Trojan in my stock rom
Trojan in my stock rom
(11-06-2018, 11:26 AM)caoimhinbatista(11-06-2018, 07:55 AM)Protechacha(09-06-2018, 02:24 PM)caoimhinbatista Hello everybody,Good news is that your are rooted. That means your have all the tools needed.
I got a trojan in my rooted phone (MT6737) Kernel 3.18.19 Android 6.01. It is creating the folde .SDAndroid and .jm which is loaded with some strange files and will result in installing the app "settings" or sometimes "chromes" which are malware.
Since the trojan seems to be part of the stock rom I could not deleted (becaue it will crate againg this foldes byitself and install the apps mentioned)
I was currently looking for a approach to get a custom recovery so I can port a rom and install (I have opend other thread therefore) but unfortunatly I could not get a custom recovery to boot on the phone.
So I would like to ask if there is another solution to get rid of the malware/torjans of this phone. Is it possible to find the trojan causes in stock rom files (like system.img or something like that) and than to remove before flashing via SP Flashtool?
Or is it possible to get a working stock rom from another phone with same chipset? I flashed some from internet but then phone did not start..
My problem: I want to get rid of the tojan/malware !
Hope someone could help..
Now download Dr. web security, scan the phone for all the trojan apk and associated files. it may request root to succefully delete any system apks, just give it.
It may not be able to remove all the trojans, here is where you use your file manager (root) like es file manager, root browser.
Navigate to the system and search for the remaining trojan files and delete manually.
finally download afwall + apk install and activate the firewall, make sure you grant internet access to only apps you know.
Thanks for your reply. I have scanned with Dr. Web and as I have asumed it is the trojan Triada.231 which is integrated in system/lib/libandroid_runtime.so
So I will throw away this phone right now, since I just have this stock rom and the trojan is part of it and unremovable...
(11-06-2018, 07:55 AM)Protechacha(09-06-2018, 02:24 PM)caoimhinbatista Hello everybody,Good news is that your are rooted. That means your have all the tools needed.
I got a trojan in my rooted phone (MT6737) Kernel 3.18.19 Android 6.01. It is creating the folde .SDAndroid and .jm which is loaded with some strange files and will result in installing the app "settings" or sometimes "chromes" which are malware.
Since the trojan seems to be part of the stock rom I could not deleted (becaue it will crate againg this foldes byitself and install the apps mentioned)
I was currently looking for a approach to get a custom recovery so I can port a rom and install (I have opend other thread therefore) but unfortunatly I could not get a custom recovery to boot on the phone.
So I would like to ask if there is another solution to get rid of the malware/torjans of this phone. Is it possible to find the trojan causes in stock rom files (like system.img or something like that) and than to remove before flashing via SP Flashtool?
Or is it possible to get a working stock rom from another phone with same chipset? I flashed some from internet but then phone did not start..
My problem: I want to get rid of the tojan/malware !
Hope someone could help..
Now download Dr. web security, scan the phone for all the trojan apk and associated files. it may request root to succefully delete any system apks, just give it.
It may not be able to remove all the trojans, here is where you use your file manager (root) like es file manager, root browser.
Navigate to the system and search for the remaining trojan files and delete manually.
finally download afwall + apk install and activate the firewall, make sure you grant internet access to only apps you know.
(11-06-2018, 03:33 PM)caoimhinbatista Thanks for your reply. I have scanned with Dr. Web and as I have asumed it is the trojan Triada.231 which is integrated in system/lib/libandroid_runtime.so
So I will throw away this phone right now, since I just have this stock rom and the trojan is part of it and unremovable...
(11-06-2018, 03:33 PM)caoimhinbatista Thanks for your reply. I have scanned with Dr. Web and as I have asumed it is the trojan Triada.231 which is integrated in system/lib/libandroid_runtime.so
So I will throw away this phone right now, since I just have this stock rom and the trojan is part of it and unremovable...
(11-06-2018, 08:26 PM)freshtyt(11-06-2018, 03:33 PM)caoimhinbatista Thanks for your reply. I have scanned with Dr. Web and as I have asumed it is the trojan Triada.231 which is integrated in system/lib/libandroid_runtime.so
So I will throw away this phone right now, since I just have this stock rom and the trojan is part of it and unremovable...
did you try removing the virus using dr web? (doubt if this will be possible but worth a try)
another thing is this, since the virus installs another settings apps then try using link2sd to check for how many settings.apk are currently installed maybe you could try disabling the infected settings apk. you could even try replacing libandroid_runtime.so file from another rom with same specs as yours keeping the same file permissions
Thanks, No Way for Dr. Web and I tried to replace libandroid_runtime.so but then phone does not boot up anymore..
(11-06-2018, 08:32 PM)caoimhinbatista Thanks, No Way for Dr. Web and I tried to replace libandroid_runtime.so but then phone does not boot up anymore..
(12-06-2018, 10:11 AM)Protechacha(11-06-2018, 08:32 PM)caoimhinbatista Thanks, No Way for Dr. Web and I tried to replace libandroid_runtime.so but then phone does not boot up anymore..
well well, i was just about to suggest this Trojan Removal, but after reading about libandroid_runtime.so, i realised you need a custom rom, since stock comes bundles with the malware
Yes that's true I need a new android image (stock rom or custom rom) But I trief to install a custom recovery and it does not work. Phone doesn't boot into recovery. Maybe the phone was prepared to denied a custom recovery since it has the triada trojan..
(16-06-2018, 03:05 PM)caoimhinbatista well well, i was just about to suggest this Trojan Removal, but after reading about libandroid_runtime.so, i realised you need a custom rom, since stock comes bundles with the malware
Yes that's true I need a new android image (stock rom or custom rom) But I trief to install a custom recovery and it does not work. Phone doesn't boot into recovery. Maybe the phone was prepared to denied a custom recovery since it has the triada trojan..