Android spy 1750 what crap. How to remove a virus from an Android phone: A few simple steps


If spy 128 origin appears on Android, then do not rush to delete it: manufacturers claim that this is not a Trojan, but a system component necessary for sending important information about the operation of the device. But if you are serious about getting rid of suspicious files, you will first have to get root rights.

The Spy 128 Origin virus is most often encountered by owners of Chinese smartphones from manufacturers such as Meizu, Xiaomi and ZTE. Their Trojan is in the official firmware and is defined as a system component that cannot be removed without root access. The file video.apk, which is necessary to play video on a mobile device, is identified as infected.

At the same time, manufacturers claim that this is not a virus, but a system utility that actually sends data about the operation of the smartphone, but not to attackers, but to the developer to improve the firmware. The file is identified as a Trojan because it has not been used on the device for a long time.

There is another explanation for the existence of a virus in the phone’s firmware, related to the peculiarities of the Chinese Internet. Allegedly, the data is sent as part of the Baidu Push Notification service. This is the Chinese analogue of Google Cloud Messaging; both services are activated together and are not associated in any way with the user’s personal data. The presence of the file among the system components only indicates that the firmware is supported on the Chinese market. Both protocols are used to ensure correct support in the international and Chinese markets.

But there is another opinion: the Trojan actually performs malicious tasks, sending attackers various personal information, including SMS messages. If you are worried about antivirus programs on your phone detecting an unknown file with questionable functions, delete it using a file manager.

Removing Spy 128 Origin

To remove Spy 128 Origin, you need to get root access. On Meizu phones this can be done through the Flyme account settings.

After creating an account, return to the settings of your mobile device, enter your username and password in the “Account” field and click “Login”. Make sure that synchronization and Flyme messages are enabled, then tap “Finish”.

Go to the section with personal settings - its name will match the account name. Find the item “Open access to the system”.

Read the warning and click OK. To complete the operation, you will need to enter your Flyme account password. After confirming the information, the mobile device will reboot.

To obtain root rights on other devices, you can use special applications - Baidu ROOT, Vroot, KingoRoot, FramaRoot. When you have superuser rights, install a file manager (for example, Total Commander or ES Explorer) and use it to navigate to the folder /system/priv-app/video.apk or /system/app/MiuiVideo/MiuiVideo.apk. Delete the video.apk file (MiuiVideo.apk). To avoid problems with video playback, install a third-party media player or add the video.apk file from one of the old firmwares - for example, the Trojan is definitely not in Flyme 3.

Other viruses on Android

There are other viruses and Trojans on Android, the purpose of which is not controversial - their activity is definitely destructive. Some symptoms will help you understand that malicious code has appeared in the system.

  • The device reboots on its own, takes a long time to turn on, or turns off unexpectedly.
  • There are unknown entries in your call and message history, the origin of which you cannot explain.
  • Money is debited from the account.
  • An advertisement appears on the screen.
  • Programs are installed without your knowledge.
  • Errors appear when launching applications, unknown processes and icons.
  • The battery drains much faster than before.

The presence of one symptom does not necessarily indicate that the device is infected. But if you notice several similar factors, and even after checking the antivirus, it shows the presence of malicious code, then you urgently need to start cleaning the system.

The easiest way to get rid of malware is to use an antivirus for your mobile device. If the antivirus detects a virus, it will be able to neutralize it.

However, this method may not work for the following reasons:

  • The antivirus stopped working correctly or did not detect the virus at all, but you probably know that the problem exists.
  • Malware recovers on its own after removal.
  • The phone or its individual functions are blocked by a virus.

If you cannot remove the virus in normal mode, try doing it in safe mode. The problem is that in safe mode not only viruses, but also antiviruses stop functioning. Therefore, you will need root rights, a file manager, and information about where the malicious file is located. You can usually find such information on user forums.

