Go Back   Tech Support Forum > Smart Devices > Android OS

User Tag List

Android smartphone MALWARE

This is a discussion on Android smartphone MALWARE within the Android OS forums, part of the Tech Support Forum category. I bought a new android last month. I think now that it came with Malware??? Ran Malwarebytes & found 5


Like Tree5Likes
  • 1 Post By tristar
  • 2 Post By Deejay100six
  • 2 Post By vanukuru.vinod
Closed Thread
 
Thread Tools Search this Thread
Old 02-14-2019, 09:15 AM   #1
TSF Enthusiast
 
Join Date: Oct 2006
Location: Arkansas
Posts: 565
OS: Windows 10



I bought a new android last month. I think now that it came with Malware???
Ran Malwarebytes & found 5 Malwares. 3 - I put in Malwarebytes 'Whitelist'
The other 2 I Disabled but don't think they stay that way.
Problem for all 5 Malwares - they are in the System Applications.
- I have already reset to Factory - ran Malwarebytes (after reinstalling) & the 5 Malwares are still there.
** Malware is in the following: Google Serv; Weather, Clean Weather Clock; Phenix; Upgrade System App
----in Whitelist:
Android/PUP.Riskware.Cooee.H (com.cooee.widget.samweather clock)
Android/PUP.Riskware.Cooee.H (com.cooee.widget.ClearWeatherClock)
Android/Trojan.Agent.GOG (com.android.appsdataprovider)

*** CAN my phone be fixed ***
bmsbms29 is offline  
Sponsored Links
Advertisement
 
Old 02-15-2019, 03:58 AM   #2
Moderator
Windows Tech Team
Hardware Tech Team
 
Join Date: Aug 2008
Location: INDIA
Posts: 2,976
OS: Windows 10 | CentOS | Manjaro



This usually is an issue when we purchase Vendor/SP branded phones which come bloated with crapware and some of that can be potentially dangerous.. Last year a whole bunch of China made phones along with Asus and Lenovo were caught with malware which was loaded after QC checks were done, so go figure.

I usually rely on a custom rom or heck just build the Rom by following instructions, it is tedious and voids the warranty, but this seems to be the only way I can control my phone.

That being said, if these apps were part of the build, you might not be able to uninstall it :S Unless your phone is rooted. You can go for a generic ROM and try to update it, By following the correct instructions to perform the update, else you can kill your phone :S

Try uninstalling the apps, if you don't see an option, then continue to use MB and blacklist them, this can cause a little instability and can cause foreclosure of apps, you have to find replacements to them from Playstore to access the functionality. If these are part of the Launcher, they can render your phone unusable for the average user, so proceed with caution here as well..
bmsbms29 likes this.
__________________


tristar is offline  
Old 02-25-2019, 07:34 PM   #3
TSF Enthusiast
 
Join Date: Oct 2006
Location: Arkansas
Posts: 565
OS: Windows 10



I did try to fix - no way. Using Malwarebytes is definitely the virus scanner to use & was able to put in their Whitelist - Which helped sometimes a lot -but then i would still have problems. So I decided to return & will be getting a full refund in the next few days.
**** So now when I buy a new phone, I will run Malwarebytes FIRST & if any Malware then I will return *******
bmsbms29 is offline  
Sponsored Links
Advertisement
 
Old 03-16-2019, 03:29 PM   #4
TSF Enthusiast
 
Join Date: Oct 2006
Location: Arkansas
Posts: 565
OS: Windows 10



Quote:
Originally Posted by tristar View Post
This usually is an issue when we purchase Vendor/SP branded phones which come bloated with crapware and some of that can be potentially dangerous.. Last year a whole bunch of China made phones along with Asus and Lenovo were caught with malware which was loaded after QC checks were done, so go figure.

I usually rely on a custom rom or heck just build the Rom by following instructions, it is tedious and voids the warranty, but this seems to be the only way I can control my phone.

That being said, if these apps were part of the build, you might not be able to uninstall it :S Unless your phone is rooted. You can go for a generic ROM and try to update it, By following the correct instructions to perform the update, else you can kill your phone :S

Try uninstalling the apps, if you don't see an option, then continue to use MB and blacklist them, this can cause a little instability and can cause foreclosure of apps, you have to find replacements to them from Playstore to access the functionality. If these are part of the Launcher, they can render your phone unusable for the average user, so proceed with caution here as well..
****************** Unable to uninstall any of the 5 system apps with Malware. 3 I was able to put in Malwarebytes Whitelist - but the other 2 I can force stop but Phenix keeps running or gaining more data. - So not understanding all you wrote above - Can I remove/uninstall Android then Install a new Android? Would that remove the malware???? I went back to using my old phone but hate to have to not be able to use the new one because it has total Memory: 64GB storage + 4GB memory. & has display of about 5.3". {I did get my $$ back but they did not want me to return -so even if I mess it up, I'm ok}
bmsbms29 is offline  
Old 03-16-2019, 09:58 PM   #5
Moderator TSF
Hardware Team Moderator
 
