I wrote in XDA (I am hunktb user)
http://forum.xda-developers.com/showpost.php?p=58491927&postcount=27
"I finally managed to replace kinguser with superuser (opensource, com.koushikdutta.superuser), so I have a clean system.
The phone is still rooted and new superuser app works fine."
http://forum.xda-developers.com/showpost.php?p=58492531&postcount=17
But after that (4 days ago, no kinguser installed), I still have some malware:
In notification appears an "i" and it informs some app has been installed, for example
com.skymobi.oversea.gamecenter
com.skymobi.mopoplay.appstore
Another notification was about Whatsapp, already installed (but I think it would have been installed if it wasn't)
Internet Security detects malware in RomasterSu_1.1.4_140611_1000.apk used, but nothing installed.
Where is malware?
-I removed Cooee Kauncher (com.cooee.launcherS4)
-I removed kinguser
With titanium backup I found two more apps I also removed:
-com-cooee.digitalclock (Digital Clock)
-com.cooee.floatwindow (FlasBarService)
I see an app with chinese name, package com.mediatek.factorymode
¿I should look for init script and review something not listed as package?
or ... maybe, new idea, ... if it installs app it could be a fake /malware Google Play???
Googling it
https://blog.gdatasoftware.com/blog/article/android-smartphone-shipped-with-spyware.html
Looking with titanium, Google Play Store 5.1.1 package is "com.android.vending", and it has some updates applied
If I remove updates, initial version is 4.6.17, and it updates again to 5.1.1, it seems from Google ...
I need more time, more ideas ...
No hay comentarios:
Publicar un comentario