[TUT] Monkey Test and Time Service worm virus Removal - PINOYDEN


Go Back   PINOYDEN > Symbian Software Zone > Mobile Discussions

Welcome to PinoyDen Forums.

You are currently browsing our forum as a guest, please consider registering to get full access to all of our forum features, download free games, get help for your pc and cellphone problems and learn new mobile tricks like how to browse the internet using your cellphone for free. All that and more, so what are you waiting for, JOIN us now!!!! Click here to register...
 Topic: [TUT] Monkey Test and Time Service worm virus Removal  (Read 9207 times)
0 Members and 1 Guest are viewing this topic.
Pages: [1] 2   Go Down
10-01-15 08:48 AM
  • Full Member
  • ***
  • Offline
 
Posts: 559
Thank You: 114
Reputation: 0
musicgeek has no influence.barely matters.is working their way up.might someday be someone...is on the verge of being accepted.is a rising star!has a powerful will.is a force to reckon with.has great potential!has an aura about them.is leading the good life!is awe-inspiring!
My Sony Xperia recently slowed down and upon checking the Running apps, 2 suspicious services are on the background named Time Service and Monkey Test. Surely this has made a monkey out of me and I have gone nuts trying to get rid of it. Luckily my phone is rooted and I have a clockworkmod backup. I have decided to restore from it to end my woes.

I want to share this Tutorial as a guide to help those who are stuck with this "unbreakable" virus and whose phone security has been compromised. Top anti-virus like Avast won't help as of this writing.

Para sa mga nabiktima at para na din sa mga watchmodes, eto mga nakalap ko at na-experience sa virus na ito. Remember, prevention is still the best solution. Sana makatulong:

Anong pakana ng gumawa nito?
Nagdodownload ito ng kung ano anong apps sabi nila, for those apps to gain popularity through unsolicited downloads.

Saan ito nakuha?
Sa kaso ko, sa Popslide pa yata tumawid. The worm virus was disguised as points-earner, ironicallynamed "data protection.apk" . Nung install ko na, it asked for system accessibility. By granting that privilege, the malware became an administrator and got full access of my phone. The virus has also disabled the option to revoke admin privilege.

Anong danyos nito?
Dahil magdodownload ito ng kung ano anong apks sa phone, babagal ang internet aside from the phone itself once multiple apps are installed by it.

How does it work?
The virus copies itself in the data/app and system/app dir and make itself a persistent service. In mycase it was ThemeManags.apk on the system/app and at least 2 more suspicious apks I did not install myself on data/app dir. 

The apks installed in the user data directory cannot be uninstalled coz android won't allow to remove apps with admin privileges. The virus has effectively exploited this Android loophole.

Though my phone is rooted, I cannot delete the apks manually using File Managers as deleting from one folder only triggers regeneration through the apks from the other infected directory.

Factory reset didn't help since only the user data are wiped out by it. The worm virus just regenerate through the system directory which is left untouched by the factory reset.

Remedies that may work?

Temporary fix / damage-control:
Disable installation from "unknown sources" and use a firewall to block the virus from doing its work. I use "Android Firewall" and "Mobiwol" for rooted / non-rooted phone respectively. You can also try the Titanium Backup freeze approach if your phone is rooted. Remember to freeze all apks related to the virus. This only stops the virus from downloading and installing apps. The phone is still on compromised state and depending on the other "tricks" that this virus has, it may manifest further threat.

Permanent Fix:
For non-rooted phones and with no plans to root, I don't think there's any other choice but to update or reflash your firmware. Consult your phone manufacturer how to individually go about with this procedure.

For rooted phones, simplest way is a full restore (user + system) from low-level backup like CWM. This will effectively rollback to an earlier state before the virus was installed. If you don't have a backup, reflash your custom firmware through CWM or similar recovery mode.

Good luck ka-PDs!

