*** Detect and remove Factory preinstalled Trojan/Virus ***

[Louis777]

Per State 15.06.14

Hello,

I found 2 Interesting Post's in Computer News - Germany.

Links:

[Only registered and activated users can see links Click here to register]

[Only registered and activated users can see links Click here to register]

[Only registered and activated users can see links Click here to register]

Use Translate Function.

In the Post's is described, that some Manufacturer preinstalled some Trojans. They can call home to Chi.. - send Contacts, switch Cam on, manipulate Online-Banking etc.

I found a AntiVirus App - Recommended in one Post - Eset Mobile AntiVirus from Store to identify the Trojans. After Install the App select Actualyzing the Virus Threats and select "Deep" Scan!
Maybe other AntiVirus SW find the Trojans too.

The App is free and have a good Reputation in Store and Computer Magazin. You only have to update daily the Virus Threats - or you buy the full version!

After detecting use Quarantine or you can first freeze the App before deinstall. Use the Link2sd-App. To deinstall you need rooted Phone!

I found the UUPAY and other Variants in June 2014 on 5 different Phones. I have Screenshots (in German)

Here a Virus-List (not complete) from 5 different Phones (Factory new - rooted)

PlayStore Chinese, Cooee Launcher, Cooee Moonbase.apk, Cooee Moonbase engine, Update.apk, mgyapp.apk, mgyun.shua.su.apk, root chinese.apk, BaiduYun.apk, WIFI.BoosterX2.apk,

Another one, are 1-4 Hole's/Gaps on SmartPhones. Use the free Apps Bluebox Security or SRT App Scanner from Store to identify. I have posted how to solved this Problems!

Here the Link:
[Only registered and activated users can see links Click here to register]

Greetings

Louis777
.

[WuddaWaste]

Great post! Thanks @Louis777 !

Similarly, I used Titanium Backup to freeze/remove apps. I believe both require root, so as long as you're rooted you should be good to go.

[aus9]

Hi

Other AntiVirus SW don't find the Trojans.

If you make a statement like this and do not withdraw it, I challenge you to produce evidence please.

Mods ....as soon as he retracts this "false or misleading statement" delete my post.

If OP modifies statement it will depend on what he modifies to.

BTW I use Eset and recommend it.....but thats not the issue.
I believe Kaspersky and GData may detect uupay which would contradict claim made. But I don't have to prove my claim.....OP has to prove his.

cheers

[Louis777]

Hi

Other AntiVirus SW don't find the Trojans.

Hello,

I changed my Issue in this Point.

Why I use ESET:

PlayStore
Downloads Rep.
G-Data 500.000 4.1
Kaspersky 100.000 3.9
Eset Security 1 Million 4.6

In June, I used another AV. They found no Trojan/ Exploid.

In the between Time I used Eset MS daily. It found in downloaded ROM's (zip&rar-File) some Trojans/Viruses!

Greetings

Louis777

[aus9]

thanks I shall report my post to see if mods can delete entire post 3 & 5
and consider removing your quote as its no longer relevant.

cheers

[tkitts]

Really all av programs are the same, avg and avast will also detect anything eset detects. Most big name companies share with each other their signatures.
Detection rates are all about the same.
Smaller unknown av don't get the signatures, as they are out of the loop.

[WuddaWaste]

Thanks for catching the slip and for editing the post, @Aus and @Louis777 .

You guys are all super smart dudes and I think we're all in violent agreement here.

In short, there are two steps to removing pre-installed factory crapware:
1. Identify the crapware
2. Remove the crapware

There are a number of tools you can use to do it.
@Louis777 got it done with Eset and Quarantine.
@WuddaWaste did it with Lookout and Titanium Backup.

I'm sure there are countless others.

Eset does seem to be the most popular AntiVirus.
Special thanks to @Louis777 for verifying that it works.
Special thanks to @tkitts for knowing/sharing the knowledge on virus software .
Special thanks to @Aus9 to keeping us all in check and totally factual.
You guys freaking rule!

(P.S. I reviewed the thread, and for now I'm just leaving everything intact. I think it's all very relevant and worthwhile conversation to be having.)

[cnparena]

I have the similar experience with the HDC S5; I found several viruses and trojans. I lost some $15 load n my mobile after I ran this program, warhawk . What I suggest is don't put your sim card right away. If you can don't sign-in to your Google or email accounts until after you've cleaned the phone. Try to root it as soon as you can. Then with root explorer, titanium backup, and anivirus you can clean it up then it's ok to put your sim and signin to your accounts.

[nikstar]

Can we make a list of the suspicious apps and put it on the first post?

Maybe the mods can do this but they will need the names of the trojans first

I already know the app SMSreg that isn't innocent and it can be removed!