Stancestans's Avatar
 
Join Date: Apr 2009
Posts: 5,137
OS: Windows 10



Quote:
Originally Posted by bmsbms29 View Post
****************** Unable to uninstall any of the 5 system apps with Malware. 3 I was able to put in Malwarebytes Whitelist - but the other 2 I can force stop but Phenix keeps running or gaining more data. - So not understanding all you wrote above - Can I remove/uninstall Android then Install a new Android? Would that remove the malware???? I went back to using my old phone but hate to have to not be able to use the new one because it has total Memory: 64GB storage + 4GB memory. & has display of about 5.3". {I did get my $$ back but they did not want me to return -so even if I mess it up, I'm ok}
Wow, even the seller doesn't want it back!? Why is the make and model of the phone still not known 5 replies down?
Stancestans is offline  
Old 03-17-2019, 07:04 AM   #6
TSF Enthusiast
 
Join Date: Oct 2006
Location: Arkansas
Posts: 565
OS: Windows 10



Why they don't it back? Probably because it has Malware & I bet they knew it.
This is still a really good phone -usually - sometimes it is not & why I still want it - but if I can not 'fix' it by replacing the System apps then I could still use as a Tablet -sometimes.
I just keep Factory resetting -hoping the Malware will go away - LOL AND I will state that ONLY Malwarebytes has found the 5 Malwares. Only 1 other virus/malware found 1 Malware. Several others I tried found NO Malwares & stated phone was clean. Thanks to this website a few years ago, I found out about Malwarebytes!
*** About phone: I will take pics to attach later.
bmsbms29 is offline  
Old 03-17-2019, 07:37 AM   #7
Moderator TSF
Hardware Team Moderator
 
Stancestans's Avatar
 
Join Date: Apr 2009
Posts: 5,137
OS: Windows 10



Quote:
Originally Posted by bmsbms29 View Post
Why they don't it back? Probably because it has Malware & I bet they knew it.
This is still a really good phone -usually - sometimes it is not & why I still want it - but if I can not 'fix' it by replacing the System apps then I could still use as a Tablet -sometimes.
I just keep Factory resetting -hoping the Malware will go away - LOL AND I will state that ONLY Malwarebytes has found the 5 Malwares. Only 1 other virus/malware found 1 Malware. Several others I tried found NO Malwares & stated phone was clean. Thanks to this website a few years ago, I found out about Malwarebytes!
*** About phone: I will take pics to attach later.
The malware came pre-installed with the phone's firmware/operating system, so by factory resetting it you're only reinstalling the compromised system over and over! It's like , taking some headache relief meds and then again! They may not exactly be malware as such, so it's no surprise that other scanners may be lenient on some of the detections made by Malwarebytes. What are the exact identities of the other malware? You did not state those as you did for the three whitelisted ones.

Can't you simply read the make and model of the phone from its box? If this was an online purchase, why not simply post the link to its product page?
Stancestans is offline  
Old 03-17-2019, 11:36 AM   #8
TSF Enthusiast
 
Join Date: Oct 2006
Location: Arkansas
Posts: 565
OS: Windows 10



By resetting to Factory - I was just 'hoping' something would work LOL
Malware on the other 2:
Phoenix - Android/PUP.Riskware.Cooee.G
UpgradeSys - Android/Pup.Riskware.Autoins.Fota

Below copied from my 1st entry:
Malware is in the following: Google Serv; Weather, Clean Weather Clock; Phenix; Upgrade System App
----in Whitelist:
Android/PUP.Riskware.Cooee.H (com.cooee.widget.samweather clock)
Android/PUP.Riskware.Cooee.H (com.cooee.widget.ClearWeatherClock)
Android/Trojan.Agent.GOG (com.android.appsdataprovider)
bmsbms29 is offline  
Old 03-17-2019, 12:09 PM   #9
Moderator TSF
Hardware Team Moderator
 
Stancestans's Avatar
 
Join Date: Apr 2009
Posts: 5,137
OS: Windows 10



Quote:
Originally Posted by bmsbms29 View Post
By resetting to Factory - I was just 'hoping' something would work LOL
Malware on the other 2:
Phoenix - Android/PUP.Riskware.Cooee.G
UpgradeSys - Android/Pup.Riskware.Autoins.Fota

