How can I get rid of green popup malware

[dgcoventry]

https://image.ibb.co/bUjmaF/Screenshot_2017_07_08_08_57_15.png

I have some sort of infection on my Android device as shown on my screenshot above.

I have installed Malwarebytes but the scans tell me that the device is clean.

The green popups purport to download and install legitimate apps but if they are inadvertently tapped, they download malware.

The popups only appear in the various browsers. Ie. if I install Chrome, then they activate in Chrome and if I uninstall Chrome and install Firefox, then they appear in Firefox.

 

[B. Diddy]

Welcome to Android Central! Are you sure those popups aren't just associated with the sites you're visiting?

 

[dgcoventry]

Thank you.

No, the screenshot shows the popup on this website.

Edit:- Sorry, wrong screenshot uploaded.

 

[B. Diddy]

Ok, but do the popups appear exclusively while you're using a browser, or do they also appear on the homescreen or when running other apps?

 

[dgcoventry]

They don't appear in other apps: just in browsers.

Firefox, Chrome and the default browser which came with the tablet are all affected.

Other apps are not, as far as I can tell.

 

[B. Diddy]

Try going to Settings>Apps, select the browser, then Clear Cache/Clear Data. Also, in Chrome, go to the Privacy settings and clear all browsing data "from the beginning of time."

 

[dgcoventry]

Clearing the cache and data has no effect.

The popup is still there.

It really is a nuisance with it making the browser unresponsive.

 

[B. Diddy]

And you also cleared the browsing data as well, right?

The next step is to start uninstalling apps one by one to see if the problem goes away. Start with some of the more common culprits like 3rd party battery-saver apps, "RAM boosters," flashlight apps, antivirus apps (apart from well-respected ones like Malwarebytes), certain keyboard apps, and certain file manager apps.

 

[dgcoventry]

I have removed all downloaded Apps.

The problem still persists.

It's got to the point where I don't use the device anymore.

 

[Rukbat]

As B. Diddy said, it looks as if those are popups generated by the site. Does this site (if you go to it with a browser) generate the popup? If not, it's the sites you go to. (A website can put a popup anywhere on your screen, seemingly part of the web page or seemingly not part of the web page - the only difference is the 'target' of the popup, so it's trivial for someone to write the kind of popup you're getting. (If they did a better job, it would refer to Android tools, or "for Android professionals". A generic ad like that is just plain old improperly-developed adware.)

If it's not, try installing AdAway v3.2 or AdWare.

 

[B. Diddy]

@Rukbat makes a very good point. Unfortunately, the Android Central site tends to be plagued by intrusive ads. You may want to try using the Tapatalk app instead.

 

[Doug Moffat]

Android Central goes in phases. Sometimes it's unuseable on my browser because of pop-ups. Only seems to last a few days. I don't like Tapatalk and end up going back to the browser until a new roundup of pop-ups start. Most of the time the site is cool.

 

[dgcoventry]

The popups appear on all sites.

It will appear on androidcentral.com and it will appear on bbc.com, blender.org and others and it always takes the same form which is the green horizontal banner as in the screenshots above, so I doubt it has anything to do with the sites. Something has installed itself on my device.

I have removed everything, including watsapp and skype, but the problem still persists.

 

[B. Diddy]

Does this happen in Safe Mode as well?

 

[RossJosh]

What about your extensions? Maybe running processes? Have you taken a look at that? could be an issue. Also, does restarting your phone after removing apps help?

 

[dgcoventry]

The popups persist after removing all data and installed apps and shutting down and restarting does not affect them.

How do I reset the device to factory settings?

 

[B. Diddy]

I don't believe you mentioned which device you have yet, but typically, you can do a factory reset in the Settings>Backup & Restore menu. After the reset, during the Setup Wizard, don't restore previous data -- set it up as if it's a brand new device.

 

[dgcoventry]

I've reset the machine to factory settings using your instructions and for a while this sorted the issue.
However it seems to be back.

McAfee seems to have identified an app called "MediaService" which may or may not be the culprit. Mcafee does attempt to remove the app, after which it claims success, but the App always reappears shortly afterwards.

It may be legit as it claims to be packaged under the name "com.google.eMediaService", but I don't doubt that this can be spoofed.

 

[weasel5i2]

It seems that it may exist in your phone's firmware, according to recent news:

https://blog.avast.com/android-devices-ship-with-pre-installed-malware

Apologies if you already knew about this. They actually link back to this thread on that blog post.

See here: https://blog.avast.com/android-devices-ship-with-pre-installed-malware

Itappears to be installed in your firmware. If you don't want to consider it a total loss, you could try rooting the handset and removing the malware for good with something like Titanium Backup.

The other option which may happen is that the manufacturer(s) could be embarrassed by the whole ordeal and offer updated firmware images sans-malware in the very near future.

--W5i2

 

[Freddie Green]

You Need A New Phone Those Ads Were Caused By Malware That Came Hideing With The Phone