P.S. They say that "360 security" can remove this virus for rooted and non rooted though hindi ko pa natry. Download nyo na lang sa Google Play.
Reply #1
10-01-15 12:19 PM
  • Jr. Member
  • **
  • Male Offline
 
Posts: 150
Thank You: 21
Reputation: 0
txtwhizard has no influence.barely matters.is working their way up.might someday be someone...is on the verge of being accepted.is a rising star!has a powerful will.is a force to reckon with.has great potential!has an aura about them.is leading the good life!is awe-inspiring!
Nice topic surely for those using load earner apps like mcent.
Reply #2
10-03-15 06:46 AM
  • Jr. Member
  • **
  • Offline
 
Posts: 64
Thank You: 1
Reputation: 0
pist0ler0 has no influence.barely matters.is working their way up.might someday be someone...is on the verge of being accepted.is a rising star!has a powerful will.is a force to reckon with.has great potential!has an aura about them.is leading the good life!is awe-inspiring!
Nag ka ganyan din 0+ 9.2 ko.. ginawa naka freeze na sya gamit ang titanium bumilis na ulit phone ko
Reply #3
10-06-15 05:55 PM
  • Full Member
  • ***
  • Offline
 
Posts: 1188
Thank You: 68
Reputation: 0
cream0922 has no influence.barely matters.is working their way up.might someday be someone...is on the verge of being accepted.is a rising star!has a powerful will.is a force to reckon with.has great potential!has an aura about them.is leading the good life!is awe-inspiring!
Ganyan sa kapitbahay ko ang masaklap yong tech na nag ayos ng cp mas lalong sinira yong cp wala atang alam yong tech na yun
Reply #4
10-06-15 06:29 PM
  • Full Member
  • ***
  • Offline
 
Posts: 609
Thank You: 62
Reputation: 0
uragunn has no influence.barely matters.is working their way up.might someday be someone...is on the verge of being accepted.is a rising star!has a powerful will.is a force to reckon with.has great potential!has an aura about them.is leading the good life!is awe-inspiring!
nice info. salamat po. abangan ko yan kung may magpapagawa sa akin
Reply #5
10-08-15 01:47 AM
  • Full Member
  • ***
  • Offline
 
Posts: 2274
Thank You: 1992
Reputation: 1
aquaman007 has no influence.barely matters.is working their way up.might someday be someone...is on the verge of being accepted.is a rising star!has a powerful will.is a force to reckon with.has great potential!has an aura about them.is leading the good life!is awe-inspiring!


po . . .


pero mas madali ata yumg AVIRA AV . . . pakitry po . . . nasa playstore . . .


Reply #6
01-07-16 09:40 PM
  • Full Member
  • ***
  • Male Offline
 
Posts: 1095
Thank You: 21
Reputation: 0
dituriaga015 has no influence.barely matters.is working their way up.might someday be someone...is on the verge of being accepted.is a rising star!has a powerful will.is a force to reckon with.has great potential!has an aura about them.is leading the good life!is awe-inspiring!
Eto pala yun  sa azus zenphone 5 big lanalang mag download kung ano ano ma apk ayaw ma stop kahit factory reset. At andaming adds nag papop up at nag papa install na apk na di monaman dinownload na nasa mmc nalang bigla. Now i know
Reply #7
01-08-16 11:37 PM
  • Sr. Member
  • ****
  • Male Offline
 
Posts: 5423
Thank You: 690
Reputation: 16
cinuaq has no influence.barely matters.is working their way up.might someday be someone...is on the verge of being accepted.is a rising star!has a powerful will.is a force to reckon with.has great potential!has an aura about them.is leading the good life!is awe-inspiring!
up. nangyari na eto sa phone ng kapatid ko
Reply #8
01-18-16 12:48 AM
  • Semi-Newbie
  • *
  • Offline
 
