Digiland DL1010Q Bloatware/Trojan

MartinOrtiz

Junior Member
Feb 28, 2017
7
0
I downloaded an alarm clock app...and it opened the door for a lot of malware/trojan apps.

So I thought it was simple to deal with, I just do a hard factory reset (volume up + power button etc...).

After clearing cache first, then doing factory reset, then rebooting......

The trojan app comes back and when connected to wifi/internet it starts download random apps non-stop.

And I mean literally non-stop....they seem to be random adware apps.....although some common ones that return are "(fake) Browser", "WhatsApp", "Pharah", "2048", "ShowTime", "Show Time(yes a different one with the extra space)".....

Why can't factory reset do just that??? Why does it not truly factory reset Digiland tablet???

Most anti-virus apps I tried require being online, so as fast as they delete stuff, the stuff that got deleted get re-downloaded. (which malware does that I do not know)
 

Traveller

Administrator
Staff member
Jun 16, 2012
2,858
982
It sounds as if you downloaded the app from Google Play. After a factory reset, after logging in to your Google account, you likely told setup to restore your apps. In doing so, you also restore the rogue app.

You have a few ways to avoid this. Perhaps the easiest is to simply tell setup not to restore any apps. Another way is to use a smartphone, access the Play Store, call up your list of apps, and delete the offending app by tapping the X. Afterward, factory reset and restore your apps. This assumes of course that you have a smartphone as well as a tablet, and that you don't have the rogue app installed on both devices. Finally, you can head to your PC, call up the PC version of the Play Store, find your list of apps, find the app and delete it.
 

MartinOrtiz

Junior Member
Feb 28, 2017
7
0
BEFORE I'm even connected to WiFi, a browser app (not one that came with tablet), is the first malware to re-install itself.....

So, my WiFi is not even set up yet, and I am NOT logged into Google Play store, of course, not being connected to WiFi internet, it wouldn't be able to access store. And still this malware re-installs itself.

When I do connect to WiFi internet, it then starts to download stupid apps non-stop.

But I think I did miss that step on not restoring apps.....where is that found? I think even then, the app will re-install itself (yes I did turn off allow unsigned apps or untrusted apps to install)
 

MartinOrtiz

Junior Member
Feb 28, 2017
7
0
ps. I tried disabling and getting rid of the browser app, but am not allowed to (tablet is rooted)
 

Traveller

Administrator
Staff member
Jun 16, 2012
2,858
982
I'm dreading the answer, but what did you use to root the tablet? The browser in question took advantage of root access to push out the malware, which tells me it was bundled with the root method you used. Worse, it's embedded in system, which is why you haven't been able to rid yourself of it. You'll need a file manager like Root Explorer to get rid of it. You'll have to dig into /system/app or /system/priv-app, find the offending app, and delete it.

Only after you've cleared all the rogue apps from /system/app and /system/priv-app will you be able to factory reset the tablet.
 

MartinOrtiz

Junior Member
Feb 28, 2017
7
0
I had not rooted the tablet. I rooted it afterwards because some anti-virus apps needed that.

I can install iRoot explorer, the problem is, what do I delete? It's not like they're named with a malware extension.
 

Traveller

Administrator
Staff member
Jun 16, 2012
2,858
982
What is the package name (example: com.android.dialer) of the app and where did you download it from?

If the tablet was not rooted prior to you installing the app, then a factory reset should have resolved the issue, provided you don't restore apps in setup. If the thing still downloads apps, then the app rooted the tablet, which is quite possible.
 

MartinOrtiz

Junior Member
Feb 28, 2017
7
0
I'm pretty sure the malware rooted the tablet.

I don't think the original app was the malware (it was a simple alarm clock app)., I got it from Google play store.

I think it opened the door to ad apps, which were what did my tablet in, as I can't seem to stop them.

I will try again tonight.
 

MartinOrtiz

Junior Member
Feb 28, 2017
7
0
I had tried "Stubborn Trojan Killer", and it detected like 56 malware apps....
Stubborn Trojan Killer - Android Apps on Google Play

The two main ones were Ghost Push Trojan and Root Nik Trojan....apparently very difficult to get rid of.

But it (Stubborn Trojan Killer) requires being connected to internet, which is terrible, because as fast as it deletes something, it gets re-downloaded.....or random apps get downloaded....
 

Traveller

Administrator
Staff member
Jun 16, 2012
2,858
982
Check the manufacturer's website and see if they offer a firmware package. If they do, download it and restore the tablet with it.

P. S. If you're going to use anti-malware apps, use something reputable, like Malwarebytes.
 

MartinOrtiz

Junior Member
Feb 28, 2017
7
0
I did try with the "not restore" settings and it didn't help unfortunately.

I also double checked to see if it was rooted, RootCheck, said it was rooted, another root checker said it was not rooted.....so am not sure about rooted state, on the other hand I am pretty sure it is rooted, and was rooted by one of the malware apps. Will check about ROM...those can be hard to find I think....
 

dobermann70

Junior Member
Jan 30, 2018
1
0
Had the exact same problem. Found firmware online but now my touch screen is inverted.
Anyone knows where to find correct firmware?

Sent from my XT1575 using Tapatalk
 
Top