Hovatek Forum MOBILE Android Trojan in my stock rom
Can't login? Please, reset your password.
Hovatek is recruiting! Apply Now


Trojan in my stock rom

Trojan in my stock rom

Pages (3): Previous 1 2 3 Next
caoimhinbatista
caoimhinbatista
caoimhinbatista
Junior Member
34
11-06-2018, 03:11 PM
#11



(11-06-2018, 11:26 AM)caoimhinbatista
(11-06-2018, 07:55 AM)Protechacha
(09-06-2018, 02:24 PM)caoimhinbatista Hello everybody,

I got a trojan in my rooted phone (MT6737) Kernel 3.18.19 Android 6.01. It is creating the folde .SDAndroid and .jm which is loaded with some strange files and will result in installing the app "settings" or sometimes "chromes" which are malware.

Since the trojan seems to be part of the stock rom I could not deleted (becaue it will crate againg this foldes byitself and install the apps mentioned)

I was currently looking for a approach to get a custom recovery so I can port a rom and install (I have opend other thread therefore) but unfortunatly I could not get a custom recovery to boot on the phone.

So I would like to ask if there is another solution to get rid of the malware/torjans of this phone. Is it possible to find the trojan causes in stock rom files (like system.img or something like that) and than to remove before flashing via SP Flashtool? 

Or is it possible to get a working stock rom from another phone with same chipset? I flashed some from internet but then phone did not start..

My problem: I want to get rid of the tojan/malware ! Smile

Hope someone could help..
Good news is that your are rooted. That means your have all the tools needed.
Now download Dr. web security, scan the phone for all the trojan apk and associated files. it may request root to succefully delete any system apks, just give it.
It may not be able to remove all the trojans, here is where you use your file manager (root) like es file manager, root browser.
Navigate to the system and search for the remaining  trojan files and delete manually.
finally download afwall + apk install and activate the firewall, make sure you grant internet access to only apps you know.

Thanks for your reply. I have scanned with Dr. Web and as I have asumed it is the trojan Triada.231 which is integrated in system/lib/libandroid_runtime.so
So I will throw away this phone right now, since I just have this stock rom and the trojan is part of it and unremovable...
caoimhinbatista
caoimhinbatista
caoimhinbatista
Junior Member
34
11-06-2018, 03:33 PM
#12
(11-06-2018, 07:55 AM)Protechacha
(09-06-2018, 02:24 PM)caoimhinbatista Hello everybody,

I got a trojan in my rooted phone (MT6737) Kernel 3.18.19 Android 6.01. It is creating the folde .SDAndroid and .jm which is loaded with some strange files and will result in installing the app "settings" or sometimes "chromes" which are malware.

Since the trojan seems to be part of the stock rom I could not deleted (becaue it will crate againg this foldes byitself and install the apps mentioned)

I was currently looking for a approach to get a custom recovery so I can port a rom and install (I have opend other thread therefore) but unfortunatly I could not get a custom recovery to boot on the phone.

So I would like to ask if there is another solution to get rid of the malware/torjans of this phone. Is it possible to find the trojan causes in stock rom files (like system.img or something like that) and than to remove before flashing via SP Flashtool? 

Or is it possible to get a working stock rom from another phone with same chipset? I flashed some from internet but then phone did not start..

My problem: I want to get rid of the tojan/malware ! Smile

Hope someone could help..
Good news is that your are rooted. That means your have all the tools needed.
Now download Dr. web security, scan the phone for all the trojan apk and associated files. it may request root to succefully delete any system apks, just give it.
It may not be able to remove all the trojans, here is where you use your file manager (root) like es file manager, root browser.
Navigate to the system and search for the remaining trojan files and delete manually.
finally download afwall + apk install and activate the firewall, make sure you grant internet access to only apps you know.



Thanks for your reply. I have scanned with Dr. Web and as I have asumed it is the trojan Triada.231 which is integrated in system/lib/libandroid_runtime.so
So I will throw away this phone right now, since I just have this stock rom and the trojan is part of it and unremovable...
Protechacha
Protechacha
Protechacha
Techie Member
43
11-06-2018, 04:51 PM
#13
(11-06-2018, 03:33 PM)caoimhinbatista Thanks for your reply. I have scanned with Dr. Web and as I have asumed it is the trojan Triada.231 which is integrated in system/lib/libandroid_runtime.so
So I will throw away this phone right now, since I just have this stock rom and the trojan is part of it and unremovable...

its good we know the cause, some trojan are undeletable even with rooted file manager, however there this adb command which works magic on such trojans, lemme find it and post it for you
freshtyt
freshtyt
freshtyt
Senior Member
2,949
11-06-2018, 08:26 PM
#14
(11-06-2018, 03:33 PM)caoimhinbatista Thanks for your reply. I have scanned with Dr. Web and as I have asumed it is the trojan Triada.231 which is integrated in system/lib/libandroid_runtime.so
So I will throw away this phone right now, since I just have this stock rom and the trojan is part of it and unremovable...

