Zeepad 7 ROM Virus?

[DeaDea]

I have a virus stuck in com.android.server
Malwarebytes tried to remove it, but can't. Same with Dr. Web.
Factory restore failed - virus seems to be in the restore files as well.

Any ideas on how to fix this? I have a second, identical tablet - could I do a backup to SD from the clean tablet and use that to repair the fubar'd file?

Total newbie here, but am willing to learn.

Thanks.

 

[leeshor]

Welcome to the forum

How did you determine you had a virus in the first place? Malwarebytes isn't really an antivirus app but it is usually pretty good with malware. Did you have any anti virus app installed before this happened?

 

[DeaDea]

Granted, I did say "newb", and when it comes to tablets, I am, totally. But, having used PC's for the last 27 years, I know a virus when I see one.
Reset back to factory settings and it came up with a slew of programs that I didn't have on the exact same tablet I had bought a few months before.
These programs were Baidu, MOBOGenie, a Flipit game and Ireader.

"Uninstall" and they come back. Pop-ups and SMS's left and right. Run "Trust" antivirus and it found:
Android/PUP.Riskware.SMSReg
Android/Backdoor.Coudw.a
Android/PUP.Risktool.Monogen

It took out some of the programs/viruses, but could not remove the Backdoor, which is embedded in a necessary system file.

Installed Malwarebytes, same thing. Same with Dr Web.

Sooo....

I went into Settings and did a Factory Reset.
And there they were.

Did a hard reset via the volume and power button, went through the menu, had it delete everything and guess what?

The virus(s) were still there...

So, I'd say I have a virus, wouldn't you? It acts nothing like the exact same tablet I have that I know has no virus. And I can't seem to restore it to a "clean" state.

So, I'm trying to figure out if I can either get a hold of clean software/ROM/OS for this, or somehow use the clean tablet to over-write the bad tablet...

 

[leeshor]

I have an issue with what you described. A factory reset is just that. It puts the tablet back to the way it was when you bough it. If you didn't then install or allow Google to install apps that were on it when the problem started then there should be no virus or malware on it, So either another app, (you installed), is at fault, or the factory reset was inclomplete, or Malwarebytes is showing you a false positive.

 

[DeaDea]

While I appreciate the time you've taken to reply to me, I have an issue with what you are saying.
You seem hung-up on Malwarebytes. As I've said, 3 (THREE) Antivirus/Antimalware apps have said the same thing. AND I am getting "returning" apps after I uninstall - they show up hours later after hand uninstalling them, and bring pop-ups, SMS's (even though I have no SMS apps) and strange behaviors.

Remember - I have a second, non-infected tablet to compare files, etc with.

These come back even if I do not install anything else, just leave the tablet in standby and walk away...

And normally, yes, a factory reset is just that. Unless this has happened:
http://www.androidpolice.com/2011/0...your-phone-steal-your-data-and-open-backdoor/

http://hardware-beta.slashdot.org/story/11/06/16/2127255/new-android-malware-attacks-custom-roms

http://blogs.mcafee.com/mcafee-labs/trojan-hides-rom-android-device

http://securityaffairs.co/wordpress...oot-dangerous-bootkit-already-widespread.html

So why don't we just accept that I have a virus, that it is lurking in the ROM and let's work on fixing the issue, ok?

Thanks.

 

[vampirefo.]

If your tablets are the same, and they are rooted with custom recovery, backup the good one and install the backup on the infected one.

 

[leeshor]

As far as I can tell those links don't apply unless, and this is a big unless, you rooted your tablet or installed a custom ROM, or sideloaded an infected app. If you set your tablet to be able to install apps from unknown sources that would be the possible start of bad things.

As you pointed out both are the same tablets which eliminates some of those possible issues.

It sounds like your best and maybe only option would be to create a recovery image from the one that works and restore it to the one that's having the problem.

 

[leeshor]

If your tablets are the same, and they are rooted with custom recovery, backup the good one and install the backup on the infected one.

You beat me to it.

 

[DeaDea]

As far as I can tell those links don't apply unless, and this is a big unless, you rooted your tablet or installed a custom ROM, or sideloaded an infected app. If you set your tablet to be able to install apps from unknown sources that would be the possible start of bad things.

I'm not sure how they "don't apply", lol. You were talking like a factory reset is a magic panacea - I'm pointing out that that is not always the case...

And I've done none of those things you mention. According to "App Master", the file in question was created 3 months ago. It is different from the file (Cloudsserver.apk) on the clean tablet, which has a date of 10 months ago (same date as all the other "important" OS files on the tablet) - it is also appended with "test1".

 

[DeaDea]

I've been in contact with Worry Free Gadgets ([email protected]). After having me try a few things, like plug the tablet into the charger and leave it to charge for 15 minutes. After that, while the tablet is in the OFF mode, press and hold the power button for 2 MINUTES continuously, tablet will TURN ON and OFF. (Mine wouldn't power off at all!), then charge for 2 hours before use. And they had me install the DEMO patch, but neither of these worked, so they determined that the restore files were indeed corrupt and that, "You can send tablet in for repairs for us to flash it and get back to working." They only charge $15 for this, and that is to cover return shipping.

So, try contacting them if you have a Zeepad that has a corrupt factory restore. Very nice people, never once questioned whether I "did it right" nor acted like I had done something to it in ignorance...