Quite a number of fans have complained about encountering this issue either on other peoples MTK Android phones or theirs so we’ll be discussing these malware, how they affect your Android phone and how to permanently remove them.
How did I get infected?
In my previous article on removing Malware from an Android phone (see https://journal.hovatek.com/how-to-remove-adware-from-an-android-phone/), I discussed some methods by which malware infect your Android phone. The easiest point of entry for an Android phone is the application(s) you install. Considering how popular the Android platform is and how many Android apps there are, its not hard to imagine why hackers would exploit this. The most potent carriers of malware are cracked / nulled apps (using malware crypters and binders).
Are they harmful to my Android phone?
If you’ve ever experienced these apps then you would know that they not only auto-update but also install unsolicited applications on your phone (using up your data plan). Adware are just a few steps away from harvesting your personal information so why wouldn’t they go all the way? You will also get a lot of has stopped errors like “unfortunately adobe air has stopped”, “unfortunately measure has stopped” and this could be very frustrating.
Why wont uninstalling / factory resetting remove them?
Uninstalling them under Settings >Apps or doing a factory reset would have been effective if only these apps were fully installed in the /data partition. After uninstalling, all you need to do is reboot your phone and they’re back again like nothing happened.
How then do I remove privacy guard, easy tool, monkey test and time service from my phone?
Consider the following methods:
1. Locate the malicious apks under /system/apps, data/app, vendor/operator/app , system/priv-app, system/preloadapp or anywhere they’re installed to and delete them. For Monkey Test and Time Service, the apks to delete are cameraupdate.apk, providerCertificate.apk, providerdown.apk and themeManags.apk (see https://journal.hovatek.com/how-to-remove-bloatware-on-an-android-phone/ for the Bloatware removal techniques ). The phone needs to be rooted in order to use this method (see https://journal.hovatek.com/how-to-root-android-easily-without-pc/ to know more about rooting an Android phone)
2. Install a good antivirus like 360 security , Stopbadapp , AVG , Ghost Push Trojan Killer, Avast or Malwarebytes and scan the phone.
3. Use the custom recovery backup and restore method:
- Get a working phone of the same model (without the malware issue)
- Flash a custom recovery to both phones using the method at https://forum.hovatek.com/thread-455.html and backup the working phone in recovery mode (see https://forum.hovatek.com/thread-479.html for how to boot into recovery mode)
- Copy the backup folder from the SD card of the working phone to the SD card of the malware infected phone (ensure to maintain the folder structure)
- Boot the malware infected phone into recovery mode and format System under Mounts & Storage
- Return to the main menu and restore the backup of the working phone under Backup & Restore > Restore
4. Format then flash using SP Flash Tool
- Get a clean working phone of the same model and back it up using the method described at https://forum.hovatek.com/thread-468.html (you’ll then have a stock / MTK backup)
- Format then flash the malware infected phone using SP Flash Tool at https://forum.hovatek.com/thread-159.html and the stock MTK backup obtained from the step above
My phone is stuck at brand logo after deleting something wrong in the /system folder. How do I fix my phone?
You need to flash back system.img or system.ext4.tar depending on the format that your /system directory is in the ROM. Please, create a new thread at our forum and our reps will provide free step by step assistance (see https://forum.hovatek.com/thread-514.html for how to create a thread) .
Hovatek….just a button away!
74 comments on “How to remove privacy guard, easy tool, monkey test and time service malware from an MTK (Mediatek) Android phone”
Hakeem
October 2, 2015 at 10:35 pmPls I need you to grant me access to download stock ROM for my injoo f2 which has been affected virus. Thank you
Hovatek
October 3, 2015 at 4:11 amgranted! download @ https://forum.hovatek.com/thread-1242.html and flash using WiseLink tool @ https://forum.hovatek.com/thread-5603.html
Churchill
October 7, 2015 at 11:26 amWow, you don’t know how delighted I am. Your post was very helpful and I finally got rid of the annoying maleware “your ‘app’ has stopped” that continued to terminate my applications and programs.
After I installed the latest AVG anti-virus and ran a scan, my Tecno Phantom Pad II came back to live.
Double thumbs up Hovatek!
austin
October 7, 2015 at 2:42 pmplease i need help on how to fix my infinix X507 phone. it has been popping up adobe air and android system is not supported. after flashing it, the problem still continue.
Hovatek
October 7, 2015 at 2:46 pmdownload the stock backup @ https://forum.hovatek.com/thread-533.html
format and flash using Sp flash tool @ https://forum.hovatek.com/thread-159.html
olamilekan
October 9, 2015 at 9:54 amPls I need a permission to download tecno N9 stock rom which keep on showing sales tracker has stopped.. My Gmail is Abanik4real@gmail.com
Hovatek
October 9, 2015 at 9:59 amFollow the guide @ https://forum.hovatek.com/thread-1254.html
Raybaba
October 10, 2015 at 8:52 amPlease I need stock tecno j7 rom. Thank you…
holyland umude
October 15, 2015 at 7:47 pmpls my tecno H6 is having malware issues such as security plugin and timeservice.pls i need a step by step approach on how to fix this problem,it really affecting my phone as i can no longer enjoy surfing with the phone due to persistent hanging and malfuncting of the phone.
