1. AC Question's Avatar
    OK... I will admit it. I am a complete newbie here.

    If it was Windows or even OS-X I could figure this out, but with Android I am left muttering Whiskey Tango Foxtrot to myself. I have my aunt's Android tablet and it is the most virus and malware infested thing I have ever seen. I threw every available cure I can think of at at it all to no avail. My usual tool of HitmanPro is not available for Android.

    To add insult to injury, the recovery partition is also infected.

    Doing a factory reset just reinstalls what little Kapersky and the other tools were able to remove.

    That said, how can I wipe the hard drive completely and reinstall Lollipop?
    06-04-2016 08:57 AM
  2. Javier P's Avatar
    Welcome to the forums. It seems that your only choice could be reflashing the stock ROM. Search in the XDA forums for that specific tablet.
    06-04-2016 09:05 AM
  3. Golfdriver97's Avatar
    Welcome to the forums. Can you describe in detail why you suspect the recovery partition is infected? What is the malware app that is installed? Can you provide some pictures of the appropriate screens?

    Thread subscribed.
    06-04-2016 09:05 AM
  4. BattleSwine's Avatar
    Depends on manufacturer and model. Some publish factory images on their website. A custom ROM if available could also help. Check out the forums for your device and using ADB.

    Posted via nexus 6p project FI
    06-04-2016 10:41 AM
  5. Iamsideshowbob's Avatar
    Hmmmm... should be able to do that tonight. I will just have to figure out which AV program identified the problems.

    I know that there several hijackers that redirect and reset her home page all the time. The whole tablet has turned into popup hell, with Dr. Oz's ugly face being the prime offender. I don't like him at the best of times, but seeing him every twenty seconds does not help matters much.

    From when we ran a couple of malware removal programs, they identified seven different sources of infection. They were able to remove a couple, but they always replicated themselves.Normally the factory recovery partition trick works, but in this case it brought back the same issues plus a few others that I hadn't counted on. Hence why I thought going nuclear and getting rid of everything to start fresh would be the best option. My problem is that I am Android illiterate...

    I am looking for the most efficient way of frying everything and starting fresh, so any guidance would be really welcome.
    06-04-2016 10:44 AM
  6. Golfdriver97's Avatar
    The pop ups could be as simple as clearing the cache in the browser. If that doesn't work a data clear in the browser should.
    Laura Knotek and J Dubbs like this.
    06-04-2016 12:18 PM
  7. J Dubbs's Avatar
    Hmmmm... should be able to do that tonight. I will just have to figure out which AV program identified the problems.

    I know that there several hijackers that redirect and reset her home page all the time. The whole tablet has turned into popup hell, with Dr. Oz's ugly face being the prime offender. I don't like him at the best of times, but seeing him every twenty seconds does not help matters much.

    From when we ran a couple of malware removal programs, they identified seven different sources of infection. They were able to remove a couple, but they always replicated themselves.Normally the factory recovery partition trick works, but in this case it brought back the same issues plus a few others that I hadn't counted on. Hence why I thought going nuclear and getting rid of everything to start fresh would be the best option. My problem is that I am Android illiterate...

