如何在/系统目录中自动修复恶意软件? -- 5.0-lollipop 领域 和 malware 领域 android 相关 的问题

How do I fix malware installed automatically in the /system directory?


简体版||繁體版
5
vote

问题

中文

我去年9月从Reliance Jio买了一个Lyf Flame 7。它在Android棒棒糖上运行。除了从播放商店之外,我的手机没有植根于rooted,它从未从互联网下载任何其他应用程序。最多10月份工作正常。 11月,我开始看到自动下载的应用程序。我预先安装的antimalware应用程序向我报告,我卸载了那些下载的应用程序。这发生在3次/周的频率。上周我再次发现它,然后决定寻找任何可能在未经我权限下载恼人的应用程序的进程。它也开始向我展示爆发广告。

我发现有一个名为"无线更新" 的应用程序,另一个名为"flyee" 和"fqad" 。我拓考了他们,发现无线更新是亚洲的低端智能手机中的预安装系统应用程序,它从互联网下载随机应用程序。我禁用它,发现它不再下载文件了。我后来去了它的设置,并将其停止使用移动数据自动下载应用程序并仅在WiFi上下载。我限制了其背景数据使用情况。第二天早上,我发现我的手机里安装了一堆应用程序,并完全吃掉了公羊。有一个假装whatsapp,phoneservice,u tobe(带有youtube logo),手电筒,两个假手机应用程序和很多其他应用程序。我认为他们是恶意软件,最糟糕的部分是我无法删除它们。因此,他们以某种方式管理了一种方法来获取root访问我的手机并在 /system 目录中安装它们。他们还开始尽量减少我正在使用的任何应用程序。

其他一些应用程序也开始下载更多应用程序,并且广告突然突破。我强迫停止了它们并禁用它们,只能发现它们中的大多数都会自动启用。他们正在吃掉RAM和电池。我下载了Malwarebytes,发现还有其他应用程序作为非root安装,所以我清理了它们。但是,无法删除 /system 应用程序。我从第三方禁用下载,它逐一向上逐一从播放商店下载随机应用程序。要停止此,我进入了任命并在C ++中生成了一个大的1.5 GB文本文件,以停止下载任何应用程序。它无法下载更多的应用程序,而是一个新的弹出窗口,说"启动器加载" 来了,我无法使用我的手机。在锁屏幕之后,我无法打开任何应用程序或任何内容。今天早上,我发现发射器加载弹出窗口消失了,但新问题进来了。它开始给我提醒我说"不幸的是,令人难以置信的是暂停了" 。它走上了无尽的循环。如果是一瞬间,它已经消失了,另一个警报说"不幸的是谷歌播放服务已经停止了" 和早期的警报出现。我的手机目前无法使用,我甚至无法从中拨打电话。我该怎么办? 我处于一个非常严重的问题。我尝试在安全模式下启动,但没有帮助。

english

I bought a Lyf Flame 7 from Reliance Jio last september. It runs on Android Lollipop. My phone is not rooted and it has never downloaded any other apps from the internet except from the Play Store. Upto October it was working fine. In November I started seeing apps being downloaded automatically. My pre-installed antimalware app reported them to me and I uninstalled those downloaded apps. This happened in a 3 times/week frequency. Last week I found it again and then decided to look for any processes that might be downloading the annoying apps without my permission. It also started showing me pop up ads.

I found out that there's an app called "Wireless Update" and another called "flyee" and "fqad". I googled them and found out that Wireless update is a preinstalled system app in low end smartphones in Asia and it downloads random apps from the internet. I disabled it and found that it doesn't download files anymore. I later went to its settings and also stopped it from using mobile data to download apps automatically and to download only over wifi. I restricted its background data usage. Next morning I found out that there are a load of apps installed in my phone and the ram was totally eaten up. There were apps like a fake whatsapp, PhoneService, U Tobe(with youtube logo), flashlight, two fake phone apps and a lot of other apps. I figured that they were malware and the worst part was that I couldn't delete them. So they somehow managed a way to get root access to my phone and install them in the /system directory. They also started minimizing any apps that I am using.