Hovatek
October 15, 2015 at 8:14 pmDownload the mtk backup at https://forum.hovatek.com/thread-311.html then follow the guide above
Rayass
March 30, 2016 at 10:40 pmpls i need help my tecno y6 keeps poping up with some apps immediately i on my data and it mkes de phone freeze and presin itself cant even use it wen the data in on
Hovatek
March 30, 2016 at 11:20 pmHave you downloaded the firmware?
marshal
October 18, 2015 at 8:36 amGoodday hovatek, i installed an application used for studies and signed in.it immediately wrote unfortunately “unfortunately the specific app has stopped working” i have tested that same app on another android and it worked perfectedly…. Do u suggest i flash the stock rom….
Hovatek
October 18, 2015 at 9:59 amno, no need to do that. just uninstall and re-install the app. read https://forum.hovatek.com/thread-162.html
olamik
November 3, 2015 at 12:38 pmmy phone is showing adobe air has unfortunately uninstall,how can i fixed that
Hovatek
November 3, 2015 at 12:41 pmWhat’s the phone model?
TEJID
November 14, 2015 at 11:34 amnice of u people. i need u to send me sure website to download android files like tecno, itel, sonny
Hovatek
November 14, 2015 at 6:44 pmhttps://forum.hovatek.com/forum-89.html
eliud
November 16, 2015 at 11:12 amkindly assist with getting rid of privacy password problem on infinix.
Banke
January 7, 2016 at 12:31 amplease I have some unwanted apps on my techno h7,still there even after factory reset and even erased my memory card.please help
Hovatek
January 7, 2016 at 3:37 amWhat are the apps exactly?
Wajja Richard
April 20, 2016 at 11:12 pmMy Tecno H6 has been attacked by malicious app called “pro” this goes on downloading other apps like android patch, engrils, engriks and games like “through the gun fire” and others without notice. System apps like adobe air, measure, security plugin go on stopping and my data is used rapidly before I use it. They can’t be removed by a factory reset or flashing.
What can I do to over come the problem. Thanks
Hovatek
April 21, 2016 at 11:14 amJust follow the guide above
Wajja Richard
April 22, 2016 at 6:20 pmThere is no way I can get the stock ROM?
Hovatek
April 23, 2016 at 8:55 amIt’s at https://forum.hovatek.com/thread-311.html
wajja Richard
April 23, 2016 at 5:54 pmWill it work if I download it directly with my H6 and install it?
And if it’s possible, can’t the file be lost if I perform a factory reset?
Last but not the least, can I upgrade my android version from 4.4 kitkat to 5.0 lollipop and how?
Hovatek
April 23, 2016 at 5:56 pmYou can download the firmware with any device but need a PC to flash as the guide says.
No such upgrade for your phone
wajja Richard
April 23, 2016 at 6:01 pmSome time back I visited a software stores to flash but he told me that I had to get another physical H6 phone so he can copy the file to mine, and he continued that if he uses a downloaded file from Internet, that my phone may fail to power on a again. Is there no worry about this file? Thanks
Hovatek
April 23, 2016 at 6:08 pmIs your phone an original or a clone?
wajja Richard
April 23, 2016 at 6:17 pmAn original
Hovatek
April 23, 2016 at 6:20 pmThen you should have no problem with our firmware
wajja Richard
April 23, 2016 at 9:58 pmAny flashing system like the VOLCANO TOOL can work?. Also I’m seeing H6 variant 1 and H6 variant 2 which one should I download. My H6 is of the second version of an 8GB ROM with a 5GB free space.
Hovatek
April 23, 2016 at 10:35 pmBefore considering flashing, had you already tried the antivirus method?
wajja Richard
April 24, 2016 at 7:05 amI have tried many anti viruses including AVG, 360 security,, they could help me to identify them, also directed me to disable and force stop the infected inbuilt apps, lastly I downloaded stubborn Trojan killer which requested me to download king root of which I did and I rooted the phone. On rooting, I was able to uninstall the inbuilt apps completely, King root then changed into a system app, yesterday I restored the phone but king root reappeared as a system app. But all in all, on doing all that, it only stopped downloading the malicious software but it couldn’t save quick data loss and so I had to disable all back ground data of all apps including Google play Store, and this made my phone very slow and some features not working.
Hovatek
April 24, 2016 at 7:59 amOk.
Go to Settings > About > Build number and tell me what you have there
wajja Richard
April 24, 2016 at 8:24 amH6-G325-A2-KK-20150122S
Hovatek
April 24, 2016 at 8:48 amYours is variant 3. We’ll upload the firmware soon
wajja Richard
April 24, 2016 at 9:16 amFor how long should I wait, and how many variants are there for H6?
Hovatek
April 24, 2016 at 9:26 amThere are up to 4, possibly more.