Below copied from my 1st entry:
Malware is in the following: Google Serv; Weather, Clean Weather Clock; Phenix; Upgrade System App
----in Whitelist:
Android/PUP.Riskware.Cooee.H (com.cooee.widget.samweather clock)
Android/PUP.Riskware.Cooee.H (com.cooee.widget.ClearWeatherClock)
Android/Trojan.Agent.GOG (com.android.appsdataprovider)
Just as I thought, 4 of them are PUPs (potentially unsafe/unwanted programs/applications or riskware and not necessarily malware. Most scanners have a setting that you can change to control how PUPs are handled. The trojan one is possibly malware posing as a legitimate system app.
Stancestans is offline  
Old 03-17-2019, 12:26 PM   #10
TSF Enthusiast
 
Join Date: Oct 2006
Location: Arkansas
Posts: 565
OS: Windows 10



I did not list - but the Trojan.Agent.GOG is in the Google Serv
- & I can Disable it but not Force Stop (goes to Malwarebytes Whitelist)
Weather -I can disable & Force Stop
Clean Weather Clock - I can disable & Force Stop
UpgradeSys - could not disable but did Force Stop
Phenix - could not disable but did Force Stop (but don't think it stays stopped?)
************ The current Malwarebytes on this phone is the free one. But I do have the Premium & will put on this phone if that would make a difference. I have not seen anything on Malwarebytes as to how they might deal with PUP problems. I'll need to check. And I need to check on GoogleServ since it has the Trojan.
Thank you for your help. Any other ideas are always helpful.
bmsbms29 is offline  
Old 03-17-2019, 12:35 PM   #11
Moderator, Editor, Articles Team
 
Deejay100six's Avatar
 
Join Date: Nov 2007
Location: Doncaster, Great Britain
Posts: 11,801
OS: Windows 7 Professional SP1

My System


Quote:
Originally Posted by bmsbms29 View Post
Any other ideas are always helpful.
Yes, I have an idea...........tell us what phone it is!
SABL and Stancestans like this.
__________________
Regards, Dave.


Submit New Articles Here

Help us to help you by posting your System Specs
Deejay100six is offline  
Old 03-17-2019, 01:18 PM   #12
TSF Enthusiast
 
Join Date: Oct 2006
Location: Arkansas
Posts: 565
OS: Windows 10



It looks that china phone that begins with H..... BUT does not state that anywhere (not on phone, or in phone or on box it came in) -just looks like one & the phone does state Model number: P20 Pro Phone Name: Smartphone CPU: MTK6592
Phone Core number: Octa Core Android version: 8.1
Also has Baseband version; Kernel version; Build number; & Custom build version & Legal Information with licenses
There is a sticker on the back that states Model: P20 Pro & Made in China with scan#s for IMEI1 & IMEI2.
*** I probably typed more than you needed but better more than less - LOL ***
bmsbms29 is offline  
Old 03-17-2019, 01:43 PM   #13
Moderator TSF
Hardware Team Moderator
 
Stancestans's Avatar
 
Join Date: Apr 2009
Posts: 5,137
OS: Windows 10



Quote:
Originally Posted by bmsbms29 View Post
It looks that china phone that begins with H..... BUT does not state that anywhere (not on phone, or in phone or on box it came in) -just looks like one & the phone does state Model number: P20 Pro Phone Name: Smartphone CPU: MTK6592
Phone Core number: Octa Core Android version: 8.1
Also has Baseband version; Kernel version; Build number; & Custom build version & Legal Information with licenses
There is a sticker on the back that states Model: P20 Pro & Made in China with scan#s for IMEI1 & IMEI2.
*** I probably typed more than you needed but better more than less - LOL ***
You told us everything we needed to know even though you seemed especially keen to avoid doing so! Sounds like an imitation of Huawei P20 Pro. Well, I don't know what other "helpful" ideas you expect from this. This thread probably wouldn't have lasted this many replies if you had disclosed this right in the beginning. The P20 Pro has a kirin soc not Mediatek (MTK) by the way. It is no wonder you got a refund and still kept the phone! It seems you volunteered to be it's dump site and I bet those "64GB" aren't real. Good luck with your new phone
Stancestans is offline  
Old 03-17-2019, 05:13 PM   #14
TSF Enthusiast
 
Join Date: Oct 2006
Location: Arkansas
Posts: 565
OS: Windows 10



Yes, I figured the phone was not a Real Hu... phone & why I stated what was on the phone. I have seen a video on a fake Huawei phone - but mine does not look like it nor does it act like those did. Because it still runs really well often, is why I am trying to find out if there is anything I can do to get rid of the PUP & 1 malware. As for whether it has 64GB storage - I can only state that the phone holds a great deal more than I could have imagined.
**** & since I got my money back, I don't feel like I am their 'trash dump' for this phone **** And even with the malware/pup I still like it.

