Android spy 1750 what crap. A hidden backdoor has been discovered in Chinese Android devices. Ways to eliminate the threat

Why your mobile phone suddenly began to behave differently than usual, or even “lived” its own “life”? Perhaps because a malicious program has settled in it. Today, the number of viruses and Trojans for Android is growing exponentially. Why? Yes, because the cunning virus writers know that smartphones and tablets are increasingly being used by our fellow citizens as electronic wallets, and they are doing everything to transfer funds from the owners’ accounts into their pockets. Let's talk about how to understand that a mobile device has caught an infection, how to remove a virus from Android and protect yourself from repeated infections.

Symptoms of a virus infection on an Android device

• The gadget turns on longer than usual, slows down, or suddenly reboots.
• Your SMS and phone call history contains outgoing messages and calls that you did not make.
• Money is automatically debited from your phone account.
• Ads that are not associated with any application or site are displayed on your desktop or browser.
• The programs are installed by themselves, Wi-Fi, Bluetooth or the camera are turned on.
• Lost access to electronic wallets, mobile banking or for unknown reasons the amount in the accounts has decreased.
• Someone has taken over your account in social networks or instant messengers (if used on a mobile device).
• The gadget is locked, and a message is displayed on the screen that you have violated something and must pay a fine or simply transfer money to someone to unlock it.
• Applications suddenly stopped launching, access to folders and files was lost, and some device functions were blocked (for example, buttons could not be pressed).
• When launching programs, messages like “an error occurred in the com.android.systemUI application” pop up.
• Unknown icons appeared in the application list, and unknown processes appeared in the task manager.
• Antivirus program informs you when malicious objects are detected.
• The antivirus program has spontaneously deleted itself from the device or does not start.
• The battery of your phone or tablet began to discharge faster than usual.

Not all of these symptoms are 100% indicative of a virus, but each is a reason to immediately scan your device for infection.

The easiest way to remove a mobile virus

If the gadget remains operational, the easiest way to remove the virus is to use the one installed on Android antivirus. Run a full scan of the phone’s flash memory, and if a malicious object is detected, select the “Delete” option, saving the neutralized copy in quarantine (in case the antivirus detected something safe and mistook it for a virus).

Unfortunately, this method helps in about 30-40% of cases, since most malicious objects actively resist being removed. But there is control over them too. Next we will look at options when:

• the antivirus does not start, does not detect or does not remove the source of the problem;
• the malicious program is restored after removal;
• The device (or its individual functions) is blocked.

Removing malware in safe mode

If you can't clean your phone or tablet normally, try doing it safely. The majority of malicious programs (not just mobile ones) do not show any activity in safe mode and do not prevent destruction.

To boot your device into Safe Mode, press the On/Off button, place your finger on “Power Off” and hold it until the “Enter Safe Mode” message appears. After that, click OK.

If you have an old one Android version— 4.0 and below, turn off the gadget in the usual way and turn it on again. When the Android logo appears on the screen, press the Volume Up and Volume Down keys simultaneously. Hold them down until the device boots up completely.

While in safe mode, scan your device with an antivirus. If there is no antivirus or it does not start for some reason, install (or reinstall) it from Google Play.

This method successfully removes advertising viruses such as Android.Gmobi 1 and Android.Gmobi.3 (according to Dr. Web classification), which download various programs to the phone (in order to increase the rating), and also display banners and advertisements on the desktop.

If you have superuser rights (root) and you know exactly what caused the problem, launch a file manager (for example, Root explorer), follow the path where this file is located and delete it. Most often, mobile viruses and Trojans place their bodies (executable files with the .apk extension) in the system/app directory.

To switch to normal mode, simply restart your device.

Removing mobile viruses via computer

Removing viruses on your phone via a computer helps when mobile antivirus does not cope with its task even in safe mode or the device’s functions are partially blocked.

There are also two ways to remove a virus from a tablet and phone using a computer:

• using an antivirus installed on a PC;
• manually through a file manager for Android gadgets, for example, Android Commander.

Using antivirus on your computer

To check files mobile device antivirus installed on your computer, connect your phone or tablet to the PC with a USB cable, selecting the “As a USB drive” method.

Then turn on USB.

After this, 2 additional “disks” will appear in the “Computer” folder on the PC - inner memory phone and SD card. To start scanning, open the context menu of each disk and click “Scan for viruses”.

Removing malware using Android Commander

Android Commander is a program for exchanging files between an Android mobile gadget and a PC. When launched on a computer, it provides the owner with access to the memory of a tablet or phone, allowing you to copy, move and delete any data.

For full access to all the contents of the Android gadget, you must first obtain root rights and enable USB debugging. The latter is activated through the service application “Settings” - “System” - “Developer Options”.

Next, connect the gadget to your PC as a USB drive and run Android Commander with administrator rights. In it, unlike Windows Explorer, protected system files and directories of the Android OS are displayed - the same way as, for example, in Root Explorer - a file manager for root users.

