Related
I have noticed these chinese apps some how self installing on my S2.
Any idea how to get to the source of these unauthorized installs? (Lookout & AVG & NetQin don't detect them as malicious or find any reason for how they are getting on there).
Currently using KH3 + CFRoot.
Why do people give so little information when they post?
What Chinese apps? (Please provide a screen shot if the app name is in Chinese) .
This sounds really really bad.
Has this happened to any one else?
It should not be possible for this to happen.
Does your phone have any connection with China or have you installed any Chinese software?
If this is happening then you must have done something yourself to start the process. Nothing can install itself without your consent, unless there's malicious software that's bypassing the system and installing for you, but you would have had to install that first.
So, as above, a lot more information is needed. Personally, I'd just do a complete wipe and hard reset and never install anything from untrusted sources again, including warez, 3rd party app stores and the Chinese Market, which is known to have had dodgy software before now.
My friend got an S2 from China and it was preloaded with all those Chinese apps. Examples include QQ Security Suite and some other apps. I used Titanium Backup to uninstall but after each restart, the app re-appears!
I was surprised that Titanium couldn't uninstall. It says it uninstalled successfully but it just re-appears. The only thing I could do is to do a re-flash to a Hong Kong firmware without all those pre-loaded Chinese apps.
But before you wipe everything, please help us try and find out how it happened?
Again has this happened to any one else? Because I want to know if this could happen to my phone!
Mine also did this on stock rom i would uninstall samsung apps reboot and it would reappear on my menu. Is it possible the rom comes with an auto install script for the preloaded apps?
Sent from my GT-I9100 using XDA App
otester said:
I have noticed these chinese apps some how self installing on my S2.
Any idea how to get to the source of these unauthorized installs? (Lookout & AVG & NetQin don't detect them as malicious or find any reason for how they are getting on there).
Currently using KH3 + CFRoot.
Click to expand...
Click to collapse
If you have CF-Root, you have super user installed. Review your permissions. You can also install LBE privacy guard and set permissions for all apps as well, including many system apps (you'll need to 'untrust' them first).
Sent from my GT-I9100 using XDA App
Sorry for the little information guys, was 5am and very tired
I deleted the second incarnation of the app as soon as I saw it (worried about personal details being taken etc.) however it if it reappears again then I will screenshot it.
Virus scanners don't detect them as malicious, when the program opened (after stealth install) I went through it, albeit in Chinese it looked like a legit program and the menu worked etc.
I have market 3.1.3 installed (got the apk off the internet) and a few apps that got removed from the market place (torrent clients and certain games I couldn't find etc.) so it could well have been put in them.
I'm thinking about a hard reset, not using titan backup to avoid it coming back and a re-flash.
Also my phone has no connection with China (purchased in the UK), this has only happened recently.
Is there any more info needed before reset etc.?
Looks like the suspect apps removed from the market may have been the cause.
Does anybody know if running as root alows all download apps to run with root permissions?
LouisJB said:
Looks like the suspect apps removed from the market may have been the cause.
Does anybody know if running as root alows all download apps to run with root permissions?
Click to expand...
Click to collapse
Issue is the damage seems to have been done, looks like I have no choice but to reflash etc. Need a virus scanner that has root so it can do a deeper scan.
Superuser is a lot like UAC on Windows Vista/7, it will popup and ask you to allow/deny.
Also is there any way to wipe the device while re flashing to ensure this gets removed?
I found a folder on my Internal Storage "QinqiQuan" (Google Image search pinpoints this as one of the apps) which translates in Chinese to English as "Infringement", however the app itself appears to be a legitimate Chinese social app so I'm not sure of my original concern regarding "Infringement" being copyright related etc.
Another few suspicious folders were "the9GameCenter" & "waze".
In future I'll be sticking the Market and official sites, even if that means doing without certain apps that aren't available on my handset/region
Isnt waze a community based sat nav app?
poults said:
Isnt waze a community based sat nav app?
Click to expand...
Click to collapse
The apps themselves appear legitimate, but I didn't authorize the installs which is what worries me.
