Avast WEBforum
Consumer Products => Avast Mobile Security => Topic started by: soccerguy99 on December 01, 2020, 04:28:58 PM
-
Hi there, when scanning my samsung mobile, Avast is detecting malware on the "Visual Voicemail" application. The message says
"it is installed in the system partition and cannot be uninstalled. Instead, you must deactivate the app from system settings." When I go to the app in the settings, it does not have a disable option.
Question:
1. Has anyone else seen malware on this app? Or on a manufacturer's app?
2. Any idea how to disable?
Thanks
-
The message says
"it is installed in the system partition and cannot be uninstalled. Instead, you must deactivate the app from system settings."
Is this the message avast give? i dont see any malware mentioned
-
Sorry I skipped that portion of the full message. It says "Malware detected on the Visual Voicemail app" ..
-
Sorry I skipped that portion of the full message. It says "Malware detected on the Visual Voicemail app" ..
No malware name ?
-
No malware name was given
I ended up just clean reinstalling my phone out of caution.. not sure if this was the right approach but was overly worried.
Have you heard of this type of malware attached to a Samsung app? without a name? is it a "possible" malware or false positive perhaps?
-
Update:
I did a factory reset, turned on my phone and only logged into to google to download Avast from the playstore. No other apps installed or any other use.
I scanned my phone and this message is still coming up on a cleaned new phone. Could it be attached to my google account somehow?
The exact message is:
"Malware detected
Visual voicemail contains malware that could harm your device. it is installed in the system partition and cannot be uninstalled. Instead, you must deactivate the app from system settings."
-
Sorry for the additional posts, but would a factory reset wipe malware on the system partition (as the note seems to indicate it's located there)? Any help is appreciated.
-
It could be that avast by "malware" mean PUP = Possible Unwanted Program ?
Or it is a False Positive ? somone from avast need to answer
https://lifehacker.com/what-to-do-when-your-budget-android-phone-arrives-with-1840929271
https://blog.malwarebytes.com/android/2020/07/we-found-yet-another-phone-with-pre-installed-malware-via-the-lifeline-assistance-program/
When i buy Android phones i always buy one that comes with a clean android and no extra crapware ... like Nokia
https://www.androidauthority.com/best-smartphones-stock-android-844672/
-
Thanks @pondus
Not sure what to do here. It's possible that the malware can be in the system partition? Any recommendations here? Note, I've already done a factory reset.
-
I had a "malware" detection on a Sprint system file a few days ago. I checked the file with the VirusTotal app and it was clean. I reported it as a false positive through the Avast app and now it is no longer detected.
-
Hi @Simion, thanks for the reply. Appreciate it.
So you viewed "VirusTotal" as being more reliable than Avast I guess?
And if Avast removes it as malware, have they done their due diligence or do they just take it out if someone reports it as false positive?
Thanks a bunch in advance
EDIT: my bad - didn't know what VirusTotal was
I downloaded VirusTotal for android and the result for the app was:
green check mark - 1/75 Clean
How do I interpret the "1 detected"? Oddly enough, the AV that detected is not AVAST, even though AVAST for mobile is flagging it as malware.
Can someone with experience using VirusTotal help interpret these results?
-
I downloaded VirusTotal for android and the result for the app was:
green check mark - 1/75 Clean
How do I interpret the "1 detected"? Oddly enough, the AV that detected is not AVAST, even though AVAST for mobile is flagging it as malware.
Can someone with experience using VirusTotal help interpret these results
When I checked the results, even the google playstore has 1 issue detected... "Windows: Trojan" --- are these normal??
-
updated with more info
-
Can someone with experience using VirusTotal help interpret these results
Screenshots are a big help for those who cant see what you see ;)
-
Here are the screenshots. The first is from avast and the other 2 are from when I ran virustotal and 1 out of 76 AVs (drweb) found something.
On a related note, even Google play store has a detection by 1 AV. Is this normal? Will most phones have at least 1 detection for some of these apps?
-
:) thx
Can someone with experience using VirusTotal help interpret these results
Screenshots are a big help for those who cant see what you see ;)
-
How do I interpret the "1 detected"? Oddly enough, the AV that detected is not AVAST, even though AVAST for mobile is flagging it as malware.
