[DarthWoo]

I have a BLU Life Max phone running stock Android. I've been using it for just a bit over a year without any issues. Suddenly, various malwares keep popping up every night. From what I've seen so far, they have names such as Launcher, TBrowser, GStore, and Calculator. I've looked through the app list just to be sure, and there was a duplicate Calculator app, so it was definitely malware.

They have symptoms ranging from shutting off my phone's wifi to popping up advertisements for stupid-sounding games on the front of my display that I can only get rid of by hitting their X buttons, which hopefully isn't causing more problems.

I already had AVG, which warned me about them and purportedly removed/uninstalled them. I installed MalwareBytes as well after this started, and it had the same detections. Despite using both of them to remove the malware, they have come back at around 2:30AM in the morning every day for the last five days, so I have to assume there must be some infected file somewhere, but neither AVG nor MB are able to find it.

I know that the fallback is to just do a factory reset and format the SD card, but I was hoping there might be some alternative, as I have very low bandwidth at home and reinstalling everything would be incredibly time-consuming.

I'm not sure it's related, but my low bandwidth was in fact the cause of the one out of the ordinary usage of my phone that preceded all this happening. I used the wifi at work, which I often use anyway for watching movies on my breaks, to download the new Stage 9 release (a virtual Enterprise-D recreation) so I could transfer it to my PC when I got home. My PC is not suffering from any known infections, and I did a full scan just to be sure.

[DarthWoo]

I did an experiment and shut off my phone before I went to sleep, and it seemed to prevent the malware from trying to install itself again. Will be kind of annoying to do that every night though. I suppose I could set auto shutoff and startup, but my phone has a really annoying startup jingle that I can't shut off or mute.

[belodion]

Does the trouble persist in Safe Mode?

[DarthWoo]

I have not had the opportunity to test this yet. Since it always comes back at the same time each early morning, would I reboot to safe mode before I go to sleep and see what happens when I wake up?

[belodion]

Yes, that would be okay, as long as the phone is powered on overnight.

[Rukbat]

AVG is an antivirus app, not an anti-malware app - there's a difference. Try Malwarebytes Anti-Malware.

[DarthWoo]

I'm actually using both. They both detected the same malware, but neither saw anything to remove after removing the specific malwares that were affecting my phone, so whatever is causing them to return every morning is undetectable to them.

[Rukbat]

Unless you're doing the same unsafe thing with the phone every night, about the only guaranteed solution is a complete backup (Backing up an Android Device(, reflashing the firmware, then restoring everything. If that still doesn't do it, it's in what you're restoring, so you'll have to restore one thing a day (I know) and see what it was that you restored that caused it. Then repeat, but skip restoring that.

[DarthWoo]

I had the phone in safe mode prior to going to sleep. The malwares had not appeared by 3AM when I happened to wake up briefly. However, practically the moment I rebooted to normal, I went into the app list and saw the duplicate calculator app again, so I ran a MB full scan and Launcher and Calculator were detected, which I had to remove. Probably unrelated, but when I rebooted, my Music and Weather widgets refused to load properly, so I had to remove them and reapply them.