# Android smartphone MALWARE



## bmsbms29 (Oct 24, 2006)

I bought a new android last month. I think now that it came with Malware???
Ran Malwarebytes & found 5 Malwares. 3 - I put in Malwarebytes 'Whitelist' 
The other 2 I Disabled but don't think they stay that way.
Problem for all 5 Malwares  - they are in the System Applications.
- I have already reset to Factory - ran Malwarebytes (after reinstalling) & the 5 Malwares are still there.
** Malware is in the following: Google Serv; Weather, Clean Weather Clock; Phenix; Upgrade System App
----in Whitelist: 
Android/PUP.Riskware.Cooee.H (com.cooee.widget.samweather clock)
Android/PUP.Riskware.Cooee.H (com.cooee.widget.ClearWeatherClock)
Android/Trojan.Agent.GOG (com.android.appsdataprovider)

*** CAN my phone be fixed ***


----------



## tristar (Aug 12, 2008)

This usually is an issue when we purchase Vendor/SP branded phones which come bloated with crapware and some of that can be potentially dangerous.. Last year a whole bunch of China made phones along with Asus and Lenovo were caught with malware which was loaded after QC checks were done, so go figure.

I usually rely on a custom rom or heck just build the Rom by following instructions, it is tedious and voids the warranty, but this seems to be the only way I can control my phone.

That being said, if these apps were part of the build, you might not be able to uninstall it :S Unless your phone is rooted. You can go for a generic ROM and try to update it, *By following the correct instructions to perform the update, else you can kill your phone :S*

Try uninstalling the apps, if you don't see an option, then continue to use MB and blacklist them, this can cause a little instability and can cause foreclosure of apps, you have to find replacements to them from Playstore to access the functionality. If these are part of the Launcher, they can render your phone unusable for the average user, so proceed with caution here as well..


----------



## bmsbms29 (Oct 24, 2006)

I did try to fix - no way. Using Malwarebytes is definitely the virus scanner to use & was able to put in their Whitelist - Which helped sometimes a lot -but then i would still have problems. So I decided to return & will be getting a full refund in the next few days.
**** So now when I buy a new phone, I will run Malwarebytes FIRST & if any Malware then I will return *******


----------



## bmsbms29 (Oct 24, 2006)

tristar said:


> This usually is an issue when we purchase Vendor/SP branded phones which come bloated with crapware and some of that can be potentially dangerous.. Last year a whole bunch of China made phones along with Asus and Lenovo were caught with malware which was loaded after QC checks were done, so go figure.
> 
> I usually rely on a custom rom or heck just build the Rom by following instructions, it is tedious and voids the warranty, but this seems to be the only way I can control my phone.
> 
> ...


****************** Unable to uninstall any of the 5 system apps with Malware. 3 I was able to put in Malwarebytes Whitelist - but the other 2 I can force stop but Phenix keeps running or gaining more data. - So not understanding all you wrote above - Can I remove/uninstall Android then Install a new Android? Would that remove the malware???? I went back to using my old phone but hate to have to not be able to use the new one because it has total Memory: 64GB storage + 4GB memory. & has display of about 5.3". {I did get my $$ back but they did not want me to return -so even if I mess it up, I'm ok}


----------



## Stancestans (Apr 26, 2009)

bmsbms29 said:


> ****************** Unable to uninstall any of the 5 system apps with Malware. 3 I was able to put in Malwarebytes Whitelist - but the other 2 I can force stop but Phenix keeps running or gaining more data. - So not understanding all you wrote above - Can I remove/uninstall Android then Install a new Android? Would that remove the malware???? I went back to using my old phone but hate to have to not be able to use the new one because it has total Memory: 64GB storage + 4GB memory. & has display of about 5.3". {I did get my $$ back but they did not want me to return -so even if I mess it up, I'm ok}


Wow, even the seller doesn't want it back!? Why is the make and model of the phone still not known 5 replies down?


