1. Are you ready for the Galaxy S20? Here is everything we know so far!

My phone is virused and installs same apps.

Discussion in 'Android Apps & Games' started by wrgy, May 16, 2020.

  1. wrgy

    wrgy Newbie
    Thread Starter

    I literally factory reset my phone twice, and all i installed was 4 apps from google play (verified by play protect) , and i didnt back up anything besides my photos. I think the virus may be on my sd card.
    Same viruses keep installing to my phone: Vis, fake email, fake facebook, killer games, bdsomething, one called apps, fake s how photos, g services, com.arxv.reserved, com.ser.servicesads. Some of them get blocked by play protect like vis but others dont, 2 of them have permission to everything ( location, messages everything, first thing i installed was AVG antivirus) Help
     


  2. puppykickr

    puppykickr Android Expert

    Sounds like normal apps, commonly automatically downloaded as soon as the device is powered up upon purchase.

    This is generally considered 'bloatware', and comes from your carrier and/or device manufacturer.

    There really isn't much you can do about it unless you can root the device, and even then you won't be able to use the space yourself after you uninstall the apps.

    There are some, like Facebook, that you may be able to disable.
    This will freeze the app and make it not show up in your app drawer anymore.

    Generally any app that the device actually needs to function properly will not allow the user to disable it.
     
    tube517, MrJavi and ocnbrze like this.
  3. puppykickr

    puppykickr Android Expert

    And ditch the anti viruses.
    They are junk.
    There are no 'viruses' on Android.
     
  4. ocnbrze

    ocnbrze DON'T PANIC!!!!!!!!!

    fake email? fake facebook? how do you know they are fake?

    what do you mean by killer games?

    where are you finding these? in your app drawer?

    how do you know you have a virus?
     
    yule dee and MrJavi like this.
  5. wrgy

    wrgy Newbie
    Thread Starter

    Well i think they are viruses because they didn't use to install before. I have an x5 soul mini.

    Also i believe this is a fake photos app. ( attachment )
    Why? Well. It behaves odd. First it's installed from "Show Photos", then if i change the phone language, the name still stays in English, "show photos", so its a fixed name.
    And last, it didn't use to install before.
    There was also installed a com.ser.service adds application that had permission to everything, when it installs back im going to take some screenshots
    And i find them in the app list in settings.
    Also the AVG registers them as malware so i dont know.
     

    Attached Files:

  6. puppykickr

    puppykickr Android Expert

    So, you found them in the app settings.
    First, delete the data, then uninstall them.

    If they come back, try to catch it when it is happening.
    Go into your Developer Settings and find Running Apps.

    Here you should be able to find out what app(s) is installing these things, and then you can find it in the app settings and uninstall it or disable it. Again, delete the data first.

    Deleting the data helps to make sure that no files get left hehind.
     
    tube517, MrJavi and wrgy like this.
  7. wrgy

    wrgy Newbie
    Thread Starter

    Thank you, will do!
     
  8. wrgy

    wrgy Newbie
    Thread Starter

    Oh well...
    Didn't work. I tried every day until now but i dont know anymore.
    It slows my phone a lot.
    https://cdn.discordapp.com/attachme...39270029475900/Screenshot_20200518-123137.png

    https://cdn.discordapp.com/attachme...39269664440330/Screenshot_20200518-124609.png
    Fancade was a one time thing but the other viruses persist.
    https://cdn.discordapp.com/attachme...39269081563217/Screenshot_20200518-124649.png
    https://cdn.discordapp.com/attachme...39268825710622/Screenshot_20200518-162435.png
    I even deleted some of their folders i could find
    https://cdn.discordapp.com/attachme...39268255154216/Screenshot_20200518-162649.png
    https://cdn.discordapp.com/attachme...39267227680828/Screenshot_20200518-164248.png
     
  9. puppykickr

    puppykickr Android Expert

    The email app is a stock app.
    You cannot delete it.
    The other folders are most likely from those four apps you got from Google Play.

    Especially 'service ads'.
    That sounds just like an app from Google.

    Tell me, are there any ads popping up on your phone- like when you turn the screen on, or at random times when you are in other apps?

    Also, have you gotten rid of the antivirus?
    Those are notorious for slowing down devices.

    What 4 apps did you download from Google Play Store?
     
    tube517, MrJavi and ocnbrze like this.
  10. wrgy

    wrgy Newbie
    Thread Starter

    Okay. So
    I get random ads when that thing is installed, but not on lock screen or when i am in other apps. ( look at the attachament, you will also see everything i installed from google play )
    Along with a game im working on ( made in unity ) that i put on the phone to test but its unity i dont think they would do something like that.

    Also i don't know about the show photos or email app. The email app has permissions to everything, and none of them were there before, and also they install only at the same time with the other thing.
    And i can delete them both.
    I just deleted my antivirus.
    Btw ty for still helping me out.
     

