Hi, Guest! Login / Register




Thread Rating:
  • 0 Vote(s) - 0 Average
  • 1
  • 2
  • 3
  • 4
  • 5

[Please help] Malware infection on my MALATA 403 android phone

#21
(This post was last modified: 12-19-2016, 04:38 PM by hovatek. )

(12-19-2016, 11:17 AM)aaeludire@yahoo.com Wrote: Good day,
Trust you had a nice weekend. Well, I have been able to restore back the phone and have succedded in installing kingroot and now I back at the following situation:
Risk app 2
Ceroa: Security risk, unistallation suggested
Deroa: Security risk, unistallation suggested
bct_service: Security risk, unistallation suggested

Bloatware
Deroa
SystemLogCat
SystemLogHktd

System Core App(52)
Removing will cause system error, proceed with caution

I have also downloaded and installed Link2SD. What do I do next? Thanks for your assistance.

Now, scroll through the list of apps on Link2SD.
List out names of suspicious apps and games on the list.
You could also take screenshots as you scroll and attach them so I see what you see


Need further assistance? Speak with a Hovatek Representative:
Working Hours: Mondays - Saturdays ; 09:00 - 18:00 (GMT +1:00)
Reply
#22
(12-19-2016, 04:36 PM)hovatek Wrote:
(12-19-2016, 11:17 AM)aaeludire@yahoo.com Wrote: Good day,
Trust you had a nice weekend. Well, I have been able to restore back the phone and have succedded in installing kingroot and now I back at the following situation:
Risk app 2
Ceroa: Security risk, unistallation suggested
Deroa: Security risk, unistallation suggested
bct_service: Security risk, unistallation suggested

Bloatware
Deroa
SystemLogCat
SystemLogHktd

System Core App(52)
Removing will cause system error, proceed with caution

I have also downloaded and installed Link2SD. What do I do next? Thanks for your assistance.

Now, scroll through the list of apps on Link2SD.
List out names of suspicious apps and games on the list.
You could also take screenshots as you scroll and attach them so I see what you see

After running Link2SD, I have 119 apps identified and they can be grouped into three categories. Category 1 has ~Odex~ in front of their names, Category 2 has Frozen in front of their names and Category 3 has nothing after their names. I have taken a snapshot of some of the apps as attached and I have also grouped all according to the three categories as listed below. I notice that the date of installation for those frozen was 22/11/2016 when I think the phone was infected with malware. Thanks

Category 1 -Odex- 

Android Keyboard (AOSP)
AppGuidePluggin
Backup and Restore
BaterryWarning
Black Hole
Bluetooth Share
Bubbles
Calculator
Calendar
CalendarStorage
CellConnectionService
Certificate installer
Clock
com.android.backupconfirm
com.android.provision
com.android.sharedstorageback
com.android.wallpaper.holospira
Contact
Contact Storage
Dialer
Documents
Download Manager
Downloads
Dr Battery
Drive
DRM/Protected Content Storage
EM SIM/MELock
Email
Engineer Mode
Exchange Services
External Storage
Factory Test
File Manager
FM Radio
Fused Location
Gallery
GSensor Calibrate
HomeScreeentips
ImeiWriter
Input Devices
Key Chair
Launcher3
Live Wallpaper Picker
Magic Smile Wallpaper
Media Storage
Messaging
Mobile anti-theft
MTK Android Smile Daemon
MTK Thermal Manager
Music
MusicFX
Omacp
OneTimeInit
Package Access Helpper
Package Installer
PacProcessor
Phone Beam
Phone
Phone/Messaging Services
Phone Services
Pico TTS
Print Spooler
ProxyHandler
Schedule power on & off
Search Application Provider
Settings
Settings Storage
Shell
ShutDownT
SimToolkit
SimToolkit
SoundRecorder
SystemUI
TDLookScreenView
ToDo
UserDictionary
VCalendar
Video
VpnDialogs
YGPS

Category 2 Frozen 4

SmartNote
SettingService
com.android.sync
AndroidService

Category 3 (without anything in front)

Android System
bct_service
Browser
Ceroa
com.mediatek
Configupdater
Deroa
Gmail
Google Account Manager
Google Backup Transport
Google Calendar Sync
Google Contact Sync
Google Partner Setup
Google Play Services
Google Play Store
Google Search
Google Search Framework
Google Services Framwork
Google+
Hangouts
Kingroot
Link2SD
Location Engineer Mode
Maps
Market Freedom Agent
MTLogger
ObjectService
org.snow.down.update
Weather
Weather Service
Whatsapp
Wireless update
Youtube

Attached Files
.jpg   DSC_0000004.jpg (Size: 10.18 KB / Downloads: 1)
.jpg   DSC_0000005.jpg (Size: 11 KB / Downloads: 1)
.jpg   DSC_0000006.jpg (Size: 10.63 KB / Downloads: 1)
.jpg   DSC_0000007.jpg (Size: 11.44 KB / Downloads: 1)
Reply
#23
(12-19-2016, 08:24 PM)aaeludire@yahoo.com Wrote: ...

