Top Liked Posts
-
There are no posts matching your filters.
-
5That type of malware usually makes itself immutable so that it can t be erased (even when in recovery, immutable that is), and by reading your post I guess that it s what is happening on your phone.
It s easy to undo if you are rooted and have busybox installed.
Open your android terminal, or connect your phone through adb, then type:
lsattr system/priv-app/.gmp.apk
Most likely it will show something like:
-------------iA----------
The "i" means that the file is immutable, ie is write protected.
To undo this type:
busybox mount -o remount,rw /system
then type:
chattr -i system/priv-app/.gmp.apk
Now you can erase the file, and don t forget to erase its dex in the dalvik cache (system@priv-app@.gmp.apk@classes.dex).
The malware may have some hidden stuff in the system/etc or the system/usr folder(check the install date and time, it should be the same than for .gmp.apk), and it may be immutable too so if that s the case just follow the above procedure again (you ll have of course to change the path, for example if there s a suspicious file called xyz in the system/etc folder then type chattr -i system/etc/xyz).
Let us know if it worked...
4It seems that I finaly DID IT!
Thank you all for helping! But thanks to unclefab the most for directing me to the right track! I was googleing "android rm not permmited" and link http://stackoverflow.com/questions/33890752/rm-failed-operation-not-permitted-on-rooted-android
came up. If it wasnt for unclefab's instructions, I probably wouldn't have recognized how helpful this would be.
Anyway command
chattr -AacdDijsStu .gmp.apk
helped to make this malware ".gmp.apk" deletable. And I deleted it!
Thanx again!2Please help me remove these malwares
At this point I don't know what to do.
install twrp recovery
go to location of the spam app using its file manager
select it and press delete1
You can delete anything in TWRP. Just mount system and then use unternal file manager to delete the app.1
You need to have TWRP recovery. Boot in recovery, go to Mounts and mount System. Then go back to the main screen, choose Advanced, then File Manager. Go to the directory where your file is, click on it, then choose Delete. You'll get a warning that operation is irreversible. Swipe to execute. That's it.
If that doesn't work for you, then reinstall your current rom without wiping data. This way, your System partition will be reformatted, original system apps installed and data preserved. Depending on the rom you flash, you may lose root and/or Supersu, so, you'll have to redo those.
