Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.
Dismiss
Malwarebytes Android/Trojan
124 views
Skip to first unread message
Bill
Apr 11, 2017, 4:44:57 AM4/11/17
to
I have 2 Android 6.0 phones. One is set up to use an SD card as the main
app + file storage area, the other in the old way with its SD card just
set as main data storage.
The "old" one today shows 73 instances ofAndroid/Trojan.HiddenAds.at. If
I ask Malwarebytes to remove this, I am asked whether I really want to
remove Android.System.
The other phone with the extended use of the SD card shows just 2
instances of the same Trojan and when I try removal there, I am asked if
I want to remove the storage.apk.
I say "Ignore once" on both phones.
Rescanning the second phone now shows no infections, rescanning the
first still shows the 73.
Both "infections" seem to have only appeared this morning, April 11th.
I've installed AVG on the 73 machine. It doesn't see any of those
"threats", but says a dashcam app I use is a PUP.
Is the sensible thing to do to ignore all these warnings?
--
Bill
app + file storage area, the other in the old way with its SD card just
set as main data storage.
The "old" one today shows 73 instances ofAndroid/Trojan.HiddenAds.at. If
I ask Malwarebytes to remove this, I am asked whether I really want to
remove Android.System.
The other phone with the extended use of the SD card shows just 2
instances of the same Trojan and when I try removal there, I am asked if
I want to remove the storage.apk.
I say "Ignore once" on both phones.
Rescanning the second phone now shows no infections, rescanning the
first still shows the 73.
Both "infections" seem to have only appeared this morning, April 11th.
I've installed AVG on the 73 machine. It doesn't see any of those
"threats", but says a dashcam app I use is a PUP.
Is the sensible thing to do to ignore all these warnings?
--
Bill
Carlos E.R.
Apr 11, 2017, 7:52:07 AM4/11/17
to
On 2017-04-11 10:41, Bill wrote:
> I have 2 Android 6.0 phones. One is set up to use an SD card as the main
> app + file storage area, the other in the old way with its SD card just
> set as main data storage.
>
> The "old" one today shows 73 instances ofAndroid/Trojan.HiddenAds.at.
http://www.pcmag.com/article2/0,2817,2482172,00.asp
> I have 2 Android 6.0 phones. One is set up to use an SD card as the main
> app + file storage area, the other in the old way with its SD card just
> set as main data storage.
>
> The "old" one today shows 73 instances ofAndroid/Trojan.HiddenAds.at.
Shame Shame Video, or Android/PUP.Riskware.Dropper.pk, thankfully hasn't
made it past the gatekeepers on the Google Play Store. However, it can
be downloaded from various third-party markets and mobile websites.
Disguising itself as a video player, it installs a fake video app called
com.android.vivo. Once installed, the app then unleashes an unstoppable
torrent of ads through its bundled advertising libraries like
Android/Trojan.HiddenAds.
...
Fortunately, there are some things you can do to stay safe from Shame
Shame Video. The best way to avoid threats like this altogether is to
not install apps from outside of Google Play. Although some malware
occasionally sneaks through, Google uses real human beings to vet
software and ads on its platforms. Also, disable your phone's ability to
install apps from unknown sources.
--
Cheers, Carlos.
BugHunter
Apr 11, 2017, 8:03:00 AM4/11/17
to
Carlos E.R. <robin_...@es.invalid> schreef op Di 11 Apr 2017 om 13:51:
warning that it should be dangerous.
--
\ / http://nieuwsgroepen.tk
------------///-----------------------------
/ \ Bye, BugHunter
> On 2017-04-11 10:41, Bill wrote:
> > I have 2 Android 6.0 phones. One is set up to use an SD card as the main
> > app + file storage area, the other in the old way with its SD card just
> > set as main data storage.
> >
> > The "old" one today shows 73 instances ofAndroid/Trojan.HiddenAds.at.
