• After 15+ years, we've made a big change: Android Forums is now Early Bird Club. Learn more here.

Help MALWARE-SPAMWARE Removal

P

perrygogas

Newbie
Guys I downloaded from PLAY store this CM Locker app shown in red in the pics.
Since I uninstalled it two things are happening:

1. It deleted my original launcher and installed this "Trebuchent" one.
2. I get this process called "RECENTS" that puts ads and spam on my phone
3. You see on the desktop the CM locker that actually does not exist in apps and when I dlete it from there it appears by itself!

1. What can I do to delete all these malware-spamware and
2. How can I avoid getting this in the future??
3. Aren't supposed apps on PLAY be screened for spam???
Capture.jpg

Screenshot_2015_09_19_02_09_54.png
 
Hmm, "Trebuchet" was, if I recall, the name of the cyanogenmod launcher from several versions ago. An odd thing to turn up.

Your mistake here was installing an app from Cheetah Mobile. But what I'm seeing on your screenshot is not "CM Locker" but "CM Security". I don't know whether you installed that separately - CM Locker can mess with your desktop and add shortcuts, but it doesn't appear to have the privileges necessary to actually install other apps (though it has almost everything else you could imagine). CM Security however has everything needed to own your phone - not uncommon with a security app, but that makes it very important to only install such apps from trustworthy developers (which Cheetah Mobile are not).

Check Settings > Security > Device Administrators and see what apps are set as administrators. You need to uncheck that before you can uninstall an app. Anything from Cheetah Mobile should be uninstalled.
 
Thank you very much for the reponse and the advice.

Hadron said:
Hmm, "Trebuchet" was, if I recall, the name of the cyanogenmod launcher from several versions ago. An odd thing to turn up.
Click to expand...

Yes that launcher replaced the original on my phone. It is exactly the same but instead of JIAYU I see TREBUCHET...

Hadron said:
Your mistake here was installing an app from Cheetah Mobile. But what I'm seeing on your screenshot is not "CM Locker" but "CM Security". I don't know whether you installed that separately - CM Locker can mess with your desktop and add shortcuts, but it doesn't appear to have the privileges necessary to actually install other apps (though it has almost everything else you could imagine). CM Security however has everything needed to own your phone - not uncommon with a security app, but that makes it very important to only install such apps from trustworthy developers (which Cheetah Mobile are not).
Click to expand...

I have no idea what Cheeta Mobile is... I think I downloaded from Google play..How can I make it imposible to install an app from other sources?

I think them CM Locker was part of CM Security...
It keeps puting shortcuts on the screens after I erase them and the RECENTS process puts ads whnever I turn on the screen...

Hadron said:
Check Settings > Security > Device Administrators and see what apps are set as administrators. You need to uncheck that before you can uninstall an app. Anything from Cheetah Mobile should be uninstalled.
Click to expand...

Did that and I got this:

Screenshot_2015_09_19_14_22_18.png
 
Cheetah Mobile are the app developers. That's what "CM" in "CM Security", "CM Locker" etc stands for. They have a lot of apps in the Play Store, not all of which have names starting with "CM" - "Battery Doctor", "Clean Master" (though that shares the initials), and they recently bought QuickPic :(.

OK, so it's not listed as a device administrator. Good. So you can just go to Settings > Apps, select the apps, clear data for them and uninstall. Make sure the option to install apps from "unknown" sources is not ticked (in your security settings) and that will make it harder to install apps from outside the Play Store (unless you install something that actually has the privileges needed to download and install apps itself - always read permissions before installing apps).

I've not been able to find out anything about this "recents" app.
 
This does not show anywhere in the apps! how can I remove it?
I think what they did is that they replaced the launcher and now the launcher is the core of the problem. How can I install the stock one and delete this?
 
I guess you are running a custom ROM, as your Security menu has options I'd not expect in a stock ROM.

When you posted info on "recents" that identified it as com.ipus.recents. So if you are rooted can you locate it in /data/app or /system/app?

If you think the stock launcher has been interfered with and you are running a custom ROM, just reflash the ROM and that will overwrite any changes to system apps.
 
