1. Download our Official Android App: Forums for Android!

Support malware/spyware built into phone - help

Discussion in 'Android Help' started by little_green, Apr 28, 2016.

  1. little_green

    little_green Member
    Thread Starter
    Rank:
    None
    Points:
    26
    Posts:
    52
    Joined:
    Apr 28, 2016

    Apr 28, 2016
    52
    4
    26
    Female
    So I ordered as Chinese phone off eBay from UK warehouse but Chinese seller. Box was unsealed when it arrived but the excuse for this could be that the original eu charger was removed and a UK adapted put in instead.
    I did a massage bytes scan straight away and it came back clean, same with 360 security scan.
    360 security and found something
    BUT
    i've browsed through the app list under settings and the only one I see which I'm not sure what is is something called "pandora's box" and pandora's box service 3.6mb and 86kb respecively.
    under app permissions for the second it basically lists everythings phone calls, texts, camera , audio gps, contacts, set alarm , screen lock, add and move acounts, change system settings, change network connections, control flashlight.....

    neither can be uninstalled from the phone or disabled, just force stopped which makes no difference.

    i have googled pandoras box which comes up to be an actual real app BUT this is NOT what is on my phone as I can install it which I wouldn't be able to do and as I said nothing called Pandora's box appears in my app tray it point appears under settongs-apps-all apps

    Can take as screen shot of needed.

    Can anyone help at all shed some light on this. I would just return thee phone but I'd have to do it signed to make sure the seller couldn't just say they never got the rerun paackaage which would cost £10-20 and it's probably not worth the hassle for thee cost of the phone.

    It's a really nice phone with good specs and design build I hope to be able to resolve this and keep it.
    Hope someone out there caann help

     

    Advertisement

  2. chanchan05

    chanchan05 The Doctor
    Rank:
     #25
    Points:
    1,108
    Posts:
    15,147
    Joined:
    Jun 30, 2011

    Jun 30, 2011
    15,147
    4,822
    1,108
    Male
    Root and uninstall pandora's box maybe? Or at least block it from accessing internet.
     
  3. little_green

    little_green Member
    Thread Starter
    Rank:
    None
    Points:
    26
    Posts:
    52
    Joined:
    Apr 28, 2016

    Apr 28, 2016
    52
    4
    26
    Female
    how do I stop it from accessing the internet?
    i've been browsing through the phone and it seems there are quite a few apps that have access to basically everything - another example is locationEM2

    are my options to either
    1 - root the phone and uninstall these strange apps
    2 - try flashing new stock rom

    if there are any easier process please let me know. which of the above is easier? are either gaurenteed to get rid of these suspicious apps.
     
  4. svim

    svim Android Expert
    Rank:
     #45
    Points:
    608
    Posts:
    3,851
    Joined:
    Dec 19, 2013

    Dec 19, 2013
    3,851
    2,864
    608
    Illinois
    Please give us more details -- the phone model and manufacturer, and which version of Android it's running.
    As it sounds like the problem apps/processes are running as system apps, you'll need to root your phone to disable and remove them. Depending on what model phone the rooting process may be relatively quick and simple, or it could be a project that requires a lot of online searching with repeated attempts to find a procedure that finally works.
     
  5. svim

    svim Android Expert
    Rank:
     #45
    Points:
    608
    Posts:
    3,851
    Joined:
    Dec 19, 2013

    Dec 19, 2013
    3,851
    2,864
    608
    Illinois
    electricpete likes this.
  6. little_green

    little_green Member
    Thread Starter
    Rank:
    None
    Points:
    26
    Posts:
    52
    Joined:
    Apr 28, 2016

    Apr 28, 2016
    52
    4
    26
    Female

    Hi thanks for a helpful response. It's an infocus m560 (also know as m808 and v5) it's running Android version 5.1
    I've found stock rom for it I could try flashing that but that assumes they aren't part of the original and that the 3rd party seller I got thee phone from put those malware apps on.
    I've never rooted or flashed before so a noob but Willing to try anything that'll work and make the phone safe to use
     
