Recovery partition is infested with malware and viruses. Wipe & reinstall OS?

  • Thread starter Thread starter AC Question
  • Start date Start date
A

AC Question

OK... I will admit it. I am a complete newbie here.

If it was Windows or even OS-X I could figure this out, but with Android I am left muttering Whiskey Tango Foxtrot to myself. I have my aunt's Android tablet and it is the most virus and malware infested thing I have ever seen. I threw every available cure I can think of at at it all to no avail. My usual tool of HitmanPro is not available for Android.

To add insult to injury, the recovery partition is also infected.

Doing a factory reset just reinstalls what little Kapersky and the other tools were able to remove.

That said, how can I wipe the hard drive completely and reinstall Lollipop?
 
Welcome to the forums. It seems that your only choice could be reflashing the stock ROM. Search in the XDA forums for that specific tablet.
 
Welcome to the forums. Can you describe in detail why you suspect the recovery partition is infected? What is the malware app that is installed? Can you provide some pictures of the appropriate screens?

Thread subscribed.
 
Depends on manufacturer and model. Some publish factory images on their website. A custom ROM if available could also help. Check out the forums for your device and using ADB.

Posted via nexus 6p project FI
 
Hmmmm... should be able to do that tonight. I will just have to figure out which AV program identified the problems.

I know that there several hijackers that redirect and reset her home page all the time. The whole tablet has turned into popup hell, with Dr. Oz's ugly face being the prime offender. I don't like him at the best of times, but seeing him every twenty seconds does not help matters much.

From when we ran a couple of malware removal programs, they identified seven different sources of infection. They were able to remove a couple, but they always replicated themselves.Normally the factory recovery partition trick works, but in this case it brought back the same issues plus a few others that I hadn't counted on. Hence why I thought going nuclear and getting rid of everything to start fresh would be the best option. My problem is that I am Android illiterate...

I am looking for the most efficient way of frying everything and starting fresh, so any guidance would be really welcome.
 
The pop ups could be as simple as clearing the cache in the browser. If that doesn't work a data clear in the browser should.
 
Hmmmm... should be able to do that tonight. I will just have to figure out which AV program identified the problems.

I know that there several hijackers that redirect and reset her home page all the time. The whole tablet has turned into popup hell, with Dr. Oz's ugly face being the prime offender. I don't like him at the best of times, but seeing him every twenty seconds does not help matters much.

From when we ran a couple of malware removal programs, they identified seven different sources of infection. They were able to remove a couple, but they always replicated themselves.Normally the factory recovery partition trick works, but in this case it brought back the same issues plus a few others that I hadn't counted on. Hence why I thought going nuclear and getting rid of everything to start fresh would be the best option. My problem is that I am Android illiterate...

I am looking for the most efficient way of frying everything and starting fresh, so any guidance would be really welcome.

We run Mcaffee on my wife's windows 10 pc and they include a great AV for our kindles, android phones and other android devices as well. Its not free, but it sounds like your aunt could use the protection and it might be money well spent. Plus it protects all your devices....very effective as well.
I think you can run a free scan to see what it finds...its been VERY good at protecting my wife's pc/kindle/android tablet.
 
OK... here are the two chief offenders. com.lurker.goodluck and GoogleCalandarPluginService. From what I read so far, they are supposed to be uninstallable. I would say they are about as easy to get rid of as a frat boy at a free all you can drink beer fest. Short of going nuclear and frying everything, is there a less drastic option that would work? I am desperate enough to offer my last bottle of Kingon Warnog in a workable answer!!
 
Last edited:
OK... here are the two chief offenders. com.lurker.goodluck and GoogleCalandarPluginService. From what I read so far, they are supposed to be uninstallable. I would say they are about as easy to get rid of as a frat boy at a free all you can drink beer fest> Short of going nuclear and frying everything, is there a less drastic option that would work?

The calendar plugin probably wouldn't be good to uninstall if you use Google calendar. The lurker does seem to be a form of malware. If you do a reset, I would go into settings>backup and reset> uncheck the auto restore option. This should stop the lurker from reinstalling, if it was downloaded form play.
 
The calendar plugin probably wouldn't be good to uninstall if you use Google calendar. The lurker does seem to be a form of malware. If you do a reset, I would go into settings>backup and reset> uncheck the auto restore option. This should stop the lurker from reinstalling, if it was downloaded form play.

Bad news Golfdriver97.. Tried it with your suggestion and com.lurker.goodluck and the rest of its deadbeat sidekicks are back. What you suggested made perfect sense to me, but this is one persistent infection. To add insult to injury, Play Store is no longer accessible. .Methinks wiping the beast is the only available option now.
 
Bad news Golfdriver97.. Tried it with your suggestion and com.lurker.goodluck and the rest of its deadbeat sidekicks are back. What you suggested made perfect sense to me, but this is one persistent infection. To add insult to injury, Play Store is no longer accessible. .Methinks wiping the beast is the only available option now.

Ouch...
What kind of device do you have? I skimmed over the thread again, but I may have missed it...if I did I'll blame the coffee not kicking in yet. :)
 
I did peek at the files for the site you downloaded. One thing concerns me a lot, one thing is kinda minor.

Larger concern: Your exact model isn't listed. If they aren't cross compatible (ROMs usually aren't), this could brick your device.

Minor concern: I downloaded a random file that was for an A33: The only thing in there is the ROM image. The recovery could be built in, this is not uncommon, but this will most likely wipe the device of all user data.

I could not find an alternate recovery file for your device. I will try to keep looking though.
 
Thanks again! So forgive my Android challenged mental state, but could I download another version of Android from another manufacturer and use that? I know that I have in the past, used a Dell vresion of Windows with an HP activation code in cobbling together a Frankenstein garage computer for a friend.
 
Re: Recovery partition is infested with malware and viruses. Wipe & reinstall OS?

Thanks again! So forgive my Android challenged mental state, but could I download another version of Android from another manufacturer and use that? I know that I have in the past, used a Dell vresion of Windows with an HP activation code in cobbling together a Frankenstein garage computer for a friend.

That will be a 99.9% chance of bricking the device. This is a very loose analogy, but look at it like this: say you build an Intel type desktop. You want to buy an OS software but it's only for AMD. Making those two things try to work together will be asking for trouble.

Each OEM has slightly different ways of how Android boots from the bootloader. This is so specific that even taking a Samsung Galaxy S 6 from say, Verizon and trying to flash the international version on it will very likely cause a brick.

The downside to less popular devices is if something happens, it's harder to fix due to lack of availability for key files.

Flashing one of those files may work, I could very well be wrong. I will admit I will be very surprised if it does work.

Edit: rereading the last line...and I could very well be wrong here but, that works mainly because Windows is almost as closed off as iOS. Microsoft controls every bit of the OS and no one can make changes aside from adding software.

I will get another Ambassador to help look this over and maybe clear up any confusion.
 
From what I am reading, it appears that some of these issues I have been experiencing may be the manufacturers fault. It seems that the a33 ROMs are full of time delay trojans. I am beginning to think this may just be an expensive doorstop now...
 

Forum statistics

Threads
958,751
Messages
6,977,597
Members
3,164,139
Latest member
Glaywinpe