FIX for Monkey Test & Time Service Virus (Without Flashing)

Search This thread

clashofking

New member
Jan 20, 2016
4
0
GloablBCServiceInfo.apk Delete.

'' GloablBCServiceInfo.apk '' Delete for I am code used
commond code

su -
mount -o remount,rw /system -
cd /system/app -

chattr -ia system/app/GloablBCServiceInfo.apk -
rm /system/app/GloablBCServiceInfo.apk -

I am look system/app virus is not see. I am happy.

Note: Some model brand (system/priv-app) code used test.
 

nhene007

Member
Dec 1, 2012
19
0
'' GloablBCServiceInfo.apk '' Delete for I am code used
commond code

su -
mount -o remount,rw /system -
cd /system/app -

chattr -ia system/app/GloablBCServiceInfo.apk -
rm /system/app/GloablBCServiceInfo.apk -

I am look system/app virus is not see. I am happy.

Note: Some model brand (system/priv-app) code used test.

Didn't work man, it just restored itself instantly
 

Demonlink14

Senior Member
Mar 9, 2013
65
16
Didn't work man, it just restored itself instantly

I was dealing with this problem as well. Tried Root explorer, tried Root App Remover... I was about to lose hope. But luckily, I thought about using Titanium Backup (from Play Store). So, I opened it, looked for "bcfservice", selected it and pressed "uninstall"... so far, after 3 reboots and 1 power off, it hasn't come back. Hopefully, this can help you remove this atrocious hell of a virus. :)
 

PAPalinskie

Senior Member
Jun 23, 2013
204
22
Cavite
Xiaomi Poco X3 NFC
There is new exploit in android system that is always installed in system partition and always renamed the package itself and the application name and filename. Therefore, it must avoid to download any apps that invades the android system and your privacy. i will try this method for newer exploits.
 

syahazu

Senior Member
Jan 1, 2013
400
67
New Castle KB
Brother nuh, thanks for the guide. I've deleted the malwares in system/app successfully and also the binaries, xbin... Obvious file weren't they hahaha..
Kind to remember, some malwares like this also integrates in data partition, which does not removed after the malwares in system/app are deleted,..
So guys, if u already cleaned out the mess in the system, try to check out in data/data... There might be some or maybe not , for some cases com.android.apps.start2-1.apk still exists there,,
Use the same method as OP had posted, only change into this param (mount -o remount,rw /data)..
Hope I help some of u, thanks
 

Nuh99

Senior Member
Sep 4, 2015
79
77
Samara
There is new exploit in android system that is always installed in system partition and always renamed the package itself and the application name and filename. Therefore, it must avoid to download any apps that invades the android system and your privacy. i will try this method for newer exploits.

Thanks for the info..
If you do it right you can remove any kind of exploit with this..

Please thumbs up if it helped you.

Love
 
  • Like
Reactions: syahazu

Nuh99

Senior Member
Sep 4, 2015
79
77
Samara
Brother nuh, thanks for the guide. I've deleted the malwares in system/app successfully and also the binaries, xbin... Obvious file weren't they hahaha..
Kind to remember, some malwares like this also integrates in data partition, which does not removed after the malwares in system/app are deleted,..
So guys, if u already cleaned out the mess in the system, try to check out in data/data... There might be some or maybe not , for some cases com.android.apps.start2-1.apk still exists there,,
Use the same method as OP had posted, only change into this param (mount -o remount,rw /data)..
Hope I help some of u, thanks

Thanks for the info and response brother :good:

When I started this thread most people didn't believe that it's possible without flashing..
but those who tried it right got rid of it w/o flashing thier device.

please thumbs up if it helped you..
Bless you.

Love:)
 

syahazu

Senior Member
Jan 1, 2013
400
67
New Castle KB
Ur welcome, one does flashing will loose their data if haven't backup, but most phones are hard to find their stock rom, root users indeed will find this method handy if only they know the steps.. I wonder why my previous root exploit messed up my system, I was using King root.. Ought to have a cloned one perhaps haha
 

locomaestro

Member
Aug 25, 2013
11
0
Thank you so much, I had a lot of time working with a cb514 cobia which no stock rom, my client back all the time, just hibernated applications, now could eliminate all the problems we had on the phone.
 

sank33rth

New member
Apr 1, 2016
2
0
Hello everyone,
This method I'm going to write is tried on my own Lenovo A7600-H Kitkat 4.4.2 tablet, which I did not flash because I'm not sure about stock roms available on the net. If I had found a reliable rom I wouldn't be able learn this

To remove this virus you need to install busybox, Terminal emulator, Root explorer pro and you must have Supersu not superuser which is installed by Kingoroot. If you have rooted your device with kingoroot, so you need to change that.