    Attached Files:

    MrJavi likes this.
  11. wrgy

    wrgy Newbie
    Thread Starter

    Its not from unity
     
  12. wrgy

    wrgy Newbie
    Thread Starter

    Also, forgot to mention, the email app has all permissions, show photos only to storage ( which is weird ) , ser.serviceads all permissions and rest of them none.
     
  13. ocnbrze

    ocnbrze DON'T PANIC!!!!!!!!!

    so when you do a factory reset, do you install all of your apps all at once? you most likely have some kind of malware or adware and it usually comes with a certain app that has been installed. the best way is to do a factory reset and only download your apps one by one until you find the culprit
     
    #13 ocnbrze, May 24, 2020
    Last edited: May 24, 2020
    wrgy and puppykickr like this.
  14. puppykickr

    puppykickr Android Expert

    I have that sqme (I believe) e-mai app on all of my devices.

    Although I can delete the data, I cannot uninstall it.

    I never use it, I use G-Mail instead.

    Something you might want to try is a firewall.

    Quite simply, it will run in the background using the VPN service and block internet access for apps that you choose to do so.

    Probably the best one out there is NetGuard.

    But, if you want to start simple, then I would suggest NoRoot Firewall.

    It is much smaller and lighter on resources.

    In fact, it is running continuously on all of my devices, even the 2 that only have 1GB memories.

    After you install the app, open it and give it the VPN permissions. On some devices this is automatic.

    Then look at the bottom and select 'Apps'.

    Here is where you select what apps have access and on what system (mobile data or Wi-Fi).

    There are a few system apps, some which are combined.
    Rest assured that you won't hurt anything by turning off access to something that you shouldn't, but whatever it controls won't work properly.

    At this point, I would only restrict apps that you have installed.

    Go into App Settings, and be sure to clear all the caches of all apps.

    This is tedious, yes, but the caches are where the ads live- and so they can appear even without internet access.
    Unless you are running Lollipop, you will find that Google has made cache cleaning more difficult.

    Nugat is the last OS to offer a built in cache cleaner in the Storage area of Settings.

    Anyway, once the caches have been cleared and the internet blocked for the user installed apps, try it again and see if ads appear.

    If not, then you know that one or more of the apps that you installed is the culprit.

    Turn on access one app at a time, trying out the device and seeing if ads appear.

    Eventually you will find the one (or more).

    So, decide if these apps need internet access.
    You now can keep them after clearing the cache and turning off the internet ability for them.

    If they need the internet to work, then you either live with the ads, pay for a pro version without ads, or find a better app without ads.

    https://noroot-firewall.en.uptodown.com/android

    Screenshot_2020-05-24-19-21-58.png
     
    wrgy, Dannydet and ocnbrze like this.
  15. wrgy

    wrgy Newbie
    Thread Starter

    will try both thanks!
     
    puppykickr and ocnbrze like this.
  16. puppykickr

    puppykickr Android Expert

    NetGuard is also available on F-Droid.

    https://f-droid.org/en/packages/eu.faircode.netguard/

    It is more resource hungry, and it is much more advanced than NoRoot.

    Not that I don't like it, it does have an ad-blocker and allows much more control.

    But NoRoot suits my needs fine, and it is the most simple way to test this method.
     
    wrgy and ocnbrze like this.
  17. puppykickr

    puppykickr Android Expert

    Always remember to clear your caches every time you see an ad, before you test a new method.

    The ads are stored inside app cavhes, and therefore can reappear even if the device is offline.

    This is very frustrating, and many people think that an ad-blocker/firewall isn't working- because the stored ads are still appearing.

    The goal here is to eliminate the ads, and then to prevent them from being stored again.

    There is one more method that I have used in the past.

    There is an ad-blocker/tracking blocker called Blokada.

    It is not anymore resource hungry than NetGuard, but it does things differently.

    I have only used versions below 4, so I cannot be of much help if you choose to use newer versions.

    But you can try the older versions (the last one before 4 is a great start) to see if this is what will work.

    Let me rephrase that- it WILL work, but once again, the caches must be clear before the ads can be blocked.

    How Blokada differs is that it can allow internet access to apps and still block their ads.

    It works through the same VPN system as the firewalls, but when it detects an ad or a tracker it reroutes it to a dead address.

    It also allows for you to see just how many ads and trackers have been blocked by the app.

    This can be quite revealing, if not even scary.

    It is not uncommon to see 250,000 or more in a month or two of use.

    Don't mess with the version on Google Play, as it is only a DNS changer.

    The full version is available on F-Droid.

    https://f-droid.org/en/packages/org.blokada.alarm/

    If you have questions about Blokada, and have Telegram (highly suggested), there is a Blokada Chat channel just for that.

    When you join, they do expect you to be courtious enough to say 'Hello', or some sort of greeting before you start asking questions.

    Once you get a reply, then you can ask.

    It may seem strange at first, but it does keep things civil.

