For quite some time now I'm searching for a solution for the following issue, for which so far anything I tried didn't solve it. Hoping someone here has a suggestion on how to resolve it.
Several times per day an unknown app sends an url to open in the Samsung Browser. Each time it's a different website, so blocking the site or domain doesn't work.
I cleaned cache/date, blocked background data for apps, reset everything, used dozens of malware/android security apps - none of these apps found anything suspicious - running AdGuard, tried all Samsung Browser Ad blocker, uninstalled app by app to find the causing one, but nothing solved the issue so far.
What are your thoughts?
Thank you.
TGSKK said:
For quite some time now I'm searching for a solution for the following issue, for which so far anything I tried didn't solve it. Hoping someone here has a suggestion on how to resolve it.
Several times per day an unknown app sends an url to open in the Samsung Browser. Each time it's a different website, so blocking the site or domain doesn't work.
I cleaned cache/date, blocked background data for apps, reset everything, used dozens of malware/android security apps - none of these apps found anything suspicious - running AdGuard, tried all Samsung Browser Ad blocker, uninstalled app by app to find the causing one, but nothing solved the issue so far.
What are your thoughts?
Thank you.
Click to expand...
Click to collapse
Look for an app named "Mobile Installer" or "Mobile Services Manager". They install apps in the background and cause system wide 'pop-up' ads. You can use PD MDM to disable it if you cant through settings.
Sent from my SM-G975U using XDA Labs
jwarrior319 said:
Look for an app named "Mobile Installer" or "Mobile Services Manager". They install apps in the background and cause system wide 'pop-up' ads. You can use PD MDM to disable it if you cant through settings.
Sent from my SM-G975U using XDA Labs
Click to expand...
Click to collapse
Thank you.
I looked in PD MDM for such an app but don't have one with or similar to the names you mentioned.
I noticed that the package on your screenshot is a Sprint related app. I'm sorry I didn't mention before, but I have an unlocked device on T-Mobile, without any carrier specific apps.
TGSKK said:
Thank you.
I looked in PD MDM for such an app but don't have one with or similar to the names you mentioned.
I noticed that the package on your screenshot is a Sprint related app. I'm sorry I didn't mention before, but I have an unlocked device on T-Mobile, without any carrier specific apps.
Click to expand...
Click to collapse
The unlocked firmware wouldn't have either app anyway. That does make me wonder what's causing the issues. The apps i mentioned are installed by carriers on most android devices. They make money from the ads and when someone opens an app it auto installed. I first discovered it on my S5 with stock firmware. At that time data plans were still limited and it would be downloading 100+mb apps on data even with background data disabled.
Sent from my SM-G975U using XDA Labs
Factory reset.
You must a naughty individual surfing for porn..you should use your friends or your wife's phone to surf for porn. Thats what i do
Related
Hi,
When i used firefox this morning, avast warned me about a malware... I removed and installed again firefox, but there is still the malware. After a scan, avast is showing me about 20 apps and files infected... Is it some kind of false positive, or is it a real malware ? I don't know what to do... Thanks for help
Sent from my Nexus 4 using xda app-developers app
If it was me I'd flash the entire phone then re install stock firmware, but all my stuff is backed up I don't know about yours??
Sent from my LT22i using xda premium
AutruiP said:
Hi,
When i used firefox this morning, avast warned me about a malware... I removed and installed again firefox, but there is still the malware. After a scan, avast is showing me about 20 apps and files infected... Is it some kind of false positive, or is it a real malware ? I don't know what to do... Thanks for help
Sent from my Nexus 4 using xda app-developers app
Click to expand...
Click to collapse
I have the same issue as of this morning, Avast reporting Android:FakeInst-EY [Trj] on 10 installed apps. Is it possible it's an avast issue?
AutruiP said:
Hi,
When i used firefox this morning, avast warned me about a malware... I removed and installed again firefox, but there is still the malware. After a scan, avast is showing me about 20 apps and files infected... Is it some kind of false positive, or is it a real malware ? I don't know what to do... Thanks for help
Sent from my Nexus 4 using xda app-developers app
Click to expand...
