Better Mobile App

Chinese virus?

I have noticed these chinese apps some how self installing on my S2.
Any idea how to get to the source of these unauthorized installs? (Lookout & AVG & NetQin don't detect them as malicious or find any reason for how they are getting on there).
Currently using KH3 + CFRoot.

Why do people give so little information when they post?
What Chinese apps? (Please provide a screen shot if the app name is in Chinese) .
This sounds really really bad.
Has this happened to any one else?
It should not be possible for this to happen.
Does your phone have any connection with China or have you installed any Chinese software?

If this is happening then you must have done something yourself to start the process. Nothing can install itself without your consent, unless there's malicious software that's bypassing the system and installing for you, but you would have had to install that first.
So, as above, a lot more information is needed. Personally, I'd just do a complete wipe and hard reset and never install anything from untrusted sources again, including warez, 3rd party app stores and the Chinese Market, which is known to have had dodgy software before now.

My friend got an S2 from China and it was preloaded with all those Chinese apps. Examples include QQ Security Suite and some other apps. I used Titanium Backup to uninstall but after each restart, the app re-appears!
I was surprised that Titanium couldn't uninstall. It says it uninstalled successfully but it just re-appears. The only thing I could do is to do a re-flash to a Hong Kong firmware without all those pre-loaded Chinese apps.

But before you wipe everything, please help us try and find out how it happened?
Again has this happened to any one else? Because I want to know if this could happen to my phone!

Mine also did this on stock rom i would uninstall samsung apps reboot and it would reappear on my menu. Is it possible the rom comes with an auto install script for the preloaded apps?
Sent from my GT-I9100 using XDA App

otester said:
I have noticed these chinese apps some how self installing on my S2.
Any idea how to get to the source of these unauthorized installs? (Lookout & AVG & NetQin don't detect them as malicious or find any reason for how they are getting on there).
Currently using KH3 + CFRoot.
Click to expand...
Click to collapse
If you have CF-Root, you have super user installed. Review your permissions. You can also install LBE privacy guard and set permissions for all apps as well, including many system apps (you'll need to 'untrust' them first).
Sent from my GT-I9100 using XDA App

Sorry for the little information guys, was 5am and very tired
I deleted the second incarnation of the app as soon as I saw it (worried about personal details being taken etc.) however it if it reappears again then I will screenshot it.
Virus scanners don't detect them as malicious, when the program opened (after stealth install) I went through it, albeit in Chinese it looked like a legit program and the menu worked etc.
I have market 3.1.3 installed (got the apk off the internet) and a few apps that got removed from the market place (torrent clients and certain games I couldn't find etc.) so it could well have been put in them.
I'm thinking about a hard reset, not using titan backup to avoid it coming back and a re-flash.
Also my phone has no connection with China (purchased in the UK), this has only happened recently.
Is there any more info needed before reset etc.?

Looks like the suspect apps removed from the market may have been the cause.
Does anybody know if running as root alows all download apps to run with root permissions?

LouisJB said:
Looks like the suspect apps removed from the market may have been the cause.
Does anybody know if running as root alows all download apps to run with root permissions?
Click to expand...
Click to collapse
Issue is the damage seems to have been done, looks like I have no choice but to reflash etc. Need a virus scanner that has root so it can do a deeper scan.
Superuser is a lot like UAC on Windows Vista/7, it will popup and ask you to allow/deny.
Also is there any way to wipe the device while re flashing to ensure this gets removed?

I found a folder on my Internal Storage "QinqiQuan" (Google Image search pinpoints this as one of the apps) which translates in Chinese to English as "Infringement", however the app itself appears to be a legitimate Chinese social app so I'm not sure of my original concern regarding "Infringement" being copyright related etc.
Another few suspicious folders were "the9GameCenter" & "waze".
In future I'll be sticking the Market and official sites, even if that means doing without certain apps that aren't available on my handset/region

Isnt waze a community based sat nav app?

poults said:
Isnt waze a community based sat nav app?
Click to expand...
Click to collapse
The apps themselves appear legitimate, but I didn't authorize the installs which is what worries me.
I wiped internal storage, wiped data and then re-flashed + CFRooted.
Hopefully what ever it was, won't come back

And how about the security in your computer? As we know, you can install an app in your phone via your market account using your computer. Perhaps someone is playing around with your market account. If this is the case, changing your password would be a good idea.
Sent from my GT-I9100 using XDA App

angelomaldito said:
And how about the security in your computer? As we know, you can install an app in your phone via your market account using your computer. Perhaps someone is playing around with your market account. If this is the case, changing your password would be a good idea.
Sent from my GT-I9100 using XDA App
Click to expand...
Click to collapse
Yeah I have changed my password and turned on all the Google security settings, albeit a bit of pain, does give peace of mind
Sent from my GT-I9100 using xda premium

Infected with Ads

My Prime has these leadbolt ads that pop up quite often. Will someone please help me remo e them?