>
> http://www.pcmag.com/article2/0,2817,2482172,00.asp
>
> Shame Shame Video, or Android/PUP.Riskware.Dropper.pk, thankfully hasn't
> made it past the gatekeepers on the Google Play Store. However, it can
> be downloaded from various third-party markets and mobile websites.
> Disguising itself as a video player, it installs a fake video app called
> com.android.vivo. Once installed, the app then unleashes an unstoppable
> torrent of ads through its bundled advertising libraries like
> Android/Trojan.HiddenAds.
>
> ....
> > I have 2 Android 6.0 phones. One is set up to use an SD card as the main
> > app + file storage area, the other in the old way with its SD card just
> > set as main data storage.
> >
> > The "old" one today shows 73 instances ofAndroid/Trojan.HiddenAds.at.
>
> http://www.pcmag.com/article2/0,2817,2482172,00.asp
>
> Shame Shame Video, or Android/PUP.Riskware.Dropper.pk, thankfully hasn't
> made it past the gatekeepers on the Google Play Store. However, it can
> be downloaded from various third-party markets and mobile websites.
> Disguising itself as a video player, it installs a fake video app called
> com.android.vivo. Once installed, the app then unleashes an unstoppable
> torrent of ads through its bundled advertising libraries like
> Android/Trojan.HiddenAds.
>
>
> Fortunately, there are some things you can do to stay safe from Shame
> Shame Video. The best way to avoid threats like this altogether is to
> not install apps from outside of Google Play. Although some malware
> occasionally sneaks through, Google uses real human beings to vet
> software and ads on its platforms. Also, disable your phone's ability to
> install apps from unknown sources.
I've made an app by myself and gets a
> Fortunately, there are some things you can do to stay safe from Shame
> Shame Video. The best way to avoid threats like this altogether is to
> not install apps from outside of Google Play. Although some malware
> occasionally sneaks through, Google uses real human beings to vet
> software and ads on its platforms. Also, disable your phone's ability to
> install apps from unknown sources.
warning that it should be dangerous.
--
\ / http://nieuwsgroepen.tk
------------///-----------------------------
/ \ Bye, BugHunter
Bill
Apr 11, 2017, 10:30:13 AM4/11/17
to
In message <7jsurd-...@Telcontar.valinor>, Carlos E.R.
<robin_...@es.invalid> writes
Well, I have never installed apps from anywhere except the Play Store on
this phone, and I have never had the phone set to allow installation
from unknown sources.
I haven't even noticed any more ads than usual. What I have noticed is a
really annoying set of 3 banners that appear to be from Malwarebytes and
that appear when the phone wakes from standby. These take a lot of
poking to get rid of them and are a real nuisance.
There is no sign of Shame.Shame Video or com.android.vivo, but if I
allow Malwarebytes to "Delete" the trojan, I get a message asking if I
want to delete Android System. If I select just one of the 73 trojans, I
get a message that MB was unable to uninstall. These appear to be found
in major parts of the OS like bluetooth etc.
AVG still sees no virus or trojan.
--
Bill
<robin_...@es.invalid> writes
this phone, and I have never had the phone set to allow installation
from unknown sources.
I haven't even noticed any more ads than usual. What I have noticed is a
really annoying set of 3 banners that appear to be from Malwarebytes and
that appear when the phone wakes from standby. These take a lot of
poking to get rid of them and are a real nuisance.
There is no sign of Shame.Shame Video or com.android.vivo, but if I
allow Malwarebytes to "Delete" the trojan, I get a message asking if I
want to delete Android System. If I select just one of the 73 trojans, I
get a message that MB was unable to uninstall. These appear to be found
in major parts of the OS like bluetooth etc.
AVG still sees no virus or trojan.
--
Bill
Carlos E.R.
Apr 11, 2017, 11:24:06 AM4/11/17
to
On 2017-04-11 16:27, Bill wrote:
> In message <7jsurd-...@Telcontar.valinor>, Carlos E.R.
