Hello, recently i accidentally downloaded what i thought was a legitimate app, but it turned out to be agressive adware. Basically, at random times during the day I would check my phone and there'd be 4-6 new apps that I was never asked to download. it didn't even show me download progress or anything, they would just pop up and open themselves on their own. my phone was already rooted so they were easy to delete, but after a random amount of time (sometimes hours, sometimes days), they'd come back.
The problem escalted when now it wasn't just random apps, there would be super intrusive pop up ads to download other apps just popping up on my screen. The apps advertised seemed like legitimate apps (ie, Facebook, etc.) but of course i never clicked on them.
I scanned my phone with Malwarebytes Anti-Malware, and it found PUP.Adware.Xinyinhe, along with some other random Trojans. I managed to delete some of them, but the Xinyinhe and some other 3 items wouldn't let me delete them (something about incorrect uninstall or something).
I did some research on xinyinhe and found this article www(.)fireeye(.)com/blog/threat-research/2015/09/guaranteed_clicksm.html
I'm not really tech-savvy so most of it was a little out of my comprehension, but I figure I should provide as much information as I can. From what I gather, the other random Trojans had infected my phone via the backdoor that this Xinyinhe adware left.
Ok, so next I did something that in retrospect was very stupid of me, considering I don't know the first thing about cell phones. Using Root Explorer, I managed to delete some of the main files I recognized as malicious, and I found the apps I had been deleting (the ones that kept downloading themselves) lodged into one of the folders. Deleted those too. However, the problem persisted and if anything, it got worse. The files i delted kept popping back! I was so desperate and annoyed i just deleted any files that could POTENTIALLY be related to the malware, and probably ****ed up my phone a little bit in the process. But it didn't even matter because, I never solved anything.
Next, I decided to do a full factory reset. I don't have too much on my phone that I'm attached to so I just uploaded some pictures to Google Drive and, wiped my phone without making a backup or anything. TO MY SURPRISE, the xinyinhe and other malware were still there!! Luckily, with Kingroot I was able to get rid of some of the malware that had persisted before. Using Malwarebytes, I ran a scan and found 6 random Trojans AS WELL as the Xinyinhe adware. At least this time I was able to delete all the Trojans. The only thing that wouldn't let me delete it is, once again, PUP. Adware.Xinyinhe.
When I try to delete it, the uninstall prompt comes up and asks me if I'm sure I want to delete SecurityService. Now I'm not sure, but that sounds like an important file, but I'm so done with this I go ahead and confirm the uninstall. But when I do that it says incorrect uninstall or something similar to that.
At this point, I have WiFi and data turned off, and haven't downloaded anything into my wiped phone. Does anyone know of any way to get rid of this thing???
(Sorry for the text wall, I tried to provide as much detail, in hopes that helps any of you)
The problem escalted when now it wasn't just random apps, there would be super intrusive pop up ads to download other apps just popping up on my screen. The apps advertised seemed like legitimate apps (ie, Facebook, etc.) but of course i never clicked on them.
I scanned my phone with Malwarebytes Anti-Malware, and it found PUP.Adware.Xinyinhe, along with some other random Trojans. I managed to delete some of them, but the Xinyinhe and some other 3 items wouldn't let me delete them (something about incorrect uninstall or something).
I did some research on xinyinhe and found this article www(.)fireeye(.)com/blog/threat-research/2015/09/guaranteed_clicksm.html
I'm not really tech-savvy so most of it was a little out of my comprehension, but I figure I should provide as much information as I can. From what I gather, the other random Trojans had infected my phone via the backdoor that this Xinyinhe adware left.
Ok, so next I did something that in retrospect was very stupid of me, considering I don't know the first thing about cell phones. Using Root Explorer, I managed to delete some of the main files I recognized as malicious, and I found the apps I had been deleting (the ones that kept downloading themselves) lodged into one of the folders. Deleted those too. However, the problem persisted and if anything, it got worse. The files i delted kept popping back! I was so desperate and annoyed i just deleted any files that could POTENTIALLY be related to the malware, and probably ****ed up my phone a little bit in the process. But it didn't even matter because, I never solved anything.
Next, I decided to do a full factory reset. I don't have too much on my phone that I'm attached to so I just uploaded some pictures to Google Drive and, wiped my phone without making a backup or anything. TO MY SURPRISE, the xinyinhe and other malware were still there!! Luckily, with Kingroot I was able to get rid of some of the malware that had persisted before. Using Malwarebytes, I ran a scan and found 6 random Trojans AS WELL as the Xinyinhe adware. At least this time I was able to delete all the Trojans. The only thing that wouldn't let me delete it is, once again, PUP. Adware.Xinyinhe.
When I try to delete it, the uninstall prompt comes up and asks me if I'm sure I want to delete SecurityService. Now I'm not sure, but that sounds like an important file, but I'm so done with this I go ahead and confirm the uninstall. But when I do that it says incorrect uninstall or something similar to that.
At this point, I have WiFi and data turned off, and haven't downloaded anything into my wiped phone. Does anyone know of any way to get rid of this thing???
(Sorry for the text wall, I tried to provide as much detail, in hopes that helps any of you)
Facebook
Twitter
Instagram