I wiped internal storage, wiped data and then re-flashed + CFRooted.
Hopefully what ever it was, won't come back
And how about the security in your computer? As we know, you can install an app in your phone via your market account using your computer. Perhaps someone is playing around with your market account. If this is the case, changing your password would be a good idea.
Sent from my GT-I9100 using XDA App
angelomaldito said:
And how about the security in your computer? As we know, you can install an app in your phone via your market account using your computer. Perhaps someone is playing around with your market account. If this is the case, changing your password would be a good idea.
Sent from my GT-I9100 using XDA App
Click to expand...
Click to collapse
Yeah I have changed my password and turned on all the Google security settings, albeit a bit of pain, does give peace of mind
Sent from my GT-I9100 using xda premium
So I wanted to download this app to my nexus 7 so I could watch some movies. https://play.google.com/store/apps/details?id=com.hd.peliculashd
(app). So i downloaded it but to watch a movie it makes you download some app https://play.google.com/store/apps/...sMSwxLDEwMiwiY29tLmhkLmZhc3R2aWRlb3BsYXllciJd. So i downloaded it however my av says its intrusive adware. I went and opened up the movie app and it now worked and it works good and has a lot of new movies for free. But as soon as i uninstall the player it wants me to redownload it. My question is, is it a big deal to have the app. Does it do anything at all? Can it in anyway damage my device?
Read the reviews. No bueno.
The apps permissions don't give it the ability to do much of anything other than connect to the internet and start when your phone turns on. All it probably does is stick ads in your notification bar, and android has an option to prevent it from doing that. There's (probably) nothing it can do to your phone.
Hi there,
I have facing issue in my Android 4.2.1 JB from alst 7 days. There are few apps which automatically getting installed without asking my permission. It hapeens when they detect i am connected to Wi-Fi or mobile data connection. i didn't rebooted my device. Everytime i have to uninstall these apps but after few hours they get automatically installed . Device rooted 2 months back
Apps are:
Baidu Browser
UC browser
Flapy Bird
Poker
Option like USB debugging and installed from unknown source are turned off. Even scanned by device through multiple anti-virus like Avast, AVG & CM Security. Below are the apps which are currently in my device:
Adobe reader, all-in-one toolbox, angry bird, avg, avast, axis bank app, B1 free archiver, backup& restore, barcode scanner, battery doctor, call control, cam-scanner, chrome, clean master, CM Security, Easy Video player, EN-HI dictonary, fusion (music player), goggles, hdfc app, iMedia share, kickass torrent, linkedin, FB messanger, My Tom, Next Launcher 3D, Outlook, Oaytm, Push mail, Quickoffice, Rails, Ringtone Editor Pro, root uninstaller, skype, speedtest subway surfer, superuser, temple run 2, tubemate, whatsapp, youtube.
Please help.
aadishivan said:
Hi there,
I have facing issue in my Android 4.2.1 JB from alst 7 days. There are few apps which automatically getting installed without asking my permission. It hapeens when they detect i am connected to Wi-Fi or mobile data connection. i didn't rebooted my device. Everytime i have to uninstall these apps but after few hours they get automatically installed . Device rooted 2 months back
Apps are:
Baidu Browser
UC browser
Flapy Bird
Poker
Option like USB debugging and installed from unknown source are turned off. Even scanned by device through multiple anti-virus like Avast, AVG & CM Security. Below are the apps which are currently in my device:
Adobe reader, all-in-one toolbox, angry bird, avg, avast, axis bank app, B1 free archiver, backup& restore, barcode scanner, battery doctor, call control, cam-scanner, chrome, clean master, CM Security, Easy Video player, EN-HI dictonary, fusion (music player), goggles, hdfc app, iMedia share, kickass torrent, linkedin, FB messanger, My Tom, Next Launcher 3D, Outlook, Oaytm, Push mail, Quickoffice, Rails, Ringtone Editor Pro, root uninstaller, skype, speedtest subway surfer, superuser, temple run 2, tubemate, whatsapp, youtube.
Please help.
Click to expand...
Click to collapse
Is someone messing around with your Google Account?
