• After 15+ years, we've made a big change: Android Forums is now Early Bird Club. Learn more here.

Remove malware?

powerscape

powerscape

Lurker
I've got a big problem. I found several malwares in my phone. But I can not delete these 3 malware files because I am not a root user.
System/system/app/BatteryControl.apk (Virus - Android.MALWARE.at_Fakegupdt.q)
System/system/app/SettingProvider.apk
System/system/app/LiveWallpaper.apk

/data/data/com.sys.battery.control
/data/data/com.android.setting.provider
/data/data/com.gl.live.wallpaper

My doogee dg-500 android phone shows different advertisements in full screen continuously.
"Root Explorer, File Explorer Plus,ES file manager,total commander,CM security, Malwarebytes,avast mobile security, antivirus43,uninstaller pro." These apps failed to remove it. I uploaded a compressed a zipped file which have got these 3 malwares, you might checkover these.

Please,show me a way. How can I remove/erase these files?
 
If these things really are malware that has been installed to /system (with names that in 2 cases resemble real system apps) then without root the only thing you can do us find the manufacturer's original firmware and reflash the phone. I don't know this manufacturer at all, so can't offer more specific advice on where to find this or how to do it.
 
Welcome to Android Forums.

If it has a Safe Mode (that disables all apps you added without uninstalling them) try running in Safer Mode. If the problem goes away it is caused by an app that you added. Find out which one and remove it.

You are apparently running apps from Cheetah Software. I would not trust anything I saw in any report from any app.

... Thom
 
Last edited:
powerscape said:
I can not delete these 3 malware files because I am not a root user.
[...]
I uploaded a compressed a zipped file which have got these 3 malwares
Click to expand...

I have removed the file attachment as one of my scanners gave an alert:

original.jpg


I'm slightly confused here. You say you're not a root user... so how did you manage to extract these three files from /system in the first place? :confused:
 
Is it even possible to get malware in /system without giving the malware root access?
Unless you bought a cheap phone with pre-installed malware.
 
Doogee is a Chinese brand of low budget phones and I really doubt there's going to be much in the way of support. Looks like the DG500 is discontinued (or more like abandoned).

A lot of Chinese phones come rooted from the factory. It's easier for them to just add root apps after the fact rather than cook them into a custom rom for each phone. So, the op could easily have a rooted device without knowing it. It's also quite possible that this malware came installed on the phone.
 
Logically if one of these "rooting apps" can root a phone, someone else could use the same exploit to install malware rather than a superuser package.

But if the device is pre-rooted that makes things much easier for the malware installer. Would be worth checking that, since it would at least make it easier for you to remove it.
 
It's solved. Root Checker 5.6.1 said the root access NOT enabled in my device. So, I can not delete anything from a system. After I search the web, I've got a required information. Unroot my device was also very simple. I used framaroot 1.9.3. First two exploits named as a Boromir and a Faramir were failed. Then third exploits named as a Barahir was success.
  • "Success
    smile.gif
    ... Superuser and su binary installed. You have to reboot your device"
Now I've got SuperSU app, and I'm root user. Then, I deleted BatteryControl.apk, SettingProvider.apk, and LiveWallpaper.apk malwares successfully with a "System app remover (ROOT)" and a "Root Uninstaller Pro 8"
3 trojans files come from nine apps dot com. I got rid of a riskware alerts. So I learnt my lesson that I will never install any app outside of a google store...
 
Last edited by a moderator:
powerscape said:
3 trojans files come from nine apps dot com. I got rid of a riskware alerts. So I learnt my lesson that I will never install any app outside of a google store...
Click to expand...
did you get the malware from 9apps store, or did you download some app from there?

and was your phone rooted before ýou got the malware?
 
Last edited by a moderator:
jussiseppo53 said:
and was your phone rooted before ýou got the malware?
Click to expand...
No.

jussiseppo53 said:
did you get the malware from 9apps store, or did you download some app from there?
Click to expand...

I downloaded and installed these apps from 9apps.com After I search the web I understand that first downloaded app is a very famous malware installer.
1-sex positions with sound app
2-Ringtones for Galaxy S6 app
3-TV Remote Control Pro app
Because of the first app, I also had got an interactive elements displayed by Trojan.AndroidOS.Guerilla.a

https://securelist.com/blog/mobile/71981/taking-root/

Now everything is ok. That's all. You can close this thread now.
 
It's worth remembering that yes, certain apps may be particularly notorious malware vectors, but with a dodgy download site any app could have malware added to it.

I checked that site and it took a few seconds to find what appear to be free downloads of apps that have no free version, i.e. these people are allowing upload of cracked apps. It's very common for cracked apps to have malware added to them, so purely from a safety point of view I would advise avoiding any site that hosts them - especially where, as here, it's been proven that the site distributes malware. I would also add that app piracy undermines development, which ultimately means that everyone suffers, and that this is another reason for avoiding sites that tolerate it.
 
Last edited:
I redacted the 9 apps link. Discussing malware cleanup from cracked apps is OK. Linking to a site that has cracked apps isn't.:)
 
You must log in or register to reply here.
Back
Top Bottom