Click to collapse
Its avast problem. I'm on S3 and Avast just showed me 30 malwares "Android:FakeInst-EY"
Avast Blog has this post, I suppose this is related to this:
Block fake apps
avast! Free Mobile Security blocks fake apps and our new signature targeting protects you against
malware distributed with them. Our popular anti-virus/anti-theft app for Android stops downloads of fake apps and games, so you won’t be duped.
“All of these apps use multiple advert services, steal your personal data and they even are hidden under different creators. But don’t worry. Avast detects all of the mentioned applications as Android:FakeInst-DL, and urls of fake searchers are blocked also,” said Chytrý.
Get avast! Free Mobile Security for your Android device from Google Play. Please add a review and share with your friends if you like it!
Click to expand...
Click to collapse
Source: http://blog.avast.com/2013/01/24/fake-google-play-apps/
Similar problems in German Forums, but I could understand / translate the webpage.
http://www.computerbase.de/forum/showthread.php?t=1189186
http://www.android-hilfe.de/nexus-1...vast-als-trojaner-erkannt-auf-nexus-10-a.html
This has hit universally I suppose.
pharalia said:
I have the same issue as of this morning, Avast reporting Android:FakeInst-EY [Trj] on 10 installed apps. Is it possible it's an avast issue?
Click to expand...
Click to collapse
Having the same issue. Avast posting that gmail is a trojan, which seems unlikely.
Looks like avast is really messing this one up this time!
Getting Android:FakeInst-EY [Trj] on WhatsApp, Ingress, Norton Utilities (lol), + a couple others as well
Thanks for confirming my suspicions, I didn't really want to wipe my device
Just to add, this happened to me this morning as well. 8 apps infected including Gmail. It seems this is on Avast.
Thanks everyone ! I have it on gmail too, and on Ingress. I checked with Lookout, and nothing bad happened ! Avast, u suck...
Sent from my Nexus 4 using xda app-developers app
It's look like an avast! problem. You need refresh the virus definition to 20130321-01.
Info on: forum.avast.com/index.php?topic=118778.0
It's a problem with Avast virus signature DB
http://forum.avast.com/index.php?topic=118778.0
About Android:FakeInst-EY
« on: Today at 09:30:01 AM »
Hi everyone,
it seems that this false positive detection somehow got through our systems to everyone. I'm sorry for that. Don't worry though, there should be a virus definitions update soon that will remove this detection. I'm going to reroute all topics to this one and lock them so everyone knows what's happening. I'll post here when the update is out so everyone can do a manual update of their definitions to fix this (or you can, of course, wait for the automatic update to happen, but manual will most probably be faster in this case).
Filip
Happening to myself and my wife. Same malware identified in multiple applications (Google Gmail, Amazon Kindle)
Yup, same here. Avast reporting Gmail & Firefox as malware.
Same issue. Whatsapp and avocado are reported. Seems something wrong with avast. Considering to uninstall it
Sent from my Nexus 4 using xda app-developers app
From the avast forum link:
"the latest update should be version 130320-01. In case of user apps, you can run apps scan which should clear the detections. In case of system apps, running the apps should clear the detections (that applies for user apps as well, but it should be faster to just run the apps scan)."
I just went into avast and updated the app to 130320-01. It took a few times hitting the update button before it actually updated avast, but it finally did. Afterwards, I ran a virus scan on all my apps, and it came back clean. Problem solved.
wvcadle said:
From the avast forum link:
"the latest update should be version 130320-01. In case of user apps, you can run apps scan which should clear the detections. In case of system apps, running the apps should clear the detections (that applies for user apps as well, but it should be faster to just run the apps scan)."
I just went into avast and updated the app to 130320-01. It took a few times hitting the update button before it actually updated avast, but it finally did. Afterwards, I ran a virus scan on all my apps, and it came back clean. Problem solved.
Click to expand...
Click to collapse
jelmew said:
Having the same issue. Avast posting that gmail is a trojan, which seems unlikely.
Click to expand...
Click to collapse
The thing I find curious is I updated Gmail on both my phone & tablet at the same time. Phone update went fine with no detection. Tablet popped up the FakeInst:EY detection during Gmail install so thought maybe definition file wasn't up to date (or EVO3D had a newer def file). But both devices are running v130321-01 which is supposed to have the fix (?).
