Why is my factory reset unable to remove malware?

Toggle sidebar Toggle sidebar
N

naimshaikh

Member
Aug 1, 2015
20
0
0
Visit site
factory reset unable to remove malware

By mistake i have installed some battery booster apps on my android 4.2.2 and got infected, i have uninstalled those apps and
performed factory reset but to my surprise virus is back. is it due
to google account syn??

threats: 4
1 : com.vwydya.snslxcjby (trojan)
2: com.nb.superuser (trojan)
3: com.nb.superuser (potentially unwanted app)
4: com.clrrlixw.hmotzhoh (potentially unwanted app)

Please help
 
Golfdriver97

Golfdriver97

Trusted Member Team Leader
Moderator
Dec 4, 2012
35,365
110
63
Visit site
Re: factory reset unable to remove malware

The auto restore probably put the bad app on your device again. You can disable the auto restore in settings>backup and reset. Then, reset again.

Is your device rooted?
 
N

naimshaikh

Member
Aug 1, 2015
20
0
0
Visit site
Re: factory reset unable to remove malware

AMBASSADOR, Thanks for your reply, i have disabled auto restore n tried but failed, i didn't rooted my device but ANTI VIRUS says unable to clean malware coz it rooted (seems malware rooted my device) :( :(
 
Mooncatt

Mooncatt

Ambassador
Feb 23, 2011
10,748
305
83
Visit site
Re: factory reset unable to remove malware

The "superuser" stuff is usually referencing a rooted device. Since you didn't root the device yourself, I suspect the virus didn't do so either and is simply trying to fool your anti virus app into thinking it is rooted.

I tried searching for the threats, but Google only turned up this thread. Did the anti virus app give you a virus name associated with the threats? That would be a more common identification and easier to search for solutions.

Along the same lines, which anti virus app are you using?
 
N

naimshaikh

Member
Aug 1, 2015
20
0
0
Visit site
Re: factory reset unable to remove malware

Thanks Mooncatt,
Above threat list is scanned by ESET's Mobile Security & Antivirus.
More or less results shown by CM Security/ 360 Security as wel
 

Attachments

  • Screenshot_2015-08-02-09-12-36.png
    Screenshot_2015-08-02-09-12-36.png
    99.1 KB · Views: 16
nahoku

nahoku

Well-known member
Jan 26, 2013
3,300
0
0
Visit site
Re: factory reset unable to remove malware

Have you tried to uninstall the apps while in Safe Mode? While in Safe Mode, check to see if the apps have installed themselves as Phone Administrators and disable before uninstalling. If safe mode attempt doesn't work, you might try Malwarebytes to scan and see if it can get rid of this malware.
 
N

naimshaikh

Member
Aug 1, 2015
20
0
0
Visit site
Re: factory reset unable to remove malware

Thanks nahoku, there is no uninstall option as you asked me to disable and uninstall apps in safe mode, it shows only FORCE STOP & DISABLE .

I have used Malwarebytes , it is finding trojan but asking to select it to DELETE , but unable to uninstall here is screen shot for same.

Screenshot_2015-08-15-13-05-43.png
 
nahoku

nahoku

Well-known member
Jan 26, 2013
3,300
0
0
Visit site
Re: factory reset unable to remove malware

Did you attempt to Delete the apk in Malwarebytes? If not, then have Malwarebytes delete it and then run another full scan with both Malwarebytes and ESET. Uninstall was only if you had the option in the app preferences.

Another thing... Malwarebytes will run in Safe Mode on a PC. I don't know if it'll run in Safe mode on Android. You might try running Malwarebytes in Safe mode if you can't get rid of the trojan while your phone is booted up in normal mode.
 
N

naimshaikh

Member
Aug 1, 2015
20
0
0
Visit site
Re: factory reset unable to remove malware

nahoku, Thank you very much, 1: I attempted to delete apk in Malwarebyte, says deleteted - then prompting to uninstall App (affected) - Malwarebyte says Deleted. but not deleting threat. 2 : malwarebyte is not available in SAFE MODE
 
nahoku

nahoku

Well-known member
Jan 26, 2013
3,300
0
0
Visit site
Re: factory reset unable to remove malware

Did you Force stop and Disable the app before having Malwarebytes delete it?

Lets step back here a little...

When you factory reset your device, how did you do it? Did you do it from Settings, or did you do a hard reset in Recovery mode? Did you wipe the cache partition in recovery mode before the factory reset?

What device do you have?
 
Last edited:
nahoku

nahoku

Well-known member
Jan 26, 2013
3,300
0
0
Visit site
Since you did a factory reset thru settings, its possible that it wasn't good enough to get rid of the malware because it may have planted itself in your system cache (I don't know this for a fact).

At this point, what I would do is to wipe the cache partition, and do a factory reset while in recovery. I don't know what state your phone is currently in, but before you do the wipe/reset, back up all your data. You will lose everything when you factory reset.

To get to Recovery, follow THIS method, or THIS one (it has pictures). Be sure your battery is fully charged.

Note that both links only tell you how to do a factory reset. You need to do a "wipe cache partition" first by navigating the recovery menu just like you would navigate it for the factory reset.

I hope this method of resetting your phone gets rid of the virus/malware because I'm running out of suggestions!

By the way, where did you get the Battery booster app that caused this problem? Was it from Playstore, or did you sideload it? The reason I ask is that if it came from Playstore and you have your Playstore settings to "update automatically", then chances are high that the app will reinstall once you visit the Playstore. I highly recommend you change Playstore settings to NOT update automatically.
 
Mooncatt

Mooncatt

Ambassador
Feb 23, 2011
10,748
305
83
Visit site
Re: factory reset unable to remove malware

This is weird. I think it might be a good idea to email Eset and see if they can provide any additional info on what their app is finding. I'd also email the device manufacturer to see if those are pre-installed apps. Since they are there after a reset, it's possible they are triggering false positives in the anti-malware apps.
 
nahoku

nahoku

Well-known member
Jan 26, 2013
3,300
0
0
Visit site
Re: factory reset unable to remove malware

Mooncatt said:
I'd also email the device manufacturer to see if those are pre-installed apps
Click to expand...
Yeah, they could be false positives and possibly pre-installed Lenovo apps. I did a search on "rfuj.apk" and had no hits. Very weird.

One more thing for the OP... you might also try installing Avast to compare it's findings to ESET. Note that it may set up some kind of "real-time" internet monitoring. You may want to disable that as it may slow down your internet. Also, after you're done, decide on only one anit-virus to run (uninstall Avast or ESET) as running two constantly is not recommended... at least not on PC's.
 
You must log in or register to reply here.

Similar threads

T
How can I install a antivirus/malware removal app without Playstore?
Replies
13
Views
2K
General Help and How To
B. Diddy
B. Diddy
Joel Gresch
Why is my once fast tablet now painfully slow?
Replies
1
Views
2K
General Help and How To
B. Diddy
B. Diddy
A
  • Question
Could system files be modified, with malware, and persist after factory reset?
Replies
1
Views
887
Ask a Question
mustang7757
mustang7757
B
Why does a qr code try to open every time I unlock my phone?
Replies
2
Views
2K
General Help and How To
Kizzy Catwoman
Kizzy Catwoman
H
Is "shell" malware? It has access to SMS, etc.
Replies
3
Views
31K
General Help and How To
B. Diddy
B. Diddy

Latest posts

Members online

Total: 3,471 (members: 11, guests: 3,460)

Trending Posts

Forum statistics

Threads
942,992
Messages
6,916,781
Members
3,158,765
Latest member
fancyfranci

Share this page

COMPANY
RESOURCES
FOLLOW
Top Bottom