Hovatek Forum MOBILE Android Trojan in my stock rom
Try our Online TWRP Builder..its free!
Can't login? Please, reset your password.


Trojan in my stock rom

Trojan in my stock rom

Pages (3): 1 2 3 Next
caoimhinbatista
caoimhinbatista
caoimhinbatista
Junior Member
34
09-06-2018, 02:24 PM
#1



Hello everybody,

I got a trojan in my rooted phone (MT6737) Kernel 3.18.19 Android 6.01. It is creating the folde .SDAndroid and .jm which is loaded with some strange files and will result in installing the app "settings" or sometimes "chromes" which are malware.

Since the trojan seems to be part of the stock rom I could not deleted (becaue it will crate againg this foldes byitself and install the apps mentioned)

I was currently looking for a approach to get a custom recovery so I can port a rom and install (I have opend other thread therefore) but unfortunatly I could not get a custom recovery to boot on the phone.

So I would like to ask if there is another solution to get rid of the malware/torjans of this phone. Is it possible to find the trojan causes in stock rom files (like system.img or something like that) and than to remove before flashing via SP Flashtool? 

Or is it possible to get a working stock rom from another phone with same chipset? I flashed some from internet but then phone did not start..

My problem: I want to get rid of the tojan/malware ! Smile

Hope someone could help..
X3non
X3non
X3non
Recognized Contributor
22,062
09-06-2018, 06:41 PM
#2
(09-06-2018, 02:24 PM)caoimhinbatista Hello everybody,
...
Hope someone could help..

whats your phone model?
and have you tried flashing the firmware for your model?
caoimhinbatista
caoimhinbatista
caoimhinbatista
Junior Member
34
09-06-2018, 08:35 PM
#3
(09-06-2018, 06:41 PM)X3non
(09-06-2018, 02:24 PM)caoimhinbatista Hello everybody,
...
Hope someone could help..

whats your phone model?
and have you tried flashing the firmware for your model?

Yes I have the Stock Firmware from manufactor it seems trojan is part of it.

It's Ukozi Q3 mt6737 Kernel 3.18.19 Android 6.01 , Firmware is also available on needrom.com
Yohanan Piadoso
Yohanan Piadoso
Yohanan Piadoso
Senior Member
163
09-06-2018, 08:43 PM
#4
Bro the virus is not part of the phone
I think you need to remove hole flash and download new 1
like the command in spf format all + download
or since you say your phone is root
you can use monkey virus remover tools
xerxes
xerxes
xerxes
Senior Member
8,355
09-06-2018, 10:30 PM
#5



(09-06-2018, 08:35 PM)caoimhinbatista
(09-06-2018, 06:41 PM)X3non
(09-06-2018, 02:24 PM)caoimhinbatista Hello everybody,
...
Hope someone could help..

whats your phone model?
and have you tried flashing the firmware for your model?

Yes I have the Stock Firmware from manufactor it seems trojan is part of it.

It's Ukozi Q3 mt6737 Kernel 3.18.19 Android 6.01 , Firmware is also available on needrom.com

have you tried flashing the firmware?
caoimhinbatista
caoimhinbatista
caoimhinbatista
Junior Member
34
10-06-2018, 01:35 AM
#6
(09-06-2018, 10:30 PM)innagee
(09-06-2018, 08:35 PM)caoimhinbatista
(09-06-2018, 06:41 PM)X3non
(09-06-2018, 02:24 PM)caoimhinbatista Hello everybody,
...
Hope someone could help..

whats your phone model?
and have you tried flashing the firmware for your model?

Yes I have the Stock Firmware from manufactor it seems trojan is part of it.

It's Ukozi Q3 mt6737 Kernel 3.18.19 Android 6.01 , Firmware is also available on needrom.com

have you tried flashing the firmware?



Yes of course - original firmware contains the trojan
juvette
juvette
juvette
Senior Member
506
10-06-2018, 07:29 AM
#7
(10-06-2018, 01:35 AM)caoimhinbatista Yes of course - original firmware contains the trojan

Its possible that the firmware does contain the trojan. It must have come from whoever created the firmware (intentionally or not)
Since you're rooted, install Link2SD and use it to list all apps (userdata and system) although I think the trojan would be a system app.
You can then uninstall all suspicious apps (using Link2SD)
If you need help identifying them, attach screenshots showing all your apps so we help identify suspicious ones.