Using a computer to remove a virus from Android can also be difficult. Modern smartphones are not detected as USB drives, and even if they are detected by the system, the antivirus on the computer may not recognize viruses for Android. But this does not mean that there is no way to get rid of the virus. There are radical ways that will definitely help.

If your Android smartphone or tablet starts acting strange, there is a small chance that the device has a virus. Today we will tell you how to remove a virus on Android and get rid of malware in the future.

Different ways to remove viruses on your phone and tablet and what they are like

Viruses on Android are not very common, but they do exist. As a rule, they penetrate the system through programs of dubious origin, so it is better to download applications from official stores, such as Google Play.

Those whose gadgets malfunction due to the actions of malicious applications will find in the article a useful description of how to enter safe mode and, if necessary, limit program rights, and then remove the virus.

If this option does not work, you can try rolling back to factory settings, although it is better not to do this without first creating a backup copy of the system.

Before moving on to the main part of the article, I would like to focus on the fact that smartphones or tablets running Android OS do not have viruses in the usual sense of the word.

Most often, the actions of the virus consist of displaying advertisements that say that the device is infected, and in order to remove the virus you need to download some application, or the slow operation of the device.

Android without viruses - how is this possible?

  1. Don't install apps: Do not install applications from unknown sources unless you are sure of their reliability. In general, the feature to block the installation of third-party applications is usually disabled by default. Enabled in the settings of your smartphone or tablet. Open “Settings”, then go to the “Security” section and uncheck the box next to “Unknown sources”.
  2. Avoid installing clone apps: Even if you download apps only from Google Play, apps with malicious code can still be found there. Therefore, you should not download clone applications from unknown developers, as well as applications that simply do not perform their functions
  3. Check application permissions: No matter where the application is downloaded from, before installation you need to check what functions and services it requests access to. Under no circumstances should you give the program administrator rights, as this will cause some difficulties with uninstallation. You should be wary if the video player for some reason requests access to contacts. You can also look for reviews of the app online or visit the developer's website to get a clearer picture of it.
  4. Update the system: The latest version of the Android operating system may not be available for your device, but it's still a good idea to check that it's as up-to-date as possible. Accordingly, you should give preference to the manufacturer that regularly releases updates for the software of its device (for example, Nokia).
  5. Install antivirus: On Android you can do without an antivirus, but those who are worried about not catching a virus will clearly be calmer with it. Also, antivirus applications, as a rule, have several additional useful functions in addition to the main one. Keep in mind that antivirus on Android may have false positives, which you can ignore if you are absolutely sure that the application is clean.

How to get rid of a virus on Android

Enter safe mode on your smartphone or tablet. In this mode, applications from third-party developers will not be able to launch, including those with malicious code.

On many devices, to open the shutdown menu, you need to press and hold the power button, then select “Power off” and the device will turn on in safe mode after rebooting.

If you can’t enter safe mode according to our description, open Google and enter “How to enter safe mode on [here we write the model of your device]” and follow the instructions found.

Having booted into safe mode, we see the inscription “Safe Mode” in the lower left part of the screen.

“Applications” settings

Open “Settings”, go to “Applications” and go to the “Downloaded” or “Third Party” tab.

We come here because there is a high probability that the user will find out about the application, after installing which the gadget began to glitch, by comparing the time of the appearance of the failures and the time of installing the new application.

If you don’t know which application is interfering with the normal operation of your smartphone or tablet, you should go through the list of all applications and find any suspicious ones or one that you did not install at all.

Click on the malicious application and get to a screen with information about it, click “Delete”.

In most cases, this action is enough to remove the virus, but it may also happen that the “Remove” button is not available.

This happens because the application has administrator rights.

Then exit the “Applications” section, return to “Settings”, go to “Security” and look for the line “Device Administrators”. All applications with administrator rights are stored here in the form of a list.

  • We simply uncheck the application that we want to delete.
  • We return to “Applications” and see that we can now delete the application.
  • The virus has been removed, all that remains is to reboot the device to return to normal mode.

