hijacked browser

[yusername]

help me
I've been having problems with android's browser for over a month. it won't let me change the homepage, it keeps resetting to ftzh.com. I've also noticed that it doesn't let me block flash objects (the option to block until you click to activate), or maybe it doesn't save any changes in the settings.
I tried everything I found on android forums and nothing solved it. I tried clearing cache, cookies, history on the browser. I tried force-stopping it and clearing cache and data in the app settings, and then turn off WiFi and change the settings in the bowser. I tried to change the settings in debug mode. I installed every antivirus and ad-removing apps, nothing. resetting browser to default sets said website as the homepage (how can I edit the default settings?). I found a download link for the browser but I got an error when i tried to install it. I don't want to do a factory reset to he tablet just because of the browser.
I don't know which app might have caused this, I bought this tablet nearly 3 months ago, and installed a lot of apps on it in the same week.

I have android 4.1.1
any ideas??

 

[chanchan05]

Get Addons Detector on your tablet and run it. It will find which app does it.

 

[SiempreTuna]

Sounds like you've been pwned.

I think I would do a factory reset - you don't know what's on there and whether any AV will pick it up. Even a factory reset isn't 100% as you're not reformatting the storage, but its probably the best option available.

 

[funkylogik]

What does pwned mean mate? Ive seen it mentioned a few times

 

[LilBit]

What does pwned mean mate? Ive seen it mentioned a few times

What is PWNED?
PWNED is "Owned, dominated" or "Perfectly Owned

What does PWNED mean? - PWNED Definition - Meaning of PWNED - InternetSlang.com

 

[SiempreTuna]

Owned. Hackers used to use it back in the day when they successfully took control of a remote machine.

I thought it came from a mis-spelling in a barely literate message inside an early virus .. but I can't find anything on Google to back that up

 

[funkylogik]

Ahh thanx peeps :beer::beer:

 

[Harry2]

I think it's caused by a recently installed or updateted app on your phone.
Catch this culprit app with Lookout Ad Network Detector and uninstall it.

This thread's first post by Hadron will give you more info ...
Push Advertising and Browser Redirection

Harry

 

[yusername]

I have some apps that display ads inside the app, not in the notification area. nothing that redirects the browsers homepage.
wouldn't a factory reset remove all the apps I have installed (with all their data)?
I'll try to use a different browser, although they're not as fast as androids browser, until someone finds a solution for this :/
but it scares me to think that I may have a malware that sends personal info/passwords to a hacker.

 

[Mayhem]

I have some apps that display ads inside the app, not in the notification area. nothing that redirects the browsers homepage.
wouldn't a factory reset remove all the apps I have installed (with all their data)?
I'll try to use a different browser, although they're not as fast as androids browser, until someone finds a solution for this :/
but it scares me to think that I may have a malware that sends personal info/passwords to a hacker.

Yes, a factory reset wipes the phone back to how it was when you took it out of the package. It's drastic, but ensures that there's no residual garbage.

Install Lookout and Lookout Ad Network Detector. Let 'em scan and do what they say.

Let us know if there's any issues.

 

[yusername]

antivirus scans (from lookout and others) always return nothing, they alerted about having USB debugging on and other android settings that I disabled.
I think that the ad network detector found an app that modifies the homepage last month, which I uninstalled immediately, if I remember right it was about learning java. now the results show 'collect location information' and 'collect device or mobile network information'. I expanded them and they're about in-app ads. can these pay-to-remove-ads apps be the problem? most of the apps I install have at least 500k downloads.

 

[chanchan05]

No, I have pay to remove ad apps but my browsers work fine. There's probably a remnant code somewhere. Try installing Clueful. Thats a bit more comprehensive about permissions per app. Look for one that says access to alter browser settings.

 

[mikedt]

All these apps you've downloaded, where did they come from? Not Google Play or Amazon I presume? The Pirate Bay, Chinese app stores?

Sounds like you've been pwned.

I'm thinking it's seriously pwned as well. Is this device rooted? If so, something could have been nobbled, or changed at the system level, and so doing a factory reset may not fix it. And it might not even be detectable by Lookout or whatever. Probably would have to be wiped completely and and the ROM re-installed.

This ftzh.com looks like some kind of affiliate link spam site...probably Chinese or Russian.

 

[yusername]

I only install apps from Google play. a few days ago I downloaded the browser to try to reinstall/update it, but it didn't let me, error parsing file or something.
and it's not rooted, it voids the 1 year warranty that I have on it, I didn't even remove the ugly sticker on the back.
however, avg antivirus alerted that it has been rooted. I think it was avg, I've installed all the antivirus apps I found in the play store.. but according to another app that shows if a device has been rooted or not, it's not rooted.
I don't think that it's because it's a cheap tablet, my brother has a tablet from the same unknown brand and he doesn't have problems with the browser.

 

[sdrawkcab25]

sadly, a factory reset sounds like your best option at this point.