If someone login from your google account from computer and install app from play store site, it is installed from internet.
When you say it happens when you are connected to Wi-Fi or data, so I am 99.99% sure, it is due to messing with Google Account.
ok. Let me try removing my all google account from device and some other account to see if this happen again.
Thanks
hnkotnis said:
Is someone messing around with your Google Account?
If someone login from your google account from computer and install app from play store site, it is installed from internet.
When you say it happens when you are connected to Wi-Fi or data, so I am 99.99% sure, it is due to messing with Google Account.
Click to expand...
Click to collapse
Hi there,
I removed all my google account from mobile and added new gmail account. But issue is still same.
Maybe you could try to disable "Auto-update apps" in google play.
Even i have the same problem. I even removed the auto-update but still its happening.
Please help ?
he_arslan said:
Maybe you could try to disable "Auto-update apps" in google play.
Click to expand...
Click to collapse
"Auto-update apps" is disabled in google play. But same this is keep happening. Did hard reset of my phone but same issue.
i have that same problem with my tablet from ebay running 4.2.2 app DU Battery Saver & Widgets is installed without my permission and i don't even have google account on this device, but tablet is connected on wifi 24/7 and all apps are stock i have original firmware and i try to reflash device but this is happening again
Very odd... Have you tried disabling the Install from Unknown Sources option?
now it is, let's see if this will help
i have something the same problem
I bought on e-bay a Chinese 10.1" M10 type with MTK8127 chipset and Android 4.4.2 Kernel: 4.3.67 tablet.
It works great except that it is every day i get a new surprise "great" application that are installed on their own, do not ask for anything and ready to license to be posted.
The tablet was rooted with VRoot_1.7.3.4863_english_cid1005_7337ba1e_89.exe and with MtkDroidTools_v253 do full backups.
TelepĆ¼tek follows so far:
27/10/2014 1:16:17 DU Battery Saver
28/10/2014. 1:07:51 Flappy Cow
10/29/2014. Happy Jump 1:39:45
30/10/2014. 1:39:13 Freaking Math
31/10/2014. 1:49:11 Amazing Candle
11/1/2014. 1:28:43 Monkey (/data/app/com.candh.game.monkey-1.apk)
In addition, after each start / restart after a few minutes received a message in the notification area:
Du Battery Saver -> The key to optimize, clean up backstage power applications, rapid power
What I have tried:
Factory reset, after of course, google restore disabled and manually put up everything again.
Note that this is after factory reset the same applications in the same order almost exactly in same time per day.
The version numbera are earlier or actual that you can download from play.
The applications that I use on that device are the same that i use on other (Samsung) device so it is sure that there is no problem with them but i think the system itself compromised.
I tried Avast, Avira, eset, AirPush Block, Network connections, OS Monitor, Addons Detector, Trust - Event Logger but not found anything and I could not figure out what was happening.
I put CatLog - Logcat Reader to get it know whats happening but could not really understand what was happening.
Please help to figure it out based on the log to see what happens and how it happens and how can I get rid of this.
The following is a brief log details, of course, I will send out more on request.
See attachment.
kisger13 said:
I bought on e-bay a Chinese 10.1" M10 type with MTK8127 chipset and Android 4.4.2 Kernel: 4.3.67 tablet.
It works great except that it is every day i get a new surprise "great" application that are installed on their own, do not ask for anything and ready to license to be posted.
The tablet was rooted with VRoot_1.7.3.4863_english_cid1005_7337ba1e_89.exe and with MtkDroidTools_v253 do full backups.
TelepĆ¼tek follows so far:
27/10/2014 1:16:17 DU Battery Saver
28/10/2014. 1:07:51 Flappy Cow
10/29/2014. Happy Jump 1:39:45
30/10/2014. 1:39:13 Freaking Math
31/10/2014. 1:49:11 Amazing Candle
11/1/2014. 1:28:43 Monkey (/data/app/com.candh.game.monkey-1.apk)
In addition, after each start / restart after a few minutes received a message in the notification area:
Du Battery Saver -> The key to optimize, clean up backstage power applications, rapid power
What I have tried:
Factory reset, after of course, google restore disabled and manually put up everything again.