    #6 little_green, Apr 28, 2016
    Last edited: Apr 28, 2016
  7. svim

    svim Android Expert
    Rank:
     #45
    Points:
    608
    Posts:
    3,851
    Joined:
    Dec 19, 2013

    Dec 19, 2013
    3,851
    2,864
    608
    Illinois
    I don't see much online about rooting your M560, hopefully someone will reply to this with better info and knowledge. It's not something you want to do without having everything thoroughly researched first.
    In the meantime give NetGuard some thought, a software firewall is nice way to filter a lot of things, not just troublesome things like your Pandora's Box.
     
    electricpete likes this.
  8. electricpete

    electricpete Android Expert
    Rank:
     #64
    Points:
    393
    Posts:
    2,072
    Joined:
    Jan 7, 2012

    Jan 7, 2012
    2,072
    1,028
    393
    Male
    Electrical Engineer
    +1 for netguard in general. Lightweight and open source no-root firewall.
     
    mikeyd06340 likes this.
  9. little_green

    little_green Member
    Thread Starter
    Rank:
    None
    Points:
    26
    Posts:
    52
    Joined:
    Apr 28, 2016

    Apr 28, 2016
    52
    4
    26
    Female
    Thanks I'll probably give net guard a shot.
    I read it only stops the app connecting to the internet though and my biggest concern is the apps recording audio by activating microphone when they shouldn't be and same with the camera and recording when they shouldn't be....how will disabling these apps to access the internet affect either of the above (or their app permissions for anything else)
    - sorry as I say I'm a noob

    Also if it helps the stock rom I found for the device is listed here
    https://androidmtk.com/download-infocus-stock-rom
    So maybe someone can comment about how trusty that source is?
    There seem to be step by sstepp instructions of how too flash it, but again that's only going to help if the issue isn't built into the stock rom... I guess there's no way of checking that before hand?

    Thanks for being so hellpful
     
  10. little_green

    little_green Member
    Thread Starter
    Rank:
    None
    Points:
    26
    Posts:
    52
    Joined:
    Apr 28, 2016

    Apr 28, 2016
    52
    4
    26
    Female
    Would root be required in order to flash the stock rom?
     
  11. svim

    svim Android Expert
    Rank:
     #45
    Points:
    608
    Posts:
    3,851
    Joined:
    Dec 19, 2013

    Dec 19, 2013
    3,851
    2,864
    608
    Illinois
    A firewall app will block incoming/outgoing network traffic, typically apps/processes that you pick and choose to allow or block. So even though that Pandora's Box app will still be trying to do things on your phone, once you've blocked it from any online access it's ability to communicate is cut off, it won't be able to send out any of your data it's collected. NetGuard is just a suggestion pertaining to your specific issue, ideally it would be best to delete that Pandora's problem (although I think a firewall app is a pretty useful utility to have on your phone in any case).

    As for that firmware site you linked, at the bottom of the page there are footnotes that state those are from InFocus. As the problem apps appear to be installed by InFocus I'm guessing that they're part of the firmware images, but again, that's just an assumption. Their instructions on flashing the firmware appear to be well-illustrated and thorough, and using their indicated utility doesn't indicate the need for rooting your phone.
    If you feel up to it try and flash the firmware and if Pandora's Box is still there just block it with NetGuard. Don't forget to back up all your personal data first.
     
    electricpete likes this.
  12. little_green

    little_green Member
    Thread Starter
    Rank:
    None
    Points:
    26
    Posts:
    52
    Joined:
    Apr 28, 2016

    Apr 28, 2016
    52
    4
    26
    Female
    Thanks I'll have a look at net guard properly tonight after work.
    Just wondering why do you think the problem is from infocus themselves as I said I did get it from a third party seller who I've had no response from since telling them it's full of spyware/malware I want to return (not that I do but they don't know that) and it's convenientthe box was unsealed to removed the original plug and pit in a UK one..... But I could just be clutching at stares hoping the phones will become safe too use lol
     
  13. little_green

    little_green Member
    Thread Starter
    Rank:
    None
    Points:
    26
    Posts:
    52
    Joined:
    Apr 28, 2016

    Apr 28, 2016
    52
    4
    26
    Female
    As u say removing these strange apps would be best what Wouod be my options for doing so.
     