Some other app also started downloading even more apps, and ads were popping up constantly. I force stopped them and disabled them only to find out most of them are enabled automatically. They were eating up the RAM and battery. I downloaded MalwareBytes and found that there were other apps installed as non-root too so I cleaned them up. But the /system apps couldn't be removed. I disabled downloads from third party and it stated downloading random apps from the play store one by one. To stop this I went into termux and generated a big 1.5 GB text file with random numbers in C++ to stop downloading any more apps. It couldn't download any more apps but then a new pop-up saying "Launcher Loading" came up and I couldn't use my phone. I couldn't open any apps or anything after the lock screen. This morning, I found out that the Launcher Loading pop-up is gone but a new problem came in. It started giving me alerts saying "Unfortunately PhoneService has stopped". And it goes on an endless loop. If for a moment, it's gone, another alert saying "Unfortunately Google Play Services has stopped" and the earlier alert appears. My phone is currently unusable and I cannot even make calls from it. What do I do? I am in a really serious problem. I tried booting in safe mode but didn't help.

     
 
 

回答列表

2
 
vote
vote
最佳答案
 

注意:以下方法是风险的,您可能会删除核心模块,您的设备最终将在BootLoop中或根本不启动。以自己的风险做。

  • 您需要 root 您的设备并安装BusyBox(从Google Play) 。

  • 下载最小adb和fastboot

  • 使能USB调试

  • 安装USB驱动程序

打开最小adb和fastboot磁带以下内容:

  adb shell  su mount -o remount, rw /system  cd /system/app ls (list all installed apps)    

甚至更好: lsattr (使用它们的属性显示所有已安装的应用程序)。

然后使用 rm command ,删除任何可疑应用程序,如下所示: toolbox0 (磁带显示使用ls命令的确切名称)。

您可能会遇到一些拒绝用RM命令删除的应用程序:

  • 首先检查它们的属性 toolbox1 即: toolbox2

  • 然后用 toolbox3 删除这些属性 即: toolbox4

最后你将能够删除它们。

ps:禁用WiFi或数据连接在执行此操作。

  • 您可以在此处发布已安装应用的输出,并将查看删除或不删除的内容。
 

Note: the following method is risky, you might delete core modules and your device will end up in bootloop or not booting at all. Do it at your own risk.

  • You'll need to root your device and install BusyBox (from Google Play).

  • Download Minimal ADB and fastboot

  • Enabled USB debugging

  • Install USB drivers

Open Minimal ADB and Fastboot tape the following :

adb shell  su mount -o remount, rw /system  cd /system/app ls (list all installed apps)  

or even better: lsattr (display all installed apps with their attributes).

Then using the rm command, delete any suspicious app, like following : rm com.exemple.malware.apk (tape the exact name displayed with ls command).

You may encounter some apps that refuse to be deleted with the rm command :

  • First check their attributes with lsattr + com.app_name.apk i.e: -i-a--A com.app_name.apk

  • Then remove those attributes with chattr -iaA + com.app_name.apk i.e: chattr -iaA com.app_name.apk

Finally you'll be able to remove them.

PS: Disable WiFi or data connection while doing this.

  • You can post the output of installed apps here, and we'll check out what to remove or not.
 
 
     
     

相关问题

1  如何删除com.android.service,launcher3,媒体和shell?  ( How can i remove com android service launcher3 medias and shell ) 
我拥有一个廉价的中国Android手机,我为我的日常任务使用,我正在遇到我所理解的是恶意软件的问题。 频繁, Google Play 通知我 禁用有害应用"com.android.service" 可能会损坏您的设备 我继续做,但无济于事;这在一天中发生了5到10次,我怀疑它必须如何使用我的Wi-Fi和/或重新启...

8  这个通知是否让我的手机留在手机上?  ( Is this notification that keeps coming up on my phone a virus ) 
这个通知一直升起,而且我不确定它是真实的还是病毒,或者如何停止它来。 它说'Android系统警告!谷歌在电池模块中找到了严重的错误!点击[确定]查看详细信息。' screenshot(点击更大的变量) 任何帮助感谢,谢谢。 劳伦。 ...