Sent from my Infinix X510 using Hovatek Mobile
caoimhinbatista
caoimhinbatista
caoimhinbatista
Junior Member
34
10-06-2018, 02:14 PM
#8
(10-06-2018, 07:29 AM)juvette
(10-06-2018, 01:35 AM)caoimhinbatista Yes of course - original firmware contains the trojan

Its possible that the firmware does contain the trojan. It must have come from whoever created the firmware (intentionally or not)
Since you're rooted, install Link2SD and use it to list all apps (userdata and system) although I think the trojan would be a system app.
You can then uninstall all suspicious apps (using Link2SD)
If you need help identifying them, attach screenshots showing all your apps so we help identify suspicious ones.

Sent from my Infinix X510 using Hovatek Mobile


Sorry there are too many screenshots of my apps to upload here - but I think it is not a system app because I have already deleted some system apps which were accsused to be virus or malware. To identify them I used malwarebytes and Lookout. I think the tojan is part of the system without beeing an app, is that possible?

I found some threads were the same trojan is described..So I think I have the trojan called TRIADA

1.) https://forums.malwarebytes.com/profile/...20-victim/
2.) https://forum.xda-developers.com/general...0533/page4


That's why I tried to get a custom recovery like TWRP and I have tried everything like porting from another phone with same chipset as well as porting with the hovatek porters. I think if I could get a custom recovery working I could port another rom for this device. But phone does not boot into recovery after flashing it - it just reboots.
This post was last modified: 10-06-2018, 11:10 PM by caoimhinbatista.
Attached Files
.png
OneShot_20180610_145757.png
Size: 178.08 KB / Downloads: 7
Protechacha
Protechacha
Protechacha
Techie Member
43
11-06-2018, 07:55 AM
#9
(09-06-2018, 02:24 PM)caoimhinbatista Hello everybody,

I got a trojan in my rooted phone (MT6737) Kernel 3.18.19 Android 6.01. It is creating the folde .SDAndroid and .jm which is loaded with some strange files and will result in installing the app "settings" or sometimes "chromes" which are malware.

Since the trojan seems to be part of the stock rom I could not deleted (becaue it will crate againg this foldes byitself and install the apps mentioned)

I was currently looking for a approach to get a custom recovery so I can port a rom and install (I have opend other thread therefore) but unfortunatly I could not get a custom recovery to boot on the phone.

So I would like to ask if there is another solution to get rid of the malware/torjans of this phone. Is it possible to find the trojan causes in stock rom files (like system.img or something like that) and than to remove before flashing via SP Flashtool? 

Or is it possible to get a working stock rom from another phone with same chipset? I flashed some from internet but then phone did not start..

My problem: I want to get rid of the tojan/malware ! Smile

Hope someone could help..
Good news is that your are rooted. That means your have all the tools needed.
Now download Dr. web security, scan the phone for all the trojan apk and associated files. it may request root to succefully delete any system apks, just give it.
It may not be able to remove all the trojans, here is where you use your file manager (root) like es file manager, root browser.
Navigate to the system and search for the remaining trojan files and delete manually.
finally download afwall + apk install and activate the firewall, make sure you grant internet access to only apps you know.
caoimhinbatista
caoimhinbatista
caoimhinbatista
Junior Member
34
11-06-2018, 11:26 AM
#10



(11-06-2018, 07:55 AM)Protechacha
(09-06-2018, 02:24 PM)caoimhinbatista Hello everybody,

I got a trojan in my rooted phone (MT6737) Kernel 3.18.19 Android 6.01. It is creating the folde .SDAndroid and .jm which is loaded with some strange files and will result in installing the app "settings" or sometimes "chromes" which are malware.

Since the trojan seems to be part of the stock rom I could not deleted (becaue it will crate againg this foldes byitself and install the apps mentioned)

I was currently looking for a approach to get a custom recovery so I can port a rom and install (I have opend other thread therefore) but unfortunatly I could not get a custom recovery to boot on the phone.

So I would like to ask if there is another solution to get rid of the malware/torjans of this phone. Is it possible to find the trojan causes in stock rom files (like system.img or something like that) and than to remove before flashing via SP Flashtool? 

Or is it possible to get a working stock rom from another phone with same chipset? I flashed some from internet but then phone did not start..

My problem: I want to get rid of the tojan/malware ! Smile

Hope someone could help..
Good news is that your are rooted. That means your have all the tools needed.
Now download Dr. web security, scan the phone for all the trojan apk and associated files. it may request root to succefully delete any system apks, just give it.
It may not be able to remove all the trojans, here is where you use your file manager (root) like es file manager, root browser.
Navigate to the system and search for the remaining trojan files and delete manually.
finally download afwall + apk install and activate the firewall, make sure you grant internet access to only apps you know.

Thanks for your reply. Is that Dr. web security an android app or where can I find this application?
Pages (3): 1 2 3 Next
Users browsing this thread:
 1 Guest(s)
Users browsing this thread:
 1 Guest(s)
YtWhTl
live chat
whatsapp telegram instagram