    I am looking for the most efficient way of frying everything and starting fresh, so any guidance would be really welcome.
    We run Mcaffee on my wife's windows 10 pc and they include a great AV for our kindles, android phones and other android devices as well. Its not free, but it sounds like your aunt could use the protection and it might be money well spent. Plus it protects all your devices....very effective as well.
    I think you can run a free scan to see what it finds...its been VERY good at protecting my wife's pc/kindle/android tablet.
    06-04-2016 02:12 PM
  8. Iamsideshowbob's Avatar
    OK... here are the two chief offenders. com.lurker.goodluck and GoogleCalandarPluginService. From what I read so far, they are supposed to be uninstallable. I would say they are about as easy to get rid of as a frat boy at a free all you can drink beer fest. Short of going nuclear and frying everything, is there a less drastic option that would work? I am desperate enough to offer my last bottle of Kingon Warnog in a workable answer!!
    06-04-2016 07:40 PM
  9. Golfdriver97's Avatar
    OK... here are the two chief offenders. com.lurker.goodluck and GoogleCalandarPluginService. From what I read so far, they are supposed to be uninstallable. I would say they are about as easy to get rid of as a frat boy at a free all you can drink beer fest> Short of going nuclear and frying everything, is there a less drastic option that would work?
    The calendar plugin probably wouldn't be good to uninstall if you use Google calendar. The lurker does seem to be a form of malware. If you do a reset, I would go into settings>backup and reset> uncheck the auto restore option. This should stop the lurker from reinstalling, if it was downloaded form play.
    06-05-2016 09:47 AM
  10. Iamsideshowbob's Avatar
    Thanks! Will try using what you suggested.
    06-05-2016 02:58 PM
  11. Iamsideshowbob's Avatar
    The calendar plugin probably wouldn't be good to uninstall if you use Google calendar. The lurker does seem to be a form of malware. If you do a reset, I would go into settings>backup and reset> uncheck the auto restore option. This should stop the lurker from reinstalling, if it was downloaded form play.
    Bad news Golfdriver97.. Tried it with your suggestion and com.lurker.goodluck and the rest of its deadbeat sidekicks are back. What you suggested made perfect sense to me, but this is one persistent infection. To add insult to injury, Play Store is no longer accessible. .Methinks wiping the beast is the only available option now.
    06-06-2016 04:18 AM
  12. Golfdriver97's Avatar
    Bad news Golfdriver97.. Tried it with your suggestion and com.lurker.goodluck and the rest of its deadbeat sidekicks are back. What you suggested made perfect sense to me, but this is one persistent infection. To add insult to injury, Play Store is no longer accessible. .Methinks wiping the beast is the only available option now.
    Ouch...
    What kind of device do you have? I skimmed over the thread again, but I may have missed it...if I did I'll blame the coffee not kicking in yet.
    Iamsideshowbob likes this.
    06-06-2016 09:03 AM
  13. Iamsideshowbob's Avatar
    It's an Allwinner A33-GA10H generic tablet. I think I have located the necessary software, but have no idea how to install it.
    Allwinner A33 Firmware and Tool | My Tablet Guru
    06-06-2016 04:37 PM
  14. Golfdriver97's Avatar
    It's an Allwinner A33-GA10H generic tablet. I think I have located the necessary software, but have no idea how to install it.
    Allwinner A33 Firmware and Tool | My Tablet Guru
    You should be able to do this with fast boot command lines.
    Iamsideshowbob likes this.
    06-08-2016 12:19 PM
  15. Iamsideshowbob's Avatar
    Thank you! Now keeping in mind my total inexperience with Android, can you suggest any good YouTube tutorials?
    06-08-2016 08:43 PM
  16. Golfdriver97's Avatar
    Thank you! Now keeping in mind my total inexperience with Android, can you suggest any good YouTube tutorials?
    If the file when you download it has the recovery as an .img file, you can look at this:

    Reflashing the whole ROM can be done the same way. I will get on a different PC (I'm on Chrome OS now), and look a little further into the link you provided.
    06-09-2016 09:25 AM
  17. Golfdriver97's Avatar
    I did peek at the files for the site you downloaded. One thing concerns me a lot, one thing is kinda minor.

    Larger concern: Your exact model isn't listed. If they aren't cross compatible (ROMs usually aren't), this could brick your device.

    Minor concern: I downloaded a random file that was for an A33: The only thing in there is the ROM image. The recovery could be built in, this is not uncommon, but this will most likely wipe the device of all user data.

    I could not find an alternate recovery file for your device. I will try to keep looking though.
    Laura Knotek likes this.
    06-09-2016 10:17 AM
  18. Iamsideshowbob's Avatar
    Thanks again! So forgive my Android challenged mental state, but could I download another version of Android from another manufacturer and use that? I know that I have in the past, used a Dell vresion of Windows with an HP activation code in cobbling together a Frankenstein garage computer for a friend.
    06-09-2016 03:59 PM
  19. Golfdriver97's Avatar
    Thanks again! So forgive my Android challenged mental state, but could I download another version of Android from another manufacturer and use that? I know that I have in the past, used a Dell vresion of Windows with an HP activation code in cobbling together a Frankenstein garage computer for a friend.
    That will be a 99.9% chance of bricking the device. This is a very loose analogy, but look at it like this: say you build an Intel type desktop. You want to buy an OS software but it's only for AMD. Making those two things try to work together will be asking for trouble.

    Each OEM has slightly different ways of how Android boots from the bootloader. This is so specific that even taking a Samsung Galaxy S 6 from say, Verizon and trying to flash the international version on it will very likely cause a brick.

