Help Problem with Adware/Malware on Polatab q10

[DerekHarrison]

Hi there, I'm new here so forgive me if I'm posting in the wrong place or even on the wrong forum.
We purchased a Polatab q10 Tablet for our 9 year old grandson last Christmas. He is really pleased with it and it seems well made and generally operates smoothly and fast for a budget priced tablet.
My daughter doesn't want him to be able to connect to the internet so the wifi has been disabled apart from when either we or his mom and her partner install free games for him.
After a few months my daughter advised us that if the wifi was enabled that various ads etc would start coming up on the device. Until the last few days I have left my daughter and her partner, a fully qualified I.T. chap to sort things out.
However our grandson has been staying with us this week and has bought the tablet with him and asked us to install some free games that don't need WiFi. When I've enabled the wifi connection and logged in to our router have found that the installed browser, a blue globe icon, opens immediately to www.smartdrone.com and even if I set the Homepage to Google it resets back to smartdrone! The brower also will also open pages to www.besthtm5game.com. So some sort of browser redirect going on it seems to me.
I am not that familar with android but have been looking after my own PC's and those of family and friends with simalar issues with Windows and always had success getting them sorted.
First thing I tried was installing another browser, Firefox, which was straight forward, but again found it opening pages to besthtml5game even though the Homepage is set to Google.
Have also found that there are random ads opening in fullscreen over which ever browser your using. These ads are Tasks that can be closed but randomly they come back. Ads are usually for some nasty looking Gangster Rap game on Google Play or have also seen them for Shop In Kyoto Japan and mosl recently a video for Diet Chef.
I've used lots of AV, Malware products etc on PC's so have set about trying to clear the tablet of what ever causes these things. Have uninstalled all games and most of the apps that came with preinstalled without any real change. Have then tried several AV's without any joy. Found that the tablet will not open Google Play via the app or if you go the the Store via the browser it will not accept the password.
Had some joy when installing Malwarebytes as it identified a number of Trojans. Having said this Malwarebytes isn't able to remove them! I can list the Trojans/files names if needed.
I have tried installing CM Cleaner, as something called Ghost Push seemed to fit the bill for these problems but it says the system is clean.
Any one who can help by pointing me in the right direction please??

 

[Jfalls63]

I had a Polatab Elite a few years ago purchased from Amazon. The tablet came out of the box already rooted. I installed SuperSu, Titanium Backup and BusyBox from the Play Store and began disabling/ Freezing a lot of the pre installed apps that I was unfamiliar with.
Might be worth trying and see if you can get rid of the Trojans that way.

Another good app to try is Addons Detector. Anything from Cheetah Mobile (CM), I would avoid like the plague.

Not sure about you not having access to Play Store unless someone changed the password.
Does sound like there is a app that is hijacking which ever browser you are using.

If device is rooted, when you open SuperSu app, you should see a message that it needs to update its binary. If not rooted message will be that there is no binary installed and SuperSu cannot install it.

 

[DerekHarrison]

Thanks for the advice Jfalls. Not familiar with SuperSu, Titanium Backup or BusyBox. I'm fairly sure that the tablet i have here is Not rooted.

I tried the Cheetah Mobile app as it appears to have a good rating for detections. I had tried Addons Dector before that and it came up with nothing. CM cleaner hasn't caused new or further problems from what I can tell.

Have found I can disable one of the app's I was already suspicious of prior to Malwarebytes identifying as a Trojan, com.android.popup, but there is no option to uninstall! There are 3 other Trojans flagged by MBAM CloudsService.apk, com.google.android.rss.apk and jfsk.newphone.apk, if any of those make sense.

In the File Manager came across a folder, ZHT, which when I search the net doesn't turn up any relevant results to Android. Inside that folder is a file called 28172905768-1320176171.apk, and again when I search for this the search engine gives no results. Not sure but going on past experience with windows folders and files with random type names have always been highly suspicious. Other files in other folders all seem to have some identiable name using alpha type characters with the .apk suffix and the only files I see using numerics are .png, .jpg or mp3/4 files. Not deleting it though until I get some knowledgable advice.

 

[Jfalls63]

SuperSu is a very popular and respected super user app. Think of it as the gate keeper to root access. Any app needing root access has to be granted permission by you through SuperSu.
Titanium Backup is used mainly to backup apps and app data on rooted devices. I mainly use it for its ability to disable pre installed apps that you normally can't with the built in application manager and also has delete and conversion from system to user app ability.
BusyBox is basically a grab bag of code that other apps can borrow from. Needed for Titanium Backup.
I didn't know my tab was rooted when I got it. I tried to root it with a Chinese automated root program that stated that root access was already installed.
With root access, you should be able to use a root file explorer to get rid of the Trojans.

If not rooted, I can't think of any other way to get rid of unwanted things in the system.

 

[DerekHarrison]

Thanks for your advice Jfalls. I can see now what your suggesting.

I've been researhing the Trojans and from what others are saying they all appear to have come preinstalled with the operating system and all the infected tablets are basically Allwinner machines manufactured in China and supplied through Amazon. I'm in the UK by the way, not sure where you are though.

Anyway I've contacted the seller via Amazon and asked if they'll have the tablet back and install a clean version of KitKat on there. If all else fails I probabley succumb and go down your suggested route and root the OS as a last resort as I doubt I'd get anything better for the price I paid before Christmas, under £50 GB. It's well made and is very fast in general use even on the net, it's just difficult coping with the redirects and popup Tasks windows.

Still appreciate any input.

 

[Jfalls63]

I'm in the States and liked the tablet except for having to look at the screen at a certain angle or display would have a weird 3d looking image. Mainly got it as a Android learning tool to experiment with.
Wish you the best of luck.

 

[mikedt]

This is a Chinese cheapo, and often they do come rooted, and stay rooted as well.

Frankly and speaking as a primary school teacher as well as AF Guide. If it's a tablet for a minor, a 9 year old, to be used without supervision, might be better getting a Nabi or something, which is a tablet specifically designed for kids. Can be locked-down and administered by a parent, guardian, teacher, etc.
https://www.nabitablet.com/

 

[DerekHarrison]

Hi mikedt.
Thanks for that and the link. I'll consider a Nabi if I go the route of getting a refund. One thing though on reading through it seems their Elev 8 tablet is for up to 9 years so he might not get a lot of use fom it now.

 

[DerekHarrison]

OK an update. The suppliers have agreed agreed to have the table back and reinstall a fresh operating system or what they call firmware for me free of charge.
They imply though that if no antivirus is installed these Trojans can't be removed requiring a reinstall. Don't know if that peculiar to Andriod but my experience with Windows is that almost anything can't be removed with the right tools and mind set.
Thanks for all your input.