> <robin_...@es.invalid> writes
>>
> In message <7jsurd-...@Telcontar.valinor>, Carlos E.R.
> <robin_...@es.invalid> writes
>>
> Well, I have never installed apps from anywhere except the Play Store on
> this phone, and I have never had the phone set to allow installation
> from unknown sources.
>
> I haven't even noticed any more ads than usual. What I have noticed is a
> really annoying set of 3 banners that appear to be from Malwarebytes and
> that appear when the phone wakes from standby. These take a lot of
> poking to get rid of them and are a real nuisance.
>
> There is no sign of Shame.Shame Video or com.android.vivo, but if I
> allow Malwarebytes to "Delete" the trojan, I get a message asking if I
> want to delete Android System. If I select just one of the 73 trojans, I
> get a message that MB was unable to uninstall. These appear to be found
> in major parts of the OS like bluetooth etc.
>
> AVG still sees no virus or trojan.
Then I would remove Malwarebytes.
> this phone, and I have never had the phone set to allow installation
> from unknown sources.
>
> I haven't even noticed any more ads than usual. What I have noticed is a
> really annoying set of 3 banners that appear to be from Malwarebytes and
> that appear when the phone wakes from standby. These take a lot of
> poking to get rid of them and are a real nuisance.
>
> There is no sign of Shame.Shame Video or com.android.vivo, but if I
> allow Malwarebytes to "Delete" the trojan, I get a message asking if I
> want to delete Android System. If I select just one of the 73 trojans, I
> get a message that MB was unable to uninstall. These appear to be found
> in major parts of the OS like bluetooth etc.
>
> AVG still sees no virus or trojan.
--
Cheers, Carlos.
VanguardLH
Apr 11, 2017, 11:30:18 AM4/11/17
to
Bill <Billa...@gmail.com> wrote:
> There is no sign of Shame.Shame Video or com.android.vivo, but if I
> allow Malwarebytes to "Delete" the trojan, I get a message asking if I
> want to delete Android System. If I select just one of the 73 trojans, I
> get a message that MB was unable to uninstall. These appear to be found
> in major parts of the OS like bluetooth etc.
Go into Settings -> Application Manager, scroll to the right to see the
> There is no sign of Shame.Shame Video or com.android.vivo, but if I
> allow Malwarebytes to "Delete" the trojan, I get a message asking if I
> want to delete Android System. If I select just one of the 73 trojans, I
> get a message that MB was unable to uninstall. These appear to be found
> in major parts of the OS like bluetooth etc.
All column. Do you see more than one "Android System" listed there?
One will be for the Android OS which obviously you do not want to
uninstall. There should only be one but malware can also name itself
"Android System". For example, a user reported that "Phone Control"
Android app (for spying on your kids or anyone using your phone or any
phone where you can install this app - so lock your smartphone with a
pattern or code!) calls itself "Android System" in Applications Manager.
By tapping the "Android System" app, the one that is really for the
Android OS cannot be turned off nor uninstalled.
Bill
Apr 11, 2017, 3:52:29 PM4/11/17
to
In message <el4b49...@mid.individual.net>, VanguardLH <V...@nguard.LH>
writes
I assume you mean Settings->Apps, but I just see a list of apps and can
then include system apps.
There is only one Android System, and I've tried letting it delete this,
but it just fails the uninstall. This is just like the 73 other
instances, all of which look like system critical functions and none
that I've tried can be deleted.
I might try one more AV app before deleting Malwarebytes.
--
Bill
writes
then include system apps.
There is only one Android System, and I've tried letting it delete this,
but it just fails the uninstall. This is just like the 73 other
instances, all of which look like system critical functions and none
that I've tried can be deleted.
I might try one more AV app before deleting Malwarebytes.
