Possible Malware?

[Derelicht#AC]

Recently bought a Jelly Bean (4.2.2) tablet (Quantum Axis A23, bought on Amazon), and for the first few days, things were going peachy-keen, and then, all of a sudden, out of the blue, I start getting interstitials, you know, full screen ads, but, on the homescreen, in Settings, all over the place. The ad info reads, "Ads by Google", so, I called Google up, to see if they couldn't help. They won't support it, since it's not Google hardware (oy vey, don't even get me started again lol) So, I followed the advice of a post I read somewhere and when the next ad popped up, went to Settings> Apps> Running, and found Network Services running with 1 process and two services. The services, I have no idea what they are, but the process was "com.isssss.myadv". And, sure enough, when I stopped Network Services, the ads stopped until it restarted itself. I use ES File Explorer, so I searched up the process name. Nothing. I don't have any apps on my tablet that I don't have on my phone, so, I know it's not any of the apps. (I also use the CM family apps, as they've kept my phone clean for the past few months that I've had it) I even searched on Google for the process name. Again, nothing, though, I did note a website; myadv.tv. It's an advertising firm. I'm just wondering if anyone's had this problem and knows how to get rid of it.

EDIT: Turns out it's Network Service that was doing all the interstitials. I've disabled Network Service, and all seems to be well with the droid. Also, Network Service is one of the preinstalled apps that ISN'T on my phone. So, I was wrong lol.

 

[peacefulberry]

A few questions: Where did you purchase the device from? Is it possible that the malware was already present on it? Have you ran CM to see if they can detect the app that's causing problems?

 

[warn joe]

Recently bought a Jelly Bean (4.2.2) tablet (Quantum Axis A23, bought on Amazon), and for the first few days, things were going peachy-keen, and then, all of a sudden, out of the blue, I start getting interstitials, you know, full screen ads, but, on the homescreen, in Settings, all over the place. The ad info reads, "Ads by Google", so, I called Google up, to see if they couldn't help. They won't support it, since it's not Google hardware (oy vey, don't even get me started again lol) So, I followed the advice of a post I read somewhere and when the next ad popped up, went to Settings> Apps> Running, and found Network Services running with 1 process and two services. The services, I have no idea what they are, but the process was "com.isssss.myadv". And, sure enough, when I stopped Network Services, the ads stopped until it restarted itself. I use ES File Explorer, so I searched up the process name. Nothing. I don't have any apps on my tablet that I don't have on my phone, so, I know it's not any of the apps. (I also use the CM family apps, as they've kept my phone clean for the past few months that I've had it) I even searched on Google for the process name. Again, nothing, though, I did note a website; myadv.tv. It's an advertising firm. I'm just wondering if anyone's had this problem and knows how to get rid of it.

Well, I would say try factory resetting your device because if your device has accidentally infected by some .... it would clear down to the time you have purchased the device. If that again doesn't help I would say this might be because of some boaltware installed over the device ROM try contacting the Amazon about the product defectiveness they are going to replace the same !

 

[Derelicht#AC]

I got it on Amazon lol And, I contacted the manufacturer (Quantum Suppliers), and the guy checked on another Tablet, same model, and it wasn't calling the com.isssss.myadv, but, he did say that there's the possibility that I did pick it up somewhere, which isn't entirely out of the question, but the strange part is that the process name doesn't appear in the internal storage or internal "sd card". And, as to the factory reset, that doesn't seem to change it; it seems to stay resident, or at the very least, be part of what's restored when Google servers restore settings. I'm going to try to do a reflash, and see if it changes anything. As far as CM Security, it doesn't say there's malware, but then again, if it's not running on the device, my guess would be that it couldn't detect it, anyway. Not even MBAM Mobile is able to detect any malware. Also, Alex, the guy who owns Quantum Suppliers was very surprised that disabling Network Service doesn't affect my ability to go online and the like. So, I'm not sure what's going on, but, seems like a somewhat permanent fix for the moment. However, I am concerned that the factory reset isn't completely erasing all the data on /mnt/sdcard.

 

[Himeko7]

I just recently had the same. Bought one of those cheap Q8H tablets from tinydeal, was like 36 euro and free shipping (~$49). I'm not completely sure this was the culprit, but I noticed the ads started happening after rooting the device with this ROOT Genius - Android Oneclick Root Tool (it was the only thing that worked), but could also be through other apps I tried before for root.

When the adds came up I noticed indeed last app was "network service". Did some more digging with network log app and then decided to remove it through root; it's installed as a system app so that's why you can't see it through normal means.

Factory reset won't get rid of the issue either, only other way would be a complete reflash with a non-infected rom. It'd be nice if CM was available for this device.

 

[Nicholas Parks]

I found a solution. When the ads pop up. Hit your home button for few seconds to view resent apps if using 4.2 android or whatever technique to see recent apps.
You should see the ads along with recently used apps and the ads are generated by " network service" . go into settings-apps-all apps-scroll to network service and disable or deactivate. It will work. I had the same problem.
I believe it's malware but haven't investigated further why it happen. I will email Google on the issue..

Posted via Android Central App

 

[Alexander Pachev]

I found this ad popper on a little Android tablet I got for my son for $50 or so on Amazon that identifies itself like this:

1f3a:1002 (from lsusb on Linux)

# busybox uname -a
Linux localhost 3.4.39 #89 SMP PREEMPT Mon Jan 6 10:06:49 CST 2014 armv7l GNU/Linux

It fortunately comes with root - adb shell pops you into root shell. I found this in the output of logcat:

E/getTaskTop(29118): 顶层是com.isssss.myadv

Google Translate identified the three magic characters as Japanese and translated them as

"The top level is"

I found a file

/system/app/advModel_20014.apk

The following:

adb shell rm /system/app/advModel_20014.apk

took care of the problem. ADB is part of Android SDK that you can download for free from Google.

 

[PaulSpon]

just in case someone stumbles upon this like me.

adb shell rm /system/app/advModel_20014.apk does remove it until reboot.

~/Devel/adt-bundle-mac-x86_64-20140702/sdk/platform-tools > ./adb shell find / | grep advModel
/data/data/com.clouds.server/files/advModel_20015_0815.apk


shows the location where the modified loader will fetch and install it again.

~/Devel/adt-bundle-mac-x86_64-20140702/sdk/platform-tools > ./adb shell find /data/data/com.clouds.server/files/
/data/data/com.clouds.server/files/
/data/data/com.clouds.server/files/BaiduBrowser20140829.apk
/data/data/com.clouds.server/files/DBS20140829.apk
/data/data/com.clouds.server/files/PopupView.apk
/data/data/com.clouds.server/files/quicksearchbox20140804.apk
/data/data/com.clouds.server/files/advModel_20015_0815.apk
/data/data/com.clouds.server/files/DSB20140901.apk
/data/data/com.clouds.server/files/bhp

lists even a few more files and a

./adb shell rm /data/data/com.clouds.server/files/*

will make you happy after reboots too

 

[timakempton]

Have you run 360 security (chinese antivirus) on it? It seems to clean out a lot of Chinese Malware and viruses that other Antivirus and AntiMalware will not remove and it may save you having to reflash to original firmware.