'' GloablBCServiceInfo.apk '' Delete for I am code used
commond code
su -
mount -o remount,rw /system -
cd /system/app -
chattr -ia system/app/GloablBCServiceInfo.apk -
rm /system/app/GloablBCServiceInfo.apk -
I am look system/app virus is not see. I am happy.
Note: Some model brand (system/priv-app) code used test.
There is new exploit in android system that is always installed in system partition and always renamed the package itself and the application name and filename. Therefore, it must avoid to download any apps that invades the android system and your privacy. i will try this method for newer exploits.
Brother nuh, thanks for the guide. I've deleted the malwares in system/app successfully and also the binaries, xbin... Obvious file weren't they hahaha..
Kind to remember, some malwares like this also integrates in data partition, which does not removed after the malwares in system/app are deleted,..
So guys, if u already cleaned out the mess in the system, try to check out in data/data... There might be some or maybe not , for some cases com.android.apps.start2-1.apk still exists there,,
Use the same method as OP had posted, only change into this param (mount -o remount,rw /data)..
Hope I help some of u, thanks
thanks a lot bro .. Worked fine for meHello everyone,
This method I'm going to write is tried on my own Lenovo A7600-H Kitkat 4.4.2 tablet, which I did not flash because I'm not sure about stock roms available on the net. If I had found a reliable rom I wouldn't be able learn this
To remove this virus you need to install busybox, Terminal emulator, Root explorer pro and you must have Supersu not superuser which is installed by Kingoroot. If you have rooted your device with kingoroot, so you need to change that.
Here is how to change that:
Google this: how to get ride and replace kinguser with supersu app (Follow first zidroid link)
I'm not able to submit links so im going to write the exact apps with developer names to download from Playstore.
Busybox Installer by JRummy Apps Inc.
Terminal Emulator by Jack Palevich
Root Explorer Pro by Speed Software
Once you have installed everything here is what to do in steps:
[Note: USB DEBUGGING MUST BE ENABLED Turn on Usb Debugging by going to settings> developer options> Usb debugging]
1) Turn off wifi/3G/4G, and then go to settings> apps> all> disable time service and monkey test. (If already frozen via titanium backup or other app) skip this.
2) Open Root explorer go to system/xbin and see if there is any file starting with a dot (eg: .ext.base) also note that every (.) file has diff permission then the rest of other files. So just remember those files with dots because those are the one that you're going to remove in terminal emulator.
3) Go back to system and then go to Priv-app folder and look for these two files
[1] cameraupdate.apk [2] providerCertificate.apk and also notice permission of these two files are different then the rest of Apks so these two are the base of MT TS virus and needs to be deleted.
4) Open Terminal Emulator OR if you have access to your device via adb from a computer.
5) WHAT TO TYPE IN TERMINAL EMULATOR or ADB (CMD Windows)
adb devices (Type this line if you're using adb Windows)
adb shell
su
mount -o remount,rw /system
cd system/priv-app
chattr -iaA providerCertificate.apk
rm providerCertificate.apk
chattr -aA cameraupdate.apk
rm cameraupdate.apk
cd ..
cd system/xbin
chattr -iaA .b
rm .b
chattr -iaA .ext.base
rm .ext.base
chattr -iaA .sys.apk
rm .sys.apk
[NOTE: If you are using older version than KK you need not to type priv-app just type cd system/app]
6) Please make sure you type the file name correctly just as providerCertificate C is capital otherwise permission wont change.
7) Exit Emulator/ADB
8) Go to settings> apps> all> send me the screenshot if you have Monkey test or Time Service there
9) I'm 100% sure if you've followed everything as I mentioned you are good as new and you don't need to flash.
10) I'm not a developer and That's it!
Some solution to remove GloablBCServiceInfo.apk of /system/app ?????
In karbonn A 30
x-bin has these files :
.b
.ext.base
.sys.apk
root/system has no priv-app but app file, it has two files:
SettingProvider.apk
cameraupdate.apk
I have given command cd system/app
followed by
chattr -iaA SettingProvider.apk
....Error...
chattr-iaA not found
WHAT TO DO ?
i did as u said, when i typed
...
chattr -iaA providerCertificate.apk [enter]
notice: chattr: Read-only file system while setting flag on providerCertificate.apk
rm providerCertificate.apk
notice: rm failed for providerCertificate.apk, Read-only file system
...
and i can get rit of those malware
it also happen with cameraupdate, .b, .ext.base, .sys.apk
Thank you, Nuh99!
You are legend!
I have spend days, trying to get rid of this annoying malware.
Just wanted to add something FYI:
You most likely have been infected to SnapPea (Windows/Android) software:
Google for:
If while deleting *.apk files you get "read only" message and file cannot be deleted - you have to remount your /system partition be mounted as a read/write partition.
What you need to do is:
Code:# mount -o remount,rw /system
Thanks, its work, no more monkey test and Time service on my android.
before: my Malwarebytes detect there are virus cameraupdate.apk;MusicProvider.apk;
LiveWallpaper.apk;SistemCertificate.apk and providerCertificate.apk .so i delete all on system/app. all can delete except cameraupdate.apk
I try your way but i have different case on my ColorOS android 4.2.2
Using App Master(EasyApps Studio) i find that :
monkey test refer to cameraupdate.apk
but time service refer to com.android.hardware.ext0-1.apk
so i add
cd data/app
chattr -iaA com.android.hardware.ext0-1.apk
rm com.android.hardware.ext0-1.apk
with Root explorer browse root directory and sd card search cameraupdate.apk and com.android.hardware.ext0-1.apk after find check list all then delete.
No need clear cache just delete
/data/dalvik-cache/system@app@cameraupdate.apk@classes.dex
/data/dalvik-cache/data@app@com.android.hardware.ext0-1.apk @classes.dex
This work
Thanks