Freeze these three apps first
AppGuidePluggin
Bubbles
Dr Battery
then tell me if the malware is still active when data is enabled
Need further assistance? Speak with a Hovatek Representative:
Working Hours: Mondays - Saturdays ; 09:00 - 18:00 (GMT +1:00)
Reply
#24
(12-20-2016, 12:17 PM)hovatek Wrote:
(12-19-2016, 08:24 PM)aaeludire@yahoo.com Wrote: ...

Freeze these three apps first
AppGuidePluggin
Bubbles
Dr Battery
then tell me if the malware is still active when data is enabled

Yes, the malware is still active and ojbect service is always trying to have root access. thanks
Reply
#25
(12-20-2016, 02:49 PM)aaeludire@yahoo.com Wrote: Yes, the malware is still active and ojbect service is always trying to have root access. thanks

Freeze
ObjectService
org.snow.down.update

let me know if malware is still active

Need further assistance? Speak with a Hovatek Representative:
Working Hours: Mondays - Saturdays ; 09:00 - 18:00 (GMT +1:00)
Reply
#26
(12-20-2016, 07:30 PM)hovatek Wrote:
(12-20-2016, 02:49 PM)aaeludire@yahoo.com Wrote: Yes, the malware is still active and ojbect service is always trying to have root access. thanks

Freeze
ObjectService
org.snow.down.update

let me know if malware is still active
A little bit of stability now, though a couple of porn pictures are still coming up but not as frequent as before. Thanks
Now I'm able to use whatsapp on the phone  tonight. Further assistance needed to completely deal with this malware. Thanks so far
Reply
#27
(12-20-2016, 07:30 PM)hovatek Wrote:
(12-20-2016, 02:49 PM)aaeludire@yahoo.com Wrote: Yes, the malware is still active and ojbect service is always trying to have root access. thanks

Freeze
ObjectService
org.snow.down.update

let me know if malware is still active

A little bit of stability now, though a couple of porn pictures are still coming up but not as frequent as before. Thanks
Now I'm able to use whatsapp on the phone  tonight. Further assistance needed to completely deal with this malware. Thanks so far

bct_service is still showing in kingroot as risky though it has been frozen. Likewise for Ceroa and Deroa. These three are still showing when I run kingroot as dangerous.
Reply
#28
(12-20-2016, 11:27 PM)aaeludire@yahoo.com Wrote: A little bit of stability now, though a couple of porn pictures are still coming up but not as frequent as before. Thanks
Now I'm able to use whatsapp on the phone  tonight. Further assistance needed to completely deal with this malware. Thanks so far

bct_service is still showing in kingroot as risky though it has been frozen. Likewise for Ceroa and Deroa. These three are still showing when I run kingroot as dangerous.

Ensure the following apps are frozen

Market Freedom Agent
Deroa
Ceroa
bct_service
AndroidService
SmartNote
SettingService
com.android.sync
TDLookScreenView
ToDo
ShutDownT
Need further assistance? Speak with a Hovatek Representative:
Working Hours: Mondays - Saturdays ; 09:00 - 18:00 (GMT +1:00)
Reply
#29
(12-21-2016, 05:32 PM)hovatek Wrote:
(12-20-2016, 11:27 PM)aaeludire@yahoo.com Wrote: A little bit of stability now, though a couple of porn pictures are still coming up but not as frequent as before. Thanks
Now I'm able to use whatsapp on the phone  tonight. Further assistance needed to completely deal with this malware. Thanks so far

bct_service is still showing in kingroot as risky though it has been frozen. Likewise for Ceroa and Deroa. These three are still showing when I run kingroot as dangerous.

Ensure the following apps are frozen

Market Freedom Agent
Deroa
Ceroa
bct_service
AndroidService
SmartNote
SettingService
com.android.sync
TDLookScreenView
ToDo
ShutDownT

I have done all these and there seems to be relative "peace" from the malware pop ups. Thanks. But kingroot is bringing up some inetrface whenever I connect to electricity for charging the phone. What is next please, have a nice  day.
Reply
#30
(12-22-2016, 09:47 AM)aaeludire@yahoo.com Wrote: I have done all these and there seems to be relative "peace" from the malware pop ups. Thanks. But kingroot is bringing up some inetrface whenever I connect to electricity for charging the phone. What is next please, have a nice  day.

Disable Magic Smile Wallpaper and let me know if there are still signs of malware
The charging interface can always be disabled later
Need further assistance? Speak with a Hovatek Representative:
Working Hours: Mondays - Saturdays ; 09:00 - 18:00 (GMT +1:00)
Reply










Users browsing this thread:
1 Guest(s)