Help - Trojans on andriod phone

freezspirit

I have a Samsung S4, lollipop I only get my apps from google play store.

I have used a couple of antivirus and malware software they detect the follow but can't remove any of the following:

de!!!!!!d
threat: Qysly.R (variant)

Key Chain
threat: TrojanDropper.Agent.FN (variant)

EmailService
threat TrojanDropper.Agent.FN variant)

Key Chain
threat Xinyinhe.AD (variant)

LocationServices
threat TrojanDropper.Agent.FN (variant)

Can anyone help me or advise me where I can take my phone to be fixed?

pappa_golf

yes , delete the apps either on the phone or via playstore on a PC , back up photos etc to a pc and do a full factory reset


taking it to a shop , they will just do a factory reset , loose all your picis then charge you for the privalage , as you sign back into google the same apps will automaticly download!


select apps more carefully

freezspirit

I did a full factory reset, Bitdefender says phone is clear Malwarebytes anti -malware detect 4 Trojans but can't delete.

pappa_golf

have you allowed playstore to download a load of apps , ? if so delete all apps , restore and try those a/v programmes again , bare in mind the both want to try to sell you updated versions so may well "enhance" problems

S0litaire

Just a quick note...

These sometimes drop in to the "/system" folder making them impossible for the user to remove without rooting the phone. (*If uninstalling the affected apps don't remove it).

Sometimes a wipe will not work as that does not touch the /system folder (factory reset usually only wipes "/user" and "/data" folders.)

If your phone is not rooted at worst you'll need to do a full wipe and reflash the latest factory image for your phone.

If it is rooted, then you can browse to the /system folder, locate and rename the effected *.apk's (then move them to the users folder just in case...) and reboot the phone and that should be you virus free.

freezspirit

popped into Tesco mobile as I need to do a small shop, they did a hard reset and clear cache, they suggest malwarebtyes is giving a false reading and they are puzzled why I can't do a phone software update as its saying unauthorised modification and told me to go to a Samsung store. So will be driving over an hour to the store tomorrow to see if they can help or I will just have to bite the bullet and get a new reliable phone.

If I knew how to root I would understand. So with a hard reset clear cache and only install from play store : Xtras, Tesco mobile Malwarebytes apps. Its detected I have 4 things :

Android/Trojan.Downloader.Agent.bh
/system/priv-app/.gmtgp.apk

Android/PUP.Adware.Xinyinhe
/system/priv-app/.gmq.apk

Android/PUP.Aware.Xinyinhe
/system/priv-app/dpl.apk

Android/Backdoor.Ztorg.a
/system/priv-app/gma.apk

I should also mention phone gets very hot and the battery doesn't last long. Got phone new on 1st Sept but can't complain for £10. Just annoying

pappa_golf

Malwarebytes , free version , asking you to pay to upgrade?,

freezspirit

Ok now more apps are appearing on phone as soon as I try and uninstall more appear so have switched wifi off and as soon as nurse has seen dad tomorrow morning I'm off to the Bristol store there's 2 so not sure which to go head for.

sillygoose

pappa_golf wrote: »

Malwarebytes , free version , asking you to pay to upgrade?,

are you implying it might be being a bit liberal with the truth to encourage upgrading? Certainly not impossible!

I just installed it and ran a full scan and it found nothing at all, and my phone is a regular home to apps from various sources so very surprised at that result (but pleased of course)

But that suggests in the ops case they really do have some nasties. Really curious where they picked those up from...

pappa_golf

if you have signed into google , it will AUTOMATICLY download all you apps that you had previously , as per a previous post use your PC and uninstall all the apps from your account at playstore THEN when re loaded you can add the ones you now want


and yes I am inplying that they may well be telling you porky pies in order to sell you a better package


why bother with that rubbish , those trojens (if they do exist) are not hurting you and that freeby thing has now got you worried


if samsung say there are trojans , thats a software fault and not covered under warrenty , a full reflash by them will cost more than the phone




a quick google at one of the "Trojans" took me to malware bytes tech forum , people complaining like hell "we marked that up as a Trojan , said a spokesman for MB , , coz somebody reported it" ,,,,,,,,,, yup you can report something and !!!! everybodies malware bytes up ,

freezspirit

Ok to update everyone took it into Samsung support centre shop, spent more time waiting for my place in the queue. When it was my turn, he took the phone did a couple of things then said phone has been rooted and invalidates the warranty so will need a new mainboard @ £165 no mention of labour cost. When I say I never rooted the phone can you unroot it he says something about a fuse and time limit can't say if safe to use as a phone without using wifi or data mobile on.

So I head over to Tesco mobile they give me a new 2 year contract with a basic smartphone alcatel pop4 so atleast I got something to use and play games on whilst taking my parents and brother to hospital appointments.

Irony I got the S4 to treat myself as an early birthday present which is tomorrow (4th). I should of known @ £10 nothing is good as it seems.