    The downside to less popular devices is if something happens, it's harder to fix due to lack of availability for key files.

    Flashing one of those files may work, I could very well be wrong. I will admit I will be very surprised if it does work.

    Edit: rereading the last line...and I could very well be wrong here but, that works mainly because Windows is almost as closed off as iOS. Microsoft controls every bit of the OS and no one can make changes aside from adding software.

    I will get another Ambassador to help look this over and maybe clear up any confusion.
    Iamsideshowbob likes this.
    06-09-2016 04:43 PM
  20. Iamsideshowbob's Avatar
    From what I am reading, it appears that some of these issues I have been experiencing may be the manufacturers fault. It seems that the a33 ROMs are full of time delay trojans. I am beginning to think this may just be an expensive doorstop now...
    06-09-2016 05:45 PM
  21. Golfdriver97's Avatar
    From what I am reading, it appears that some of these issues I have been experiencing may be the manufacturers fault. It seems that the a33 ROMs are full of time delay trojans. I am beginning to think this may just be an expensive doorstop now...
    Well, let's talk some other options:
    1. Is getting a new device to replace this one an option?
    1a. If the above is yes, what would the price limit be?
    2. If not new what about used?
    3. If a different device is totally out of the question, how unusable is the current one? Have you tried a different browser?
    06-09-2016 06:58 PM
  22. Iamsideshowbob's Avatar
    I don't think getting a new device is out of the question and price shouldn't be a consideration in this case.

    For me, it's more a matter of principle and I hate admitting that there is a malware/viral infection I couldn't remove by the right combination of software or by nuking the hard drive and starting fresh. I hate to admit that I am beat, but this thing has royally kicked my butt!

    As for usability, I would say it is like trying to carry on a conversation in a room filled with five year olds jacked up on Red Bull.
    Jerry Hildenbrand likes this.
    06-09-2016 08:07 PM
  23. Jerry Hildenbrand's Avatar
    I like anyone who hates to give up

    1 — I don't think any of the firmware files on your link are for your specific tablet. I would be very careful about trying to flash any of them.

    But that's OK.

    This should work for you: [GUIDE][ROOT][TWEAKS] Generic Allwinner A23 Tablet

    If it does, you'll have root permissions and can delete all the crap from the factory. Here are the files you want to remove:

    /system/app/CloudService.apk
    /system/app/FileExplorer.apk
    /system/app/PartnerBookmarksProvider.apk
    /system/app/Update.apk
    /system/priv-app/OneTimeInitializer.apk
    EVERYTHING in /system/preinstall

    You can do this over a cable from a computer or on the phone itself. I suggest copying the files to a folder on the tablet's storage under the /sdcard directory, and keep a list of exactly where each file originally came from. If you do it via computer, keep the files and the list somewhere until you're sure everything works.


    Next, create a blank text file. It has to be blank and it has to be created with a Unix-style text editor (for Windows, use Notepad++)
    Name this file CloudService.apk (NOT CloudService.apk.txt — mind the file extension)
    Then place this file in /system/app

    Reboot, cross your fingers and hope.

    Good luck.

    Edited to add: Know up front that if this doesn't work (there are like 100 generic models of your tablet and not all of them may be the same) there is the risk that it will never work again once you remove things and reboot,
    06-09-2016 08:35 PM
  24. Iamsideshowbob's Avatar
    At this stage I would rather brick the thing trying than let this be controlled by malware!
    06-09-2016 09:01 PM
  25. Jerry Hildenbrand's Avatar
    At this stage I would rather brick the thing trying than let this be controlled by malware!
    I really like this dude.

    Welcome to AC my man.
    06-10-2016 01:29 PM

Similar Threads

  1. Replies: 10
    Last Post: 06-12-2016, 08:21 PM
  2. Is this possible, VOIP on old Gingerbread phone
    By jasonfoer in forum Ask a Question
    Replies: 1
    Last Post: 06-04-2016, 07:06 PM
  3. Replies: 1
    Last Post: 06-04-2016, 08:58 AM
  4. Replies: 0
    Last Post: 06-04-2016, 07:25 AM
  5. Replies: 0
    Last Post: 06-04-2016, 05:21 AM
LINK TO POST COPIED TO CLIPBOARD