Too bad I can't just replace the 'storage' with a new like I could replace the HDD on a laptop. Thanks anyway.
bmsbms29 is offline  
Old 03-17-2019, 09:48 PM   #15
Moderator TSF
Hardware Team Moderator
 
Stancestans's Avatar
 
Join Date: Apr 2009
Posts: 5,137
OS: Windows 10



Quote:
Originally Posted by bmsbms29 View Post
Yes, I figured the phone was not a Real Hu... phone & why I stated what was on the phone. I have seen a video on a fake Huawei phone - but mine does not look like it nor does it act like those did. Because it still runs really well often, is why I am trying to find out if there is anything I can do to get rid of the PUP & 1 malware. As for whether it has 64GB storage - I can only state that the phone holds a great deal more than I could have imagined.
**** & since I got my money back, I don't feel like I am their 'trash dump' for this phone **** And even with the malware/pup I still like it.

Too bad I can't just replace the 'storage' with a new like I could replace the HDD on a laptop. Thanks anyway.
Root the phone and uninstall those stuff.
Stancestans is offline  
Old 03-18-2019, 08:06 AM   #16
TSF Enthusiast
 
Join Date: Oct 2006
Location: Arkansas
Posts: 565
OS: Windows 10



I have read about rooting the phone. I'll do more search as to how to.
And if I 'kill' this phone - I will have learned a bunch & won't be out any $$.
bmsbms29 is offline  
Old 03-18-2019, 08:15 AM   #17
TSF Enthusiast
 
vanukuru.vinod's Avatar
 
Join Date: Oct 2017
Location: New Delhi, India
Posts: 593
OS: Windows 10 Professional



From which website did you purchase this exciting so called Android?
bmsbms29 and Stancestans like this.
vanukuru.vinod is offline  
Old 03-18-2019, 08:30 AM   #18
Moderator TSF
Hardware Team Moderator
 
Stancestans's Avatar
 
Join Date: Apr 2009
Posts: 5,137
OS: Windows 10



Quote:
Originally Posted by bmsbms29 View Post
I have read about rooting the phone. I'll do more search as to how to.
And if I 'kill' this phone - I will have learned a bunch & won't be out any $$.
Look into custom ROMs as well. Here's to getting you started.
Stancestans is offline  
Old 03-18-2019, 12:13 PM   #19
TSF Enthusiast
 
Join Date: Oct 2006
Location: Arkansas
Posts: 565
OS: Windows 10



Quote:
Originally Posted by Stancestans View Post
Look into custom ROMs as well. Here's to getting you started.
Thank you.
bmsbms29 is offline  
Closed Thread

Thread Tools Search this Thread
Search this Thread:

Advanced Search

Similar Threads
Thread Thread Starter Forum Replies Last Post
Android malware and spyware apps spike in the Google Play Store
Report: Android malware and spyware apps spike in the Google Play Store | Security - InfoWorld
JMH3143 Computer Security News 0 02-20-2014 06:20 PM
Apple iOS vs. Google Android: It comes down to security
Which is more secure, mobile devices based on Google Android or Apple iOS? It's not just a theoretical question to IT professionals making decisions about the future use of smartphones and tablets in the enterprise. Apple's locked-down approach in iOS has given it something of an edge in the...
Glaswegian Computer Security News 0 12-03-2012 01:24 PM
~*~Mixed Bag of Problems~*~
Hi, everyone! I have had a lot of problems with my computer lately and I'm hoping someone would be able to help me out. The most pressing issue right now is that my e-mail is sending out Spam links when I'm not even on my computer. The first time it happened, I changed my password, but tonight the...
TabbyCat725 Virus/Trojan/Spyware Help 156 07-09-2012 07:50 PM
NSA releases security-enhanced version of Android
The National Security Agency (NSA) has released SE Android, a security-enhanced version of Android, which provides and enforces stricter access-control policies than those found in the popular mobile operating system by default. SE Android is based on NSA's previous research into mandatory...
Glaswegian Computer Security News 0 01-18-2012 12:55 PM

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is on
Smilies are on
[IMG] code is on
HTML code is Off
Trackbacks are Off
Pingbacks are Off
Refbacks are Off


Post a Question


» Site Navigation
 > FAQ
  > 10.0.0.2
Powered by vBadvanced CMPS v3.2.3


All times are GMT -7. The time now is 10:33 PM.


Powered by vBulletin® Version 3.8.8
Copyright ©2000 - 2020, vBulletin Solutions, Inc.
vBulletin Security provided by vBSecurity v2.2.2 (Pro) - vBulletin Mods & Addons Copyright © 2020 DragonByte Technologies Ltd.
User Alert System provided by Advanced User Tagging v3.1.0 (Pro) - vBulletin Mods & Addons Copyright © 2020 DragonByte Technologies Ltd.
Copyright 2001 - 2018, Tech Support Forum

Windows 10 - Windows 7 - Windows XP - Windows Vista - Trojan Removal - Spyware Removal - Virus Removal - Networking - Security - Top Web Hosts