That detection is a false positive, unless the file is very new but then you should see more detecting it as days goes
-
Yeah, looks like a false positive. Send the file to Avast as a false positive from within their app. Also, you can choose to ignore the detection of that file until Avast corrects their signatures.
-
Yeah, looks like a false positive. Send the file to Avast as a false positive from within their app. Also, you can choose to ignore the detection of that file until Avast corrects their signatures.
When it gets reported as a false positive, does avast investigate it? Or just take my word for it?
Thanks for the replies. Feeling less worried.
-
Yeah, looks like a false positive. Send the file to Avast as a false positive from within their app. Also, you can choose to ignore the detection of that file until Avast corrects their signatures.
When it gets reported as a false positive, does avast investigate it? Or just take my word for it?
Thanks for the replies. Feeling less worried.
No they won't just take your word for it.
It will be investigated and if found to be an FP then the virus signature would be corrected/modified.
-
Gotcha. Is this a paid feature?
Yeah, looks like a false positive. Send the file to Avast as a false positive from within their app. Also, you can choose to ignore the detection of that file until Avast corrects their signatures.
When it gets reported as a false positive, does avast investigate it? Or just take my word for it?
Thanks for the replies. Feeling less worried.
No they won't just take your word for it.
It will be investigated and if found to be an FP then the virus signature would be corrected/modified.
-
Gotcha. Is this a paid feature?
Yeah, looks like a false positive. Send the file to Avast as a false positive from within their app. Also, you can choose to ignore the detection of that file until Avast corrects their signatures.
When it gets reported as a false positive, does avast investigate it? Or just take my word for it?
Thanks for the replies. Feeling less worried.
No they won't just take your word for it.
It will be investigated and if found to be an FP then the virus signature would be corrected/modified.
Not that I'm aware of, but I'm thinking of the Avast for Windows program and not Avast Mobile Security.
When the Reporting Possible False Positive File or Website - https://www.avast.com/false-positive-file-form.php (https://www.avast.com/false-positive-file-form.php) - form is used.
-
Gotcha. Is this a paid feature?
Yeah, looks like a false positive. Send the file to Avast as a false positive from within their app. Also, you can choose to ignore the detection of that file until Avast corrects their signatures.
When it gets reported as a false positive, does avast investigate it? Or just take my word for it?
Thanks for the replies. Feeling less worried.
No they won't just take your word for it.
It will be investigated and if found to be an FP then the virus signature would be corrected/modified.
Not that I'm aware of, but I'm thinking of the Avast for Windows program and not Avast Mobile Security.
When the Reporting Possible False Positive File or Website - https://www.avast.com/false-positive-file-form.php (https://www.avast.com/false-positive-file-form.php) - form is used.
Is there someone from AVAST on this board that can be contacted? The mobile app doesn't seem to allow me to submit the report. Not sure if they monitor these boards. Cheers
-
They do monitor the forums, possibly more so on the windows side of the forums.
You should be able to report it using the link I gave in my last reply.
I have tried to attract some Avast attention to this topic.
-
@soccerguy99 Have you submitted a false positive form yet? https://www.avast.com/false-positive-file-form.php
It may be a good idea to include a hyperlink to this forum thread for Avast staff to relate to.
-
Hi rocksteady, yes I did thanks!
-
Yeah, looks like a false positive. Send the file to Avast as a false positive from within their app. Also, you can choose to ignore the detection of that file until Avast corrects their signatures.
@Simion and @Pondus I've sent a false positive report. In the meantime, is it common to see virus total report 1 out of 75 AVs showing malware? I've run it a few times over the past few days and the results have not changed. Rather than choose to ignore it for now, I've just shut down my phone now out of caution. Wondering if I'm being overly cautious. Also, could since I did a factory reset and the results have not changed, is it possible the malware is attached to my sim card and I could solve this be replacing the sim?
-
Avast seem to be lethargic getting onto this reported suspected False Positive. Waiting for Christmas?
I have not checked myself, but which 1/75 AV's is reported as detecting on virus total?
I suppose that is a stupid question and answer will be Avast!