Posts: 5
Thank You: 0
Reputation: 0
duppy5 has no influence.barely matters.is working their way up.might someday be someone...is on the verge of being accepted.is a rising star!has a powerful will.is a force to reckon with.has great potential!has an aura about them.is leading the good life!is awe-inspiring!
yun engriks na virus pano po mawala, un cp kc ng kapatid q ganyan ang problema? ty
Reply #9
01-18-16 08:37 AM
  • Full Member
  • ***
  • Male Offline
 
Posts: 4279
Thank You: 124
Reputation: 1
systematic has no influence.barely matters.is working their way up.might someday be someone...is on the verge of being accepted.is a rising star!has a powerful will.is a force to reckon with.has great potential!has an aura about them.is leading the good life!is awe-inspiring!
ito na pala yong apps na monkey test/time service ganito pala!  ty ts laking tulong to sa newbie at takot mag root babala to xD, kahit flashing rom ba si epektibo? hitted na
Reply #10
01-18-16 11:09 AM
  • Full Member
  • ***
  • Male Offline
 
Posts: 1601
Thank You: 255
Reputation: 1
javilloelmer has no influence.barely matters.is working their way up.might someday be someone...is on the verge of being accepted.is a rising star!has a powerful will.is a force to reckon with.has great potential!has an aura about them.is leading the good life!is awe-inspiring!
nangyare din yan sa cherry mobile flame 2.0 ko dati. ang ginawa ko ni-root ko phone. install kingroot at sa kingUSer dun ko dinelete yung monkey test at time sevice.
Reply #11
01-22-16 08:02 PM
  • Full Member
  • ***
  • Offline
 
Posts: 609
Thank You: 62
Reputation: 0
uragunn has no influence.barely matters.is working their way up.might someday be someone...is on the verge of being accepted.is a rising star!has a powerful will.is a force to reckon with.has great potential!has an aura about them.is leading the good life!is awe-inspiring!
flash rom lang talaga. kung nadelete nyo man kc rooted. next time nyo magreformat andyan nman yan ulit
Reply #12
01-27-16 11:02 PM
  • Full Member
  • ***
  • Male Offline
 
Posts: 973
Thank You: 165
Reputation: 1
Alesanah has no influence.barely matters.is working their way up.might someday be someone...is on the verge of being accepted.is a rising star!has a powerful will.is a force to reckon with.has great potential!has an aura about them.is leading the good life!is awe-inspiring!
mag ingat din kayo sa mga shop na nag fa flash ng rom at reprogram guys minsan yung stock firmware na nilalagay nila eh infected ng monkey virus. kaya ang mangyayare babalik at babalik kayo saknila pra ipa gawa. pinag kakakitaan ng mga tech yan.
Reply #13
01-28-16 05:15 PM
  • Jr. Member II
  • **
  • Offline
 
Posts: 240
Thank You: 74
Reputation: 0
sheiksamson has no influence.barely matters.is working their way up.might someday be someone...is on the verge of being accepted.is a rising star!has a powerful will.is a force to reckon with.has great potential!has an aura about them.is leading the good life!is awe-inspiring!
very nice topic TS! pero matanong ko lang... sinubukan mo na ba hanapin sa system/app yung malware apps na yan?
Reply #14
01-29-16 05:11 PM
  • Sr. Member
  • ****
  • Male Offline
 
Posts: 5423
Thank You: 690
Reputation: 16
cinuaq has no influence.barely matters.is working their way up.might someday be someone...is on the verge of being accepted.is a rising star!has a powerful will.is a force to reckon with.has great potential!has an aura about them.is leading the good life!is awe-inspiring!
bloatwares ba tawag dyan o virus?
Pages: [1] 2   Go Up
 

All dates are GMT+8:00. The date now is 11-18-18 06:11 PM
WWW.PINOYDEN.COM.PH does not store any files on it's server, we are just indexing other sites contents!
WWW.PINOYDEN.COM.PH [Ang Tambayan ng pinoy!] copyright 2008-2009 All Rights Reserved.
Contents published on www.PinoyDen.com.ph requires permission for reprint.

Page created in 0.099 seconds with 20 queries.