Note that this is after factory reset the same applications in the same order almost exactly in same time per day.
The version numbera are earlier or actual that you can download from play.
The applications that I use on that device are the same that i use on other (Samsung) device so it is sure that there is no problem with them but i think the system itself compromised.
I tried Avast, Avira, eset, AirPush Block, Network connections, OS Monitor, Addons Detector, Trust - Event Logger but not found anything and I could not figure out what was happening.
I put CatLog - Logcat Reader to get it know whats happening but could not really understand what was happening.
Please help to figure it out based on the log to see what happens and how it happens and how can I get rid of this.
The following is a brief log details, of course, I will send out more on request.
See attachment.
Click to expand...
Click to collapse
Did you disable the option to install from unknown sources?
es0tericcha0s said:
Did you disable the option to install from unknown sources?
Click to expand...
Click to collapse
Yes, sorry i forget to write it.
I just. This morning also am getting random apps installed. Dominos pizza, panda pop and cookie jam the newest app i have installed is brave frontier can it be malware or something else.
4218kris said:
I just. This morning also am getting random apps installed. Dominos pizza, panda pop and cookie jam the newest app i have installed is brave frontier can it be malware or something else.
Click to expand...
Click to collapse
It could be if you got it from anywhere but the official play store. Never install apps not from a trusted source.
4218kris said:
I just. This morning also am getting random apps installed. Dominos pizza, panda pop and cookie jam the newest app i have installed is brave frontier can it be malware or something else.
Click to expand...
Click to collapse
I got the same apps today - Domino's PandaPop, and Cookie Jam plus Drippler. I did not install Brave Frontier, so that isn't the source.
The only things done recently for me are:
- Connected up to my work Office 365 service, which requires admin access (for wipe, etc)
- Updated su binaries a few days ago - at prompt from SuperSU
Oh lovely...
http://www.pcworld.com/article/2853...aller-spotted-on-t-mobile-verizon-phones.html
yep thats it i bet, its on my tablet. thanks carrier...
Doktor-X said:
i have that same problem with my tablet from ebay running 4.2.2 app DU Battery Saver & Widgets is installed without my permission and i don't even have google account on this device, but tablet is connected on wifi 24/7 and all apps are stock i have original firmware and i try to reflash device but this is happening again
Click to expand...
Click to collapse
I just got DU Battery Saver installed on my Onix tablet. You read stuff on the internet about cheap Chinese tablets coming loaded with spyware and other sorts of stuff and I wonder whether apps can be freely installed via some hidden app on the device.
You all suck dumb asses
Thats why i hate these blog sites they call themselves experts but cant solve any damn thing untick auto updates, really you think we didn't knew that much really man,my problem never got solved in online sites infact you will get more confused why would some hack someone's google account and download du app make some sense guys you all suck
I think I have got a virus in my phone. Sometimes when I open any link in Chrome, a random popup opens which usually redirects to the play store somewhere. Once I opened 9gag.com and it opened 9gag's play store link. It even happened with android authority blogs that when I interact with the page i.e touch or scroll anywhere, a random ad link just pops up. Not only this but the original page is replaced by a facebook page whose URL contains something about a campaign i.e its ID etc. History shows a website terraclicks.com and google search on terraclicks shows that it's a PC virus.
Not only with Chrome, I even got the same popup while opening a link using facebook's own default internal browser.
I used Avast to scan for viruses including all files but it found no virus. The same thing is also happening in my brother's phone and we don't share anything between phones. There's a laptop in my home which also shows terraclicks in its history. So I think the virus is spread over all the devices, but I am still unsure as to how to remove it while mobile's antivirus detects nothing.
ad virus
Yes i have the same problem.Please help.
well I installed ccleaner and cleared three things:
All apps cache, chrome history and empty folders. It disappeared for some days but last night it came again to me. Now I have repeated the process again, let's see what happens now..
Usman i have factory restored my phone but it is still there. I dont know what to do now
khan khan said:
Usman i have factory restored my phone but it is still there. I dont know what to do now
Click to expand...