1  如何从自动安装中停止应用程序  ( How to stop apps from self installing ) 
我现在有一段时间了。一个名为XeroxService的应用程序,除了Google Framework等的应用程序之外的应用程序没有任何图标,不会在不得许可和通知的情况下继续下载和安装自己。我可以在下载文件夹中找到APK。如果我卸载它,它会下载另一个APK并安装自己。令人惊讶的是,未知的来源是未经检查的并且播放存储自动...

1  为什么清洁大师,日常赛车,杜助升,MP3下载器,Snaptube和触摸台安装自己?  ( Why are clean master daily racing du booster mp3 downloader snaptube and tou ) 
有一天,我发现自己在手机中有一些奇怪的应用程序我不记得安装。卸载它们后,在一段时间后再次出现。 这些应用程序是: 清洁大师 每日赛车 Du Booster MP3 Downloader snaptube 触摸台 在卸载后,它们是如何安装的? ...

5  如何防止跟踪或黑客使用的手机  ( How to prevent tracking or hacking of a used phone ) 
使用的手机的imei是干净的,所以它没有被盗。 看起来它的卖家在卖之前做了一个工厂重置。 但我如何确保它没有任何恶意软件或后门,并且其卖家无法稍后混淆它,破解它,跟踪它,或错误地报告它被盗? 我知道如果手机植被扎根,则一些防盗应用程序和恶意软件可以在出厂时存活。 要确保手机真正清洁,我应该刷新ROM,还是有没有办法判...

59  是否有任何工具到Sandbox一个恶意软件应用程序,甚至超过Android的授权权限?  ( Are there any tools to sandbox a malware application even more than the granted ) 
假设我想运行一些请求太多权限的程序。例如,从麦克风记录或读取我手机的IMEI。但是,除了数据挖掘之外,没有实际解释为什么需要从MIC或IMEI编号记录此特定应用程序。 我想尝试这个应用程序,而是限制其权限。例如,如果它读取IMEI,则它应该随机IMEI(但每次相同)。如果它试图阅读麦克风,它应该沉默。 一些其他有趣的...

0  根目录中的奇怪.dat文件  ( Weird dat files in root directory ) 
我有一个三星Galaxy S7,安装了最新的Android用于该手机。有一些文件在我的内部存储根目录中担心我担心我,即AAVPSGDGFGDGFWWSVMH999.DAT,AAVPSGDGF999.DAT,当打开时,包含一些哈希 - 长度为24字节 - 内部。你知道他们可能是什么,如果他们向病毒提示?他们是最近的An...

0  Android要求重新输入WiFi密码。我的手机是否受到损害?  ( Android asks to re enter wifi passwords is my phone compromised ) 
我有一个Galaxy S8(SM-950F),带有Android版本8.0.0。我用magisk扎根了设备。我有几个Magisk模块,包括BixBy Remapper,F-Droid Prodiacalage扩展,LiboEmcrypto Disabler,LibseCure_Storage Companion和Cl...

0  解锁后如何删除空白的白色屏幕  ( How remove blank white screen after unlocking ) 
我正在使用华硕z010d android智能手机。最近它在解锁后显示了一个白色的空白屏幕。我需要触摸后退按钮返回主屏幕。任何人都知道如何删除白色屏幕,请讲述说明。 =======更新======= 我的手机已被感染恶意软件,广告,以便在滑动时始终显示白色空白屏幕以解锁手机。我试图重新重置它,但无法恢复。实际上,如...

0  Android股票浏览器立即下载文件后立即下载  ( Android stock browser downloads file immediatelly after start ) 
Android 4.4.2 Kitkat股票浏览器 如果我开始它或打开新选项卡,请从站点编号下载APK文件(Xb_client_blah-blah-blah-blah-blah-blah-blah-blah-blah-blah-blah-blah.apk)。 Apptiasly一些恶意软件固定浏览器的配置。哪个文件...




© 2022 it.wenda123.org All Rights Reserved. 问答之家 版权所有