Here is how to change that:
Google this: how to get ride and replace kinguser with supersu app (Follow first zidroid link)

I'm not able to submit links so im going to write the exact apps with developer names to download from Playstore.

Busybox Installer by JRummy Apps Inc.
Terminal Emulator by Jack Palevich
Root Explorer Pro by Speed Software

Once you have installed everything here is what to do in steps:
[Note: USB DEBUGGING MUST BE ENABLED Turn on Usb Debugging by going to settings> developer options> Usb debugging]

1) Turn off wifi/3G/4G, and then go to settings> apps> all> disable time service and monkey test. (If already frozen via titanium backup or other app) skip this.

2) Open Root explorer go to system/xbin and see if there is any file starting with a dot (eg: .ext.base) also note that every (.) file has diff permission then the rest of other files. So just remember those files with dots because those are the one that you're going to remove in terminal emulator.

3) Go back to system and then go to Priv-app folder and look for these two files
[1] cameraupdate.apk [2] providerCertificate.apk and also notice permission of these two files are different then the rest of Apks so these two are the base of MT TS virus and needs to be deleted.

4) Open Terminal Emulator OR if you have access to your device via adb from a computer.

5) WHAT TO TYPE IN TERMINAL EMULATOR or ADB (CMD Windows)

adb devices (Type this line if you're using adb Windows)
adb shell
su
mount -o remount,rw /system
cd system/priv-app
chattr -iaA providerCertificate.apk
rm providerCertificate.apk
chattr -aA cameraupdate.apk
rm cameraupdate.apk
cd ..
cd system/xbin
chattr -iaA .b
rm .b
chattr -iaA .ext.base
rm .ext.base
chattr -iaA .sys.apk
rm .sys.apk
[NOTE: If you are using older version than KK you need not to type priv-app just type cd system/app]

6) Please make sure you type the file name correctly just as providerCertificate C is capital otherwise permission wont change.

7) Exit Emulator/ADB

8) Go to settings> apps> all> send me the screenshot if you have Monkey test or Time Service there

9) I'm 100% sure if you've followed everything as I mentioned you are good as new and you don't need to flash.

10) I'm not a developer and That's it!
thanks a lot bro .. Worked fine for me
 

a.woellert

Senior Member
Dec 2, 2009
68
35
Hello,

i have the same problems with the virus.

With Dr. Web App from Play Store you can find a lot of Virus Files on your Phone. On my Phone over 20 files.

The last one not removable files are
/system/bin/configopb
/system/app/GloablBCServiceInfo.apk

they restored itself instantly


EDIT:
I remove GloablBCServiceInfo.apk with chattr and rm

And finaly i remove all Attributes from configopb with FX File Manager + Root Addon.


Now i must test the situation.
 
Last edited:

Top Liked Posts

  • There are no posts matching your filters.
  • 42
    Hello everyone,
    This method I'm going to write is tried on my own Lenovo A7600-H Kitkat 4.4.2 tablet, which I did not flash because I'm not sure about stock roms available on the net. If I had found a reliable rom I wouldn't be able learn this

    To remove this virus you need to install busybox, Terminal emulator, Root explorer pro and you must have Supersu not superuser which is installed by Kingoroot. If you have rooted your device with kingoroot, so you need to change that.

    Here is how to change that:
    Google this: how to get ride and replace kinguser with supersu app (Follow first zidroid link)

    I'm not able to submit links so im going to write the exact apps with developer names to download from Playstore.

    Busybox Installer by JRummy Apps Inc.
    Terminal Emulator by Jack Palevich
    Root Explorer Pro by Speed Software

    Once you have installed everything here is what to do in steps:
    [Note: USB DEBUGGING MUST BE ENABLED Turn on Usb Debugging by going to settings> developer options> Usb debugging]

    1) Turn off wifi/3G/4G, and then go to settings> apps> all> disable time service and monkey test. (If already frozen via titanium backup or other app) skip this.

    2) Open Root explorer go to system/xbin and see if there is any file starting with a dot (eg: .ext.base) also note that every (.) file has diff permission then the rest of other files. So just remember those files with dots because those are the one that you're going to remove in terminal emulator.

    3) Go back to system and then go to Priv-app folder and look for these two files
    [1] cameraupdate.apk [2] providerCertificate.apk and also notice permission of these two files are different then the rest of Apks so these two are the base of MT TS virus and needs to be deleted.

    4) Open Terminal Emulator OR if you have access to your device via adb from a computer.

