Hi, Guest! Login / Register
Giveaway: Free Hovatek T-shirts, Hoodies & Cufflinks.. I WANT ONE! (Nov 25, 2017)
Thread Rating:
  • 0 Vote(s) - 0 Average
  • 1
  • 2
  • 3
  • 4
  • 5

[Please help] Malware infection on my MALATA 403 android phone

#41
(This post was last modified: 01-17-2017, 10:40 AM by hovatek. )

(01-17-2017, 12:36 AM)[email protected] Wrote: Thanks for your continued assistance

Alright.
Now, do not connect the phone to the internet so more apps aren't added.

1. Delete
bct_service
ceroa
deroa
ojbectservice

Link2SD can show you their file path(s). Use a root browser like ES file explorer or ROM Toolbox lite to delete them.

2. Freeze
HomeScreeentips
FotaProvider
ImeiWriter

3. I noticed SimToolkit appeared twice. Was that an error from you?


Need further assistance? Speak with a Hovatek Representative:
Working Hours: Mondays - Saturdays ; 09:00 - 18:00 (GMT +1:00)
Reply
#42
(01-17-2017, 10:38 AM)hovatek Wrote:
(01-17-2017, 12:36 AM)[email protected] Wrote: Thanks for your continued assistance

Alright.
Now, do not connect the phone to the internet so more apps aren't added.

1.  Delete
bct_service
ceroa
deroa
ojbectservice

Link2SD can show you their file path(s). Use a root browser like ES file explorer or ROM Toolbox lite to delete them.

2. Freeze
HomeScreeentips
FotaProvider
ImeiWriter

3. I noticed SimToolkit appeared twice. Was that an error from you?

Ok will keep the phone offline as directed.

1. How do I get the ES file explorer or ROM toolkit? Please assist

2. I have frozen :
    HomeScreentips
    FotaProvider
    ImeiWriter

3. SimToolkit actually appeared twice, it was not listed in error (one is version 4.4.2 code 19 located at /system/app/Stk1.apk the other is version 1.0 code 1 located at /system/app/StkSelection.apk)

Thank you
Reply
#43
(01-17-2017, 05:03 PM)[email protected] Wrote: Ok will keep the phone offline as directed.

1. How do I get the ES file explorer or ROM toolkit? Please assist

2. I have frozen :
    HomeScreentips
    FotaProvider
    ImeiWriter

3. SimToolkit actually appeared twice, it was not listed in error (one is version 4.4.2 code 19 located at /system/app/Stk1.apk the other is version 1.0 code 1 located at /system/app/StkSelection.apk)

Thank you

1. Download ROM Toolbox lite @ https://hovatek.com/redirect.php?link=ht...lbox-lite/

3. Freeze SimToolkit (system/app/StkSelection.apk)
Need further assistance? Speak with a Hovatek Representative:
Working Hours: Mondays - Saturdays ; 09:00 - 18:00 (GMT +1:00)
Reply
#44
(01-17-2017, 07:06 PM)hovatek Wrote:
(01-17-2017, 05:03 PM)[email protected] Wrote: Ok will keep the phone offline as directed.

1. How do I get the ES file explorer or ROM toolkit? Please assist

2. I have frozen :
    HomeScreentips
    FotaProvider
    ImeiWriter

3. SimToolkit actually appeared twice, it was not listed in error (one is version 4.4.2 code 19 located at /system/app/Stk1.apk the other is version 1.0 code 1 located at /system/app/StkSelection.apk)

Thank you

1. Download ROM Toolbox lite @ https://hovatek.com/redirect.php?link=ht...lbox-lite/

3. Freeze SimToolkit (system/app/StkSelection.apk)
1. I downloaded ROM Toolkit lite and installed. When I ran it I used the Root Browser option to delete the four files given, it says deleted but I can still see the files after the deletion, maybe I have not done something right.

