Save big + get 3 months free! Sign up for ExpressVPN today

07-23-2019 10:48 AM
27 12
tools
  1. naimshaikh's Avatar
    By mistake i have installed some battery booster apps on my android 4.2.2 and got infected, i have uninstalled those apps and
    performed factory reset but to my surprise virus is back. is it due
    to google account syn??

    threats: 4
    1 : com.vwydya.snslxcjby (trojan)
    2: com.nb.superuser (trojan)
    3: com.nb.superuser (potentially unwanted app)
    4: com.clrrlixw.hmotzhoh (potentially unwanted app)

    Please help
    08-05-2015 09:42 PM
  2. Golfdriver97's Avatar
    The auto restore probably put the bad app on your device again. You can disable the auto restore in settings>backup and reset. Then, reset again.

    Is your device rooted?
    Laura Knotek likes this.
    08-05-2015 09:47 PM
  3. naimshaikh's Avatar
    AMBASSADOR, Thanks for your reply, i have disabled auto restore n tried but failed, i didn't rooted my device but ANTI VIRUS says unable to clean malware coz it rooted (seems malware rooted my device)
    08-08-2015 10:19 PM
  4. Golfdriver97's Avatar
    Did you go through the process of rooting your device?
    Laura Knotek likes this.
    08-08-2015 11:11 PM
  5. naimshaikh's Avatar
    Golfdriver97, i didn't root my device
    08-11-2015 08:54 PM
  6. Mooncatt's Avatar
    The "superuser" stuff is usually referencing a rooted device. Since you didn't root the device yourself, I suspect the virus didn't do so either and is simply trying to fool your anti virus app into thinking it is rooted.

    I tried searching for the threats, but Google only turned up this thread. Did the anti virus app give you a virus name associated with the threats? That would be a more common identification and easier to search for solutions.

    Along the same lines, which anti virus app are you using?
    08-11-2015 11:06 PM
  7. naimshaikh's Avatar
    Thanks Mooncatt,
    Above threat list is scanned by ESET's Mobile Security & Antivirus.
    More or less results shown by CM Security/ 360 Security as wel
    Attached Thumbnails Why is my factory reset unable to remove malware?-screenshot_2015-08-02-09-12-36.png  
    08-14-2015 11:26 PM
  8. naimshaikh's Avatar
    08-14-2015 11:28 PM
  9. naimshaikh's Avatar
    08-14-2015 11:30 PM
  10. naimshaikh's Avatar
    08-14-2015 11:31 PM
  11. naimshaikh's Avatar
    08-14-2015 11:32 PM
  12. nahoku's Avatar
    Have you tried to uninstall the apps while in Safe Mode? While in Safe Mode, check to see if the apps have installed themselves as Phone Administrators and disable before uninstalling. If safe mode attempt doesn't work, you might try Malwarebytes to scan and see if it can get rid of this malware.
    08-14-2015 11:49 PM
  13. naimshaikh's Avatar
    Thanks nahoku, there is no uninstall option as you asked me to disable and uninstall apps in safe mode, it shows only FORCE STOP & DISABLE .

    I have used Malwarebytes , it is finding trojan but asking to select it to DELETE , but unable to uninstall here is screen shot for same.

    Why is my factory reset unable to remove malware?-screenshot_2015-08-15-13-05-43.png
    08-15-2015 09:31 AM
  14. nahoku's Avatar
    Did you attempt to Delete the apk in Malwarebytes? If not, then have Malwarebytes delete it and then run another full scan with both Malwarebytes and ESET. Uninstall was only if you had the option in the app preferences.

    Another thing... Malwarebytes will run in Safe Mode on a PC. I don't know if it'll run in Safe mode on Android. You might try running Malwarebytes in Safe mode if you can't get rid of the trojan while your phone is booted up in normal mode.
    08-15-2015 07:02 PM
  15. naimshaikh's Avatar
    nahoku, Thank you very much, 1: I attempted to delete apk in Malwarebyte, says deleteted - then prompting to uninstall App (affected) - Malwarebyte says Deleted. but not deleting threat. 2 : malwarebyte is not available in SAFE MODE
    08-15-2015 10:06 PM
  16. nahoku's Avatar
    Did you Force stop and Disable the app before having Malwarebytes delete it?

    Lets step back here a little...

    When you factory reset your device, how did you do it? Did you do it from Settings, or did you do a hard reset in Recovery mode? Did you wipe the cache partition in recovery mode before the factory reset?

    What device do you have?
    08-16-2015 03:15 AM
  17. naimshaikh's Avatar
    1: lenovo a526, 2: yes it was disaled apps when i tried to del it by malwarebyte, 3: factory reset done thru settings
    08-17-2015 05:22 AM
  18. nahoku's Avatar
    Since you did a factory reset thru settings, its possible that it wasn't good enough to get rid of the malware because it may have planted itself in your system cache (I don't know this for a fact).

    At this point, what I would do is to wipe the cache partition, and do a factory reset while in recovery. I don't know what state your phone is currently in, but before you do the wipe/reset, back up all your data. You will lose everything when you factory reset.

    To get to Recovery, follow THIS method, or THIS one (it has pictures). Be sure your battery is fully charged.

