• After 15+ years, we've made a big change: Android Forums is now Early Bird Club. Learn more here.

Help virus keeps coming back after reboot

  • Thread starter Thread starter Johncomeshooting
  • Start date Start date
J

Johncomeshooting

Guest
I have a tablet android version 4.4.2. The virus happens like this - suddenly I see some apps that are installed that I did not download (also appears when I get the message that google wants to monitor my device). Alvira anti-virus reports on a virus - one time it was 'privacy manager', the other recent something called 'measure'. I uninstall these apps. When I reboot, the loading screen says "android is upgrading". After rebooting Alvira says virus found and it the same app that I uninstalled previously. Delete and reboot etc, the problem persists.
I normally factory reset, but the problem comes back after a while. Any advice on securing myself from this?
 
Hi

You could try deleting the apps you think it is and then reboot into safe mode. This only allows factory installed apps to run - then reintroduce apps one at a time and hopefully find the culprit.

You could also (maybe first) install and run Malwarebytes which several of us here favour as a good app for finding issues.
 
If it says "Android is Upgrading" after a reboot, it tells me that the deleted apps my be system apps. If the tablet is rooted, then it could have happened inadvertently if you installed an app that had the malware embedded or linked to it. If you're not rooted then it had to come from the factory that way. Even a factory reset won't help you here. What you need to do is reflash the device's firmware from a source file. What brand of tablet is it?
 
lunatic59 said:
If it says "Android is Upgrading" after a reboot, it tells me that the deleted apps my be system apps. If the tablet is rooted, then it could have happened inadvertently if you installed an app that had the malware embedded or linked to it. If you're not rooted then it had to come from the factory that way. Even a factory reset won't help you here. What you need to do is reflash the device's firmware from a source file. What brand of tablet is it?
Click to expand...

Its a proline make - not rooted. You may be right that it is re-installing some uninstalled apps because the virus checker reported that 'time service' and 'monkey test' are unsafe and uninstalled them. These came with the firmware. The virus checker did not shield me from rogue apps being installed, only after the fact, which is no help. I did another factory reset and cleared the usb data as well (which previously I did not). I now get 'unfortunately measure has stopped working' and previously 'adobe air' had stopped working. I now have avg antivirus installed. I think I got what I paid for. Last time I buy proline (some obscure cheapo chinese put together).
 
girolez said:
Hi

You could try deleting the apps you think it is and then reboot into safe mode. This only allows factory installed apps to run - then reintroduce apps one at a time and hopefully find the culprit.

You could also (maybe first) install and run Malwarebytes which several of us here favour as a good app for finding issues.
Click to expand...

I will try malwarebytes - thanks.
 
Good news/bad news time.

The good news is a lot of off-brand Chinese made Android devices are rooted out of the box. Try Root Checker from the play store.

The bad news is that even with root, unless there is a developer out there building rom's for this device, you are probably out of luck. There are no universal or generic roms for oddball devices. Android must be built specifically for the hardware.
 
It seems that either the stock ROM has virus built in, straight out of the box or the version I have is massively exploitable. After hard reset and I go online, I am being delivered viruses. Managed to get 360 security downloaded and it reported no fewer than 8 viruses. Actioning on these did not seem to help. Anything I uninstall is coming back after I reboot. How does the virus manage to write to ROM and corrupt it? Downloaded 'root checker'. I do not have root access by the way. This is a list of the viruses I am getting (from McAfee)
Adobe Air - medium threat risk (suspicious)
Measure - high threat risk (trojan)
SystemInfo - high threat risk (trojan)
IKeyboard - high threat risk (trojan)
TimeService - nedium threat risk (suspicious)

McAfee cannot remove them.

Some more info on my device (from root checker)
Model/product : M7853GDC
Hardware: mt8312
Host: concox-dev-PowerEdge-R610
serial : 0123456789ABCDEF
Manufacturer : alps
release : 4.4.2
incremental: eng.se03.1418381715

Unless I get help, this device is going into the bin. My trust in Android is shattered.
 
Well, that's what you get when you buy these cheap devices. Often times they're just being built to steal your data with built in malware.

It's not Android's fault your device was like that. You won't experience this situation of you choose ASUS, Acer, Lenovo, Samsung, LG, and other mainstream brands.
 
As I said, if the device isn't rooted then the only way these things get in the system is that they come from the factory that way. If it is rooted, then all it takes is one shady download and it can write to the system partition, making hard resets moot. To completely clean this up you need a clean rom specifically for this device.

Here's a post on xda where someone rooted a proline mirage. If you root yours, you can then manually remove the malware. You may even be able to give McAfee su rights to do it for you. Worth a shot at this point.
 
I think Proline was a house brand of Comet in the UK, an electronics retailer, but they went bust.

johncomeshooting said:
It seems that either the stock ROM has virus built in, straight out of the box or the version I have is massively exploitable. After hard reset and I go online, I am being delivered viruses. Managed to get 360 security downloaded and it reported no fewer than 8 viruses. Actioning on these did not seem to help. Anything I uninstall is coming back after I reboot. How does the virus manage to write to ROM and corrupt it? Downloaded 'root checker'. I do not have root access by the way. This is a list of the viruses I am getting (from McAfee)
Adobe Air - medium threat risk (suspicious)
Measure - high threat risk (trojan)
SystemInfo - high threat risk (trojan)
IKeyboard - high threat risk (trojan)
TimeService - nedium threat risk (suspicious)
Click to expand...