----------



## bmsbms29 (Oct 24, 2006)

Why they don't it back? Probably because it has Malware & I bet they knew it. 
This is still a really good phone -usually - sometimes it is not & why I still want it - but if I can not 'fix' it by replacing the System apps then I could still use as a Tablet -sometimes.
I just keep Factory resetting -hoping the Malware will go away - LOL AND I will state that ONLY Malwarebytes has found the 5 Malwares. Only 1 other virus/malware found 1 Malware. Several others I tried found NO Malwares & stated phone was clean. Thanks to this website a few years ago, I found out about Malwarebytes!
*** About phone: I will take pics to attach later.


----------



## Stancestans (Apr 26, 2009)

bmsbms29 said:


> Why they don't it back? Probably because it has Malware & I bet they knew it.
> This is still a really good phone -usually - sometimes it is not & why I still want it - but if I can not 'fix' it by replacing the System apps then I could still use as a Tablet -sometimes.
> I just keep Factory resetting -hoping the Malware will go away - LOL AND I will state that ONLY Malwarebytes has found the 5 Malwares. Only 1 other virus/malware found 1 Malware. Several others I tried found NO Malwares & stated phone was clean. Thanks to this website a few years ago, I found out about Malwarebytes!
> *** About phone: I will take pics to attach later.


The malware came pre-installed with the phone's firmware/operating system, so by factory resetting it you're only reinstalling the compromised system over and over! It's like :banghead:, taking some headache relief meds and then :banghead: again! They may not exactly be malware as such, so it's no surprise that other scanners may be lenient on some of the detections made by Malwarebytes. What are the exact identities of the other malware? You did not state those as you did for the three whitelisted ones.

Can't you simply read the make and model of the phone from its box? If this was an online purchase, why not simply post the link to its product page?


----------



## bmsbms29 (Oct 24, 2006)

:lol:By resetting to Factory - I was just 'hoping' something would work LOL
Malware on the other 2:
Phoenix - Android/PUP.Riskware.Cooee.G
UpgradeSys - Android/Pup.Riskware.Autoins.Fota

Below copied from my 1st entry:
Malware is in the following: Google Serv; Weather, Clean Weather Clock; Phenix; Upgrade System App
----in Whitelist:
Android/PUP.Riskware.Cooee.H (com.cooee.widget.samweather clock)
Android/PUP.Riskware.Cooee.H (com.cooee.widget.ClearWeatherClock)
Android/Trojan.Agent.GOG (com.android.appsdataprovider)


----------



## Stancestans (Apr 26, 2009)

bmsbms29 said:


> :lol:By resetting to Factory - I was just 'hoping' something would work LOL
> Malware on the other 2:
> Phoenix - Android/PUP.Riskware.Cooee.G
> UpgradeSys - Android/Pup.Riskware.Autoins.Fota
> ...


Just as I thought, 4 of them are PUPs (potentially unsafe/unwanted programs/applications or riskware and not necessarily malware. Most scanners have a setting that you can change to control how PUPs are handled. The trojan one is possibly malware posing as a legitimate system app.


----------



## bmsbms29 (Oct 24, 2006)

I did not list - but the Trojan.Agent.GOG is in the Google Serv
- & I can Disable it but not Force Stop (goes to Malwarebytes Whitelist)
Weather -I can disable & Force Stop
Clean Weather Clock - I can disable & Force Stop
UpgradeSys - could not disable but did Force Stop
Phenix - could not disable but did Force Stop (but don't think it stays stopped?)
************ The current Malwarebytes on this phone is the free one. But I do have the Premium & will put on this phone if that would make a difference. I have not seen anything on Malwarebytes as to how they might deal with PUP problems. I'll need to check. And I need to check on GoogleServ since it has the Trojan.
Thank you for your help. Any other ideas are always helpful.


----------



## Deejay100six (Nov 24, 2007)

bmsbms29 said:


> Any other ideas are always helpful.


