Author Topic: Is Fotaprovider a troyan?  (Read 34417 times)

0 Members and 1 Guest are viewing this topic.

Offline zekrom-6

  • Newbie
  • *
  • Posts: 1
Is Fotaprovider a troyan?
« on: February 01, 2017, 04:59:16 AM »
I got a notification of malware found on Fotaprovider but I can't remove it with Avast Online Security or in Safe Mode. Is Fotaprovider a threat or is it just a false alarm?
« Last Edit: February 01, 2017, 05:04:07 AM by zekrom-6 »

Offline Asyn

  • Avast √úberevangelist
  • Certainly Bot
  • *****
  • Posts: 62837
    • >>>  Avast Forum - Deutschsprachiger Bereich  <<<
Re: Is Fotaprovider a troyan?
« Reply #1 on: February 01, 2017, 07:46:47 AM »
Test the app at VT (https://www.virustotal.com) and post the link to the result here.
Win 8.1 [x64] - Avast PremSec 20.1.2396.Beta#3 [UI.460] - CC 5.63 - EEK - Firefox ESR 68.5 [NS/AOS/uBO/PB] - TB 68.5 - ASB/ASL.BC
Deutschsprachiger Bereich -> Avast Wissenswertes (Downloads, Anleitungen & Infos): https://forum.avast.com/index.php?topic=60523.0

Offline Eddy

  • Avast Evangelist
  • Maybe Bot
  • ***
  • Posts: 31356
  • Watching (over?) you
    • Malware removal, Biljart and other things.
Re: Is Fotaprovider a troyan?
« Reply #2 on: February 01, 2017, 11:40:48 AM »
In order to remove Fotaprivider, you will need to root the phone.

It comes with phones made in China.

Offline polonus

  • Avast √úberevangelist
  • Probably Bot
  • *****
  • Posts: 32163
  • malware fighter
Re: Is Fotaprovider a troyan?
« Reply #3 on: February 01, 2017, 12:57:13 PM »
Eddy is 100% right, read here for the full story: https://forums.malwarebytes.com/topic/168824-malware-found-android-trojan-dropper-cant-be-removed/

Way to do it, credits go to "saidshow" there
Quote

Hi Guys,

I had the same issue. I used 'package name viewer' to identify a second name for the package. I then used the steps below to remove:

mobile@ubuntu:~/android/sdk/platform-tools$ adb shell

shell@klte:/ $ su

root@klte:/ # mount -o rw,remount /system

root@klte:/ # rm -rf /system/priv-apps/com.android.push.alarm.apk

root@klte:/ # rm -rf /system/priv-apps/com.android.dserw.ds.apk               

root@klte:/ # rm -rf /data/data/com.android.push.alarm                       

root@klte:/ # rm -rf /data/data/com.android.dserw.ds                         

root@klte:/ # mount -o ro,remount /system

root@klte:/ # exit

shell@klte:/ $ exit

Crap like this and/or insecure IoT devices should be taken from the market and the cybercriminals that allow such schemes punished by authorities.

polonus
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!