--
Bill
VanguardLH
Apr 11, 2017, 4:35:46 PM4/11/17
to
Bill <Billa...@gmail.com> wrote:
> VanguardLH WROTE:
>
>> Bill <Billa...@gmail.com> wrote:
>>
>>> There is no sign of Shame.Shame Video or com.android.vivo, but if I
>>> allow Malwarebytes to "Delete" the trojan, I get a message asking
>>> if I want to delete Android System. If I select just one of the 73
>>> trojans, I get a message that MB was unable to uninstall. These
>>> appear to be found in major parts of the OS like bluetooth etc.
>>
>> Go into Settings -> Application Manager, scroll to the right to see
>> the All column. Do you see more than one "Android System" listed
>> there? One will be for the Android OS which obviously you do not
>> want to uninstall. There should only be one but malware can also
>> name itself "Android System". For example, a user reported that
>> "Phone Control" Android app (for spying on your kids or anyone using
>> your phone or any phone where you can install this app - so lock
>> your smartphone with a pattern or code!) calls itself "Android
>> System" in Applications Manager. By tapping the "Android System"
>> app, the one that is really for the Android OS cannot be turned off
>> nor uninstalled.
>
> I assume you mean Settings->Apps,
A rose by any other name would smell as sweet. Customized Android OSes
have deliberate differences based on what the phone maker wants or how
they want to establish their fingerprint or image. All you said is that
you have 2 Android 6 phones, not who makes them and which models.
> but I just see a list of apps and can then include system apps. There
> is only one Android System, and I've tried letting it delete this,
> but it just fails the uninstall.
But, as mentioned, you do NOT want to delete the Android OS; else,
you'll have to install another OS or that smartphone is worthless. If
you have just one "Android System" then stop trying to uninstall it;
else, toss your phone.
> This is just like the 73 other instances, all of which look like
> system critical functions and none that I've tried can be deleted.
Which might also be system apps and are non-uninstallable.
> I might try one more AV app before deleting Malwarebytes.
MBAM might not actually be seeing the malware. Various methods are used
to determine if malware is present. One of them is to look for
fingerprints in what files are present along with various settings.
I've had it false alert on user-configured tweaks on my desktop: I know
that I changed that setting but MBAM alerts that malware possibly
changed it. I've had it false alert (as well as other AV software) on
.vhd files which are snapshots (images) of the drives in virtual
machines - which only had Windows installed and its updates and no 3rd
party software (since I use those VMs to test unknown or untrusted
software and when done revert back to the unpolluted base snapshot).
Every security program has false positives. It's the nature of trying
to detect malware. That an AV program does not alert that you have
malware does not mean your computer is clean. That an AV program alerts
that you have malware does not guarantee you are infected.
I'm using Sophos Mobile Security on my smartphone. It's at:
https://play.google.com/store/apps/details?id=com.sophos.mobilecontrol.client.android
I've tried Avast Mobile but their scheme of using a notification to keep
its process from getting unloaded (even by the Android OS which will
unload idle apps when memory is needed for new ones). It's a kludge
scheme. They should define their AV scanner as a service or set an
attribute on their app to make it sticky (which has the Android OS
reload the app if that app gets unloaded). Something else I don't like
about Avast is it is adware. Several features are payware features but
they shove it in their freeware version and then nag you about them.
Sophos also has shown better coverage, less resource consumption, and
incorporates their cloud scanner. I still use Avast (free) on my
desktop PC. Sophos has their similar threat definition:
https://www.sophos.com/en-us/threat-center/threat-analyses/viruses-and-spyware/Andr~HiddenAd-A.aspx
I'm not saying that Sophos has no false positives (alerts on what isn't
there) and no positive negatives (misses malware). That was my choice
on my smartphone. It has features beyond malware detection, like being
able to find your phone or disable it so someone else finding it cannot
use it or get your data off of it; however, be careful with those
features. It also has App Protection which means you can restrict
access to some apps (only meaningful if you let others use your
smartphone or you're worried about an unauthorized users using the app -
but then you should be locking your smartphone with a pattern [and not
some common one] or with a code plus Sophos has their lost phone and
remote control features). Several mobile AV products have these
features. Many do not.
