FORUMS
Remove All Ads from XDA

FIX for Monkey Test & Time Service Virus (Without Flashing)

74 posts
Thanks Meter: 58
 
Post Reply Email Thread
Hello everyone,
This method I'm going to write is tried on my own Lenovo A7600-H Kitkat 4.4.2 tablet, which I did not flash because I'm not sure about stock roms available on the net. If I had found a reliable rom I wouldn't be able learn this

To remove this virus you need to install busybox, Terminal emulator, Root explorer pro and you must have Supersu not superuser which is installed by Kingoroot. If you have rooted your device with kingoroot, so you need to change that.

Here is how to change that:
Google this: how to get ride and replace kinguser with supersu app (Follow first zidroid link)

I'm not able to submit links so im going to write the exact apps with developer names to download from Playstore.

Busybox Installer by JRummy Apps Inc.
Terminal Emulator by Jack Palevich
Root Explorer Pro by Speed Software

Once you have installed everything here is what to do in steps:
[Note: USB DEBUGGING MUST BE ENABLED Turn on Usb Debugging by going to settings> developer options> Usb debugging]

1) Turn off wifi/3G/4G, and then go to settings> apps> all> disable time service and monkey test. (If already frozen via titanium backup or other app) skip this.

2) Open Root explorer go to system/xbin and see if there is any file starting with a dot (eg: .ext.base) also note that every (.) file has diff permission then the rest of other files. So just remember those files with dots because those are the one that you're going to remove in terminal emulator.

3) Go back to system and then go to Priv-app folder and look for these two files
[1] cameraupdate.apk [2] providerCertificate.apk and also notice permission of these two files are different then the rest of Apks so these two are the base of MT TS virus and needs to be deleted.

4) Open Terminal Emulator OR if you have access to your device via adb from a computer.

5) WHAT TO TYPE IN TERMINAL EMULATOR or ADB (CMD Windows)

adb devices (Type this line if you're using adb Windows)
adb shell
su
mount -o remount,rw /system
cd system/priv-app
chattr -iaA providerCertificate.apk
rm providerCertificate.apk
chattr -aA cameraupdate.apk
rm cameraupdate.apk
cd ..
cd system/xbin
chattr -iaA .b
rm .b
chattr -iaA .ext.base
rm .ext.base
chattr -iaA .sys.apk
rm .sys.apk
[NOTE: If you are using older version than KK you need not to type priv-app just type cd system/app]

6) Please make sure you type the file name correctly just as providerCertificate C is capital otherwise permission wont change.

7) Exit Emulator/ADB

8) Go to settings> apps> all> send me the screenshot if you have Monkey test or Time Service there

9) I'm 100% sure if you've followed everything as I mentioned you are good as new and you don't need to flash.

10) I'm not a developer and That's it!
The Following 42 Users Say Thank You to Nuh99 For This Useful Post: [ View ] Gift Nuh99 Ad-Free
 
 
6th September 2015, 05:59 PM |#2  
Junior Member
Thanks Meter: 1
 
More
Unhappy Money test and time service virus removal
In karbonn A 30
x-bin has these files :
.b
.ext.base
.sys.apk
root/system has no priv-app but app file, it has two files:
SettingProvider.apk
cameraupdate.apk

I have given command cd system/app
followed by
chattr -iaA SettingProvider.apk
....Error...
chattr-iaA not found
WHAT TO DO ?
7th September 2015, 06:13 AM |#3  
Nuh99's Avatar
OP Member
Flag Karachi
Thanks Meter: 58
 
More
Cool
Quote:
Originally Posted by drdkundu

In karbonn A 30
x-bin has these files :
.b
.ext.base
.sys.apk
root/system has no priv-app but app file, it has two files:
SettingProvider.apk
cameraupdate.apk

I have given command cd system/app
followed by
chattr -iaA SettingProvider.apk
....Error...
chattr-iaA not found
WHAT TO DO ?

If you don't have a priv-app folder than you are not on Kitkat and you have to delete files from system/app folder.
Well anyway you have to delete cameraupdate.apk and providerCertificate.apk
and you are deleting SettingProvider.apk which I never said you have to.
Please look closely
The Following User Says Thank You to Nuh99 For This Useful Post: [ View ] Gift Nuh99 Ad-Free
7th September 2015, 08:27 AM |#4  
Junior Member
Thanks Meter: 1
 
More
Quote:
Originally Posted by Nuh99

If you don't have a priv-app folder than you are not on Kitkat and you have to delete files from system/app folder.
Well anyway you have to delete cameraupdate.apk and providerCertificate.apk
and you are deleting SettingProvider.apk which I never said you have to.
Please look closely

