Quite a number of fans have complained about encountering this issue either on other peoples MTK Android phones or theirs so we’ll be discussing these malware, how they affect your Android phone and how to permanently remove them.
How did I get infected?
In my previous article on removing Malware from an Android phone (see https://journal.hovatek.com/how-to-remove-adware-from-an-android-phone/), I discussed some methods by which malware infect your Android phone. The easiest point of entry for an Android phone is the application(s) you install. Considering how popular the Android platform is and how many Android apps there are, its not hard to imagine why hackers would exploit this. The most potent carriers of malware are cracked / nulled apps (using malware crypters and binders).
Are they harmful to my Android phone?
If you’ve ever experienced these apps then you would know that they not only auto-update but also install unsolicited applications on your phone (using up your data plan). Adware are just a few steps away from harvesting your personal information so why wouldn’t they go all the way? You will also get a lot of has stopped errors like “unfortunately adobe air has stopped”, “unfortunately measure has stopped” and this could be very frustrating.
Why wont uninstalling / factory resetting remove them?
Uninstalling them under Settings >Apps or doing a factory reset would have been effective if only these apps were fully installed in the /data partition. After uninstalling, all you need to do is reboot your phone and they’re back again like nothing happened.
How then do I remove privacy guard, easy tool, monkey test and time service from my phone?
Consider the following methods:
1. Locate the malicious apks under /system/apps, data/app, vendor/operator/app , system/priv-app, system/preloadapp or anywhere they’re installed to and delete them. For Monkey Test and Time Service, the apks to delete are cameraupdate.apk, providerCertificate.apk, providerdown.apk and themeManags.apk (see https://journal.hovatek.com/how-to-remove-bloatware-on-an-android-phone/ for the Bloatware removal techniques ). The phone needs to be rooted in order to use this method (see https://journal.hovatek.com/how-to-root-android-easily-without-pc/ to know more about rooting an Android phone)
3. Use the custom recovery backup and restore method:
- Get a working phone of the same model (without the malware issue)
- Flash a custom recovery to both phones using the method at https://forum.hovatek.com/thread-455.html and backup the working phone in recovery mode (see https://forum.hovatek.com/thread-479.html for how to boot into recovery mode)
- Copy the backup folder from the SD card of the working phone to the SD card of the malware infected phone (ensure to maintain the folder structure)
- Boot the malware infected phone into recovery mode and format System under Mounts & Storage
- Return to the main menu and restore the backup of the working phone under Backup & Restore > Restore
4. Format then flash using SP Flash Tool
- Get a clean working phone of the same model and back it up using the method described at https://forum.hovatek.com/thread-468.html (you’ll then have a stock / MTK backup)
- Format then flash the malware infected phone using SP Flash Tool at https://forum.hovatek.com/thread-159.html and the stock MTK backup obtained from the step above
My phone is stuck at brand logo after deleting something wrong in the /system folder. How do I fix my phone?
You need to flash back system.img or system.ext4.tar depending on the format that your /system directory is in the ROM. Please, create a new thread at our forum and our reps will provide free step by step assistance (see https://forum.hovatek.com/thread-514.html for how to create a thread) .
Hovatek….just a button away!