2. I have frozen SimToolkit located at system/app/StkSelection

Thank you
Reply
#45
(01-17-2017, 11:01 PM)[email protected] Wrote: 1. I downloaded ROM Toolkit lite and installed. When I ran it I used the Root Browser option to delete the four files given, it says deleted but I can still see the files after the deletion, maybe I have not done something right.

That's not your fault. Something seems to be replacing them.
OK. Now, backup your firmware in this current state.
Next, enable internet connection and watch closely. If anything starts updating or installling, disable internet connection immediately
waiting..
Need further assistance? Speak with a Hovatek Representative:
Working Hours: Mondays - Saturdays ; 09:00 - 18:00 (GMT +1:00)
Reply
#46
(01-17-2017, 11:01 PM)[email protected] Wrote:
(01-17-2017, 07:06 PM)hovatek Wrote:
(01-17-2017, 05:03 PM)[email protected] Wrote: Ok will keep the phone offline as directed.

1. How do I get the ES file explorer or ROM toolkit? Please assist

2. I have frozen :
    HomeScreentips
    FotaProvider
    ImeiWriter

3. SimToolkit actually appeared twice, it was not listed in error (one is version 4.4.2 code 19 located at /system/app/Stk1.apk the other is version 1.0 code 1 located at /system/app/StkSelection.apk)

Thank you

1. Download ROM Toolbox lite @ https://hovatek.com/redirect.php?link=ht...lbox-lite/

3. Freeze SimToolkit (system/app/StkSelection.apk)
1. I downloaded ROM Toolkit lite and installed. When I ran it I used the Root Browser option to delete the four files given, it says deleted but I can still see the files after the deletion, maybe I have not done something right.

2. I have frozen SimToolkit located at system/app/StkSelection

Thank you
Hi aaeludire,
I have also gone through your problems a few months ago and I managed to completely uninstall the malware/s myself. I am pretty sure that the "malware" that almost made my phone useless back then was the same as what you have on your phone right now. With that, I'm giving you a trick to be able to uninstall those malware/s.
I presume you have done the following:
Installed Kingroot app
Rooted your device

Now, the next you will do is to:
Download the "Lucky Patcher".
(No, we're not going to patch any app. We only need the "Uninstall App" feature of it.)
Install, Open and Give it root access.
Locate the app that seems suspicious. Click on it, a drop down list will appear. (There will be 2 or more malware that needs to be uninstalled - be careful - read T-I-P-S)
Hit the "Uninstall App". (A "Do you really want to uninstall this app" will appear.) Click "YES".

T-I-P-S: (1) Refer to the stock system apps of your stock firmware and compare it with the apps that are currently installed on your system.
(2) If you've successfully uninstalled the malware/s, protect your system right away. Download the "Malwarebytes - Anti-Malware" app on playstore.
(3) Even if your not rooted, an intelligent malware can still get into your system.
(4) To lessen burden on the system, it is important to uninstall the malware than just freezing it.
(5) The newest version of "Kingroot" has the ability to detect and block apps that automatically install by itself in the background without user's knowledge.
(6) Lucky Patcher uninstalls an app better than Kingroot.
(7) The malware you had was actually evolving and spreading since 2013 and is created by a Chinese company (legally operating - whom I can't recall the name) and they even publicly announced that it is making them earn $30,000 to $300,000 a month. A whole lot of money, eh?
(8) Most of the malwares are hiding in clickable ads, porn sites and modded apks.

That's all for now. Let me know if your problem is still there. Thank me later.

Sent from my Ice Plus 2 using Tapatalk
Reply
#47
(01-17-2017, 11:01 PM)[email protected] Wrote:
(01-17-2017, 07:06 PM)hovatek Wrote:
(01-17-2017, 05:03 PM)[email protected] Wrote: Ok will keep the phone offline as directed.