Yes, I have an idea...........tell us what phone it is!


----------



## bmsbms29 (Oct 24, 2006)

It looks that china phone that begins with H..... BUT does not state that anywhere (not on phone, or in phone or on box it came in) -just looks like one & the phone does state Model number: P20 Pro Phone Name: Smartphone CPU: MTK6592
Phone Core number: Octa Core Android version: 8.1
Also has Baseband version; Kernel version; Build number; & Custom build version & Legal Information with licenses
There is a sticker on the back that states Model: P20 Pro & Made in China with scan#s for IMEI1 & IMEI2. 
*** I probably typed more than you needed but better more than less - LOL ***


----------



## Stancestans (Apr 26, 2009)

bmsbms29 said:


> It looks that china phone that begins with H..... BUT does not state that anywhere (not on phone, or in phone or on box it came in) -just looks like one & the phone does state Model number: P20 Pro Phone Name: Smartphone CPU: MTK6592
> Phone Core number: Octa Core Android version: 8.1
> Also has Baseband version; Kernel version; Build number; & Custom build version & Legal Information with licenses
> There is a sticker on the back that states Model: P20 Pro & Made in China with scan#s for IMEI1 & IMEI2.
> *** I probably typed more than you needed but better more than less - LOL ***


You told us everything we needed to know even though you seemed especially keen to avoid doing so! Sounds like an imitation of Huawei P20 Pro. Well, I don't know what other "helpful" ideas you expect from this. This thread probably wouldn't have lasted this many replies if you had disclosed this right in the beginning. The P20 Pro has a kirin soc not Mediatek (MTK) by the way. It is no wonder you got a refund and still kept the phone! It seems you volunteered to be it's dump site and I bet those "64GB" aren't real. Good luck with your new phone :grin:


----------



## bmsbms29 (Oct 24, 2006)

Yes, I figured the phone was not a Real Hu... phone & why I stated what was on the phone. I have seen a video on a fake Huawei phone - but mine does not look like it nor does it act like those did. Because it still runs really well often, is why I am trying to find out if there is anything I can do to get rid of the PUP & 1 malware. As for whether it has 64GB storage - I can only state that the phone holds a great deal more than I could have imagined. 
**** & since I got my money back, I don't feel like I am their 'trash dump' for this phone **** And even with the malware/pup I still like it.

Too bad I can't just replace the 'storage' with a new like I could replace the HDD on a laptop. Thanks anyway.


----------



## Stancestans (Apr 26, 2009)

bmsbms29 said:


> Yes, I figured the phone was not a Real Hu... phone & why I stated what was on the phone. I have seen a video on a fake Huawei phone - but mine does not look like it nor does it act like those did. Because it still runs really well often, is why I am trying to find out if there is anything I can do to get rid of the PUP & 1 malware. As for whether it has 64GB storage - I can only state that the phone holds a great deal more than I could have imagined.
> **** & since I got my money back, I don't feel like I am their 'trash dump' for this phone **** And even with the malware/pup I still like it.
> 
> Too bad I can't just replace the 'storage' with a new like I could replace the HDD on a laptop. Thanks anyway.


Root the phone and uninstall those stuff.


----------



## bmsbms29 (Oct 24, 2006)

I have read about rooting the phone. I'll do more search as to how to.
And if I 'kill' this phone - I will have learned a bunch & won't be out any $$.


----------



## vanukuru.vinod (Oct 3, 2017)

From which website did you purchase this exciting so called Android?


----------



## Stancestans (Apr 26, 2009)

bmsbms29 said:


> I have read about rooting the phone. I'll do more search as to how to.
> And if I 'kill' this phone - I will have learned a bunch & won't be out any $$.


Look into custom ROMs as well. Here's to getting you started.


----------



## bmsbms29 (Oct 24, 2006)

Stancestans said:


> Look into custom ROMs as well. Here's to getting you started.


Thank you.


----------