    5) WHAT TO TYPE IN TERMINAL EMULATOR or ADB (CMD Windows)

    adb devices (Type this line if you're using adb Windows)
    adb shell
    su
    mount -o remount,rw /system
    cd system/priv-app
    chattr -iaA providerCertificate.apk
    rm providerCertificate.apk
    chattr -aA cameraupdate.apk
    rm cameraupdate.apk
    cd ..
    cd system/xbin
    chattr -iaA .b
    rm .b
    chattr -iaA .ext.base
    rm .ext.base
    chattr -iaA .sys.apk
    rm .sys.apk
    [NOTE: If you are using older version than KK you need not to type priv-app just type cd system/app]

    6) Please make sure you type the file name correctly just as providerCertificate C is capital otherwise permission wont change.

    7) Exit Emulator/ADB

    8) Go to settings> apps> all> send me the screenshot if you have Monkey test or Time Service there

    9) I'm 100% sure if you've followed everything as I mentioned you are good as new and you don't need to flash.

    10) I'm not a developer and That's it!
    2
    In karbonn A 30
    x-bin has these files :
    .b
    .ext.base
    .sys.apk
    root/system has no priv-app but app file, it has two files:
    SettingProvider.apk
    cameraupdate.apk

    I have given command cd system/app
    followed by
    chattr -iaA SettingProvider.apk
    ....Error...
    chattr-iaA not found
    WHAT TO DO ?

    If you don't have a priv-app folder than you are not on Kitkat and you have to delete files from system/app folder.
    Well anyway you have to delete cameraupdate.apk and providerCertificate.apk
    and you are deleting SettingProvider.apk which I never said you have to.
    Please look closely
    2
    i did as u said, when i typed
    ...
    chattr -iaA providerCertificate.apk [enter]
    notice: chattr: Read-only file system while setting flag on providerCertificate.apk
    rm providerCertificate.apk
    notice: rm failed for providerCertificate.apk, Read-only file system
    ...
    and i can get rit of those malware
    it also happen with cameraupdate, .b, .ext.base, .sys.apk

    Kindly follow this :

    Thank you, Nuh99!
    You are legend!
    I have spend days, trying to get rid of this annoying malware.
    Just wanted to add something FYI:
    You most likely have been infected to SnapPea (Windows/Android) software:
    Google for:



    If while deleting *.apk files you get "read only" message and file cannot be deleted - you have to remount your /system partition be mounted as a read/write partition.
    What you need to do is:

    Code:
                # mount -o remount,rw /system
    2
    Thanks, its work, no more monkey test and Time service on my android.
    before: my Malwarebytes detect there are virus cameraupdate.apk;MusicProvider.apk;
    LiveWallpaper.apk;SistemCertificate.apk and providerCertificate.apk .so i delete all on system/app. all can delete except cameraupdate.apk

    I try your way but i have different case on my ColorOS android 4.2.2
    Using App Master(EasyApps Studio) i find that :
    monkey test refer to sytem/app/cameraupdate.apk
    but time service refer to data/app/com.android.hardware.ext0-1.apk
    so i add
    cd data/app
    chattr -iaA com.android.hardware.ext0-1.apk
    rm com.android.hardware.ext0-1.apk
    with Root explorer browse root directory and sd card search cameraupdate.apk and com.android.hardware.ext0-1.apk after find check list all then delete.
    No need clear cache just delete
    /data/dalvik-cache/system@app@cameraupdate.apk@classes.dex
    /data/dalvik-cache/data@app@com.android.hardware.ext0-1.apk @classes.dex
    This work
    Thanks

    Note:
    if you find ...Error... chattr -iaA not found
    WHAT TO DO ? its mean you only install app not yet istall busybox
    after install Busybox Installer by JRummy Apps Inc. from play store open app
    on tab installer, select busybox ver1.2 select intall location /system/xbin/ then touch Install
    2
    Thanks, its work, no more monkey test and Time service on my android.
    before: my Malwarebytes detect there are virus cameraupdate.apk;MusicProvider.apk;
    LiveWallpaper.apk;SistemCertificate.apk and providerCertificate.apk .so i delete all on system/app. all can delete except cameraupdate.apk

    I try your way but i have different case on my ColorOS android 4.2.2
    Using App Master(EasyApps Studio) i find that :
    monkey test refer to cameraupdate.apk
    but time service refer to com.android.hardware.ext0-1.apk
    so i add
    cd data/app
    chattr -iaA com.android.hardware.ext0-1.apk
    rm com.android.hardware.ext0-1.apk
    with Root explorer browse root directory and sd card search cameraupdate.apk and com.android.hardware.ext0-1.apk after find check list all then delete.
    No need clear cache just delete
    /data/dalvik-cache/system@app@cameraupdate.apk@classes.dex
    /data/dalvik-cache/data@app@com.android.hardware.ext0-1.apk @classes.dex
    This work
    Thanks

    Yes you don't need cache clear but doing it on a safe side is better.
    If this post helped you please give a thumbs up!