Rescanning both devices, EVO3D comes up clean but tablet now detects 4 apps w/malware! Have tried updating but says this is the latest version out there. As said, will wait for the next update after 130321-01 and see if it clears. Just odd that have two devices with same versions of Gmail & Avast (and updates/defs) and two different results!
Update: No new updates to avast, but reran scans a second time on both a second time 5 minutes later and this time both came up clean. How can that be? I guess most importantly, both are clear again though worries me when one "detects" (even w/false positive) while other doesn't with what appears to be same environment!
I got the same warning today for a few apps, i had already deleted Firefox....
I just updated Avast as said in this treat and no warnings anymore Time to reinstall Firefox
Check this link out: http://www.androidcentral.com/popular-mobile-security-app-avast-marking-gmail-malware
TLDC (Too Lazy, Didn't Click);
Avast said:
it seems that this false positive detection somehow got through our systems to everyone. I'm sorry for that. Don't worry though, there should be a virus definitions update soon that will remove this detection. I'm going to reroute all topics to this one and lock them so everyone knows what's happening. I'll post here when the update is out so everyone can do a manual update of their definitions to fix this (or you can, of course, wait for the automatic update to happen, but manual will most probably be faster in this case)
Click to expand...
Click to collapse
Update your avast antivirus to latest virus definitions and re scan the phone. all problems will be solved
Trojan.Generic in Nexus 4 toolkit ??
this morning trying to run Nexus 4 toolkit, it also reported "Trojan.Generic", and then stopped, even add it to trust file, still will not run, What's wrong.
My phone will, when using various apps I've been using for years, suddenly open the play store and redirect me to Candy Crush or Caesar's slots. I'm getting sick of this. Does anyone know why this is happening? Lookout hasn't found any viruses or anything.
Sent from my LG-D800 using xda app-developers app
Try AirPush detector and see if some app is causing it to happen.
I actually had this happen from the browser. A damn play store "pop up". Surprised the hell out of me. Was also for candy crush. I also have pop ups disabled. I noticed this happen after I defaulted play links to the store. Must somehow disable the check.
Wow these adware companies are getting even more aggressive now a days
Same issue here.
Uninstalled everything except stock Google apps and same thing happening with pop up (candy crush), so I guess whatever is installed can't be uninstalled! Airpush or Ad detector software can't find the culprit either.
This is a huge security issue..... Reporting to Google
Browsers do it too... Doesn't have to be an app. It's a redirect "popup" avoiding standard android popup detection. I found this out by getting one before I defaulted links the play store. I actually got asked one time lol. The security issue would be a redirect to an actual infested page, which the built in popup blocker does block. The problem lies in the call of playstore only through playlink, which really can't cause harm being it can only show you the app, nothing further. Would be nice if fixed... Simply set to ignore non user clicked playlink pushes and implement a touch check.
Steamer86 said:
Browsers do it too... Doesn't have to be an app. It's a redirect "popup" avoiding standard android popup detection. I found this out by getting one before I defaulted links the play store. I actually got asked one time lol. The security issue would be a redirect to an actual infested page, which the built in popup blocker does block. The problem lies in the call of playstore only through playlink, which really can't cause harm being it can only show you the app, nothing further. Would be nice if fixed... Simply set to ignore non user clicked playlink pushes and implement a touch check.
Click to expand...
Click to collapse
I thought it was the browser I was using (Next), but problem persists across chrome and boat so I think it's some stealth junk installed in my system.
Google needs to find a fix for this, especially when airpush and ad detector apps can't resolve.
It isn't any stealth junk. Its browsing. Http. Port 80. The interwebs. Ect. Ect. It is not an app. It is not a service. Hence airpush or ad detectors will not detect it. Simply a link.
Steamer86 said:
It isn't any stealth junk. Its browsing. Http. Port 80. The interwebs. Ect. Ect. It is not an app. It is not a service. Hence airpush or ad detectors will not detect it. Simply a link.
Click to expand...
Click to collapse
You seem knowledgeable. How is it fixed? Simple restore of browser settings??
Recently my phone has keep popping up ads that take over my screen, and I have used so many ads detector and antivirus and i couldnt found out what is happening.
Then i found out a suspicious service is running in the background and it seems if i disabled it, the ads wont pop out, which is "com.google.devices", i wonder how do i completely remove a service?