On the right half android windows Commander shows the directories of the mobile device. Find the executable file of the application (with the extension .apk) that is causing the problem and delete it. Alternatively, copy suspicious folders from your phone to your computer and scan each of them with an antivirus.

What to do if the virus is not removed

If the above operations did not lead to anything, the malicious program still makes itself felt, and also if the operating system ceases to function normally after cleaning, you will have to resort to one of the radical measures:

• reset with restoration of factory settings via system menu;
• hard reset via Recovery menu;
• reflashing the device.

Any of these methods will return the device to the same state as after purchase - there will be no user programs, personal settings, files or other information (data about SMS, calls, etc.) left on it. Your account will also be deleted Google entry. Therefore, if possible, transfer the phone book to the SIM card and copy paid applications and other valuable objects to external media. It is advisable to do this manually - without using special programs, so as not to accidentally copy the virus. After this, begin the “treatment”.

Restoring factory settings through the system menu

This option is the simplest. It can be used when the functions operating system and the device itself is not blocked.

Go to the “Settings” application, open the “Personal” section - “ Backup" and select "Reset to factory settings".

Hard reset via Recovery menu

A “hard” reset will help deal with the malware if it is not removed by any of the above methods or has blocked login. To our joy, access to the Recovery menu (system recovery) is retained.

Logging into Recovery works differently on different phones and tablets. On some, for this you need to hold down the “Volume +” key when turning on, on others - “Volume -”, on others - press a special recessed button, etc. The exact information is contained in the instructions for the device.

In the Recovery menu, select the option “wipe data/factory reset” or simply “factory reset”.

Flashing

Flashing is essentially reinstalling the Android OS, the same last resort as reinstalling Windows on the computer. It is resorted to in exceptional cases, for example, when a certain Chinese virus is embedded directly in the firmware and has been living on the device since its “birth.” One such malware is spyware. android program spy 128 origin.

To flash a phone or tablet, you will need root rights, a distribution kit (the firmware itself), an installation program, a computer with a USB cable or an SD card. Remember that each gadget model has its own individual firmware versions. Installation instructions are usually included with them.

How to avoid virus infection of Android devices

• Install mobile applications only from trusted sources, refuse hacked programs.
• Update your device as system updates are released - in them, developers close vulnerabilities that are exploited by viruses and Trojans.
• Install a mobile antivirus and keep it always on.
• If your gadget serves as your wallet, do not allow other people to use it to access the Internet or open unverified files on it.

Android is a popular system that supports many programs. By downloading from a safe source, such as Google Play, it guarantees that there are no viruses. Dubious sources and left-wing software portals can distribute applications that contain virus code.

According to the information, the above threats are a type of virus - a Trojan. Android.Spy, according to unverified information, can be built into a module from the manufacturer that updates Android (OS).

Similar threats

How to remove Android.Spy?

Analyzing security forums, we were able to collect some information:

1. Uninstalling the application is possible using root access. Obtaining root access requires some experience from the user, so before deleting I recommend visiting a specialized forum, for example w3bsit3-dns.com. If you have problems removing Android.Spy, try freezing the virus software. Use Titanium Backup as a tool.
2. The second option, more complex, is suitable for advanced users - update the phone's firmware. Usually the official website offers specific firmware, depending on the phone model. In theory, the archive with the firmware may also contain additional software (SP Flash Tool or equivalent).
3. Mentions of the virus are contained on the Doctor Web forum; the messages were created in 2017. Presumably on this moment(2018) the virus is detected by the utility from Doctor Web for Android. Conclusion - download and scan your smartphone.
4. Some phone models, especially expensive ones, include a support application. Alternatively, contact support, indicating your model and question.

The Android.Spy.128.origin virus may have the following identifiers:

1. com.ximalaya.ting.android
2. com.yidian.xiaomi
3. com.miui.video

These identifiers can be found when checking the device with the Dr.WEB utility. Detected threats are not necessarily Trojans, but may contain the functionality of advertising applications (malware, PUP).

Dr.WEB - best tool search for threats on both PCs and Android devices

Conclusion

My final thoughts:

1. Scan your smartphone with antivirus.
2. Clean up debris using CCleaner.
3. It would be a good idea to register on 4PDA, where many advanced users, specialists and even software developers and custom firmware hang out.
4. The last resort is to update the firmware. It may be worth installing only the original stock version.

Check quantity regularly installed applications. Some advertising modules capable of automatically downloading and installing other applications.

Few people know, but the Android OS, as a derivative of Linux, is significantly superior to the familiar Windows in terms of virus protection. In fact, the possibilities for threats to exist in a mobile OS are very limited. But spyware is a completely different matter.