Get adfree or adaway from Market
heres links
Adaway
https://market.android.com/details?id=org.adaway&hl=en
Adfree
https://market.android.com/details?...DEsImNvbS5iaWd0aW5jYW4uYW5kcm9pZC5hZGZyZWUiXQ..
Must be Rooted Though

Yup, I highly recommend Adaway. Gets rid of everything.
So how did you make out?

NickSaul said:
Yup, I highly recommend Adaway. Gets rid of everything.
So how did you make out?
Click to expand...
Click to collapse
I've been getting the same ads, but Adaway isn't doing anything. Could Adfree be any different?
Also, I think these are tied to a specific app I've installed - anyone know which one might be causing this? I've never seen ads like this in the notification tray - they show up with a big green "+" sign.
Sent from my Transformer Prime using xda premium

cbasse said:
I've been getting the same ads, but Adaway isn't doing anything. Could Adfree be any different?
Also, I think these are tied to a specific app I've installed - anyone know which one might be causing this? I've never seen ads like this in the notification tray - they show up with a big green "+" sign.
Sent from my Transformer Prime using xda premium
Click to expand...
Click to collapse
if this is something that's been occurring recently, check the notifications for any recent apps you installed.
adaway works great for me and dramatically increases browser page loading speeds. does a great job at eliminating ads.

This typically happens when you download a free app. Paying for the app should not give you pop ups. In my past i havent had any luck with ad blocker. I use adhoc on my HTC Sensation.

I had the same thing. And they are right. It is from a free app. I tried everything to get rid of it and could not even when I deleted all apps I installed. I ended up resetting to factory and reinstalling apps. No problems since.

Download addons detector from the market and see what app is the culprit of the leadbolt ads. Then uninstall it.

Ad Network Detector by Lookout Labs.
They're almost always spot on at identifying the programs that are causing the annoying issues.

Adaway works great for me aswell

I would have recommended adfree (rq root) but it reduces flash functionality for video playback on some websites

Installed "airpush detector" from the market and discovered that Tablet Wallpapers was the app giving me the spam in my notification bar. Uninstalled it, so hopefully that will do the trick!
Sent from my Transformer Prime using xda premium

All the above mentioned apps worked for me as well. I am ad free now! The best for me was Ad Network Dedector whitch found all kinds of apps on my Prime. Good luck!

If an app is sending ads to your notifications bar, you should find out which app it is, leave the most negative review possible regarding the notification bar ads (but be polite, people ignore reviews filled with curse words) and then uninstall the app.
If people don't use an app because it has notification ads, then app developers will stop using this method of advertising to promote their products.
Honestly though, Google needs to step in and stop people from spamming the notifications bar with advertisements. That area is for important information, not crap like "50% Off Downloadable Armor in Blood & Glory!"

Ad Notification
Tablet wallpapers was the culprit for me as well.

Download Addons detector from the market this might solve your problem....

You really need to change your title. I though it said infected with aids
Also go with adaway works really good.
Sent from my ADR6300 using xda premium

I use airpush detector, it works quite well, I haven't had any apps that push without it identifying them so far.

'ad.leadboltads.net' is Malware
U Flippin Idiot said:
I had the same thing. And they are right. It is from a free app. I tried everything to get rid of it and could not even when I deleted all apps I installed. I ended up resetting to factory and reinstalling apps. No problems since.
Click to expand...
Click to collapse
YIKES!,,,,I hope I don't have to go that route....
Lookout Security & Antivirus found mine in ChargeBar Free Edition,
ChargeBar came embedded in the NottachTrix 2.3.0 ROM.
I installed it (NottachTrix) and it (ChargeBar) didn't update for 3 months, then, BANG.
I've deleted ChargeBar's update, moved it from system apps to apps, deleted it, and the browser pop open 'ad.leadboltads.net' still persists.
Lookout Security & Antivirus can not find the new location of the malware, they do not have a forum.
By the very definition and behaviour, this is malware, and, ChargeBar (Asgard Casino Apps) is involved in the distribution of malware.
Asgard Casino Apps distributes 34 apps that behave this way.
They are using Google to distribute this malware, abet, that app is benign in its origin, its a pipeline, or conduit for malware.
Sneaky F##kers aren`t they.........
#1) I would like to get this crap off my phone.
#2) I need to bring this to Google's attention, and have the developer and apps banned from the Play store.
Sooo, starting with #1,,,how do I get this crap off my phone!
NOTE:
I will be linking to this post in the NottachTrix post, I'm asking the developers to to move ChargeBar from the ROM zip.
My MBAM forum post: https://forums.malwarebytes.org/inde...06#entry764184

Any solution to this?
I'm just having the same issues and none of these suggestions helped.. really dont wanna factory reset..