Click to collapse
which internet are you using? I am using PTCL
Do you also have this on another mobile or on computer?
no, there is only one mobile and it is only happening with it.
It's most likely a simple ad that is displayed when they detect your device and want you to download their app I stead. Use an ad blocker and you will be fine.
zelendel said:
It's most likely a simple ad that is displayed when they detect your device and want you to download their app I stead. Use an ad blocker and you will be fine.
Click to expand...
Click to collapse
It's also appearing on computers. And I can say it's not coming from the website's owner because I personally work on a website and one time clicking on its logo triggered the ad. That website would never put an onClick ad on its logo.
terraclicks ad virus
You should install a new window on your computer which will definitely remove these ads but what to do with this in the android. I have installed every antivirus , antimalware and have performed a reset too but no effect.
OMG, I was also infected with Terraclicks. All I can find is removal guides that have nothing to say about Android system.. Can I just reinstall by browser or reset my phone to factory settings? I would prefer the second option because I have lots of photos that are important to me on my device. thanks
It's almost a year since the original post on this thread, and still searches for info on this insidious malware, Terraclicks shows just non-android solutions and generic adware removal info.
Like several other posters I have tried dozens of AV and anti-malware apps but nothing works so far.
Has anyone found a solution??
Clear all apps cache, browser cookies (it will log you out of all websites in the browser), and browser history (only if needed).
Try the above steps one by one and give some time between them to see if the problem goes away without doing the other steps.
It probably comes from visiting cheap websites like those sharing apk files or songs etc. They don't give a damn about the users.
For me this was solved by making uTorrent pro inactive, the adds stopped.
Once I uninstalled it they never came back.
Assuming you have cleared your Chrome cache etc, I suspect you have an app which has been installed which is causing this. In my case it was an .APK which I had downloaded externally (because I couldn't get it from the Play Store). As it happened, this particular app made itself a device administrator (you can check by going into Security, Device Administrators) and it also had greyed out the ability to uninstall it. The app was also running as a background process which is how it keeps spawning those ads. Nothing picked it up as Malware (Malware Bytes, Trend, CCleaner). That was the giveaway to me, that something wasn't right with this app. This would also explain why a phone reset wouldn't remove it, because that typically reinstalls all your apps (except in your case) the app would have probably come from the Play Store. Since removing the app, I've had no problems and the dreaded problem has gone away. Now I am a lot more careful about which APKs I loaded. Good luck
I had this issue and it ended up being one of the apps I downloaded. Once in uninstalled the correct app the problem ended. If you do factory reset, then redownload all your apps, then the problem would come back because you redownloaded all the apps you originally had. This is especially true if you use an app that's not in googles playstore so what he is saying sounds almost exactly the same as what happen to me.
Thank you that fixed it. I downloaded showbox of a site. N it messed up my phone.
Sometimes when an app finishes updating my browser (Via Browser) opens and loads a page that is advertising apps. First it was Appsquare, now it's some other website I forgot to remember. I have NO idea what the cause is and I didn't install any strange apps to my knowledge. I never installed any APK that I downloaded outside the Play Store and both Malwarebytes Antimalware and Eset found nothing. This doesn't always happen when I update an app so there's no set pattern. Smetimes it doesn't happen after updating one or more apps and sometimes it does and that is why I can't really figure out which app is causing it, if it is an app at all because there are no ads displaying in either app I use because I paid to get rid of it. Yes, I did some research and it seems to be an issue mainly affecting Samsung users and one site in particular did some research and found out it was a shady ad network behind it: Clickity. My symptoms do match but I have an LG device, not a Samsung device and I use a different browser. I have used a few of Cheetah Mobile's apps in the past but I'm sure I deleted all traces of it on my phone, at least the things I could find. And I haven't used a single app from those devs anymore since I did a factory reset on my phone and updated to Android 8 so there shouldn't be a trace left. I need help fixing this because I have no idea where to look.
EDIT: It turned out to be my clock widget app "Digital Clock Widget Xperia" made by Lazar Dimitrov that was causing those ads to pop up, despite paying to remove ads.