Can’t give an exact estimate for when it’ll get uploaded but usually within a week
Wajja Richard
April 29, 2016 at 11:17 pmLast week I took it to a software engineer and gave me a firmware with a build number H6-G325-20140923 But seems to be an older version, with just a 2GB free space and sometimes freezing. Which variant is that.?
Nway, I have found a certain firmware with a build number of H6-G325-B2-KK-20150707,Is it safe if I download that? Remember the original number is H6-G325-A2-KK-20150122S.
Then lastly, is there any problem if the IMEI change after flashing?
Hovatek
April 30, 2016 at 6:42 amThe second firmware isn’t for your variant, it might not work properly.
For the IMEI, there’s no problem
Wajja Richard
April 30, 2016 at 7:03 pmH6-G325-B2-KK-20150707, is the one which will not work and so I should not bother download it?
Hovatek
May 1, 2016 at 4:27 pmYou need the firmware for your build number
Wajja Richard
May 1, 2016 at 8:50 pmHw about G325-20140923, which was flashed in? Nway it’s working but sometimes freezing
Hovatek
May 1, 2016 at 10:08 pmDoes it freeze in safe mode?
Wajja Richard
May 2, 2016 at 3:38 pmWhat do you mean by safe mode
Hovatek
May 2, 2016 at 11:49 pmThere’s a way to boot your phone into safe mode
Wajja Richard
May 3, 2016 at 6:17 amWill that help? And how should I do that?
Hovatek
May 3, 2016 at 9:02 amSee https://forum.hovatek.com/thread-572.html
Wajja Richard
May 6, 2016 at 10:17 pmIt’s no longer doing that since I changed the ROM, today I used a USB to read my H6, but was read as Tecno J7, why did that happen?
Hovatek
May 7, 2016 at 9:25 amThis happens a lot on Tecno phones. Phones use almost the same drivers and parts as other models
Wajja Richard
May 3, 2016 at 10:28 pmThere is nothing much, nway u told me that the variant 3 stock ROM will be available in a week’s time, but it now almost 2 weeks now
Hovatek
May 3, 2016 at 10:50 pmThe server we save files to is having problems. We’re working on fixing it
Wajja Richard
May 6, 2016 at 12:22 amSo when will that be done
Ruthie
May 6, 2016 at 10:42 amI can’t use my usb anymore, is it a virus or what? It even takes a long tym before it charges.. I use infinix hot note. Pls help
Hovatek
May 6, 2016 at 11:37 amDoes the phone download or update apps without your permission?
Wajja Richard
May 7, 2016 at 11:01 pmSo the server is still down?
Hovatek
May 8, 2016 at 9:56 amWe’re currently uploading another H6 firmware to Google drive
Wajja Richard
May 8, 2016 at 2:53 pmOK then I will be waiting
Hovatek
May 9, 2016 at 4:45 amhttp://hovatek.com/redirect.php?link=https://docs.google.com/uc?id=0B_-waNKLvNRcMWphQXBjdXllcEU&export=download
Wajja Richard
May 9, 2016 at 10:17 pmThanks my dear friend, I will flash tomorrow
Hovatek
May 9, 2016 at 10:28 pmOk
Wajja Richard
May 11, 2016 at 5:10 pmIf someone downloads an app let’s say a game but when it’s imbibing malwares and his phone becomes infected, if I share such a game from their phone and install it on mine, can I also get infected with the same malwares?
Hovatek
May 12, 2016 at 1:15 pmVery likely
Wajja Richard
May 13, 2016 at 8:13 amOK then
Hovatek
May 13, 2016 at 7:26 pmAlright.
Wajja Richard
May 9, 2016 at 10:41 pmWhat’s the importance of rooting a phone? And what’ are the side effects?
Hovatek
May 10, 2016 at 8:06 amSee http://blog.hovatek.com/how-to-root-android-easily-without-pc
EL MWAI
May 25, 2016 at 1:39 ammy phone model is Techno R7.whenever I switch on the data unwanted apps r downloaded like APUS,GOOGLE SERVICE,TIMES SERVICE etc.Am very annoyed coz I cant use my phone.please help
Hovatek
May 25, 2016 at 1:56 amhave you followed the guide above?
EL.MWAI
May 25, 2016 at 1:42 amHi.MY PHONE IS TECHNO R7 AND I HAVED BEEN INVADED BY APPS LIKE TIMES SERVICE,APUS,GOOGLE SERVICES AND OTHERS WHICH ARE REPLICATING THEMSELVES.PLEASE HELP TO SOLVE THIS PUZZLE.I HAVE TRIED TO FORMAT AND ALSO SCANNING THRU ANTI VIRUS AVG BUT ALL FUTILE
Hovatek
May 25, 2016 at 1:55 amThats weird. How exactly did you format the phone? did you use the SP Flash Tool method above?
Adelowo
December 6, 2016 at 11:52 amPls, how can i remove monkey virus on my tecno r7 without using pc?
Hovatek
December 6, 2016 at 12:51 pmYou can install an antimalware then scan the device.
If the device is rootedd, I can guide you through another method using LinkSD