1. Download our Official Android App: Forums for Android!

Support Help! i have adware that won't go away even after a factory reset!

Discussion in 'Android Help' started by Android Question, Apr 10, 2016.

  1. Android Question

    Thread Starter
    Rank:
    None
    Posts:
    0
    Joined:

    I have an iNew L4 running Android 5.1 on Giff Gaff (which always detects as O2 for some reason) in the UK.

    I am getting pop-ups on the home screen asking me to try out various apps. If I tap on them it takes me to a web page - it's never got further than that before I've killed the browser. It has also lost all my contacts and won't let me answer a call, instead hanging up and giving me an advert pop-up instead. It has been getting worse for a while, but started a long while after I got the phone so I suspect it's something I've installed rather than being factory compromised, but I don't now what by this point.

    I have installed virus scanner apps, removed the sdcard, and done a factory reset several times. I've also just tried rebooting into safe mode and rerunning the virus scanner - that didn't work. The malware won't go away.

    I've tried several virus scanners. Avast, AVG, and Stubborn Trojan Killer all tell me I'm fine, but AVL actually gives me results, telling me I have 3 "risky files". They are (including the text in orange (i don't know how to make it orange here) below each one that I presume is the reason it's risky)

    /system/priv-app/Settings/Settings.apk
    NotVir/Android.AV/Agent.a[gen]
    This app may have sms sending behavior without the user's consent

    /system/priv-app/LQLauncher3/LQLauncher3.apk
    Adware/Android.Waps.a[ads,prv,opd]

    /system/app/Email/Email.apk
    NotVir/Android.GenericDetect.a[gen]

    As I'm getting adverts I suspect it's the second one. Unfortunately AVL doesn't seem to be able to remove the damn thing! Is there a better one out there that might work?

    I've seen a suggestion of installing a root browser and deleting the files manually, but I suspect deleting the settings and launcher apps might be less than ideal!

    Is there anything I can do that I haven't thought of? Do I need to flash a new rom onto my phone? iNew's download page doesn't have a rom for it (and asking their customer services was not very helpful), but this site does - I have no idea which of those I should use! Should I install Cyanogenmod or some other custom rom? Or Ubuntu Touch? (i am running Kubuntu linux on my desktop... though I have access to a windows machine if I need to use one to fix it). Should I just take it into a shop somewhere and ask them to do it?

    I've been poking at this on and off for three or four days now and I'm just getting more confused and annoyed by this point!

     

    Advertisement

  2. AZgl1500

    AZgl1500 Android Expert
    Rank:
    None
    Points:
    618
    Posts:
    6,400
    Joined:
    Feb 3, 2011

    Feb 3, 2011
    6,400
    3,145
    618
    Male
    Retired and loving it.
    Oklahoma grasslands
    First of all, you need to stop from clicking on any advertisement link. That is how that pesky advert got on your phone in the first place.

    2nd, I once experienced the same thing, and it was right after I inadvertently touched the bottom of my phone w/o looking to see where my fingers went....

    and in my case, the only thing that got rid of it was the FDR.... but you say you have done that?
    If it still remains on the phone, then I suspect you are going to have to use Odin and download a new copy of the OS into your phone.

    whatever it is, has somehow, managed to get past permissions and modified one of the system files.

    Have you tried the 3 finger boot up process? Then choose clear out Cache Partitions?
    that has worked "sometimes".
     
    tube517 and LozHensel like this.
  3. The_Chief

    The_Chief Accept no imitations!
    Moderator
    Rank:
     #9
    Points:
    2,043
    Posts:
    13,815
    Joined:
    Nov 17, 2009

    Nov 17, 2009
    13,815
    13,871
    2,043
    Male
    I'm retired: every day's a Monday :P
    Manchester, TN
    What I'm seeing from your post are adware apps that have installed themselves into the /System partition, which is where your operating system is. A factory reset does NOT touch the /System partition. I would advise you to wipe data, cache and system and install a new OS... whether that is the stock firmware or Cyanogen or other custom ROM. Remember to have the new OS on the SD card BEFORE you wipe system, because once you wipe /System there will be nothing to boot to. My 2¢
     
  4. LozHensel

    LozHensel Newbie
    Rank:
    None
    Points:
    36
    Posts:
    14
    Joined:
    Apr 10, 2016

    Apr 10, 2016
    14
    4
    36
    AZgl1500, what is the three finger boot up process? Do you mean the factory settings menu? If so I found that - hold down volume down and power and it boots into it... took me a while to decode it because it was in Chinese, but I managed to find somewhere that had translations. I ran a factory reset from there, but it didn;t seem to do any good. There didn't seem to be a "clear cache" option. I saw a reference to holding volume up and volume down, and power, and I tried that to no avail - nothing happened at all!

    The_Chief yes, it looks like that to me too. I hoped there was something I could do short of trying to flash a new OS on there, but if there isn't I guess I'll have to bite the bullet, pick one of the three from this page http://www.needrom.com/category/inew/l4/ and go for it! I've had a bit of a poke at getting adb to see it under Linux without success, but there are still things to try there.
     
    AZgl1500 likes this.
  5. AZgl1500

    AZgl1500 Android Expert
    Rank:
    None
    Points:
    618
    Posts:
    6,400
    Joined:
    Feb 3, 2011

    Feb 3, 2011
    6,400
    3,145
    618
    Male
    Retired and loving it.
    Oklahoma grasslands
    yes, the Factory Menu at boot.... on Samsungs, it takes 3 fingers to get it to work.
     
    LozHensel likes this.
  6. LozHensel

    LozHensel Newbie
    Rank:
    None
    Points:
    36
    Posts:
    14
    Joined:
    Apr 10, 2016

    Apr 10, 2016
    14
    4
    36
    Ah right. Seems to be 2 on thing. I'm resigned to installing a new rom by this point. It's being fiddly though! The command line tools were out of date and not giving me the options the various walkthroughs I found told me should there... Still, I think i've got that sorted now, onto the next insurmountable task!

    Thanks for your help, can I mark this solved somehow?
     
  7. Hadron

    Hadron  
    VIP Member
    Rank:
     #7
    Points:
    2,218
    Posts:
    22,877
    Joined:
    Aug 9, 2010

    Aug 9, 2010
    22,877
    16,310
    2,218
    Spacecorp Test Pilot
    Dimension Jumping
    Click "Best Answer" on one of the posts and that will mark the thread as "solved".
     
  8. LozHensel

    LozHensel Newbie
    Rank:
    None
    Points:
    36
    Posts:
    14
    Joined:
    Apr 10, 2016

    Apr 10, 2016
    14
    4
    36
    Thanks. Done
     
  9. LozHensel

    LozHensel Newbie
    Rank:
    None
    Points:
    36
    Posts:
    14
    Joined:
    Apr 10, 2016

    Apr 10, 2016
    14
    4
    36
    I've fixed it! I installed a new launcher and deleted the default on. now the symptoms have stopped and it's not being detected any more. Lets hope it stays that way!

    Huge thanks to everyone who's helped me through this!
     

Share This Page

Loading...