do you have a file com.yunlan.syslockmarket in system/priv-apps? (you can check with root explorer)
Hope that jiayu cleans this up in the next version.
I also get a adware warning on dailer and some other apk's but that might be a false positive.
I have checked with root file explorer and root browser and i don't have com.yunlan syslockmarket in the system/apps folder.
Running latest rom from jiayu.es (20141101-222444, based on 20141022 official rom)
Looking directly into jiayu.es signed_CWMG4S-20141101-222444.zip, lovelyfonts is there in system/app and sysmarket is in system/priv-app
Also avg detected Unlock app, but I installed jiayu rom after stock rom without explicit format of system partition, wondering if it's a leftover.
Deleted all of them
Also avast trips on sdcard0/cooee folder cooeeplatform.jar file , which I tried to delete but was recreated after reboot. Any ideea what this is?
Looking directly into jiayu.es signed_CWMG4S-20141101-222444.zip, lovelyfonts is there in system/app and sysmarket is in system/priv-app
Also avg detected Unlock app, but I installed jiayu rom after stock rom without explicit format of system partition, wondering if it's a leftover.
Deleted all of them
Also avast trips on sdcard0/cooee folder cooeeplatform.jar file , which I tried to delete but was recreated after reboot. Any ideea what this is?
Last edited:
Also had to get rid of the jiayu launcher (Launcher3.apk). After installing another launcher of course.
It's the one that seems to contain the things named kpsh and cooee. It downloads updates for them from the net and installs them on sdcard in .kpsh and cooee folders. Contains url's such as cooee.com and w1.mumucloud.com Runs even if I had selected another launcher.
Any ideea what cooee does? They seem to have various launchers in the play store. But Launcher3.apk, once disabled, was detected by antivirus as malware. Funny though, while running it was not. Also it seems they come preinstalled on other models of china phones, not only on jiayu.
It's the one that seems to contain the things named kpsh and cooee. It downloads updates for them from the net and installs them on sdcard in .kpsh and cooee folders. Contains url's such as cooee.com and w1.mumucloud.com Runs even if I had selected another launcher.
Any ideea what cooee does? They seem to have various launchers in the play store. But Launcher3.apk, once disabled, was detected by antivirus as malware. Funny though, while running it was not. Also it seems they come preinstalled on other models of china phones, not only on jiayu.
Dear,
I installed the latest KK rom 2-3weeks ago and having lots of problems with my battery since then, probably like mentioned here...
Is there a guide how to get rid of trojan horses or can anyone help me plz. I was so Happy about this phone but since i'am on KK i just wanna throw it away... :'(
Best regards Roald
Mine works like a charm on kk (I use the the jiayu.es version). See what is eating your battery (there are apps like systempanel applet and wakelock detector that help monitoring). Disable google location reporting. Malware can be uninstalled with any root uninstaller app. Just don't delete your stock launcher if you are still using it.
Dear,
It is the latest version of kk that came out last month? Can you give me a good link for download and maybe some link with help for installing that version plz?
Best regards Roald
Edit: how long do you go on KK with 1 battery charge?
Last edited:
I installed yesterday that version of KK, which is available from Jiayu.es and Lookout is alerting me of Unlock, Settings, Dialer and Contacts. I can't uninstall them. IS this a false positive or what? I checked system/app and privapp folders, and I can't see those files in there?
I have no problems with this phone otherwise just lookout alerts. Phone is Jiayu G5s 2+16.
thanks!
I use a custom rom, so I figured this wouldn't affect me, but I found the lovelyfonts app and the unlock.2144 in my phone. I don't really know how dangerous this was, I hope it wasn't because I have been using this rom for 6 months now... Anyhow, thanks for the warning!!
I use a custom rom, so I figured this wouldn't affect me, but I found the lovelyfonts app and the unlock.2144 in my phone. I don't really know how dangerous this was, I hope it wasn't because I have been using this rom for 6 months now... Anyhow, thanks for the warning!!
