Why is my factory reset unable to remove malware?

nahoku, thanks a lot again for your detailed explanation. i will try to recover on weekend. i have loaded Battery booster thru pop up advertisement (apk file) and not from playstore, funny thing it asked many RIGHTS n blindly i followed :( , this file rooted my device n taken over fully , even not allowing to open androidcentral to open on device! It was big mistake n will be avoided in future :)
 
Re: factory reset unable to remove malware

Let us know how it works out.
 
By mistake i have installed some battery booster apps on my android 4.2.2 and got infected, i have uninstalled those apps and
performed factory reset but to my surprise virus is back. is it due
to google account syn??

threats: 4
1 : com.vwydya.snslxcjby (trojan)
2: com.nb.superuser (trojan)
3: com.nb.superuser (potentially unwanted app)
4: com.clrrlixw.hmotzhoh (potentially unwanted app)

Please help

Guys pls help my phone also got a virus. I try to reboot it with the reset factory data it is not working plss help me pls
 
Last edited by a moderator:
To del virus in case:
1. Del but when reboot it auto reinstall when boot
2. Factory reset , it still reinstall
3. Flash room, it still there (because your tool flash just add/override file when flash -- it did not format partition)
How to fix:
Solution 1: Use root del virus apk which will be install like as system app when booting.
+ Your sytem must be rooted
+ Del virus app normal way first.
+ Install ES File Explorer, go to Local->Home-> find address /system/app -> del file virus .apk then reboot
Solution 2: Formation partition USRDATA by SP_Flash_Tool V3 + factory reset after format
Step 1: Open Phone normally, Set USB debug mode and connect with PC by USB Cable
Step 2: Get Android_scatter.txt by MTKdroidTools (google search pls)
Information need in file .txt:
- partition_name: USRDATA
linear_start_addr: 0x65100000
partition_size: 0x168320000
Step 3: Run SP_Flash_Tool V3 chose Scatter-loading-> file .txt in step 2
Step 4: Chose formation->Manual Format=> Input BeginAddress(hex) = linear_start_addr và Format Length (hex) = partition_size then OK
Step 5: NO REMOVE CABLE USB between Phone and PC,unlock screen phone, hole Phone Power Button chose reboot (Phone will reboot and when it turn on power, it will into mode PreLoader (switch-off) for SP_Flash_Tool excute formation.
Step 6: After format , Remove cable USB , put phone into Recovery Mode then Factory Reset
Step 7: after Factory Reset , reset System and your Virus should be clean.
Notice: if still not work, download room of your phone, then do solution 2 but with "partition_name: USRDATA and ANDROID" and flash room (to safe, should only using system.img or system.img+boot.img ).
 
Last edited:
I realize this thread is pretty old by now, but I think most likely your virus installed itself on the system partition.
Apps that are installed on the system partition cannot be deleted and will even persist through factory reset because this partition is not touched during factory reset.
There is a user data partition in which most of the changes a normal user makes are saved (Installing apps, settings, photos, music, etc...). This partition is the one reset by the factory reset.
Flashing the device with stock firmware will rewrite ALL of the data on the device, including /system.
Considering its a Lenovo and not Samsung, you will probably have to do this with command line tools, specifically adb and/or fastboot, which are downloaded with the Android sdk. Also, the specific files you need are hosted in the link below as ADB & Fastboot Tools, as the SDK is almost two GBs.
http://odindownload.com
 
Re: factory reset unable to remove malware

i have uninstalled those apps and
performed factory reset but to my surprise virus is back. is it due
to google account syn??

threats: 4
1 : com.vwydya.snslxcjby (trojan)
2: com.nb.superuser (trojan)
3: com.nb.superuser (potentially unwanted app)
4: com.clrrlixw.hmotzhoh (potentially unwanted app)

Please help

I have a similar infection and need help !

My stock, unrooted, Galaxy S5 got infected with a self rooting, app installer, living in the system partition along with many of it's friends.

It's a persistent infection, I think the cellphone got it from my computer that has a UEFI malware/datastealer when I plugged it in to charge -- that is infecting the rest of the store network.
Yeah, I need help getting that sucker out of those computers too.

It keeps adding apps, and actually taking screen shots of my cellphone and sending them somewhere - and a few ads and popups, but the phone is still "usable."

The apps are slightly different, but I think it used RootPA because that's a new "system app" I'd never seen before, and a "multi-csc" where I am now in Los Angeles AND somewhere in ENGLAND. And I don't know what to do next.

Things I've tried:
- Use App Manager to uninstall/stop them, but most "uninstall" buttons are greyed out and ineffective.
- finally turn on airplane mode.... duh.... and turn OFF sync, and turn on data caps, it stops it from uploading more stuff, and downloading more apps.
- Wipe data/cache - no luck, no change.
- Rooting the device and install apps that get to root and uninstall/delete apk files or kill what's there, but by the time I start the "killer" app and select the packages to delete/uninstall, my root priviledges have been removed by the virus/malware, got lucky the very first time and was able to delete 1 apk file, but it came back.
- RELOAD factory stock ROM using Odin - same thing. it's still there.

I looked at the log files, and it basically is setting up a "Multi-CSC" environment and has 2 locations in it. Me in "en-US" California, and the second one (the one that loads first) is in "en-GB" (Great Britain?). The virus is checking if it's in a special mode (recovery), and if a wipe starts, it copies itself and all it's buddies over to somewhere safe, does a FAKE zeroization (fake format?) and restores itself. Same thing with the ROM load, but copies itself (& friends) to the User data cache while the OS is loading and back once it's done -- I think -- I don't know how long a wipe is supposed to take, but 16GB of total RAM should take longer than 0.064 seconds right ?

Not sure what app is the "parent" that is directing all of this, but I've NEVER hacked my phone, never rooted it until today...

Is this a lost cause, or can this be remedied, and how ?

Thanks !
dave
 

Trending Posts

Members online

Forum statistics

Threads
958,733
Messages
6,977,548
Members
3,164,131
Latest member
Mohinder02