  14. little_green

    little_green Member
    Thread Starter
    Rank:
    None
    Points:
    26
    Posts:
    52
    Joined:
    Apr 28, 2016

    Apr 28, 2016
    52
    4
    26
    Female
    right ok so i've put netguard on the phonein the list pandora's box is light orange and pandoras box service is full orange.
    it lets me check both of them off for wifi & data but on doing so the following also then get scores through the wifi & data signs:
    phone (i have 2 listed, one remains enabled the other gets the score through)
    android system
    apps cleaner
    atci_service
    backuptoolutil
    battery protect
    bluetoothle
    caivs
    cdasys
    com.mediatek
    com.mediatek.voiceextension
    common data service
    date & time set up
    default app configure
    device monitor control
    fqc
    fused location
    g sensor calibration
    input devices
    keychain
    lockscreen settings
    mobile assistant
    mtk thermal manager
    mtkmd receiver
    package installer
    settings
    settings storage
    setting utils
    setup wizard
    smartcard sercive
    stability monitor
    system proection
    voice unlock

    why would this be happening? they must all somehow be linked?
     
  15. mikedt

    mikedt 你好
    Rank:
     #6
    Points:
    2,238
    Posts:
    24,797
    Joined:
    Sep 22, 2010

    Sep 22, 2010
    24,797
    13,777
    2,238
    Teachaaa
    Jinan, China
    Infocus is a Chinese manufacturer of primarily DLP projectors, hence the name, and in fact they don't even list phones on their website.
    www.infocus.com.cn

    So this is likely a phone from some unknown OEM, and pre-installed malware can be a distinct possibility with things like this.
     
  16. little_green

    little_green Member
    Thread Starter
    Rank:
    None
    Points:
    26
    Posts:
    52
    Joined:
    Apr 28, 2016

    Apr 28, 2016
    52
    4
    26
    Female
    http://www.infocusphone.com/index.html isnt this the same company?
    from what I know they are owned by american foxconn
     
    mikedt likes this.
  17. svim

    svim Android Expert
    Rank:
     #45
    Points:
    608
    Posts:
    3,851
    Joined:
    Dec 19, 2013

    Dec 19, 2013
    3,851
    2,864
    608
    Illinois
    Removing them requires you to root your phone. Whether the third-party reseller or InFocus installed Pandora's Box those two problems are running with privileges that you don't currently have. Even if you install some antivirus/anti-malware app to try and clean out Pandora's Box you'd be installing that utility as a general user so it won't be able to take care of your problem either.

    You don't want to block everything, just those two items.
     
  18. little_green

    little_green Member
    Thread Starter
    Rank:
    None
    Points:
    26
    Posts:
    52
    Joined:
    Apr 28, 2016

    Apr 28, 2016
    52
    4
    26
    Female
    Yeah I know I only want to check off those to but what I'm saying is when I check off those 2 it AUTOMATICALLY checks off everything I listed above...i have no control over it. I can't unchecked them but still have Pandora's box checked
     
  19. svim

    svim Android Expert
    Rank:
     #45
    Points:
    608
    Posts:
    3,851
    Joined:
    Dec 19, 2013

    Dec 19, 2013
    3,851
    2,864
    608
    Illinois
    Ahh, my mistake. Now I understand what you were originally stating. Those PB processes are definitely running as system apps (with root privileges). You could try that firmware re-flash option as is could be possible that the reseller is responsible for the bloatware and not InFocus, but again be sure to back up any personal data before trying it. Otherwise is appears as if rooting your phone is the only way to kill off your problem.
    So far the references I've ran across doing a quick search online relative to your specific model point to some dodgy methods (rooting your phone will add their own bloatware), hopefully someone with more knowledge on this will chime in.
     
