is that they all have very limited ability to clean up problems with the actual operating system. When you install an app it's more or less restricted to data that resides in the user's data partition. But your phone's internal storage consists of several partitions, most dedicated to the operating system (Android) and then that one user data partition. The system partitions are restricted from the user's general usage so something like an A/V app you install is of limited use. From what you've described this 'Chromes' app is more insidious than most exploits and has the ability to infect the operating system. That's why those A/V utilities cannot remove it permanently as it can just restore itself each time. Also take note that a Factory Reset only wipes that general user data partition, it does NOT affect the system partitions at all, so again that Chromes app will just restore itself when you do a Reset.
To completely remove that thing, you need to re-flash the stock ROM. Flashing a ROM is essentially the same as reloading the operating system on a computer. Fortunately Nomu provides some pretty good customer resources and stock ROMs for their products are on available on their site:
http://www.nomu.hk/s10-rom-download/
I'm not familiar with Nomu products however so I don't know the process necessary to flash ROMs on those phones. Hopefully someone else does and will reply.
 
Brian706 said:
Of the app keeps reinstalling itself, it sounds like it possibly used an exploit to give itself root access. This would mean that it's on the system level and a factory reset wouldn't solve the problem as a factory reset only wipes user data and doesn't touch the system partition.

You can certainly try a factory reset first, but if that doesn't work you will likely need to reflash the stock firmware.

I found some information here that supposedly has the stock firmware for your device:
http://www.phonetweakers.com/2017/01/downloadfirmware-nomu-s10-and-nomu-s20.html?m=1#more

Let us know how it goes.
Click to expand...
Awesome, I'll give that a go now
 
Good one @svim

I looked for official firmware from nomu but I didn't see it. But as I suggested and svim suggested, you will need to reflash the phone with stock firmware.
 
Hi, trying to reflash my phone but as I have never done this before i'm struggling a bit, the links are dead on the tutorials from phonetweakers and the flash tool in the NOMU rom crashes as soon as it launches. Not sure where to go from here
 
Did you try downloading the official ROM from the nomu website? I'm trying to find their instructions.
 
Yeah i downloaded that and their manual which wasnt very helpful to say the least. I got the flash tool to work and in english too. Seem to have hit a wall now as trying to get through confusing walkthroughs in broken english gets a little confusing
 
Okay. I don't have any experience with this device or their tools but with my experience with other devices I might be able to help you understand it better. Can you post the instructions here? You can upload the attachment to a post.
 
Okay so I went back to it the next day and everything went a lot smoother and managed to get the drivers installed properly following the phone tweakers tutorial which did reset my phone to stock setting completely. Unfortunately a couple of days later I got a notification saying "chromes" has been detected and could be harmful. Thinking this may be related to some sites I use I reinstalled again not using any sites or apps or anything that may be the cause and still the app reappears a couple of days later. Any ideas from here?
 
Just to confirm that after you flashed the stock ROM, did you check that 'Chromes' app was not present and then a few days later it appeared?

A workaround is to install a firewall app and use it to block 'Chromes' from any WiFi and mobile data connectivity. If you can't disable it via your phone's Apps menu than at least prevent it from being able to get any online access. Take a look at NoRoot Data Firewall, or NetGuard, or Mobiwol, all available from the Play Store and work on non-rooted devices. Look at the screen captures for each for the interface you find most palatable.
NoRoot Data Firewall
https://play.google.com/store/apps/details?id=com.jianjia.firewall&hl=en
NetGuard
https://play.google.com/store/apps/details?id=eu.faircode.netguard
Mobiwol
https://play.google.com/store/apps/details?id=com.netspark.firewall
 
No I made sure that the chromes app was not present after flashing the ROM.

I've messaged nomu and will try the apps now, cheers
 
Is it worth saying that if I leave the app more apps install, never left them installed long enough to see how many it reaches though
 
Bootstraps said:
So recently I've been getting notifications that an app called "Chromes" is malware and it being clearly fake I uninstalled it but it keeps reinstalling itself and I can't get rid of it at all and it has permission to access everything on my phone. I've tried loads of different anti virus apps but all they do is uninstall it and a few hours later its back and even tried resetting my phone and it still persists. Can anyone help me get rid of this please? Thanks
Click to expand...


Check your device Administrator and see what app you as the administrator
 
adrelanex said:
I have the same issue on a NOMU S20 device...
Bad news, it seems to originate from a trojan compromising our privacy and sensible datas :
https://www.gizmochina.com/2017/08/01/chinese-phones-infected-trojan-malware/
https://www.bleepingcomputer.com/ne...-in-firmware-of-low-cost-android-smartphones/
Be carrefull !
Click to expand...

Yeh, I think if buying China phones, try to stick with established reputable brands, like Huawei, ZTE, Lenovo, OnePlus, Oppo, Vivo, Xiaomi.


For the malware infected Nomu S10 device, try this ROM.
https://drive.google.com/uc?id=0B8DCQQg9HmL-WXVOWDlUSFp2dEU&export=download
 
Last edited:
Yesterday I removed Chromes on my Nomu S10 (not rooted) as follows:

1. On official Nomu website I downloaded ROM-file 1.0.6 on my S10
- filename is S10 1.0.6(solve the malware).zip
- cannot download it on Windows-PC
- other versions i. e. 1.1.4 didn't help
2. I installed downloaded ROM on my S10
- Settings -> About Phone -> Wireless Update -> Menu right upper corner -> Local updates - Downloaded ROM file selected.

Then Chromes was gone. I hope forever. No guarantee that this works on other Nomu S10 devices (not suitable for others).
 
Last edited:
The precise procedure won't work on other devices. But the general approach, reflash the ROM, will always remove any malware that has infected the ROM itself.
 
Most of android anti virus not able to remove botware or virus. only option is flash your mobile. resetting mobile wont solve your problem as external virus has root access exploit. this occur when we use free open wifi or accessing unsecure website or installing app or game from unknown source.

go for flashing mobile.
 
You must log in or register to reply here.
Back
Top Bottom