Pretty sure thats a legitimate google service. Think yoh could show us what the ad looks like?
Sent from my SM-G900A using Tapatalk
just some china apps ad taking over my screen and it will start downloading apps, I understand why u mentioned it looks like a legit Google app, but I fount out an APK on my phone which is install a Google device onto my phone, so that's very suspicious
robinthebest said:
just some china apps ad taking over my screen and it will start downloading apps, I understand why u mentioned it looks like a legit Google app, but I fount out an APK on my phone which is install a Google device onto my phone, so that's very suspicious
Click to expand...
Click to collapse
Still would like to see what the ad looks like. The package you said is the device manager i believe so thats what the "google device" is all about.
Sent from my SM-G900A using Tapatalk
Just wipe and don't install dodgy apps in future! [emoji14]
Rakuu said:
Still would like to see what the ad looks like. The package you said is the device manager i believe so thats what the "google device" is all about.
Sent from my SM-G900A using Tapatalk
Click to expand...
Click to collapse
well thats very hard to describe, but since i downloaded "System app remover (ROOT)" from the market and i removed the "Google device package", the ads are completely destroyed and my phone seems not to have any problem...
Im guessing that apk installed some addons into the original "Google Devices" package, the reason why i think that APK is the cause is because it is in a random folder with a previous downloaded chinese app and named randomly and it has a draw over other apps permission
A specific advertisment continually shows up on all different sites I visit no matter how many times I clear my history and cookies.
I clear my history and cookies on my computer and phone regularly. It doesn't appear on my computer, only in chrome on my phone.
Anything else I can try clearing to fix the problem?
Thanks
Chrome has no ads, so one of your other apps is the source. You'll have to uninstall apps until you find the culprit.
Download adaway,this should fix it (I had the same problem until I downloaded adaway and applied it's host file ,the problem was fixed)
Sent from my GT-I9505 using Tapatalk
I agree Adaway will fix it, but finding the app causing the ad is a more permanent solution.
Hi,
So when I open my flip cover and have no Internet access, I get a textbox saying there is no network, check network and try again. So I guess an app is always trying to connect to Internet. But I don't know from which app this comes so I can't turn it off. Is there a log out something so I can see which app gives this textbox?
Grts
liobeir said:
Hi,
So when I open my flip cover and have no Internet access, I get a textbox saying there is no network, check network and try again. So I guess an app is always trying to connect to Internet. But I don't know from which app this comes so I can't turn it off. Is there a log out something so I can see which app gives this textbox?
Grts
Click to expand...
Click to collapse
I don't know about a log, but one way to tell would be to go to Settings-connections tab- Data Usage. Any app that appears in the list uses data. Then you can look at each one and see its foreground/background usage. If the app uses background data, then it's a possible culprit.
It's not tge easiest method, but it would be a heck of a lot better than uninstalling apps one by one to find the one using data.
Sent from my SAMSUNG-SM-N910A using Tapatalk
spexwood said:
I don't know about a log, but one way to tell would be to go to Settings-connections tab- Data Usage. Any app that appears in the list uses data. Then you can look at each one and see its foreground/background usage. If the app uses background data, then it's a possible culprit.
It's not tge easiest method, but it would be a heck of a lot better than uninstalling apps one by one to find the one using data.
Sent from my SAMSUNG-SM-N910A using Tapatalk
Click to expand...
Click to collapse
So what do i have to look for in that mobile usage menu? Cause there are a lot of apps and when I click them.... Yeah I don't know what I have to look for...
liobeir said:
So what do i have to look for in that mobile usage menu? Cause there are a lot of apps and when I click them.... Yeah I don't know what I have to look for...
Click to expand...
Click to collapse
Sorry, I went to work today then lost this thread for a while, lol.
Like I said, it isn't the best solution, but it'll be better than uninstalling apps one at a time.
What you need to do is start at the top of the (which are apps using the most data). Tap the app and look at the amount of background data being used. If it's 0.0, then that app isn't using data in the background. If it's some other amount, it is and you can check the "Restrict Background Data" option. This will prevent the app from using background data until you unchecked that option. Then test to see if the message pops up. If so, then that app wasn't the culprit, so uncheck the background data option and go the next app in the list. Repeat.