The problem has been resolved, but it’s a good idea to back up important data on your device and install an antivirus for preventive protection.


An employee of the Kryptowire company bought a BLU R1 HD smartphone on vacation and accidentally noticed that the device was generating some suspicious network traffic. A detailed study of the issue revealed that the device was in contact with Chinese servers (bigdata.adups.com, bigdata.adsunflower.com, bigdata.adfuture.cn and bigdata.advmob.cn) belonging to the Shanghai Adups Technology Company, better known as Adups.

Kryptowire researchers soon realized that the problem was not limited to one device. Shanghai Adups Technology Company develops and sells its own software update system, FOTA (Firmware Over The Air), which is used by many Android device manufacturers. FOTA, in fact, has a built-in backdoor that constantly communicates with the servers of the Chinese company. Having received the appropriate command from the server, FOTA can:

  • send all SMS messages from the device to the Adups server every 72 hours;
  • send the contents of the call log to the Adups server every 72 hours;
  • collect personal data that allows the user to be identified and send it to the Adups server every 24 hours;
  • collect information about IMSI and IMEI, geolocation data and a list of installed applications;
  • remove or update applications;
  • download and install new applications without the user’s knowledge;
  • update the device firmware;
  • remotely execute arbitrary commands and escalate your privileges on the device.

According to Kryptowire, all malicious functionality is concentrated inside two system applications, which the user simply cannot disable or delete: com.adups.fota.sysoper and com.adups.fota.

According to information published on the official Adups website, the FOTA update system is used by more than 400 mobile operators, manufacturers, and so on. The company's solutions are used by more than 700 million Android devices worldwide. It is worth saying that we are talking not only about budget Android smartphones (although they are clearly the majority), but also about other gadgets. It is not known exactly which companies use Adups products without knowing their dangers, but it is known for certain that they include Huawei and ZTE.

Representatives of BLU Products have already commented on the information released by Kryptowire researchers and said that they did not know what FOTA was capable of and would soon remove the dangerous product from their devices. According to The New York Times , The problem affected 120,000 devices and they had already received updates.

UPD
Huawei representatives contacted ArsTechnica and said that "the company in question has never been included in the list of trusted suppliers, and we have never done any business with it."

Representatives of Adups itself told The New York Times that the information was not collected for the Chinese government, but that “the private company made a mistake.”

Android is a popular system that supports many programs. By downloading from a safe source, such as Google Play, it guarantees that there are no viruses. Dubious sources and left-wing software portals can distribute applications that contain virus code.

According to the information, the above threats are a type of virus - a Trojan. Android.Spy, according to unverified information, can be built into a module from the manufacturer that updates Android (OS).

Similar threats

How to remove Android.Spy?

Analyzing security forums, we were able to collect some information:

  1. Uninstalling the application is possible using root access. Obtaining root access requires some experience from the user, so before deleting I recommend visiting a specialized forum, for example w3bsit3-dns.com. If you have problems removing Android.Spy, try freezing the virus software. Use Titanium Backup as a tool.
  2. The second option, more complex, is suitable for advanced users - update the phone's firmware. Usually the official website offers specific firmware, depending on the phone model. In theory, the archive with the firmware may also contain additional software (SP Flash Tool or an analogue).
  3. Mentions of the virus are contained on the Doctor Web forum; the messages were created in 2017. Presumably at the moment (2018) the virus is detected by the utility from Doctor Web for Android. Conclusion - download and scan your smartphone.
  4. Some phone models, especially expensive ones, include a support application. Alternatively, contact support, indicating your model and question.

The Android.Spy.128.origin virus may have the following identifiers:

  1. com.ximalaya.ting.android
  2. com.yidian.xiaomi
  3. com.miui.video

These identifiers can be found when checking the device with the Dr.WEB utility. Detected threats are not necessarily Trojans, but may contain the functionality of advertising applications (malware, PUP).