Generally speaking people know whether their phone is rooted because they have done the rooting.

I am actually being serious: mainstream manufacturers sell their phones unrooted, so they are only rooted if someone modifies them. But "superuser" implies root, and app permission management requires root in 4.4 and higher. That's why your screenshots make me think that the phone is rooted. But if so it's surprising that you don't know. Did you buy the phone new or second hand, and what model is it? Occasionally people sell phones after rooting them without mentioning this, so if you bought it second-hand it might be rooted.

Having an app called "superuser" or "SuperSU" on the phone would be another sign that the phone is rooted, and you can download apps from the Play Store that will check whether the phone is rooted ("root checkers").
 
The screenshot says rooted to me. And if you flashed it, what did you flash it with? It could be that you flashed it with a rooted ROM. Did your launcher ID change when you flashed it, by any chance?

I'm not sure what you mean by "dragging a shortcut to" app info (though I'm familiar with "app info" being one of the options when you long-press an icon, so this may just be a matter of language). Do you say it's identifying all of these icons as "trebuchet" regardless of the icon?

If you are rooted then you will have some extra options for dealing with apps (e.g. Titanium Backup can freeze or uninstall apps that the system menu doesn't let you disable or uninstall - use with care, because if you remove something that's important you will end up needing to reflash the phone again).
 
Hadron said:
The screenshot says rooted to me. And if you flashed it, what did you flash it with? It could be that you flashed it with a rooted ROM. Did your launcher ID change when you flashed it, by any chance?
Click to expand...

No my launcher and all the problems started long after that and specifically when I uninstalled the CM Locker app.

Hadron said:
I'm not sure what you mean by "dragging a shortcut to" app info (though I'm familiar with "app info" being one of the options when you long-press an icon, so this may just be a matter of language). Do you say it's identifying all of these icons as "trebuchet" regardless of the icon?
Click to expand...

When you long press you have two options at the top "remove" and "app info". When I select app info for the new shortcuts I find on the screen I get that they come from Trebuchet.

Take a look here:

http://s10.postimg.org/i8u2qgint/image.jpg

The apps marked with red are not installed by me...I delete them and they re-appear...when I use the app info selection I get for the "Zipt Free Calls" app this:

http://s10.postimg.org/au4qy2ws9/Screenshot_2015_09_22_00_09_37.png
 
Those toggles shown in post #6 look like AOSP/CyanogenMod to me; please post a screenshot of the Settings/About.../ page showing Android version, Baseband and Build number.
 
mikedt said:
Jiayu, yeh one of the less reputable manufacturers, and definitely NOT mainstream, even in China. It very likely did come rooted, and may have even had the adware pre-installed as well. anything is possible with this.

Might be worth re-flashing it, although you could just be putting the same shit back into the thing.
http://www.ejiayu.com/en/News2-92-175.html

Can you read Chinese? Good luck!
Click to expand...

It was not rooted. It was working fine until I locked it and had to flush the ROM. It looks like I installed a rooted ROM. I have no idea where to get the original one...

BTW the phone is awesome ;)
 
Did you enter the password?

You need the PC one I think. The TF seems to be an incremental, like an OTA update, it's much smaller.

I can download from Baidu Pan no problem, because it's on servers in China. Do you have access to mega.co.nz? Because I might be able to upload it to that.

There's some other ROMs for the Jiayu S3 here as well...
http://www.romjd.com/Device/jiayu-s3 (Chinese)
ROM JD is a huge repository of ROMs for many different devices.

Because of the nature of the beast...most of the actual useful information for this phone is in Chinese only.
 
Last edited:
Did you see a page like this....
pan1.jpg

Put "cbhh" in the box, that's the password, and press the blue button.

Then you should see this, top right button is the direct download to your computer.
pan2.jpg

BTW you're trying to do this on a mobile device, Baidu will prompt you to install their Pan file sharing and downloading app. You have to use a desktop browser to download it directly.


I can upload it to mega, but might have to wait a couple of days, until I got good bandwidth, I'm in a hotel at the moment.
 
You must log in or register to reply here.
Back
Top Bottom