As title stated, i have a problem with a rooted virus on my phone. It could be GhostPush, or it may be Hummer, the new chinese virus, hence the name of the apk it downloads, that i'll show in the screenshots.
I tried anti-viruses, and they're all worthless; Yes, they detect SOME files that get downloaded by said virus, but they are no help when it comes to the virus itself. I tried to Factory Reset on several occasions, to no avail; and even start in safe mode after the factory reset and connect to the wi-fi; still downloads the malicious files. And no matter how many times i delete those number named files and the apk named SDK, they just keep getting downloaded right back up.
What makes me think it's rooted and not getting downloaded from google store when i connect to it?
Here's the answer: It doesn't need me connecting an account to Google Store. Just now, fresh out after a 9000th factory reset i did on this phone, i connect to the Wi-fi, and the malicious files get downloaded in my Download phone; and no, it is in the internal storage; i do not have my SD card in.
Here's my theory: There's some script of some sort rooted in my phone [ the virus ] which activates when i connect to the Wi-Fi, and it makes it so that it uses the system/default Browser app [ which i cannot uninstall, phone's not rooted ] and it goes to some website where i get these malicious files from.
And these malicious files do the following:
-Prompts me with a full-screen window at total random times that if i play say a tapping game and i tap on it, it instantly downloads an app like AliExpress, some boost apps and the such. Fortunately and not, there's an X in the top right; Fortunately, i can close that adware window and avoid installing the app [ Which btw is from an unknown source, even though i have the "Allow downloads from unknown sources" unchecked, so that's utterly worthless. ] Unfortunately, it shows that i'm active and will prompt another one of those ad windows at unexpected times.
-Adds a smaller sized window that does about the same thing, still can tap on the X to close it
-Takes me to Ali Express or some other app, while in google play, on it's own. Just like that, i get into google play to look for some games or what-not and it instantly takes me to the page of that Ali Express or the other apps.
-Whenever i'm in Google Chrome from the phone app, it gets me to some adware tab that it opens on it's own, which i try to close immediately, because it starts downloading stuff on it's own accord.
-The adware showing on every single app or game i would happen to be in, regardless of time or activity.
And with that i ask you.. Is there any way for me to rid myself of this virus? I want to ask and hopefully get to understand better what i have to do, before i root my phone and delete the wrong thing that would prove fatal to my phone.
I will also leave some screenshots to the problems and what i get in the download folder. Oh, and there's usually way more of those number named files, but these screenshots are literally fresh out of a Factory Reset, after i've connected to the wi-fi. And there should be a website there, that i think is where the virus directs me to get those malicious files. Also, there seems to be some script in the virus, making a game i was once playing allow the adwares to show over the game.
Screenshots: http://imgur.com/a/uwaRc
I tried anti-viruses, and they're all worthless; Yes, they detect SOME files that get downloaded by said virus, but they are no help when it comes to the virus itself. I tried to Factory Reset on several occasions, to no avail; and even start in safe mode after the factory reset and connect to the wi-fi; still downloads the malicious files. And no matter how many times i delete those number named files and the apk named SDK, they just keep getting downloaded right back up.
What makes me think it's rooted and not getting downloaded from google store when i connect to it?
Here's the answer: It doesn't need me connecting an account to Google Store. Just now, fresh out after a 9000th factory reset i did on this phone, i connect to the Wi-fi, and the malicious files get downloaded in my Download phone; and no, it is in the internal storage; i do not have my SD card in.
Here's my theory: There's some script of some sort rooted in my phone [ the virus ] which activates when i connect to the Wi-Fi, and it makes it so that it uses the system/default Browser app [ which i cannot uninstall, phone's not rooted ] and it goes to some website where i get these malicious files from.
And these malicious files do the following:
-Prompts me with a full-screen window at total random times that if i play say a tapping game and i tap on it, it instantly downloads an app like AliExpress, some boost apps and the such. Fortunately and not, there's an X in the top right; Fortunately, i can close that adware window and avoid installing the app [ Which btw is from an unknown source, even though i have the "Allow downloads from unknown sources" unchecked, so that's utterly worthless. ] Unfortunately, it shows that i'm active and will prompt another one of those ad windows at unexpected times.
-Adds a smaller sized window that does about the same thing, still can tap on the X to close it
-Takes me to Ali Express or some other app, while in google play, on it's own. Just like that, i get into google play to look for some games or what-not and it instantly takes me to the page of that Ali Express or the other apps.
-Whenever i'm in Google Chrome from the phone app, it gets me to some adware tab that it opens on it's own, which i try to close immediately, because it starts downloading stuff on it's own accord.
-The adware showing on every single app or game i would happen to be in, regardless of time or activity.
And with that i ask you.. Is there any way for me to rid myself of this virus? I want to ask and hopefully get to understand better what i have to do, before i root my phone and delete the wrong thing that would prove fatal to my phone.
I will also leave some screenshots to the problems and what i get in the download folder. Oh, and there's usually way more of those number named files, but these screenshots are literally fresh out of a Factory Reset, after i've connected to the wi-fi. And there should be a website there, that i think is where the virus directs me to get those malicious files. Also, there seems to be some script in the virus, making a game i was once playing allow the adwares to show over the game.
Screenshots: http://imgur.com/a/uwaRc