Dr.WEB is the best threat detection tool for both PCs and Android devices

Conclusion

My final thoughts:

  1. Scan your smartphone with antivirus.
  2. Clean up debris using CCleaner.
  3. It would be a good idea to register on 4PDA, where many advanced users, specialists and even software developers and custom firmware hang out.
  4. The last resort is to update the firmware. It may be worth installing only the original stock version.

Regularly check the number of installed applications. Some advertising modules are capable of automatically downloading and installing other applications.

Why did your mobile phone suddenly begin to behave differently than usual, or even “take on” its own “life”? Perhaps because a malicious program has settled in it. Today, the number of viruses and Trojans for Android is growing exponentially. Why? Yes, because the cunning virus writers know that smartphones and tablets are increasingly being used by our fellow citizens as electronic wallets, and they are doing everything to transfer funds from the owners’ accounts into their pockets. Let's talk about how to understand that a mobile device has caught an infection, how to remove a virus from Android and protect yourself from repeated infections.

Symptoms of a virus infection on an Android device

  • The gadget turns on longer than usual, slows down, or suddenly reboots.
  • Your SMS and phone call history contains outgoing messages and calls that you did not make.
  • Money is automatically debited from your phone account.
  • Ads that are not associated with any application or site are displayed on your desktop or browser.
  • The programs are installed by themselves, Wi-Fi, Bluetooth or the camera are turned on.
  • I lost access to electronic wallets, mobile banking, or for unknown reasons the amount in my accounts decreased.
  • Someone has taken over your account on social networks or instant messengers (if used on a mobile device).
  • The gadget is locked, and a message is displayed on the screen that you have violated something and must pay a fine or simply transfer money to someone to unlock it.
  • Applications suddenly stopped launching, access to folders and files was lost, and some device functions were blocked (for example, buttons could not be pressed).
  • When launching programs, messages like “an error occurred in the com.android.systemUI application” pop up.
  • Unknown icons appeared in the application list, and unknown processes appeared in the task manager.
  • The antivirus program informs you when malicious objects are detected.
  • The antivirus program has spontaneously deleted itself from the device or does not start.
  • The battery of your phone or tablet began to discharge faster than usual.

Not all of these symptoms are 100% indicative of a virus, but each is a reason to immediately scan your device for infection.

The easiest way to remove a mobile virus

If the gadget remains operational, the easiest way to remove the virus is to use the antivirus installed on Android. Run a full scan of the phone’s flash memory, and if a malicious object is detected, select the “Delete” option, saving the neutralized copy in quarantine (in case the antivirus detected something safe and mistook it for a virus).

Unfortunately, this method helps in about 30-40% of cases, since most malicious objects actively resist being removed. But there is control over them too. Next we will look at options when:

  • the antivirus does not start, does not detect or does not remove the source of the problem;
  • the malicious program is restored after removal;
  • The device (or its individual functions) is blocked.

Removing malware in safe mode

If you can't clean your phone or tablet normally, try doing it safely. The majority of malicious programs (not just mobile ones) do not show any activity in safe mode and do not prevent destruction.

To boot your device into Safe Mode, press the On/Off button, place your finger on “Power Off” and hold it until the “Enter Safe Mode” message appears. After that, click OK.

If you have an old version of Android - 4.0 and lower, turn off the gadget in the usual way and turn it on again. When the Android logo appears on the screen, press the Volume Up and Volume Down keys simultaneously. Hold them down until the device boots up completely.

While in safe mode, scan your device with an antivirus. If there is no antivirus or it does not start for some reason, install (or reinstall) it from Google Play.

This method successfully removes advertising viruses such as Android.Gmobi 1 and Android.Gmobi.3 (according to Dr. Web classification), which download various programs to the phone (in order to increase the rating), and also display banners and advertisements on the desktop.

If you have superuser rights (root) and you know exactly what caused the problem, launch a file manager (for example, Root explorer), follow the path where this file is located and delete it. Most often, mobile viruses and Trojans place their bodies (executable files with the .apk extension) in the system/app directory.