Adobe Air is a virus...hmmm!.....a special hacked Chinese flavour of it possibly.

johncomeshooting said:
McAfee cannot remove them.

Some more info on my device (from root checker)
Model/product : M7853GDC
Hardware: mt8312
Host: concox-dev-PowerEdge-R610
serial : 0123456789ABCDEF
Manufacturer : alps
release : 4.4.2
incremental: eng.se03.1418381715

Unless I get help, this device is going into the bin. My trust in Android is shattered.
Click to expand...

concox.cn ... Shenzhen Concox Technology, Ltd? ...and the tablet's "Manufacturer" is NOT Alps, that's only for the touch-screen components.

Well my trust in cheapo Androids was shattered a long time ago.

FYI: it's a worth a read...and was partly written by me.
http://androidforums.com/threads/of...blets-worth-the-low-cost.631594/#post-5072099


Mike,
Your Guide to Chinese Androids. :thumbsupdroid:
 
Last edited:
Thank you all for your advice and deserved criticism. Sorry, but wiser. I will follow all the advice, but meantime with nothing to lose on my cheapo tablet, I did the following (will post later to report on how it works out). Downloaded KingoRoot apk, managed to get root (temporary though it seems, on reboot its lost), installed 'uninstaller pro'. Ran a scan with '360 security', got a list of all the viruses. Using 'uninstaller pro' I located these offending apps and froze them (could not remove them). On reboot, those apps are not running which is good news. So now I will wait and see if any rogue applications are downloaded again, hope not. I notice that there seems to be a specific day when these hackers run a program to spread the virii because previously I was clean for almost a week. Holding thumbs.
 
johncomeshooting said:
Thank you all for your advice and deserved criticism. Sorry, but wiser. I will follow all the advice, but meantime with nothing to lose on my cheapo tablet, I did the following (will post later to report on how it works out). Downloaded KingoRoot apk, managed to get root (temporary though it seems, on reboot its lost), installed 'uninstaller pro'. Ran a scan with '360 security', got a list of all the viruses. Using 'uninstaller pro' I located these offending apps and froze them (could not remove them). On reboot, those apps are not running which is good news. So now I will wait and see if any rogue applications are downloaded again, hope not. I notice that there seems to be a specific day when these hackers run a program to spread the virii because previously I was clean for almost a week. Holding thumbs.
Click to expand...

I think you might become even wiser if you read this sticky thread....:thumbsupdroid:
http://androidforums.com/threads/pu...k-killers-ram-optimizers-and-the-like.896663/

It's not about Kingo or 360 as such, more about how these Chinese app companies monetize their "free" products and services, via ad spam, data mining, snakeoil, scare tactics and bullshit. Cheetah Mobile in particular, but Qihoo 360 are no diferrent.

...and before long you'll be an expert on these aspects of the Android world, maybe helping others. :)
 
Last edited:
Mike , I'm thankful still to god that I'm not so unfortunate ... anyway john, I recommend removing all your (apps you wanted and you manually installed) sometimes some of these apps can be the source of it. Try resetting it again and don't connect to the internet, don't install (the apps you wanted).. this will prevent auto installation of malware... if still not; that's a worse case scenario!!!! Some apps I notice even install w/on internet .. that means the problem is in the system itself (how the manufacturer made it)
Malware names are fake names of popular apps to hide their color.. Most of them are in utilities category apps...
In PC, sometimes, I notice that if you leave it unopened for a few months, it will get viruses automatically!!!! Same thing with flash usbs...
 
I bought two, one for a friend, both are infected, both used by different people. Proline says they no longer support this device (bought in April!?), the brand manager ignores my emails, Proline needs to catch a wake up this is so bloody wrong. These are Momo 9 some-thing or other tablets, been trying to find the stock rom but my chinese sucks. Johncomeshooting email phantomspider@yahoo.com , if I find the rom I will let you know, also going to spam Takealot on the reviews, 3 tablets infected with the same bloody virus?, I see Game sell them under tedelex, also, did you know this thing has a flash?, lift the cover where the sims go and download a flashlight app, they bloody forgot the hole!..
 
Phantoms said:
I bought two, one for a friend, both are infected, both used by different people. Proline says they no longer support this device (bought in April!?), the brand manager ignores my emails, Proline needs to catch a wake up this is so bloody wrong. These are Momo 9 some-thing or other tablets, been trying to find the stock rom but my chinese sucks. Johncomeshooting email phantomspider@yahoo.com , if I find the rom I will let you know, also going to spam Takealot on the reviews, 3 tablets infected with the same bloody virus?, I see Game sell them under tedelex, also, did you know this thing has a flash?, lift the cover where the sims go and download a flashlight app, they bloody forgot the hole!..
Click to expand...
Who's doing "Proline" now, because it used to be Comet, but they went bust about three years ago. And it was their house brand for budget products. But evidently someone is using it for really cheapo stuff now.
 
You must log in or register to reply here.
Back
Top Bottom