Personally I wouldn't use MBAM as the primary line of defense on any
computer but it is a good secondary manually-initiated antimalware
scanner. Quite often MBAM alerts me on something suspect, like PUPs
(Probably Unwanted Programs) but which you can configure it to ignore,
so I have to analyze its results. It might say something is bad but it
is software that I choose to use. It's bad on their list, not mine.
It'll tell me some setting is potentially a malware fingerprint but I'm
the one that set it that way.
You can get a head start on which mobile security program you might want
to use on your smartphone by reviewing the following:
https://www.av-test.org/en/antivirus/mobile-devices/
MBAM has never made this list, same for AVG in the Jan 2017 list (*).
Click on an AV program to get more details and compare features.
(*) Note: AVG has been acquired by Avast and why it might not be
separately listed in comparison page. See:
https://press.avast.com/avast-closes-acquisition-of-avg-technologies
AVG last appeared in the Nov 2016 list.
Since I use Avast on my desktop PC, I thought it would be a good choice
on my smartphone, too. Nope, don't like their kludge to keep their
process from getting unloaded which occupies a notification slot (a
nuisance to me) and do not appreciate how they've turned their products
into adware.
> VanguardLH WROTE:
>
>> Bill <Billa...@gmail.com> wrote:
>>
>>> There is no sign of Shame.Shame Video or com.android.vivo, but if I
>>> allow Malwarebytes to "Delete" the trojan, I get a message asking
>>> if I want to delete Android System. If I select just one of the 73
>>> trojans, I get a message that MB was unable to uninstall. These
>>> appear to be found in major parts of the OS like bluetooth etc.
>>
>> Go into Settings -> Application Manager, scroll to the right to see
>> the All column. Do you see more than one "Android System" listed
>> there? One will be for the Android OS which obviously you do not
>> want to uninstall. There should only be one but malware can also
>> name itself "Android System". For example, a user reported that
>> "Phone Control" Android app (for spying on your kids or anyone using
>> your phone or any phone where you can install this app - so lock
>> your smartphone with a pattern or code!) calls itself "Android
>> System" in Applications Manager. By tapping the "Android System"
>> app, the one that is really for the Android OS cannot be turned off
>> nor uninstalled.
>
> I assume you mean Settings->Apps,
have deliberate differences based on what the phone maker wants or how
they want to establish their fingerprint or image. All you said is that
you have 2 Android 6 phones, not who makes them and which models.
> but I just see a list of apps and can then include system apps. There
> is only one Android System, and I've tried letting it delete this,
> but it just fails the uninstall.
you'll have to install another OS or that smartphone is worthless. If
you have just one "Android System" then stop trying to uninstall it;
else, toss your phone.
> This is just like the 73 other instances, all of which look like
> system critical functions and none that I've tried can be deleted.
> I might try one more AV app before deleting Malwarebytes.
to determine if malware is present. One of them is to look for
fingerprints in what files are present along with various settings.
I've had it false alert on user-configured tweaks on my desktop: I know
that I changed that setting but MBAM alerts that malware possibly
changed it. I've had it false alert (as well as other AV software) on
.vhd files which are snapshots (images) of the drives in virtual
machines - which only had Windows installed and its updates and no 3rd
party software (since I use those VMs to test unknown or untrusted
software and when done revert back to the unpolluted base snapshot).
Every security program has false positives. It's the nature of trying
to detect malware. That an AV program does not alert that you have
malware does not mean your computer is clean. That an AV program alerts
that you have malware does not guarantee you are infected.