addon detector

Hello All
Still kinda new with the Android OS, I have recently experienced some strange icons on my home page, anyway, it seems that a lot of spam (I'm just guessing) comes with DLd stuff.
So I DLd a app called addon detector and I'm not exactly sure how to use it so does anyone know how to use this app? I ran the scan function but I still got a unwanted icon so theres evidently more to this then just running a scan
Anyway, all help is greatly appreciated!! Thanks
https://play.google.com/store/apps/...SwxLDMsImNvbS5kZW5wZXIuYWRkb25zZGV0ZWN0b3IiXQ

n2bowling said:
Hello All
Still kinda new with the Android OS, I have recently experienced some strange icons on my home page, anyway, it seems that a lot of spam (I'm just guessing) comes with DLd stuff.
So I DLd a app called addon detector and I'm not exactly sure how to use it so does anyone know how to use this app? I ran the scan function but I still got a unwanted icon so theres evidently more to this then just running a scan
Anyway, all help is greatly appreciated!! Thanks
https://play.google.com/store/apps/...SwxLDMsImNvbS5kZW5wZXIuYWRkb25zZGV0ZWN0b3IiXQ
Click to expand...
Click to collapse
Download Airpush from the market. Run it. It will tell you what app is the problem and you can choose to uninstal it
Sent from my SAMSUNG-SGH-I717 using xda premium

After you run a scan select the "Addons" button. In the filter box above select "Push Notifications". This will tell you the apps pushing notifications to your notification bar. You will need to uninstall the causing app.
The other filters will meen very little to most.
Now strange icons on your home page is something totally different. Tell us about these icons.

Install an app called Airblocker. It will block all airpush ads without having to uninstall anything.

10193 10194 Android

I set a data usage limit in my phone, because I was using a lot of data. After doing it, it alerted me that my mobile data was about to go over and cut off. So scrolled down and discovered these 2 "Android " (looked like the little green Android robot ) and they are named "10193" & "10194" 10194 runs in the foreground all the time and 10193 runs in the background all the time. I was told these are "Kaspersky Mobile Security or Parental Control Monitor" I'm 34yrs old and my parents don't monitor me, please help...
Sent from my SCH-R530M using XDA Premium 4 mobile app

Do you have Kaspersky installed?

veeman said:
Do you have Kaspersky installed?
Click to expand...
Click to collapse
I do not think I did or ever had I looked at all the appsI have installed via play store under the all section of "my apps" and do not see it.
Why do you say it is Kaspersky? My phone has been having some really weird things happening to it. I went though 3 batteries in 2 months, its been using a ton of data. My data just reset on 10/29/13 and it is already at 5gb. Also we have been finding "duplicate processes" running in the application manager. I really don't know what to do, I have installed Avast, Look out, and some other antivirus apps nothing has helped. Reset a few times and it will help it for a little bit and then boom its right back

victhesunshine said:
I do not think I did or ever had I looked at all the appsI have installed via play store under the all section of "my apps" and do not see it.
Why do you say it is Kaspersky? My phone has been having some really weird things happening to it. I went though 3 batteries in 2 months, its been using a ton of data. My data just reset on 10/29/13 and it is already at 5gb. Also we have been finding "duplicate processes" running in the application manager. I really don't know what to do, I have installed Avast, Look out, and some other antivirus apps nothing has helped. Reset a few times and it will help it for a little bit and then boom its right back
Click to expand...
Click to collapse
I recommend wiping completely and start fresh with a new ROM. You could also install an app like Data Manager and see which app is using the most data and uninstall. Also, do not install apps that you download off the internet. Only download from reputable sources like the Play Store and Amazon app store.

veeman said:
I recommend wiping completely and start fresh with a new ROM. You could also install an app like Data Manager and see which app is using the most data and uninstall. Also, do not install apps that you download off the internet. Only download from reputable sources like the Play Store and Amazon app store.
Click to expand...
Click to collapse
this is going to sound crazy, but i just got that phone back up and running in January. But that is what I did,,,
The reason I said Kaspersky is because this guy I know said he "googled " those numbers and symptoms a
and deemed it that. IT did have a spy wear type thing on it but it was not Kaspersky. It was one that was
sent from a website and it has to be removed via the website. I don't remember the name. Anyhow I have
long since ditched that phone and on to bigger and better things. But w/ that phone it has sparked an interest
in this whole "development/modification" thing! Thanks for you help and advice and sorry it took me so long to
get back to you! Be blessed!:laugh:

Hi Everyone, I know this is a very old thread, but I want to give out a solution because I just encountered this 10194 app as well.
I would like to post this for future reference to other people who will encounter this since I've done searching around about this but I can't find any solution.
To remove this app you must:
1. Open Settings and tap [Security] or [Security and Finger Print] or any other name it might now posses.
2. Under this settings entry, you'll see [Device Administrators], tap that
3. Inside [Device Administrators] you'll see that there is a blank application containing a space as well and the indicator should be ticked, that means this app has administrator access to your phone, it has access to calls, messages, email accounts, etc. See: here
4. Tap this app and [Deactivate] or [De-authorize] it
5. Now go back to the main settings list and navigate to [Apps] or [Applications]
6. Tap the app and you can now uninstall it.
I highly recommend changing your passwords for any account that might have been on that phone, there is a high possibility that this app has gathered information on you.
This includes phone call lists, phone call recordings, your contacts, your messages, notes, emails, etc.
This is a speculation of course and will highly depend on the amount of data this application has passed to wherever it connected to but it is safe to assume that you have been infected by malware and your previous information has been compromised.

Are you getting the terraclicks ad virus?

I think I have got a virus in my phone. Sometimes when I open any link in Chrome, a random popup opens which usually redirects to the play store somewhere. Once I opened 9gag.com and it opened 9gag's play store link. It even happened with android authority blogs that when I interact with the page i.e touch or scroll anywhere, a random ad link just pops up. Not only this but the original page is replaced by a facebook page whose URL contains something about a campaign i.e its ID etc. History shows a website terraclicks.com and google search on terraclicks shows that it's a PC virus.
Not only with Chrome, I even got the same popup while opening a link using facebook's own default internal browser.
I used Avast to scan for viruses including all files but it found no virus. The same thing is also happening in my brother's phone and we don't share anything between phones. There's a laptop in my home which also shows terraclicks in its history. So I think the virus is spread over all the devices, but I am still unsure as to how to remove it while mobile's antivirus detects nothing.

ad virus
Yes i have the same problem.Please help.

well I installed ccleaner and cleared three things:
All apps cache, chrome history and empty folders. It disappeared for some days but last night it came again to me. Now I have repeated the process again, let's see what happens now..

Usman i have factory restored my phone but it is still there. I dont know what to do now

khan khan said:
Usman i have factory restored my phone but it is still there. I dont know what to do now
Click to expand...
Click to collapse
which internet are you using? I am using PTCL
Do you also have this on another mobile or on computer?

no, there is only one mobile and it is only happening with it.

It's most likely a simple ad that is displayed when they detect your device and want you to download their app I stead. Use an ad blocker and you will be fine.

zelendel said:
It's most likely a simple ad that is displayed when they detect your device and want you to download their app I stead. Use an ad blocker and you will be fine.
Click to expand...
Click to collapse
It's also appearing on computers. And I can say it's not coming from the website's owner because I personally work on a website and one time clicking on its logo triggered the ad. That website would never put an onClick ad on its logo.

terraclicks ad virus
You should install a new window on your computer which will definitely remove these ads but what to do with this in the android. I have installed every antivirus , antimalware and have performed a reset too but no effect.

OMG, I was also infected with Terraclicks. All I can find is removal guides that have nothing to say about Android system.. Can I just reinstall by browser or reset my phone to factory settings? I would prefer the second option because I have lots of photos that are important to me on my device. thanks

It's almost a year since the original post on this thread, and still searches for info on this insidious malware, Terraclicks shows just non-android solutions and generic adware removal info.
Like several other posters I have tried dozens of AV and anti-malware apps but nothing works so far.
Has anyone found a solution??

Clear all apps cache, browser cookies (it will log you out of all websites in the browser), and browser history (only if needed).
Try the above steps one by one and give some time between them to see if the problem goes away without doing the other steps.

It probably comes from visiting cheap websites like those sharing apk files or songs etc. They don't give a damn about the users.

For me this was solved by making uTorrent pro inactive, the adds stopped.
Once I uninstalled it they never came back.

Assuming you have cleared your Chrome cache etc, I suspect you have an app which has been installed which is causing this. In my case it was an .APK which I had downloaded externally (because I couldn't get it from the Play Store). As it happened, this particular app made itself a device administrator (you can check by going into Security, Device Administrators) and it also had greyed out the ability to uninstall it. The app was also running as a background process which is how it keeps spawning those ads. Nothing picked it up as Malware (Malware Bytes, Trend, CCleaner). That was the giveaway to me, that something wasn't right with this app. This would also explain why a phone reset wouldn't remove it, because that typically reinstalls all your apps (except in your case) the app would have probably come from the Play Store. Since removing the app, I've had no problems and the dreaded problem has gone away. Now I am a lot more careful about which APKs I loaded. Good luck

I had this issue and it ended up being one of the apps I downloaded. Once in uninstalled the correct app the problem ended. If you do factory reset, then redownload all your apps, then the problem would come back because you redownloaded all the apps you originally had. This is especially true if you use an app that's not in googles playstore so what he is saying sounds almost exactly the same as what happen to me.

Thank you that fixed it. I downloaded showbox of a site. N it messed up my phone.