did you try removing the virus using dr web? (doubt if this will be possible but worth a try)
another thing is this, since the virus installs another settings apps then try using link2sd to check for how many settings.apk are currently installed maybe you could try disabling the infected settings apk. you could even try replacing libandroid_runtime.so file from another rom with same specs as yours keeping the same file permissions
caoimhinbatista
caoimhinbatista
caoimhinbatista
Junior Member
34
11-06-2018, 08:32 PM
#15



(11-06-2018, 08:26 PM)freshtyt
(11-06-2018, 03:33 PM)caoimhinbatista Thanks for your reply. I have scanned with Dr. Web and as I have asumed it is the trojan Triada.231 which is integrated in system/lib/libandroid_runtime.so
So I will throw away this phone right now, since I just have this stock rom and the trojan is part of it and unremovable...

did you try removing the virus using dr web? (doubt if this will be possible but worth a try)
another thing is this, since the virus installs another settings apps then try using link2sd to check for how many settings.apk are currently installed maybe you could try disabling the infected settings apk. you could even try replacing libandroid_runtime.so file from another rom with same specs as yours keeping the same file permissions

Thanks, No Way for Dr. Web and I tried to replace libandroid_runtime.so but then phone does not boot up anymore..
Protechacha
Protechacha
Protechacha
Techie Member
43
12-06-2018, 10:11 AM
#16
(11-06-2018, 08:32 PM)caoimhinbatista Thanks, No Way for Dr. Web and I tried to replace libandroid_runtime.so but then phone does not boot up anymore..

well well, i was just about to suggest this Trojan Removal, but after reading about  libandroid_runtime.so, i realised you need a custom rom, since stock comes bundles with the malware
caoimhinbatista
caoimhinbatista
caoimhinbatista
Junior Member
34
16-06-2018, 03:05 PM
#17
(12-06-2018, 10:11 AM)Protechacha
(11-06-2018, 08:32 PM)caoimhinbatista Thanks, No Way for Dr. Web and I tried to replace libandroid_runtime.so but then phone does not boot up anymore..

well well, i was just about to suggest this Trojan Removal, but after reading about  libandroid_runtime.so, i realised you need a custom rom, since stock comes bundles with the malware


Yes that's true I need a new android image (stock rom or custom rom) But I trief to install a custom recovery and it does not work. Phone doesn't boot into recovery. Maybe the phone was prepared to denied a custom recovery since it has the triada trojan.. 
hovatek
hovatek
hovatek
Administrator
49,570
18-06-2018, 11:30 AM
#18
(16-06-2018, 03:05 PM)caoimhinbatista well well, i was just about to suggest this Trojan Removal, but after reading about  libandroid_runtime.so, i realised you need a custom rom, since stock comes bundles with the malware


Yes that's true I need a new android image (stock rom or custom rom) But I trief to install a custom recovery and it does not work. Phone doesn't boot into recovery. Maybe the phone was prepared to denied a custom recovery since it has the triada trojan.. 

Lets say we were able to get a custom recovery to work on your device, do you have a compatible custom rom?

Note!
We have a reply schedule for Free Support. Please upgrade to Private Support if you can't wait.
caoimhinbatista
caoimhinbatista
caoimhinbatista
Junior Member
34
20-06-2018, 07:46 PM
#19
Hello,

I could now get a ported twrp to work. It just work after flashing via sp flashtool and directly boot into recovery without normal boot. I found some custom roms for mt6737 in goolgle and ported them by replacing files from stock to port but after flash phone keeps in bootloop. Furthermore I have noticed that my stock does not have a lib64 folder so I skiped this step of replacing files.

Maybe somone could port a rom for it. Its kernel 3.18.19 Android 6.01 mt6737..
caoimhinbatista
caoimhinbatista
caoimhinbatista
Junior Member
34
24-06-2018, 04:39 AM
#20



Hi,

I have tried again replacing my libandroid_runtime.so with another (from stock rom of bluboo edge) and it worked.

I just took the file and replaced it via root explorer. I was wondering if it could work since the Bluboo Edge has almost same specs as my device. After replacing the file phone rebooted quick from itself. Then I scanned the device with Dr. Web and no warnings anymore. I also put my original stock libandroid_runtime.so in my external sd card to check and Dr. web identified the trojan immediately.
So now it seems I am running a clean libandroid_runtime.so in my system/lib folder...

Could this really have solved the problem? Almost unbelivable since all triada231 related content in internet are telling that you need a new android image... Smile
This post was last modified: 24-06-2018, 11:14 AM by caoimhinbatista.
Pages (3): Previous 1 2 3 Next
Users browsing this thread:
 1 Guest(s)
Users browsing this thread:
 1 Guest(s)
YtWhTl
live chat
whatsapp telegram instagram