1. AC Question's Avatar
    Hello, recently i accidentally downloaded what i thought was a legitimate app, but it turned out to be agressive adware. Basically, at random times during the day I would check my phone and there'd be 4-6 new apps that I was never asked to download. it didn't even show me download progress or anything, they would just pop up and open themselves on their own. my phone was already rooted so they were easy to delete, but after a random amount of time (sometimes hours, sometimes days), they'd come back.

    The problem escalted when now it wasn't just random apps, there would be super intrusive pop up ads to download other apps just popping up on my screen. The apps advertised seemed like legitimate apps (ie, Facebook, etc.) but of course i never clicked on them.

    I scanned my phone with Malwarebytes Anti-Malware, and it found PUP.Adware.Xinyinhe, along with some other random Trojans. I managed to delete some of them, but the Xinyinhe and some other 3 items wouldn't let me delete them (something about incorrect uninstall or something).

    I did some research on xinyinhe and found this article www(.)fireeye(.)com/blog/threat-research/2015/09/guaranteed_clicksm.html
    I'm not really tech-savvy so most of it was a little out of my comprehension, but I figure I should provide as much information as I can. From what I gather, the other random Trojans had infected my phone via the backdoor that this Xinyinhe adware left.

    Ok, so next I did something that in retrospect was very stupid of me, considering I don't know the first thing about cell phones. Using Root Explorer, I managed to delete some of the main files I recognized as malicious, and I found the apps I had been deleting (the ones that kept downloading themselves) lodged into one of the folders. Deleted those too. However, the problem persisted and if anything, it got worse. The files i delted kept popping back! I was so desperate and annoyed i just deleted any files that could POTENTIALLY be related to the malware, and probably ****ed up my phone a little bit in the process. But it didn't even matter because, I never solved anything.

    Next, I decided to do a full factory reset. I don't have too much on my phone that I'm attached to so I just uploaded some pictures to Google Drive and, wiped my phone without making a backup or anything. TO MY SURPRISE, the xinyinhe and other malware were still there!! Luckily, with Kingroot I was able to get rid of some of the malware that had persisted before. Using Malwarebytes, I ran a scan and found 6 random Trojans AS WELL as the Xinyinhe adware. At least this time I was able to delete all the Trojans. The only thing that wouldn't let me delete it is, once again, PUP. Adware.Xinyinhe.

    When I try to delete it, the uninstall prompt comes up and asks me if I'm sure I want to delete SecurityService. Now I'm not sure, but that sounds like an important file, but I'm so done with this I go ahead and confirm the uninstall. But when I do that it says incorrect uninstall or something similar to that.

    At this point, I have WiFi and data turned off, and haven't downloaded anything into my wiped phone. Does anyone know of any way to get rid of this thing???

    (Sorry for the text wall, I tried to provide as much detail, in hopes that helps any of you)
    dejayusboy likes this.
    03-18-2016 03:01 PM
  2. Shadowfalx's Avatar
    Wipe data, format /system, install new /system image.
    03-18-2016 03:34 PM
  3. dejayusboy's Avatar
    I had same problem before, and I tried to factory reset, but it didn't work. But I think I've fixed it, at least for now

    First, I scaned my phone using free ESET and AVG antivirus (to make sure nothing undetected), and found xinyinhe malware disguised as system file (Ant Store apk, System Service, SystemFQAD), then I root my phone and deleted those threat using Titanium Backup. You'll not be able to uninstall it using regular uninstall process because it's set as system file.

    If you're not sure whether those was real System File or not, just backup it first.But I think that's how they make you afraid to delete those malware. It's already a day with WiFI on and there's no pop up or software install anymore
    03-28-2016 07:19 PM
  4. kiko1989's Avatar
    Hi.
    How did you root your phone? I can't install kingroot in my bluboo picasso that comes with this same problem.
    I want to try your solution in order to solve my problem, but i need to root my phone first, and i don't know how.
    Thanks for your help.
    07-09-2016 01:30 PM

Similar Threads

  1. S6 (GM-920i) just received the Marshmallow update (India)
    By ihearlivepplz in forum Samsung Galaxy S6
    Replies: 20
    Last Post: 04-29-2016, 06:32 AM
  2. DXOMark Reviews the Samsung Edge Camera
    By wisewhisk in forum Samsung Galaxy S7 edge
    Replies: 2
    Last Post: 03-18-2016, 03:03 PM
  3. Replies: 0
    Last Post: 03-18-2016, 02:52 PM
  4. Replies: 0
    Last Post: 03-18-2016, 02:36 PM
  5. Replies: 0
    Last Post: 03-18-2016, 02:33 PM
LINK TO POST COPIED TO CLIPBOARD