Dearest,
It is 4.0.4 ics , in app folder there is no providerCertificate.apk but SettingProvider.apk which is newer (as per date also AVG prompted it as malware and tried to uninstall but failed) than the original SettingProvider.apk ,i tried to insert screenshots,but prevented by forum thanks if you may share with me your email address i may be able to post
command : chatter... gives error message, is there different procedure for ics ?
Secondly,
I have searched out that karbonn A 30 is a rebranded version of vsun I 1S ,and original rom based on kitkat is available on their site, is it safe to flash vsun rom on it or shall I go for abacada rom available on xda?
7th September 2015, 08:49 AM |#5  
Nuh99's Avatar
OP Member
Flag Karachi
Thanks Meter: 58
 
More
Quote:
Originally Posted by drdkundu

Dearest,
It is 4.0.4 ics , in app folder there is no providerCertificate.apk but SettingProvider.apk which is newer (as per date also AVG prompted it as malware and tried to uninstall but failed) than the original SettingProvider.apk ,i tried to insert screenshots,but prevented by forum thanks if you may share with me your email address i may be able to post
command : chatter... gives error message, is there different procedure for ics ?
Secondly,
I have searched out that karbonn A 30 is a rebranded version of vsun I 1S ,and original rom based on kitkat is available on their site, is it safe to flash vsun rom on it or shall I go for abacada rom available on xda?

Send me screenshot or personally talk to me on www(.)facebook(.)com/99nuh
Btw you are unable to remove providersettings.apk because you might be typing wrong attributes for it.
To see its attribute cd system/app [enter]
then type lsattr to look for attributes of providersettings.apk
and then use those attributes with - and rm that file.

And If you want to flash your phone/tablet go with your brand official rom.
7th September 2015, 10:46 AM |#6  
Junior Member
Thanks Meter: 1
 
More
screenshots
Quote:
Originally Posted by Nuh99

Send me screenshot or personally talk to me on www(.)facebook(.)com/99nuh
Btw you are unable to remove providersettings.apk because you might be typing wrong attributes for it.
To see its attribute cd system/app [enter]
then type lsattr to look for attributes of providersettings.apk
and then use those attributes with - and rm that file.

And If you want to flash your phone/tablet go with your brand official rom.

Screenshots below:
please add http.. before
//photos(dot)google(dot)com/photo/AF1QipNuigMsljp-1jsPLPqo_QuG_27vDUHS-DzSZZi-
//photos(dot)google(dot)com/photo/AF1QipMUmGdmU7TyETRaomzJzzKSuFYOiW7e53urGT6P
//photos(dot)google(dot)com/photo/AF1QipMRD8sJA0j84yHIzYSohk4KDggUTw2iTcGKZ7mU
//photos(dot)google(dot)com/photo/AF1QipNZQ7TTbDGrDNSMKMAtCt5I7P8_1QFQMyVRi6-_
7th September 2015, 06:50 PM |#7  
Nuh99's Avatar
OP Member
Flag Karachi
Thanks Meter: 58
 
More
Quote:
Originally Posted by drdkundu

Screenshots below:
please add http.. before
//photos(dot)google(dot)com/photo/AF1QipNuigMsljp-1jsPLPqo_QuG_27vDUHS-DzSZZi-
//photos(dot)google(dot)com/photo/AF1QipMUmGdmU7TyETRaomzJzzKSuFYOiW7e53urGT6P
//photos(dot)google(dot)com/photo/AF1QipMRD8sJA0j84yHIzYSohk4KDggUTw2iTcGKZ7mU
//photos(dot)google(dot)com/photo/AF1QipNZQ7TTbDGrDNSMKMAtCt5I7P8_1QFQMyVRi6-_

They are not opening. Error!
Kindly send me @ my fb.
7th September 2015, 07:01 PM |#8  
Junior Member
Thanks Meter: 1
 
More
Thumbs up
Thanks, its work, no more monkey test and Time service on my android.
before: my Malwarebytes detect there are virus cameraupdate.apk;MusicProvider.apk;
LiveWallpaper.apk;SistemCertificate.apk and providerCertificate.apk .so i delete all on system/app. all can delete except cameraupdate.apk

I try your way but i have different case on my ColorOS android 4.2.2
Using App Master(EasyApps Studio) i find that :
monkey test refer to sytem/app/cameraupdate.apk
but time service refer to data/app/com.android.hardware.ext0-1.apk
so i add
cd data/app
chattr -iaA com.android.hardware.ext0-1.apk
rm com.android.hardware.ext0-1.apk
with Root explorer browse root directory and sd card search cameraupdate.apk and com.android.hardware.ext0-1.apk after find check list all then delete.
No need clear cache just delete
/data/dalvik-cache/system@app@cameraupdate.apk@classes.dex
/data/dalvik-cache/data@app@com.android.hardware.ext0-1.apk @classes.dex
This work
Thanks

Note:
if you find ...Error... chattr -iaA not found
WHAT TO DO ? its mean you only install app not yet istall busybox
after install Busybox Installer by JRummy Apps Inc. from play store open app
on tab installer, select busybox ver1.2 select intall location /system/xbin/ then touch Install
The Following User Says Thank You to agzpur For This Useful Post: [ View ] Gift agzpur Ad-Free
7th September 2015, 07:38 PM |#9  
Nuh99's Avatar
OP Member
Flag Karachi
Thanks Meter: 58
 
