HTC One - HELP! MALWARE going to droidresearchapp.info

[Chris_Page]

I have an HTC One M7 that I've had pretty much since it came out with no malware/virus issues. Beginning several weeks ago, randomly a new tab in my browser will fire up and go to droidresearchapp.info, which appears to start streaming an all-black video in an embedded player. The purpose of this appears to be nothing other than killing your data plan, as I got a nastygram from AT&T saying I had burned through 5GB in a few days (when I usually use maybe 1GB a month).

I've installed no new apps in quite a while (though app updates are turned on), and all of my apps are from Google Play (no non-trusted sources). The couple of times I've done factory resets, the first app I install is AVG Antivirus, which is not detecting anything wrong.

I did a complete factory reset and erased all data a few days ago. I then restored my settings from backup and re-installed the 40 or so apps I run. I had no problems until this morning, when Chrome popped up again and went to droidresearchapp.info while I had Spotify running while driving to work. Argh!

So now I'm looking at ANOTHER factory reset, with no clue what app this piece of cr@p malware is piggybacking on.

Haas anyone seen this, or have any ideas where to start troubleshooting (other than "don't install apps" or "install one app at a time and wait a week"...)? Googling this get a few other folks with the same problem reported on various phones, but no solutions. Thanks in advance!

 

[B. Diddy]

Welcome to Android Central! There are a couple of things to consider:

1. You restored your apps and settings from backup--do you mean your Google account? It's possible that the browser redirect was in some of that saved data as well. You may want to consider going to Settings>Backup, and unchecking Automatic Restore, so that bit of data doesn't get restored back onto your phone. You'll have to reinstall all of your apps again, and get your homescreens and settings all back to how you want them, but it might be worth it if it prevents this problem from recurring.

2. Since your Chrome browser on your phone is likely synced with Chrome on your desktop, I would also open Chrome on your computer and delete all of the history, cookies, etc.

Hope it works!

 

[Nav96]

Man! I've been having the same exact problem! :/ Dunno whats causing it.. let me know if this fixes???

 

[hotshot79]

If anybody has any information on how to fix this I'd love to hear....I'm having the same issue but can't find anything on what the problem is or how to fix it...

 

[salvador perez]

Im having the same issue as well! Its getting pretty annoying! I've tried installing avast but no fix. I haven't done a reset since I have so much on my fone that I dont want to lose. I have a droid razr maxx. As stated above if anyone find out a fix plz share! Thanks in advance.

 

[Bielal Malik]

I am having the same problem! Its really annoying.

 

[VidJunky]

Well there are all kinds of ways to attack this to narrow it down to where the issue is coming from, and they are all painful, but to resolve this issue it may be necessary.

Let's start with the basics:
About when did you begin noticing the issue? If you all experienced it about the same time frame then it could have been in an app update, and just because it from Google Play doesn't make it "safe". That's a whole nother story.

The OP said that started again after or while using Spotify, do any of the other posters use this app? I don't know what it is but I've heard of it so I'm guessing it's pretty popular but that doesn't mean that there wasn't a buggy install or a line of code over looked. However depending on how the OP did their reinstall it should count out a buggy install.

Have you checked the reviews for the apps you have installed? Most people don't belong to forums, as you see you all only came here after having an issue. 1 Post, 1 Post, 1 Post. Most of the time if an app causes someone issues they post in the reviews of the app that ...this app caused XYZ... which can be helpful to those looking at that app but really doesn't help because only a few devs seem to check the reviews for issues to resolve. I believe in the direct route use the contact dev button that is in most good app descriptions. I'm just saying.

Finally B. Diddy was on the right track but I think stopped short of the actual and most painful way to figure this out which may be to do the factory reset and add apps back in ones and twos over several days until the issue shows up again. By doing this you eliminate the apps that you haven't installed as suspects and you've narrowed down that it happened after apps XYZ and 123 were installed making them the prime suspects. Just one note on this if it's a true virus or malware attempt you may want to just run the device stock, no add-ons, to be sure that a factory reset cleans the device. Like I said this is slow and painful.

Browsing around the web it seems to be occurring to a variety of devices and it doesn't appear that any of the detection apps are identifying any possible sources, this means you are your best advocate and you will have to help each other figure this out. I've seen posts over at XDA where issues like this can be identified using a logger app, but the device has to be rooted. Is anyone willing to root for a solution?

GL

 

[tortdog]

Happened to my LG G2 so not device specific. I have run every tool out there and nothing detects it. I have started to uninstall anything not mainstream that has add ons but no luck yet.

 

[hotshot79]

No Spotify on my phone....

(PS btw - I've been here for a while [5 years or so]...just don't post.....)

Not that it matter's - as this is a software issue - not hardware, but I'm using a SGS3....

 

[tortdog]

Might be AirWatch. I had disabled it over the weekend and the issue seemed to go away. Once I reconnected AirWatch it started up again.

 

[hotshot79]

No Airwatch on my SGS3 - I'm finding that the issue is intermittent....Going to try and see what apps are running in the background when this is happening.

I suppose we could also list all of our apps on our phones and see what we all have in common....(I mean aside from stock/google apps etc)

 

[Faiz Dwimunali]

Hi all, I seem to have the solution. It has worked for a week now and it doesn't involve reseting anything. I don't know whether you have fixed it or not but here it is...go to your settings > data usage > on the mobile tab, tap on your default browser > and tick the restrict background data. Do the sam on the Wi-Fi tab. I hope this works.

 

[hotshot79]

Thanks Faiz - That may stop it from happening but it doesn't solve the actual problem in the sense that there is something on my phone doing something that I don't want it to do but I don't know what it is.

 

[hnguyen]

As of today I started getting a popup on my chrome browser on my nexus 5 stating I have viruses and I should download an app to remove them. It just started happening. But the funny thing is that I only get the popups when I'm on technobuffalo.com

I can't tell if the issue is from my phone or its technobuffalo.com.

 

[hnguyen]

As of today I started getting a popup on my chrome browser on my nexus 5 stating I have viruses and I should download an app to remove them. It just started happening. But the funny thing is that I only get the popups when I'm on technobuffalo.com

I can't tell if the issue is from my phone or its technobuffalo.com.