    little_green likes this.
  20. little_green

    little_green Member
    Thread Starter
    Rank:
    None
    Points:
    26
    Posts:
    52
    Joined:
    Apr 28, 2016

    Apr 28, 2016
    52
    4
    26
    Female
    Thanks for being so helpful really appreciate it. The seller messaged be back asking for photos to prove my claim it was infected...
    Would it be possible too use net guard to stop pb accessing the web and just accept the other processes of also automatically restricts?
    I'll probably try and reflash the stock rom but if that fails and assuming I don't brick the device I'd prefer to rely on netguard than attempt a root
    ....
     
  21. svim

    svim Android Expert
    Rank:
     #45
    Points:
    608
    Posts:
    3,851
    Joined:
    Dec 19, 2013

    Dec 19, 2013
    3,851
    2,864
    608
    Illinois
    Part of the problem dealing with that seller might be they don't consider what they've added to be an 'infection' but more as an 'enhancement'. What's good for them isn't necessarily what's good for you.

    For user installed apps you should be able to block/unblock individual apps but system apps (generally Android OS) are what should be considered essential phone to function. As NetGuard is a running with non-root privileges there are some things it can't do as opposed to if it was running with root privileges. In this case that PB crap is running as a system process so it's essentially safe from non-rooted apps.
     
  22. little_green

    little_green Member
    Thread Starter
    Rank:
    None
    Points:
    26
    Posts:
    52
    Joined:
    Apr 28, 2016

    Apr 28, 2016
    52
    4
    26
    Female
    Ah OK so basically netguard has no effect on PB even if I doubled it's access to the web as it runs higher privalleges than netguard so basically over rides it. Is this correct?
    I'll try flashing the stock rom tomorrow when I have time and see if that works knowing my luck I'll probably end up bricking thee device from that alone. By then the seller may have replied again.
    I'm just not sure as from what I can see on xda people who've used the phone don't seem to have and malware/spyware. I've tried asking them over there for advice but not hard any replies. Thanks again for being so helpful.
     
  23. svim

    svim Android Expert
    Rank:
     #45
    Points:
    608
    Posts:
    3,851
    Joined:
    Dec 19, 2013

    Dec 19, 2013
    3,851
    2,864
    608
    Illinois
    https://androidmtk.com/download-sut-l3-tool
    The instructions they provided appear to be pretty well prepared. Read through it a couple of times to get familiar with each step, then just don't rush and don't take any shortcuts.
     
    little_green likes this.
  24. mikedt

    mikedt 你好
    Rank:
     #6
    Points:
    2,238
    Posts:
    24,797
    Joined:
    Sep 22, 2010

    Sep 22, 2010
    24,797
    13,777
    2,238
    Teachaaa
    Jinan, China
    Same logo, so likely is same company, different division. I've seen their projectors before, but not their phones. FYI Foxconn is actually a Taiwan company, also called Hon Hai Precision. One of the world's largest OEM manufacturers.

    Pre-installed, baked-in spyware in Chinese phones does happen from time-to-time. Lenovo got caught installing spyware on their PCs.
     
    #24 mikedt, Apr 29, 2016
    Last edited: Apr 29, 2016
    svim likes this.
  25. ChangeOfJinzo

    ChangeOfJinzo Well-Known Member
    Rank:
    None
    Points:
    53
    Posts:
    99
    Joined:
    Aug 27, 2015

    Aug 27, 2015
    99
    81
    53
    Developer
    Ohio
    If its the Stock rom or an official update (via from a region that has the update and same phone specs and you havent gotten it yet, or a update from your region) you should be able to flash it without root via the stock recovery. Flashing it would be considering updating it. But if you wanted a Costume rom/firmware like CM or Blisspop, then you would need Twrp(or another custom recovery) and/or root access.
     
    little_green likes this.

Share This Page

Loading...