    Note that both links only tell you how to do a factory reset. You need to do a "wipe cache partition" first by navigating the recovery menu just like you would navigate it for the factory reset.

    I hope this method of resetting your phone gets rid of the virus/malware because I'm running out of suggestions!

    By the way, where did you get the Battery booster app that caused this problem? Was it from Playstore, or did you sideload it? The reason I ask is that if it came from Playstore and you have your Playstore settings to "update automatically", then chances are high that the app will reinstall once you visit the Playstore. I highly recommend you change Playstore settings to NOT update automatically.
    08-17-2015 07:00 AM
  19. Mooncatt's Avatar
    This is weird. I think it might be a good idea to email Eset and see if they can provide any additional info on what their app is finding. I'd also email the device manufacturer to see if those are pre-installed apps. Since they are there after a reset, it's possible they are triggering false positives in the anti-malware apps.
    08-17-2015 08:03 AM
  20. nahoku's Avatar
    I'd also email the device manufacturer to see if those are pre-installed apps
    Yeah, they could be false positives and possibly pre-installed Lenovo apps. I did a search on "rfuj.apk" and had no hits. Very weird.

    One more thing for the OP... you might also try installing Avast to compare it's findings to ESET. Note that it may set up some kind of "real-time" internet monitoring. You may want to disable that as it may slow down your internet. Also, after you're done, decide on only one anit-virus to run (uninstall Avast or ESET) as running two constantly is not recommended... at least not on PC's.
    08-17-2015 03:35 PM
  21. naimshaikh's Avatar
    nahoku, thanks a lot again for your detailed explanation. i will try to recover on weekend. i have loaded Battery booster thru pop up advertisement (apk file) and not from playstore, funny thing it asked many RIGHTS n blindly i followed , this file rooted my device n taken over fully , even not allowing to open androidcentral to open on device! It was big mistake n will be avoided in future
    nahoku likes this.
    08-18-2015 08:38 PM
  22. naimshaikh's Avatar
    Thanks mooncatt, I will try your suggetions
    08-18-2015 08:41 PM
  23. nahoku's Avatar
    Let us know how it works out.
    08-19-2015 03:58 AM
  24. Virus01's Avatar
    By mistake i have installed some battery booster apps on my android 4.2.2 and got infected, i have uninstalled those apps and
    performed factory reset but to my surprise virus is back. is it due
    to google account syn??

    threats: 4
    1 : com.vwydya.snslxcjby (trojan)
    2: com.nb.superuser (trojan)
    3: com.nb.superuser (potentially unwanted app)
    4: com.clrrlixw.hmotzhoh (potentially unwanted app)

    Please help
    Guys pls help my phone also got a virus. I try to reboot it with the reset factory data it is not working plss help me pls
    09-05-2016 09:56 AM
  25. laphunhon's Avatar
    To del virus in case:
    1. Del but when reboot it auto reinstall when boot
    2. Factory reset , it still reinstall
    3. Flash room, it still there (because your tool flash just add/override file when flash -- it did not format partition)
    How to fix:
    Solution 1: Use root del virus apk which will be install like as system app when booting.
    + Your sytem must be rooted
    + Del virus app normal way first.
    + Install ES File Explorer, go to Local->Home-> find address /system/app -> del file virus .apk then reboot
    Solution 2: Formation partition USRDATA by SP_Flash_Tool V3 + factory reset after format
    Step 1: Open Phone normally, Set USB debug mode and connect with PC by USB Cable
    Step 2: Get Android_scatter.txt by MTKdroidTools (google search pls)
    Information need in file .txt:
    - partition_name: USRDATA
    linear_start_addr: 0x65100000
    partition_size: 0x168320000
    Step 3: Run SP_Flash_Tool V3 chose Scatter-loading-> file .txt in step 2
    Step 4: Chose formation->Manual Format=> Input BeginAddress(hex) = linear_start_addr và Format Length (hex) = partition_size then OK
    Step 5: NO REMOVE CABLE USB between Phone and PC,unlock screen phone, hole Phone Power Button chose reboot (Phone will reboot and when it turn on power, it will into mode PreLoader (switch-off) for SP_Flash_Tool excute formation.
    Step 6: After format , Remove cable USB , put phone into Recovery Mode then Factory Reset
    Step 7: after Factory Reset , reset System and your Virus should be clean.
    Notice: if still not work, download room of your phone, then do solution 2 but with "partition_name: USRDATA and ANDROID" and flash room (to safe, should only using system.img or system.img+boot.img ).
    12-04-2016 09:44 PM
27 12

Similar Threads

  1. Replies: 2
    Last Post: 08-06-2015, 12:11 AM
  2. I have app sharer, now can I text an app to my brother?
    By AC Question in forum Ask a Question
    Replies: 0
    Last Post: 08-05-2015, 07:47 PM
  3. How can I get my hotspot to work on my unlocked LG G Vista that's on Metro?
    By AC Question in forum General Help and How To
    Replies: 0
    Last Post: 08-05-2015, 07:29 PM
  4. Replies: 0
    Last Post: 08-05-2015, 07:28 PM
  5. How can I add a group of words to the Android dictionary?
    By AC Question in forum Ask a Question
    Replies: 0
    Last Post: 08-05-2015, 07:27 PM
LINK TO POST COPIED TO CLIPBOARD