Help Possible trojan? Android.troj.hideicon.ao

[gomamon]

Mom's phone had some popups to meet Asian girls (lol). I thought she probably clicked on some malicious ads so I installed couple of AV apps to see if anything is infected.

Mbam, Avast, AVG, Clean Master didn't find anything, but CM Security found that Network Check (the icon of the app is the same as other system apps) is infected with android.troj.hideicon.ao.

I can't uninstall Network Check, only disable it.
I tried to boot it in safe mode, still can't uninstall. I checked if that app is listen in Phone Administrator list, it's not, only Find My Phone has Admin privileges.
Did a Factory Reset, Network Check app is still present. Now, the weird thing is, when I did Factory Reset the Network Check app shows on the desktop among other installed apps. I mean, if it's a system app, why it's there? When I click on it, nothing happens, then it disappears.

Is this a virus or what?
How do I delete it if it is?

The phone is Lenovo Vibe C2.

 

[aio developers]

Mom's phone had some popups to meet Asian girls (lol). I thought she probably clicked on some malicious ads so I installed couple of AV apps to see if anything is infected.

Mbam, Avast, AVG, Clean Master didn't find anything, but CM Security found that Network Check (the icon of the app is the same as other system apps) is infected with android.troj.hideicon.ao.

I can't uninstall Network Check, only disable it.
I tried to boot it in safe mode, still can't uninstall. I checked if that app is listen in Phone Administrator list, it's not, only Find My Phone has Admin privileges.
Did a Factory Reset, Network Check app is still present. Now, the weird thing is, when I did Factory Reset the Network Check app shows on the desktop among other installed apps. I mean, if it's a system app, why it's there? When I click on it, nothing happens, then it disappears.

Is this a virus or what?
How do I delete it if it is?

The phone is Lenovo Vibe C2.

DOWNLOAD THE stock rom and flash the error will fix or use miui securityto fix or just delete the file

 

[Hadron]

I don't think "delete the file" is an option unless the OP is rooted (and I doubt that "Mom's phone" is).

Do you know whether there should be a system app called "Network Check"? I've never heard of it, and have never seen such a thing on any of my devices, so I'm sure it's not a standard Android system app but cannot say whether it might be a Lenovo one. There is a possibility that CM Security is flagging a false positive here: all security apps do this at some point, and CM are not the most trustworthy company in the first place (I would never allow anything from CM on any of my devices). I'd ask whether you've seen the popups since doing the factory reset, but of course it's possible that that was just an ad script (so called "AV" apps tend to not pick these up) but there is a real trojan installed that was unrelated to these ads, so don't want to dismiss it just because the ads have stopped.

If this is a rootkit trojan infection then I agree with @SPEEDEVS: the way to clear those is to reflash the phone with a fresh set of stock firmware. And if it is gone after that, tell your Mom to be careful where she installs apps from in future .

(If it is not gone after that that would mean that it was pre-installed by Lenovo. In which case either it's a false positive from CM or else Lenovo are bundling malware with their phones: there have been some Chinese manufacturers who have done that, but they were lower-tier ones and I'd not expect Lenovo to be in that game).

 

[gomamon]

There are no popups after factory reset.
A neighbor has the same phone, I checked and she also have Network Check installed. So I guess that app is legit, or she also have the same trojan