1. How do I get the ES file explorer or ROM toolkit? Please assist

2. I have frozen :
    HomeScreentips
    FotaProvider
    ImeiWriter

3. SimToolkit actually appeared twice, it was not listed in error (one is version 4.4.2 code 19 located at /system/app/Stk1.apk the other is version 1.0 code 1 located at /system/app/StkSelection.apk)

Thank you

1. Download ROM Toolbox lite @ https://hovatek.com/redirect.php?link=ht...lbox-lite/

3. Freeze SimToolkit (system/app/StkSelection.apk)
1. I downloaded ROM Toolkit lite and installed. When I ran it I used the Root Browser option to delete the four files given, it says deleted but I can still see the files after the deletion, maybe I have not done something right.

2. I have frozen SimToolkit located at system/app/StkSelection

Thank you
Hi Aaeludire,
I have also gone through your problems a few months ago and I managed to completely uninstall the malware/s myself. I am pretty sure that the "malware" that almost made my phone useless back then was the same as what you have on your phone right now. With that, I'm giving you a trick to be able to uninstall those malware/s.
I presume you have done the following:
•• Installed Kingroot app
•• Rooted your device

Now, the next you will do is to:
•• Download the "Lucky Patcher".
(No, we're not going to patch any app. We only need the "Uninstall App" feature of it.)
•• Install, Open and Give it root access.
•• Locate the app that seems suspicious. Click on it, a drop down list will appear. (There will be 2 or more malware that needs to be uninstalled - be careful - read T-I-P-S)
•• Hit the "Uninstall App". (A "Do you really want to uninstall this app" will appear.) Click "YES".

T-I-P-S: (1) Refer to the stock system apps of your stock firmware and compare it with the apps that are currently installed on your system.
(2) If you've successfully uninstalled the malware/s, protect your system right away. Download the "Malwarebytes - Anti-Malware" app on playstore.
(3) Even if your not rooted, an intelligent malware can still get into your system.
(4) To lessen burden on the system, it is important to uninstall the malware than just freezing it.
(5) The newest version of "Kingroot" has the ability to detect and block apps that automatically install by itself in the background without user's knowledge.
(6) Lucky Patcher uninstalls an app better than Kingroot.
(7) The malware you had was actually evolving and spreading since 2013 and is created by a Chinese company (legally operating - whom I can't recall the name) and they even publicly announced that it is making them earn $30,000 to $300,000 a month. A whole lot of money, eh?
(8) Most of the malwares are hiding in clickable ads, porn sites and modded apks.

That's all for now. Let me know if your problem is still there. Thank me later.

Sent from my Ice Plus 2 using Tapatalk
Reply
#48
(01-18-2017, 12:02 PM)vinnce143 Wrote:
(01-17-2017, 11:01 PM)[email protected] Wrote:
(01-17-2017, 07:06 PM)hovatek Wrote:
(01-17-2017, 05:03 PM)[email protected] Wrote: Ok will keep the phone offline as directed.

1. How do I get the ES file explorer or ROM toolkit? Please assist

2. I have frozen :
    HomeScreentips
    FotaProvider
    ImeiWriter

3. SimToolkit actually appeared twice, it was not listed in error (one is version 4.4.2 code 19 located at /system/app/Stk1.apk the other is version 1.0 code 1 located at /system/app/StkSelection.apk)

Thank you

1. Download ROM Toolbox lite @ https://hovatek.com/redirect.php?link=ht...lbox-lite/

3. Freeze SimToolkit (system/app/StkSelection.apk)
1. I downloaded ROM Toolkit lite and installed. When I ran it I used the Root Browser option to delete the four files given, it says deleted but I can still see the files after the deletion, maybe I have not done something right.

2. I have frozen SimToolkit located at system/app/StkSelection

Thank you
Hi Aaeludire,
I have also gone through your problems a few months ago and I managed to completely uninstall the malware/s myself. I am pretty sure that the "malware" that almost made my phone useless back then was the same as what you have on your phone right now.  With that, I'm giving you a trick to be able to uninstall those malware/s.
I presume you have done the following:
•• Installed Kingroot app
•• Rooted your device

Now, the next you will do is to:
•• Download the "Lucky Patcher".
(No, we're not going to patch any app. We only need the "Uninstall App" feature of it.)
•• Install, Open and Give it root access.
•• Locate the app that seems suspicious. Click on it, a drop down list will appear. (There will be 2 or more malware that needs to be uninstalled - be careful - read T-I-P-S)
•• Hit the "Uninstall App". (A "Do you really want to uninstall this app" will appear.) Click "YES".

