1. Are you ready for the Galaxy S20? Here is everything we know so far!

Malware part of the OS? - Reformat not deleting APPs that install themselves.

Discussion in 'Android Devices' started by jaxstraww, Jan 13, 2016.

  1. jaxstraww

    jaxstraww Lurker
    Thread Starter

    My 5 year old did it. I booted up the tablet yesterday which hasn't happened in weeks. Greeted by a host of unsavory apps and it looked like more were loading themselves. Tablet was so locked up I couldn't reset from the reset menu so I used the power button + volume button reset. Machine reset and voila....arg stopped working....voice memos stopped working....fruit ninja installs and something called security 180 I think loads as well. I have it shut off sulking in a corner.

    With this garbage returning I can only conclude it is part of the ROM. I'm more of a PC guy and I think the ROM on a tablet is the same as the BIOS on a PC.

    So, I think I need to flash.
    1. I have no idea how to do this. I'm thinking the ROM is loaded onto the microSD card since no external drive is possible.
    2. What ROM and where do I get it. I have nothing to lose so being on Android 4.xxx doesn't interest me. If there are ways to bring the tablet more up to date without losing functionality of the S pen I'm all for it. Failing that original state is fine.
    3. Walk through on the flash. How? Is there a tutorial? YouTube video?

    Any help is appreciated. I have a brick for a tablet. Going to a store for repair won't happen. Cheaper to buy something newer.

    1. Download the Forums for Android™ app!


  2. Hadron

    Hadron Smoke me a kipper...
    VIP Member

    ROM is OS plus system applications, so more like your OEM's Windows install than the bios. There is some nasty malware these days that can gain root access ("admin" in PC speak) on many devices and install itself to the system. All a factory reset does is erase user apps and data, not system apps, so this would render the malware immune to a reset. Installing apps from dodgy sites is a common way of getting infected. A little surprised that a 5 year old could manage this, but if installation from "unknown sources" was enabled and they clicked on a dodgy ad I could see it happening.

    The malware will not be part of the official ROM (Samsung include a lot of crap, but they aren't that bad yet - though including code from Cheetah Mobile in the latest models comes very close!). Hence you should be able to clear it by reflashing with official firmware. I've never done this with a Samsung, but I believe that you use a Samsung software tool called Kies (which you can download from Samsung) to install firmware updates. You can find firmware for your device at Sammobile.com - select the "firmware" link and enter your model number. As Kies is PC/Mac software I expect the flashing is done over USB from the computer. Somebody in this section will have done this and so will be able to provide more detailed advice if needed (I'm sure it's not too hard to find).
    Crashdamage and mikedt like this.
  3. jaxstraww

    jaxstraww Lurker
    Thread Starter

    Thanks mate. Never had a tablet linked to a PC. I downloaded Odin and the ROM from Sammi something and that is sitting in a folder on the PC.

    Just downloaded Kies which found the tablet and the need for a firmwareupdate. Figure why not but got a batter low message. Tablet was at 47% so hopefully the malware isn't designed to fake out Kies with an always low battery message.

    Do you think that Kies firmware "update" will wipe the current firmware completely? If so, I should be sitting pretty. If it just works on changes I'll have the same garbage on the tablet.
  4. AZgl1500

    AZgl1500 Extreme Android User

    Kies will overwrite the firmware, with what ever file you choose to put on it.
  5. jaxstraww

    jaxstraww Lurker
    Thread Starter

    This is closed. All set.

    Surprised it worked. Kies found an update but when I clicked on intialize got an error it couldn't. No joy from teh Kies program.

    Booted Odin and waited for the yellow COM...Never happened. Started anyway after pointing to the ROM I got from sammimobile. Started. Seen a fail in the 1st box but the 2nd box started going through teh process. Upgraded and got a few google search stopped working messages. Thought it was the old malware acting up again. Did a few updates and restarted. No errors. Booted Kies back up and attached the tablet. Found firmware and agreed it was the latest. So they now matched as before they didn't.

    Looks solid.

    By the way. It was brought up about my son.

    "unknown sources" was enabled

    Where do I check this? Looked in settings and on the google play settings and didn't see the ability to check on and off. I vaguely remember this option years ago to DL some other software.
  6. Hadron

    Hadron Smoke me a kipper...
    VIP Member

    Install from unknown sources means sources other than the Play Store. It's not in the Play Store settings, but generally in the system security settings.

Share This Page