To switch to normal mode, simply restart the device.

Removing mobile viruses via computer

Removing viruses on a phone via a computer helps when a mobile antivirus cannot cope with its task even in safe mode or the device’s functions are partially blocked.

There are also two ways to remove a virus from a tablet and phone using a computer:

  • using an antivirus installed on a PC;
  • manually through a file manager for Android gadgets, for example, Android Commander.

Using antivirus on your computer

To scan your mobile device files with an antivirus installed on your computer, connect your phone or tablet to the PC with a USB cable, selecting the “As a USB drive” method.

Then turn on USB.

After this, 2 additional “disks” will appear in the “Computer” folder on the PC - the internal memory of the phone and the SD card. To start scanning, open the context menu of each disk and click “Scan for viruses”.

Removing malware using Android Commander

Android Commander is a program for exchanging files between an Android mobile gadget and a PC. When launched on a computer, it provides the owner with access to the memory of a tablet or phone, allowing you to copy, move and delete any data.

For full access to all the contents of the Android gadget, you must first obtain root rights and enable USB debugging. The latter is activated through the service application “Settings” - “System” - “Developer Options”.

Next, connect the gadget to your PC as a USB drive and run Android Commander with administrator rights. In it, unlike Windows Explorer, protected system files and directories of the Android OS are displayed - just like, for example, in Root Explorer - a file manager for root users.

The right half of the Android Commander window shows the directories of the mobile device. Find the executable file of the application (with the extension .apk) that is causing the problem and delete it. Alternatively, copy suspicious folders from your phone to your computer and scan each of them with an antivirus.

What to do if the virus is not removed

If the above operations did not lead to anything, the malicious program still makes itself felt, and also if the operating system ceases to function normally after cleaning, you will have to resort to one of the radical measures:

  • reset with restoration of factory settings through the system menu;
  • hard reset via the Recovery menu;
  • reflashing the device.

Any of these methods will return the device to the same state as after purchase - there will be no user programs, personal settings, files or other information (data about SMS, calls, etc.) left on it. Your Google account will also be deleted. Therefore, if possible, transfer the phone book to the SIM card and copy paid applications and other valuable items to external media. It is advisable to do this manually - without using special programs, so as not to accidentally copy the virus. After this, begin the “treatment”.

Restoring factory settings through the system menu

This option is the simplest. It can be used when the functions of the operating system and the device itself are not blocked.

Go to the Settings application, open the Personal - Backup section and select Factory reset.

Hard reset via Recovery menu

A “hard” reset will help deal with the malware if it is not removed by any of the above methods or has blocked login. To our joy, access to the Recovery menu (system recovery) is retained.

Logging into Recovery works differently on different phones and tablets. On some, for this you need to hold down the “Volume +” key when turning on, on others - “Volume -”, on others - press a special recessed button, etc. The exact information is contained in the instructions for the device.

In the Recovery menu, select the option “wipe data/factory reset” or simply “factory reset”.

Flashing

Flashing is essentially reinstalling the Android OS, the same extreme measure as reinstalling Windows on a computer. It is resorted to in exceptional cases, for example, when a certain Chinese virus is embedded directly in the firmware and has been living on the device since its “birth.” One of such malware is the spyware android spy 128 origin.

To flash a phone or tablet, you will need root rights, a distribution kit (the firmware itself), an installation program, a computer with a USB cable or an SD card. Remember that each gadget model has its own individual firmware versions. Installation instructions are usually included with them.

How to avoid virus infection of Android devices

  • Install mobile applications only from trusted sources, refuse hacked programs.
  • Update your device as system updates are released - in them, developers close vulnerabilities that are exploited by viruses and Trojans.
  • Install a mobile antivirus and keep it always on.
  • If your gadget serves as your wallet, do not allow other people to use it to access the Internet or open unverified files on it.


2024 gtavrl.ru.