Please select To the mobile version | Continue to access the desktop computer version

ulefone Official Forum

Search
View: 16963|Reply: 192

[Discussion] Adware/Malware

 Close [Copy link]

1

Threads

18

Posts

292

Credits

Intermediate Member

Rank: 3Rank: 3

Credits
292

Thanksgiving DayHappy Halloween1K Forum Members

Post time 2016-9-15 18:21:09 | Show all posts |Read mode

Sign up now, Make more friends, Enjoy with more features, Let you easily Fun Community.

You have to Login for download or view attachment(s). No Account? Register

x
Edited by dnp at 2016-10-21 00:06

I am really enjoying my new ulefone metal.
Got it a few days ago.

But, running a couple of antivirus apps and a couple of cleaners one gets Virus/Malicious App/Adware or whatever  in "Search Service" system app.
virus/adware name: AdDisplay.Ewind.AE variant

The last antivirus app i used is "cm security lite" with virus definition update 10160913A

I did Factory data reset twice and this does not help.

Being a system app it cannot be removed or cleaned.
The only way is to disable it.

This should not happen, right?
Does anyone have better/more info about this type of unpleasant issue?
Is there going to be a firmware update correcting issue?

Thanks.

EDIT:
Yesterday 19/10/2016 things went wrong on my phone same as babylon5gr's post here
After factory resetting/hard resetting nothing changed Auto app install and popups and modified settings are still happening.
Rebooting "Unknown sources" security setting gets activated allowing any app to be installed automatically.
I sent Imei for testing OTA but got same message as jackbox who posted here "was to late."
This morning I got a popup ad and could not get rid of it. Had to reboot.
Not every one has technical abilities and may not be able to root their phones therefore OTA is needed.

Some more info...

Stubborn Trojan Killer found the following info:
Package name: com.android.tools.callassistant
Trojan app: Search Service
Installation Time: 2016-07-28 14:54:45
Installation path: /system/priv-app/CallerIdSearch/CallerIdSearch.apk

The nice part..... Trojan behaviour:
This trojan may download and install apps randomly without users permission, frequently send ads, quickly exhaust phone bills and battery, make phone being more easily attacked by other trojans.

15

Threads

341

Posts

1237

Credits

Gold Member

Rank: 6Rank: 6

Credits
1237

Thanksgiving Dayulefone MetalGiveaway Participantsulefone Fan from CroatiaHappy HalloweenUpdate Beta team1K Forum MembersForum Star

Post time 2016-9-16 06:55:57 From the mobile phone | Show all posts
Edited by zgfg at 2016-9-16 07:27

Installed the same CM Lite, scanned, it found the same malware in Search. Chose Disable, everything works fine and  it doesn't find malware anymore (even upon rebooting)

3

Threads

26

Posts

213

Credits

Intermediate Member

Rank: 3Rank: 3

Credits
213

Thanksgiving Dayulefone Metalulefone Youtube Followerulefone Twitter Followerulefone FB Followerulefone Fan from Ukraine1K Forum Members

Post time 2016-9-16 13:13:09 | Show all posts
Edited by Ruslan at 2016-9-18 01:53


                               
Login/Register to enlarge

Remove
system/priv-app/CallerIdSearch/CallerIdSearch.apk
system/app/oem/oem.apk


34

Threads

126

Posts

2819

Credits

Administrator

Rank: 9Rank: 9Rank: 9

Credits
2819

ulefone TeamManagement Teamulefone Be Touch 2ulefone Be Touch 3ulefone U007ulefone Parisulefone Powerulefone Viennaulefone Metalulefone Futureulefone Youtube Followerulefone Twitter Followerulefone FB FollowerGiveaway Participantsulefone Fan from ChinaHappy Halloween1K Forum Members

Post time 2016-9-19 17:59:27 | Show all posts
Hi,

We have check, CallerIdSearch.apk is one search service in Android, please don't worry. And, i think you can disable it.

3

Threads

26

Posts

213

Credits

Intermediate Member

Rank: 3Rank: 3

Credits
213

Thanksgiving Dayulefone Metalulefone Youtube Followerulefone Twitter Followerulefone FB Followerulefone Fan from Ukraine1K Forum Members

Post time 2016-9-20 20:34:01 | Show all posts
HI
oem.apk is Opera Mobile Store?

15

Threads

42

Posts

459

Credits

Super moderator

Rank: 8Rank: 8

Credits
459

1K Forum Membersulefone TeamManagement Teamulefone Be Touch 2ulefone Be Touch 3ulefone U007ulefone Parisulefone Powerulefone Viennaulefone Metalulefone Futureulefone Youtube Followerulefone Twitter Followerulefone FB Followerulefone Fan from China

Post time 2016-9-21 18:29:08 | Show all posts
Ruslan replied at 2016-9-20 20:34
HI
oem.apk is Opera Mobile Store?

Have you updated your phone to  phone to latest software. This app should have been deleted.

15

Threads

341

Posts

1237

Credits

Gold Member

Rank: 6Rank: 6

Credits
1237

Thanksgiving Dayulefone MetalGiveaway Participantsulefone Fan from CroatiaHappy HalloweenUpdate Beta team1K Forum MembersForum Star

Post time 2016-9-21 20:13:30 | Show all posts
@Jackie, what do you mean by 'latest software', which exact version date?

I have reported that (comment #2) for the firmware 2016/28/07 which is AFAIK your latest publicly available version (or do you have a newer?
Indeed, if I go to Settings / About Phone / Wireless Update, I Check for updates, and it tells me that ...2016-0728-2026 is the latest.

Hence, we've see that malware in your latest firmware - only if you have a newer version, like Sep 12, that is not (yet) publicly available

1

Threads

18

Posts

292

Credits

Intermediate Member

Rank: 3Rank: 3

Credits
292

Thanksgiving DayHappy Halloween1K Forum Members

 Author| Post time 2016-9-27 17:26:02 | Show all posts
Miles replied at 2016-9-19 17:59
Hi,

We have check, CallerIdSearch.apk is one search service in Android, please don't worry. And, i  ...

Hi Miles.
Sorry for late reply.
I tried to reinstall the os following instructions on http://ulefone.com/download/metal.html after writing my first post. A couple different adware/virus cleaners still signaled the issue therefore I disabled the search service, just in case :-), and all seems to work fine.
Thanks.

3

Threads

131

Posts

1090

Credits

Gold Member

Rank: 6Rank: 6

Credits
1090

Thanksgiving DayHappy Halloweenulefone Metalulefone Fan from Sweden1K Forum Members

Post time 2016-9-27 19:04:55 | Show all posts
@Jackie;
Have you updated your phone to  phone to latest software. This app should have been deleted.


As far as I can see I have the latest official ROM available:
  1. F5B_GQ3030AH1_ulefone_20160728
Copy the Code

And I still have Opera Mobile Store apk installed as system app...
Why is that?
----
..//Jocke.Sve

3

Threads

26

Posts

213

Credits

Intermediate Member

Rank: 3Rank: 3

Credits
213

Thanksgiving Dayulefone Metalulefone Youtube Followerulefone Twitter Followerulefone FB Followerulefone Fan from Ukraine1K Forum Members

Post time 2016-9-28 17:05:19 | Show all posts
Edited by Ruslan at 2016-9-28 18:43

My work.
Official firmware without the virus.
Add link work by done 100%
You have to log in before you can reply Login | Register

Points Rules

Quick Reply To Top Return to the list