I'm using Sophos Mobile Security on my smartphone. It's at:
https://play.google.com/store/apps/details?id=com.sophos.mobilecontrol.client.android
I've tried Avast Mobile but their scheme of using a notification to keep
its process from getting unloaded (even by the Android OS which will
unload idle apps when memory is needed for new ones). It's a kludge
scheme. They should define their AV scanner as a service or set an
attribute on their app to make it sticky (which has the Android OS
reload the app if that app gets unloaded). Something else I don't like
about Avast is it is adware. Several features are payware features but
they shove it in their freeware version and then nag you about them.
Sophos also has shown better coverage, less resource consumption, and
incorporates their cloud scanner. I still use Avast (free) on my
desktop PC. Sophos has their similar threat definition:
https://www.sophos.com/en-us/threat-center/threat-analyses/viruses-and-spyware/Andr~HiddenAd-A.aspx
I'm not saying that Sophos has no false positives (alerts on what isn't
there) and no positive negatives (misses malware). That was my choice
on my smartphone. It has features beyond malware detection, like being
able to find your phone or disable it so someone else finding it cannot
use it or get your data off of it; however, be careful with those
features. It also has App Protection which means you can restrict
access to some apps (only meaningful if you let others use your
smartphone or you're worried about an unauthorized users using the app -
but then you should be locking your smartphone with a pattern [and not
some common one] or with a code plus Sophos has their lost phone and
remote control features). Several mobile AV products have these
features. Many do not.
Personally I wouldn't use MBAM as the primary line of defense on any
computer but it is a good secondary manually-initiated antimalware
scanner. Quite often MBAM alerts me on something suspect, like PUPs
(Probably Unwanted Programs) but which you can configure it to ignore,
so I have to analyze its results. It might say something is bad but it
is software that I choose to use. It's bad on their list, not mine.
It'll tell me some setting is potentially a malware fingerprint but I'm
the one that set it that way.
You can get a head start on which mobile security program you might want
to use on your smartphone by reviewing the following:
https://www.av-test.org/en/antivirus/mobile-devices/
MBAM has never made this list, same for AVG in the Jan 2017 list (*).
Click on an AV program to get more details and compare features.
(*) Note: AVG has been acquired by Avast and why it might not be
separately listed in comparison page. See:
https://press.avast.com/avast-closes-acquisition-of-avg-technologies
AVG last appeared in the Nov 2016 list.
Since I use Avast on my desktop PC, I thought it would be a good choice
on my smartphone, too. Nope, don't like their kludge to keep their
process from getting unloaded which occupies a notification slot (a
nuisance to me) and do not appreciate how they've turned their products
into adware.
Bill
Apr 12, 2017, 3:19:59 PM4/12/17
to
In message <el4t11...@mid.individual.net>, VanguardLH <V...@nguard.LH>
writes
Thanks for that. I'm now trying Sophos and it seems not too intrusive.
It flags up a bunch of programs that I use as being "low reputation",
but these are just rather specialist apps (eg a European Jeep ODB2
diagnostic program covering just a couple of years).
I use Malwarebytes as a second line of defence on PC's, so I will
retire it from Android. It looks as though the 73 Trojans, all in vital
Android apk's must be false positives. They don't seem to be able to be
deleted or ignored, so MBAM is just utterly annoying.
The phone is badged Medion 5005 and elsewhere Medion 5050. It is also
referred to online as a rebadged Lenovo model B5060.
--
Bill
writes
It flags up a bunch of programs that I use as being "low reputation",
but these are just rather specialist apps (eg a European Jeep ODB2
diagnostic program covering just a couple of years).
I use Malwarebytes as a second line of defence on PC's, so I will
retire it from Android. It looks as though the 73 Trojans, all in vital
Android apk's must be false positives. They don't seem to be able to be
deleted or ignored, so MBAM is just utterly annoying.
The phone is badged Medion 5005 and elsewhere Medion 5050. It is also
referred to online as a rebadged Lenovo model B5060.
--
Bill
0 new messages