Cannot remove chinese malware on rooted, CM 5.1.1, Verizon Galaxy S3 on straight talk

mellie815

New member
Apr 24, 2011
2
0
0
Oy vey!

So..... I upgraded my S3 from 4.4 to Cyanogen's 5.1.1 and was having trouble moving files to the external SD card, which now works again. None of the 'fixes' in 4.4 ever worked so, once I went to 5.1.1, I grabbed a few apps from the Google Play store to assist with moving files over to the SD. One of these three apps (I always grab a few because in my experience, the first one never works.....) installed an absolutely EVIL malware that, even after scanning/cleaning multiple times, it's always there again after a reboot.
The 'symptoms' of this malware/virus/trojan/nasty thing are twofold: 1. Battery drain like you would not believe AND will not charge unless you power off, remove the battery, hold down the start button for a minute and then reinsert the battery with the phone plugged in. If you turn the phone on, even if you turn on a lock screen, while it's plugged in, the battery will begin to drain about 1% every three or four minutes from 100%.
The second issue is even worse. The phone starts dialing out, always to 'unknown', with no actual number displayed, all by itself. It does this about every 90 seconds, sometimes three or four times back to back. I've gone into Rom Toolbox and disabled everything running that wasn't obviously needed but the moment I 'froze' the phone app, I got stuck in a loop of 'unfortunately, phone has stopped working'. I eventually managed to juggle the 'ok' confirmation and re-enable the phone and as soon as I did, the phone started calling out again.
I did a sweep with 'master clean' and found a directory in internal storage that was named a whole lot of chinese characters. This 'app' also does NOT show up in the 'Apps' list, nor can I find any process or task that is obviously the problem. I deleted the files, rebooted and boom, the phone starts dialing. Next I did a factory wipe, cleared the dalvik cache and reinstalled 5.1.1 without incident. However, even when you do a factory reset, it doesn't actually remove all of the junk from the system, which I quickly witnessed as the phone began dialing again and upon inspection, the chinese folder is right back where it was before. I repeated the factory wipe three times in recovery, cleared the caches again, wiped it again and then put 5.1.1 back on. Nope. Phone still starts dialing once boot is complete and that bloody folder is back. Again.
I have tried: Symantec, Malwarebytes, Trend Micro, McAffee, AVG and about six more to no avail. Only a few ever find the folder and then remove it, but it's back at reboot.
The obvious solution would be to reinstall my Nandroid backup, except I can't. You see, when I try to access the backup file in recovery, it tells me there was a problem and installation was aborted. I had hoped to move the zip to the external SD but that didn't work, so, I appear to be stuck with this nasty little bugger. When I plug the phone into my laptop, it no longer shows up as any kind of device and Odin doesn't see it either, which it always did before. Win 7 also won't display the hidden files on internal storage, even if I clear the media cache and re-connect. It never did display them for me; that would make things far too easy!
So, now that you've had a good laugh, does anyone have the faintest idea how to remove the file or to TRULY wipe the internal storage? At this point, I have a haunted phone that drains the battery in about two hours and my battery monitors can't find the file that's causing it to drain so fast. Any ideas? Anybody? Bueller?
 

Trending Posts

Members online

Forum statistics

Threads
958,642
Messages
6,977,377
Members
3,164,117
Latest member
HushRA