Help help help
My phone is about 2 week running official stock 4.4 kitkat Rom
Nothing is displaying on my Jiayu G4S Screen when its on.
It rings when there is incoming calls, you can swipe and receive calls
while the screen is totally black/dead
Any help on how to fix that or is the problem from the display screen??
My phone is about 2 week running official stock 4.4 kitkat Rom
Nothing is displaying on my Jiayu G4S Screen when its on.
It rings when there is incoming calls, you can swipe and receive calls
while the screen is totally black/dead
Any help on how to fix that or is the problem from the display screen??
Similar threads
Top Liked Posts
-
There are no posts matching your filters.
-
2Hi all Jiayu users,
a recent stock ROM and many custom ROMs based on it, have been reported to have at least 2 trojans integrated.
Organizational:This has already been discussed in this general thread: http://xdaforums.com/showthread.php?t=2746900&page=33I've downloaded G4S-20140609-211642-SD.rar and G4SL-20140618-194209-SD.rar from needrom and verified the following facts myself. I did not test the stock ROMs, but in the general thread others reported that they have it, too. I don't know if they really came from an official source. April ROMs seem not to have it.
But there it goes out of sight very quickly so we should use this new thread to discuss security concerns with Jiayu ROMs in general.
I will update the thread title as soon as other models are reported to have it, too (that is likely).
I will also update the title if we find it is a false alarm (which I stopped to hope).
Any suggestions to improve this posting, or to move it to a better forum, are very appreciated.
It would be nice, if everyone could try not to clutter this thread with unnecessary things. For example, if you have suggestions what I should edit here, better contact me directly, instead of posting a reply that becomes obsolete quickly.
Many trustworthy virus/malware scanners detect trojans in system/app/ - see a list of reports in the virustotal links:
fonts 6.26I was able to delete both apps using Titanium Backup. Everything still works and the third app didn't come back anymore.
com.lovelyfonts
lovelyfonts_vanzo_noicon_6.26.apk
http://www.avgthreatlabs.com/android-app-reports/app/com.lovelyfonts/
https://www.virustotal.com/en/file/...e90eaa5e9e8a1dec4db0d4ece4a82be1185/analysis/
Unlock 2.144
com.yunlan.syslockmarket
SysMarket_92_NoIcon.apk
https://www.virustotal.com/en/file/...cd75a5543725b049c974735dcc66c526940/analysis/
Maybe one of them seems to download a third one and does it again if I delete it, which is clearly malicious behavior:
com.skymobi.pay.plugin 2.0.0.6
placed here: /storage/sdcard0/Android/data/com.skymobi.pay.app/plugins/com.skymobi.pay.opplugin_V2006.apk 174.95 KB
http://www.avgthreatlabs.com/android-app-reports/app/com.skymobi.pay.opplugin_v2006.apk/
https://www.virustotal.com/en/file/...19bf34f6884fa397f062e9b9e4ee4d9be0a/analysis/
After deletion of the "fonts" app, without reboot, a chinese menu entry appears under settings/display. It translates to "font settings" and crashes when tapped. Maybe that's interesting.
Both apps caused wakelocks, consumed battery and sent data to the internet. They have lots of rights, and their names alone are suspicious.
Other Jiayu users with ROMs of May or June should check for these apps, too. Please report your results here. You can extract the ROM file on your PC and scan it with a virus scanner, or submit above apk files to virustotal or other online services.
Or, on your device, check for existence of the "fonts" and "Unlock" apps. You can do so under Settings/Apps, or in Titanium Backup, or Wakelockdetector and so on.
-Alex1
This is an April ROM, and there are also other reports that they are not affected.
Since a few days, jiayu.es also has the June ROM for download.
No, you can't upload the whole ROM. You can unrar/unzip it on a PC and upload single apk files from /system/app/ - or directly upload from your phone (you can use ES file explorer to access that directory).1
Never ever, german store is more or less just a reseller with the same poor customer service than a chinese one, why should they confirm that the company who they earn the money with is distributing malware, this would kill their Business immediately
