Here are some questions regarding Avast and general advice on searching probably malicious files on Android.
I got interested in Mame roms. Googled with those words and first in the list was m.coolrom.com.au. When I clicked the link a pop up came and said that I should install some kind of speed booster before using roms to be able to play them with full speed. It wasn't obvious to me that something would get installed right away so I clicked OK (which I of course shouldn't have done, when I think of it now afterwards). There was also cancel option, but at that moment I thought I wouldn't get to the site if I would have pressed that (stupid me).
So I clicked OK and then popped up Avast asking for pin code. Now I understood that something was being tried to install on the phone so I didn't give the pin, but the screen flashed and something clearly happened. I'm not sure if I got directed back to the browser anymore or did I open it again my self. I then checked Avast log and there was three interesting events after the URL scan of m.coolrom.com.au:
1) App scanned - Google Play,
2) File Shield scan: Scanned 1 files in the last 29 minutes,
3) App Scanned: avast! Mobile Security.
It is not clear to me what happened here. I guess the site linked to Google Play app and that was started and scanned and this is the first logged event. Then it's not clear if something got downloaded - "scanned 1 files in the last 29 minutes". What was the file that was scanned? And could the last message mean that something got installed? Or is it just that the avast! Mobile Security app was scanned when I opened it to see the logs (it was on the same minute as the previous event though).
What got me so nervous is that there is some speculation in the internet of the malicious nature of the site I was visiting. I did the full scan with Avast for apps and storage and nothing was found. Is there something I could do to check if that mysterious unnamed file that got scanned is still on the device? Or to find out what it was? Android file browser does not for example show any time stamps. Could it have been downloaded anywhere or is there only a specific place where to look for? Browser I was using was Google Chrome. Or could it have been Google Play that downloaded the file? And by the way do you have any data on the nature of the coolrom.com.au site?