    I quickly saw why it is this way when I joined the chat and hung around for a while.

    t.me/blokadachat

    (invite link for Telegram Blokada Chat)
     
    wrgy and ocnbrze like this.
  18. wrgy

    wrgy Newbie
    Thread Starter

    I factory resetted my phone. I waited 24 hrs nothing installed.
    I installed whatsapp and backed up my messages.
    30 Mins later everything was back. ( coincidence or i dont know )
    Could it be because of whatsapp?
     
  19. Hadron

    Hadron Smoke me a kipper...
    VIP Member

    I cannot think how it could be due to WhatsApp: that app does not have the ability to install others (at least not if you are installing from an official source: if you install an apk from a random repository or a modded version then no promises - we've had a few discussions of modded WhatsApp versions here lately, which is why I think of that).
     
    wrgy, puppykickr and ocnbrze like this.
  20. puppykickr

    puppykickr Android Expert

    When you say 'everything', are you meaning that the apps AND the ads have returned?

    Or is it just the apps?
    Or just the ads?

    Was the phone able to access the internet in any way during the 24 hours before you installed WhatsApp?

    Did you back up your WhatsApp messages, or are you talking about messages in general?

    If the ads have returned, did you try any of my ad-blocking suggestions above?

    Good God, I think I have as many questions as you do, lol.
     
    wrgy likes this.
  21. Dannydet

    Dannydet Extreme Android User

    Go back to using a string and tin cans. No viruses there
     
    Bearsyzf, tube517, ocnbrze and 2 others like this.
  22. wrgy

    wrgy Newbie
    Thread Starter

    :)
     
  23. wrgy

    wrgy Newbie
    Thread Starter

    With everything i mean every single app.

    The exact same things. The ads app and the other ones.



    I tested out something else

    I factory reset my phone,

    I didn't install anything, all i did was connect to my google account and update youtube so I can use it.

    First thing that tries to install is "facebook". But google play protect blocks it, then the ads appear and everything else. The exact same things.


    First time i did this, these apps installed instantly, second time, i didnt get anything for 6 hours, then i stopped my phone and as soon as i started it again all the apps started installing back ( starting with facebook, blocked by play protect )



    My last guesses is i have malware coded in the hardware as you said in the beginning, or my google account is corrupted. I will test the second one hoping the first is not the case, i will reset my phone then at the beginning connect with another account.

    The weird thing is that if it was coded, they would have had to add a delay of ~6 months because in the beginning everything was fine. And the branding is Allview, is not that unknown.

    Oh and btw i can see the "Show Photos" one is running at all time, and also when im factory resetting if the "Email" app is installed, it says im somehow signed in it.. what?
     
  24. puppykickr

    puppykickr Android Expert

    Just do a factory reset once more, then immediately install the firewall.

    Do not use Google Play Store for this.

    NoRoot Firewall

    https://noroot-firewall.en.uptodown.com/android

    Then IMMEDIATELY turn off the internet access for Google Play Store.

    What we are doing is trying to prevent these apps from reappearing.

    Google is always my first suspect.

    In fact, if you csn't beat Google to the jump, then download the apk for NoRoot and put it on an SD card.

    Then do the factory reset.

    Turn the device on, but do not turn on any radio access- no Wi-Fi, no cellular, nothing.
    Put it into airplane mode.

    Put the SD card into the device, and install the apk.

    Open the app and start it.
    A key icon should appear in your status bar.

    Select Apps at the bottom.
    Block all access for Google Play Store.
    If that E-mail app appears in the apps list, block it.
    Block Google Partner Setup.

    Block anything you distrust.

    Notice that there are two areas for each app to be allowed/blocked access- Wi-Fi and Cellular.

    If something on your device won't work later on (the clock, for instance), then you know you can go back and grant access where needed.

    You can't hurt the device with this app, only limit it.

    You can do an internet search for any of the apps on that list to try to help you find out what they do.

    One thing you do not want to block is Google Services Framework.

    If this keeps those apps from reappearing, then all you need to do is keep NoRoot running.

    You can start by going to Battery Optimizations and bnot optimizing NoRoot.

    Make sure that you tick the checkbox on the homepage of the app for Start On Boot.

    Unfortunately, it is not a native app, and so will probably stop at some random time.

    Blokada will probably be the best choice on your device.

    But, this will let you see where the apps are coming from, whether it is from Google, your carrier, or other sources.

    You will need to unblock some things to make functions work, and most likely will eventually unblock whatever is downloading that bloatware.
     
    wrgy and ocnbrze like this.
  25. wrgy

    wrgy Newbie
    Thread Starter

    Will do.
    By the way...
    Maybe this tells you something
    1.png
    Gservice is an app for ads ( via notifications )
    2.png
    3.png
    This one is for ads on top of screen
    4.png
    I find it odd that chrome has something entering port :80, i think this causes the chrome random pop ups. I tried switching to firefox, then pop ups appeared on firefox.
    5.png
    Oh god these photos are huge.
     
Loading...

Share This Page

Loading...