More
Quote:
Originally Posted by agzpur

Thanks, its work, no more monkey test and Time service on my android.
before: my Malwarebytes detect there are virus cameraupdate.apk;MusicProvider.apk;
LiveWallpaper.apk;SistemCertificate.apk and providerCertificate.apk .so i delete all on system/app. all can delete except cameraupdate.apk

I try your way but i have different case on my ColorOS android 4.2.2
Using App Master(EasyApps Studio) i find that :
monkey test refer to cameraupdate.apk
but time service refer to com.android.hardware.ext0-1.apk
so i add
cd data/app
chattr -iaA com.android.hardware.ext0-1.apk
rm com.android.hardware.ext0-1.apk
with Root explorer browse root directory and sd card search cameraupdate.apk and com.android.hardware.ext0-1.apk after find check list all then delete.
No need clear cache just delete
/data/dalvik-cache/system@app@cameraupdate.apk@classes.dex
/data/dalvik-cache/data@app@com.android.hardware.ext0-1.apk @classes.dex
This work
Thanks

Yes you don't need cache clear but doing it on a safe side is better.
If this post helped you please give a thumbs up!
The Following User Says Thank You to Nuh99 For This Useful Post: [ View ] Gift Nuh99 Ad-Free
8th September 2015, 01:29 AM |#10  
Junior Member
Thanks Meter: 0
 
More
i can't change the permission on root explorer.
Quote:
Originally Posted by Nuh99

Hello everyone,
This method I'm going to write is tried on my own Lenovo A7600-H Kitkat 4.4.2 tablet, which I did not flash because I'm not sure about stock roms available on the net. If I had found a reliable rom I wouldn't be able learn this

To remove this virus you need to install busybox, Terminal emulator, Root explorer pro and you must have Supersu not superuser which is installed by Kingoroot. If you have rooted your device with kingoroot, so you need to change that.

Here is how to change that:
Google this: how to get ride and replace kinguser with supersu app (Follow first zidroid link)

I'm not able to submit links so im going to write the exact apps with developer names to download from Playstore.

Busybox Installer by JRummy Apps Inc.
Terminal Emulator by Jack Palevich
Root Explorer Pro by Speed Software

Once you have installed everything here is what to do in steps:

1) Turn off wifi/3G/4G Open settings> apps> all> disable time service and monkey test. (If already frozen via titanium backup or other app) skip this.

2) Open Root explorer go to system/xbin and see if there is any file starting with a dot (eg: .ext.base) also note that every (.) file has diff permission then the rest of other files. So just remember those files with dots because those are the one that you're going to remove in terminal emulator.

3) Go back to system and then go to Priv-app folder and look for these two files
[1] cameraupdate.apk [2] providerCertificate.apk and also notice permission of these two files are different then the rest of Apks so these two are the base of MT TS virus and needs to be deleted.

4) Open Terminal Emulator OR if you have access to your device via adb from a computer.

5) WHAT TO TYPE IN TERMINAL EMULATOR or ADB (CMD Windows)

adb devices (Type this line if you're using adb Windows)
adb shell
su
cd system/priv-app
chattr -iaA providerCertificate.apk
rm providerCertificate.apk
chattr -aA cameraupdate.apk
rm cameraupdate.apk
cd ..
cd system/xbin
chattr -iaA .b
rm .b
chattr -iaA .ext.base
rm .ext.base
chattr -iaA .sys.apk
rm .sys.apk

6) Please see if your device xbin has more files with dots because these are three files I had so if there are more you need to remove them with the same command I mentioned above (e.g:cd system/xbin [Enter] chattr -iaA .New.file & then rm .New.file and make sure you type the file name correctly just as providerCertificate C is capital otherwise permission wont change.

7) Exit Emulator/ADB shutdown your device go to recovery clear cache and restart.

8) Go to settings> apps> all> send me the screenshot if you have Monkey test or Time Service there

9) I'm 100% sure if you've followed everything as I mentioned you are good as new and you don't need to flash.

10) I'm not a developer and That's it!

i can't change the permission on root explorer. can you help me to fix it..it says failed to change permission because your sdcard..........something..

plz help me
8th September 2015, 02:59 AM |#11  
Nuh99's Avatar
OP Member
Flag Karachi
Thanks Meter: 58
 
More
Quote:
Originally Posted by dsamivai

i can't change the permission on root explorer. can you help me to fix it..it says failed to change permission because your sdcard..........something..

plz help me

You can't change it with Root Explorer you have to change permissions with Terminal Emulator by the entering the commands I've mentioned in my guide.
Post Reply Subscribe to Thread

Guest Quick Reply (no urls or BBcode)
Message:
Previous Thread Next Thread
Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes