Avast WEBforum

Consumer Products => Avast Mobile Security => Topic started by: soccerguy99 on December 01, 2020, 04:28:58 PM

Title: Malware Found
Post by: soccerguy99 on December 01, 2020, 04:28:58 PM
Hi there, when scanning my samsung mobile, Avast is detecting malware on the "Visual Voicemail" application. The message says
"it is installed in the system partition and cannot be uninstalled. Instead, you must deactivate the app from system settings." When I go to the app in the settings, it does not have a disable option.


Question:

1. Has anyone else seen malware on this app? Or on a manufacturer's app?
2. Any idea how to disable?


Thanks
Title: Re: Malware Found
Post by: Pondus on December 01, 2020, 05:23:47 PM
Quote
The message says
"it is installed in the system partition and cannot be uninstalled. Instead, you must deactivate the app from system settings."
Is this the message avast give?   i dont see any malware mentioned

Title: Re: Malware Found
Post by: soccerguy99 on December 01, 2020, 05:46:28 PM
Sorry I skipped that portion of the full message. It says "Malware detected on the Visual Voicemail app" ..
Title: Re: Malware Found
Post by: Pondus on December 01, 2020, 05:50:33 PM
Sorry I skipped that portion of the full message. It says "Malware detected on the Visual Voicemail app" ..
No malware name ?


Title: Re: Malware Found
Post by: soccerguy99 on December 01, 2020, 05:55:12 PM
No malware name was given

I ended up just clean reinstalling my phone out of caution.. not sure if this was the right approach but was overly worried.

Have you heard of this type of malware attached to a Samsung app? without a name? is it a "possible" malware or false positive perhaps?
Title: Re: Malware Found
Post by: soccerguy99 on December 01, 2020, 06:02:05 PM
Update:

I did a factory reset, turned on my phone and only logged into to google to download Avast from the playstore. No other apps installed or any other use.

I scanned my phone and this message is still coming up on a cleaned new phone. Could it be attached to my google account somehow?

The exact message is:

"Malware detected

Visual voicemail contains malware that could harm your device. it is installed in the system partition and cannot be uninstalled. Instead, you must deactivate the app from system settings."
Title: Re: Malware Found
Post by: soccerguy99 on December 01, 2020, 06:16:12 PM
Sorry for the additional posts, but would a factory reset wipe malware on the system partition (as the note seems to indicate it's located there)? Any help is appreciated.
Title: Re: Malware Found
Post by: Pondus on December 01, 2020, 06:24:41 PM
It could be that avast by "malware" mean PUP = Possible Unwanted Program ?
Or it is a False Positive ?   somone from avast need to answer


https://lifehacker.com/what-to-do-when-your-budget-android-phone-arrives-with-1840929271

https://blog.malwarebytes.com/android/2020/07/we-found-yet-another-phone-with-pre-installed-malware-via-the-lifeline-assistance-program/


When i buy Android phones i always buy one that comes with a clean android and no extra crapware ... like Nokia
https://www.androidauthority.com/best-smartphones-stock-android-844672/







Title: Re: Malware Found
Post by: soccerguy99 on December 01, 2020, 06:34:13 PM
Thanks @pondus

Not sure what to do here. It's possible that the malware can be in the system partition? Any recommendations here? Note, I've already done a factory reset.
Title: Re: Malware Found
Post by: Simion on December 01, 2020, 08:27:59 PM
I had a "malware" detection on a Sprint system file a few days ago. I checked the file with the VirusTotal app and it was clean. I reported it as a false positive through the Avast app and now it is no longer detected.
Title: Re: Malware Found
Post by: soccerguy99 on December 01, 2020, 09:22:32 PM
Hi @Simion, thanks for the reply. Appreciate it.

So you viewed "VirusTotal" as being more reliable than Avast  I guess?

And if Avast removes it as malware, have they done their due diligence or do they just take it out if someone reports it as false positive?

Thanks a bunch in advance

EDIT: my bad - didn't know what VirusTotal was

I downloaded VirusTotal for android and the result for the app was:

green check mark - 1/75 Clean

How do I interpret the "1 detected"? Oddly enough, the AV that detected is not AVAST, even though AVAST for mobile is flagging it as malware.

Can someone with experience using VirusTotal help interpret these results?
Title: Re: Malware Found
Post by: soccerguy99 on December 01, 2020, 10:26:48 PM
I downloaded VirusTotal for android and the result for the app was:

green check mark - 1/75 Clean

How do I interpret the "1 detected"? Oddly enough, the AV that detected is not AVAST, even though AVAST for mobile is flagging it as malware.

Can someone with experience using VirusTotal help interpret these results

When I checked the results, even the google playstore has 1 issue detected... "Windows: Trojan" --- are these normal??
Title: Re: Malware Found
Post by: soccerguy99 on December 01, 2020, 10:44:36 PM
updated with more info
Title: Re: Malware Found
Post by: Pondus on December 01, 2020, 10:46:30 PM
Quote
Can someone with experience using VirusTotal help interpret these results
Screenshots are a big help for those who cant see what you see   ;)


Title: Re: Malware Found
Post by: soccerguy99 on December 01, 2020, 11:04:42 PM
Here are the screenshots.  The first is from avast and the other 2 are from when I ran virustotal and 1 out of 76 AVs (drweb) found something.

On a related note, even Google play store has a detection by 1 AV. Is this normal?  Will most phones have at least 1 detection for some of these apps?
Title: Re: Malware Found
Post by: soccerguy99 on December 01, 2020, 11:11:09 PM
 :) thx

Quote
Can someone with experience using VirusTotal help interpret these results
Screenshots are a big help for those who cant see what you see   ;)
Title: Re: Malware Found
Post by: Pondus on December 02, 2020, 07:41:16 AM
Quote
How do I interpret the "1 detected"? Oddly enough, the AV that detected is not AVAST, even though AVAST for mobile is flagging it as malware.
That detection is a false positive, unless the file is very new but then you should see more detecting it as days goes


Title: Re: Malware Found
Post by: Simion on December 02, 2020, 12:48:28 PM
Yeah, looks like a false positive. Send the file to Avast as a false positive from within their app. Also, you can choose to ignore the detection of that file until Avast corrects their signatures.
Title: Re: Malware Found
Post by: soccerguy99 on December 02, 2020, 01:27:39 PM
Yeah, looks like a false positive. Send the file to Avast as a false positive from within their app. Also, you can choose to ignore the detection of that file until Avast corrects their signatures.

When it gets reported as a false positive, does avast investigate it? Or just take my word for it?

Thanks for the replies. Feeling less worried.
Title: Re: Malware Found
Post by: DavidR on December 02, 2020, 02:28:35 PM
Yeah, looks like a false positive. Send the file to Avast as a false positive from within their app. Also, you can choose to ignore the detection of that file until Avast corrects their signatures.

When it gets reported as a false positive, does avast investigate it? Or just take my word for it?

Thanks for the replies. Feeling less worried.

No they won't just take your word for it.

It will be investigated and if found to be an FP then the virus signature would be corrected/modified.
Title: Re: Malware Found
Post by: soccerguy99 on December 02, 2020, 03:00:20 PM
Gotcha. Is this a paid feature?

Yeah, looks like a false positive. Send the file to Avast as a false positive from within their app. Also, you can choose to ignore the detection of that file until Avast corrects their signatures.

When it gets reported as a false positive, does avast investigate it? Or just take my word for it?

Thanks for the replies. Feeling less worried.

No they won't just take your word for it.

It will be investigated and if found to be an FP then the virus signature would be corrected/modified.
Title: Re: Malware Found
Post by: DavidR on December 02, 2020, 03:14:41 PM
Gotcha. Is this a paid feature?

Yeah, looks like a false positive. Send the file to Avast as a false positive from within their app. Also, you can choose to ignore the detection of that file until Avast corrects their signatures.

When it gets reported as a false positive, does avast investigate it? Or just take my word for it?

Thanks for the replies. Feeling less worried.

No they won't just take your word for it.

It will be investigated and if found to be an FP then the virus signature would be corrected/modified.

Not that I'm aware of, but I'm thinking of the Avast for Windows program and not Avast Mobile Security.
When the Reporting Possible False Positive File or Website - https://www.avast.com/false-positive-file-form.php (https://www.avast.com/false-positive-file-form.php) - form is used.
Title: Re: Malware Found
Post by: soccerguy99 on December 02, 2020, 08:31:08 PM
Gotcha. Is this a paid feature?

Yeah, looks like a false positive. Send the file to Avast as a false positive from within their app. Also, you can choose to ignore the detection of that file until Avast corrects their signatures.

When it gets reported as a false positive, does avast investigate it? Or just take my word for it?

Thanks for the replies. Feeling less worried.

No they won't just take your word for it.

It will be investigated and if found to be an FP then the virus signature would be corrected/modified.

Not that I'm aware of, but I'm thinking of the Avast for Windows program and not Avast Mobile Security.
When the Reporting Possible False Positive File or Website - https://www.avast.com/false-positive-file-form.php (https://www.avast.com/false-positive-file-form.php) - form is used.

Is there someone from AVAST on this board that can be contacted? The mobile app doesn't seem to allow me to submit the report. Not sure if they monitor these boards. Cheers
Title: Re: Malware Found
Post by: DavidR on December 02, 2020, 10:15:40 PM
They do monitor the forums, possibly more so on the windows side of the forums.

You should be able to report it using the link I gave in my last reply.

I have tried to attract some Avast attention to this topic.
Title: Re: Malware Found
Post by: rocksteady on December 03, 2020, 10:32:27 AM
@soccerguy99  Have you submitted a false positive form yet? https://www.avast.com/false-positive-file-form.php
It may be a good idea to include a hyperlink to this forum thread for Avast staff to relate to.
Title: Re: Malware Found
Post by: soccerguy99 on December 03, 2020, 01:28:18 PM
Hi rocksteady, yes I did thanks!
Title: Re: Malware Found
Post by: soccerguy99 on December 06, 2020, 04:02:53 PM
Yeah, looks like a false positive. Send the file to Avast as a false positive from within their app. Also, you can choose to ignore the detection of that file until Avast corrects their signatures.

@Simion and @Pondus I've sent a false positive report. In the meantime, is it common to see virus total report 1 out of 75 AVs showing malware? I've run it a few times over the past few days and the results have not changed. Rather than choose to ignore it for now, I've just shut down my phone now out of caution. Wondering if I'm being overly cautious. Also, could since I did a factory reset and the results have not changed, is it possible the malware is attached to my sim card and I could solve this be replacing the sim?
Title: Re: Malware Found
Post by: rocksteady on December 08, 2020, 11:40:20 AM
Avast seem to be lethargic getting onto this reported suspected False Positive. Waiting for Christmas?

I have not checked myself, but which 1/75 AV's is reported as detecting on virus total?
I suppose that is a stupid question and answer will be Avast!