Hint: start with the Google apps in the list. I suspect Google Services, but I could be wrong.
spexwood said:
Sorry, I went to work today then lost this thread for a while, lol.
Like I said, it isn't the best solution, but it'll be better than uninstalling apps one at a time.
What you need to do is start at the top of the (which are apps using the most data). Tap the app and look at the amount of background data being used. If it's 0.0, then that app isn't using data in the background. If it's some other amount, it is and you can check the "Restrict Background Data" option. This will prevent the app from using background data until you unchecked that option. Then test to see if the message pops up. If so, then that app wasn't the culprit, so uncheck the background data option and go the next app in the list. Repeat.
Hint: start with the Google apps in the list. I suspect Google Services, but I could be wrong.
Click to expand...
Click to collapse
I found the app! It was the app that came with the flip cover. It's a led cover (smart shell for Note 4) but I still get the message. Even with the background data restricted. Can I completely make sure this app doesn't access Internet cause it really doesn't need it. When I turn off my phone or delete data for the app it doesn'tshow the message for a while.... But after a while it's back....
liobeir said:
I found the app! It was the app that came with the flip cover. It's a led cover (smart shell for Note 4) but I still get the message. Even with the background data restricted. Can I completely make sure this app doesn't access Internet cause it really doesn't need it. When I turn off my phone or delete data for the app it doesn'tshow the message for a while.... But after a while it's back....
Click to expand...
Click to collapse
So I'm guessing that that's a 3rd party (non-Samsung) led cover?
I have no experience with them personally, but I've read quite a few issues with people using 3rd party LED covers. Especially when on Lollipop.
I don't really know how to restrict an app from using FOREGROUND data, so I did a quick Google search.
"If you don't have root access on the device, then you can use mobiwol to control the access various apps have to the Internet. Mobiwol creates a 'virtual' VPN connection on the device which allows control of the individual app connections. However, although the app starts when the device starts it is possible that there may be a brief period prior to Mobiwol executing in which apps could get Internet access despite the Mobiwol configuration."
Source: http://android.stackexchange.com/qu...from-accessing-the-internet-on-android-device
" If your device is not rooted, so no problem, there are some applications that use some trick that can prevent apps from being connected to internet, such as NoRoot Firewall.
The Trick of NoRoot Firewall is that it opens a Fake VPN connection for making the phone to send all the packets to the Application then you can define for the application which one to allow and which one to deny. So it does not require root access."
Source: http://android.stackexchange.com/questions/75939/how-to-prevent-specific-apps-from-using-mobile-data
I don't know how to use these apps, so I won't be able to help with getting them working for you, but you can give them a try if you want. Other than that, Android doesn't natively support restricting a specific app from using any type of data, other than simply shutting down data for the entire phone.
spexwood said:
So I'm guessing that that's a 3rd party (non-Samsung) led cover?
I have no experience with them personally, but I've read quite a few issues with people using 3rd party LED covers. Especially when on Lollipop.
I don't really know how to restrict an app from using FOREGROUND data, so I did a quick Google search.
"If you don't have root access on the device, then you can use mobiwol to control the access various apps have to the Internet. Mobiwol creates a 'virtual' VPN connection on the device which allows control of the individual app connections. However, although the app starts when the device starts it is possible that there may be a brief period prior to Mobiwol executing in which apps could get Internet access despite the Mobiwol configuration."
Source: http://android.stackexchange.com/qu...from-accessing-the-internet-on-android-device
" If your device is not rooted, so no problem, there are some applications that use some trick that can prevent apps from being connected to internet, such as NoRoot Firewall.
The Trick of NoRoot Firewall is that it opens a Fake VPN connection for making the phone to send all the packets to the Application then you can define for the application which one to allow and which one to deny. So it does not require root access."
Source: http://android.stackexchange.com/questions/75939/how-to-prevent-specific-apps-from-using-mobile-data
I don't know how to use these apps, so I won't be able to help with getting them working for you, but you can give them a try if you want. Other than that, Android doesn't natively support restricting a specific app from using any type of data, other than simply shutting down data for the entire phone.
Click to expand...
Click to collapse
I found an xposed module to solve it I guess... No message so far! Xprivacy.... Works great... Off course you have to be rooted and have xposed installed.. But thanks man!!