What kind of virus is this

Users often encounter the Android.Spy.1750 class of viruses (also 1605, 127, 128, Banker, etc.). How dangerous are they? In many cases, the detection of such threats is associated with over-the-air firmware technology, but if this happened while using the device, then this is another reason to think about it.

The activity of Android.Spy class malware is associated with:

• use of Internet traffic;
• decreased performance and increased energy consumption;
• spontaneous turning on Wi-Fi, mobile internet, cameras and other things;
• the danger of hacking accounts on social networks, online banking, etc.

Please note that malicious software gets onto the device only with the user’s approval, often masquerading as regular programs and performing standard functions.

Ways to eliminate the threat

So, let's start with the simplest thing. The easiest way to neutralize such software is to use antivirus for Android, downloaded from the Play Market. The choice among them is really large (Kaspersky, Dr.Web Light, AVG or ESET). Do not forget that it is better to place suspicious files found in quarantine, because they can be useful. Unfortunately, this way it is not always possible to cope with the problem forever. The virus may be reinstalled upon reboot or block the operation of the antivirus.

Delete manually

If a program that poses a threat is detected by the antivirus, you need to remove it.

1. As standard, click on “Settings”.
2. Select “Programs”.
3. Find the program and click on it.
4. In the window that opens, first stop it, then clear the cache, then delete it.

If the virus does not allow itself to be removed, then we try to do the same from Safe Mode . To do this you need to press power button with key volume lower and hold until a window appears in which you can start the mode we need. On older versions of Android, you need to restart the device, and when the logo appears when you turn it on, hold down both volume keys. In the same mode, try scanning and cleaning with an antivirus.

By the way, read this article too: Samsung Photos Galaxy S7 Edge appeared online

Having root access, use any advanced file manager and manually delete the suspicious object (Total Commander worked well). Most often, malware is installed closer to regular programs. Look for the virus in the folder system/app– it will have an apk extension. Please note that performing such a procedure is not recommended for inexperienced users, especially those who do not know which program to remove.

Eliminating Android.Spy using a PC

So, we need:

• direct connection to a computer via cable;
• enable USB storage mode on the device;
• antivirus on PC.

After connecting, gadget disks (1-2) appear in the computer explorer. Right-click on them and select “Check (name of antivirus). After scanning, we place suspicious files in quarantine. There are also separate file manager utilities that allow you to work with any files, including system ones, via a PC, for example Titanium Backup.

If nothing Not did it help?

In this case, there are several options left.

1. Reset settings to factory defaults.
2. Do a hard reset.
3. Reflash the device.

Exactly in that order. Try these options one by one. Please note that existing files, contact numbers and other information will be deleted, so please copy them to your PC or cloud.

After you have managed to remove the Android.Spy threat (1750, 1605, etc.), we strongly recommend changing the passwords on all services in order to avoid their use by attackers.

Recently, the question of how to remove a virus from an Android phone has become relevant for users.

This article provides examples of the most common malware and ways to quickly and safely neutralize them.

Each type of malware has its own characteristics and properties.

Let's look at the main types of pest programs that users and effective ways their removal.

Advice! Regularly scan your device for malware and spyware with programs like 360 ​​Security. Dr. Web, Kaspersky, Lookout. They have the most extensive database of Android malware.

Trojan Removal

This type of malware is the most popular. You can find Trojans in almost any device, their number is so great.

It can encrypt its actions under the guise of another program and at the same time send paid SMS messages to third-party numbers in invisible mode.

The Trojan can also steal your phone numbers. credit cards and passwords recorded anywhere on the device: in SMS messages, notes, special programs for data storage.

To get rid of the Trojan, follow these steps:

1. Scan your device for spyware and malware, for example using Lookout, as shown in the figure.

1. Remove any suspicious programs found. There are two of these simple actions enough to neutralize and remove the Trojan from Android.

Removing adware

This type of malware software is also very common, however, unlike a Trojan, it is not aimed at harming the device and extorting Money, but to earn money through advertising.

It is not necessary to uninstall the application that is causing the ads to appear.

Several ways to solve the problem:

1. Turn on Airplane mode. In this mode, the Internet and other types of connections are turned off, so advertising is not loaded or displayed. This solution to the problem is suitable for games and applications that do not require the Internet to work with.
   To enable the mode, hold down the power button and in the window that appears, select the required type of action, as shown in the figure;

1. Removal by scanning. Scan your phone for threats; adware ones are almost always detected, so removing them will not be difficult.

Removing a malicious banner

This type of malicious software blocks all phone functions and extorts the user to pay money to disable the blocker banner.

This type of malware is often found on all phones.

Advice! If your phone or tablet has been infected with this type of malware, immediately take out your SIM cards before a large amount is withdrawn from your account.

An infected program can be easily eliminated in a few steps:

1. Turn off the device and fully charge it;
2. Turn on your device. All subsequent actions must be done as quickly as possible before the ransomware banner appears;
3. Go to settings (section for developers);

1. Enable USB debugging mode;