T-I-P-S: (1) Refer to the stock system apps of your stock firmware and compare it with the apps that are currently installed on your system.
(2) If you've successfully uninstalled the malware/s, protect your system right away. Download the "Malwarebytes - Anti-Malware" app on playstore.
(3) Even if your not rooted, an intelligent malware can still get into your system.
(4) To lessen burden on the system, it is important to uninstall the malware than just freezing it.
(5) The newest version of "Kingroot" has the ability to detect and block apps that automatically install by itself in the background without user's knowledge.
(6) Lucky Patcher uninstalls an app better than Kingroot.
(7) The malware you had was actually evolving and spreading since 2013 and is created by a Chinese company (legally operating - whom I can't recall the name) and they even publicly announced that it is making them earn $30,000 to $300,000 a month. A whole lot of money, eh?
(8) Most of the malwares are hiding in clickable ads, porn sites and modded apks.

That's all for now. Let me know if your problem is still there. Thank me later.

Sent from my Ice Plus 2 using Tapatalk

Thanks Vinnce143,
I have a couple of questions please since I'm not familiar with these procedures:
1. where do i download Lucky Patcher
2. how do I get the stock system apps of my stock firmware (MALATA 403) for comparison with the apps that are currently installed now.
I will do as advised as soon as I have your answers to the questions above.
Thanks for your assistance.
Reply
#49
Hi Aaeludire,
Before we proceed to downloading the "Lucky Patcher" app, disable/freeze the following system apps first: (DO NOT Uninstall, we will re-enable/it later)
•• Download Manager
•• Wireless Update
The Malware actually tricks your System Updater into thinking there is a Software Update for your phone. That's why every time you turn on the internet, a download task is executed automatically in the background.
Now that we have disabled/froze the "Download Manager", you can't download anything unless an app has its own download manager.

This time, we will be needing another phone/device to download the "Lucky Patcher" app. Enough talking download the "Lucky Patcher" app here https://luckypatcher.co/
Find and click the "Download Lucky Patcher APK" button.
The download will then start. When finished, send it to your phone via Bluetooth or transfer the SD Card.
Install, Open and Give it root access. (Further steps are already provided on my previous post.)
Note: Lucky Patcher will not display system apps by default but there's an option for that, (1) go to the SETTINGS of the lucky patcher app, (2) find and click "Filter", (3) Check "Show System Apps" option. Done.
Note: Frozen Apps will appear at the bottom.

"What about the stock system apps for comparison with the currently installed system apps?"
No need my dear, forget about it. I have reviewed your previous conversation with a hovatek representative and I found out that there is no app that needs to be disabled anymore. NOT ALL apps that you disabled/froze previously needs to be uninstalled.

Update your Kingroot app to the latest version (The latest version has the ability to detect and block automatic app installation) for a smarter and safer trick and only uninstall apps that were detected by the Kingroot app as "unsafe".
Note: Don't use Kingroot as the uninstaller for the malware, Kingroot will uninstall the malware but it will keep reinstalling itself after every reboot. Lucky Patcher's built-in uninstaller will do the trick.
If there are apps that constantly force close (like every 10 seconds), uninstall it too.

Ohhh... I almost forgot, Enable/Unfreeze "Download Manager" app & "Wireless Update" app. Connect to the internet and test if the problem is still there.
There may still be script blueprints/remnants caused by the malware but don't worry, download the "Malwarebytes - Anti-Malware" app from Playstore and scan your system. Goodluck!

Sent from my Ice Plus 2 using Tapatalk
Reply
#50
Hi Aaeludire,
If you disabled/froze the

Sent from my Ice Plus 2 using Tapatalk
Reply










Users browsing this thread:
1 Guest(s)