Avast found problem with Play Store Android UUPAY-K [PUP]

Hi folks,

Avast today shows ‘Malware found!’ for my Android 4.2.2 phone,
and the Log shows:
1 problem found, Play Store, Potentially unwanted program detected - Android:UUPAY-K [PUP].

I tried clicking Resolve all, but of course Play Store cannot be uninstalled, and comes up Uninstall unsuccessful.

Does anyone know what this issue is and whether UUPAY-K is malware that needs to be removed, and in which case how?

Alternatively, is it safe for me to tell Avast to Report as false positive, or to Add to ignore list?

The More Info for this issue is:
Play Store v2.0.0, com.uucun4470.android.cms
Read Identity Info
Access Messages

Any comments or advice on this issue would be much appreciated.

Thanks.

(Also, is there a way to correct a typo in my profile location?)

Hi,

com.uucun4470.android.cms doesn’t really look like Google Play Store to me :-/

Filip

Thanks Filip.

I had googled com.uucun4470.android.cms and not found anything relevant.

I have now done a further Avast virus scan of the apps and storage, and nothing has been found.

This has cleared the scary Malware found alert from Avast.

Hmm, it might have been a false positive, but if the com.uucun4470.android.cms app is named Play Store and has the same icon, there is something really fishy about it.

Filip

I found this com.uucun4470.android.cms in my Chinese made cell phone. Yes, Webroot and Avast identified it as Play Store. Both Avast and Webroot cannot remove it. Message un-install unsuccessful. I also found android.cube (com.cube.activity) ; SMSReg (com.mediatek.smsreg) and Opera Service (com.android.systemservice). Avast and Webroot could not remove these 4. Can someone help.

May be you should consider to use another ROM, like CM.

hi folks , recently i have got android tablet … currently i am using premium antivirus of avast on my device …there is a system app in my tab which is always detected as trojan by antivirus like 360 security , trustgo , kaspersky(when i do system app scan ) ., malwarebytes , mcfee … but avast and quickheal is not detecting that app as trojan . my device is not rooted , and whenever i stop that app after reboot it starts itself … its name is com.sts … should i really be worried about that or should i ignore that … i have went to service center and updated my device’s system software , still then that app is detected as trojan . i think the app is in my device rom . so cant root it and remove it because its in warranty period and service center guys said that i face any problem then i can complain and then they will forward to tab manufacutring department… till now i have not faced any malacious activities on my tab . ya sometimes some ads come on my notification bar may be because of of free apps i have in my tab . please suggest something … thanks

Can you please provide the printscreen with full application name? Thanks.

here are the screenshots . please note in these screenshot i am showing you what mcfee is detecting (others are also detecting same app ) . then i am showing what device is saying about that app as description in setting-apps menu… pics that are black in color are description about that app in setting of my device . it was not possible to take complete page as creenshot in one shot so i had to take in three shot

Hello sumkum413,

Can you please install this application https://play.google.com/store/apps/details?id=com.virustotal , scan your device and share the virustotal link or the SHA-256 hash (of the com.sts application) with us ?

Thanks a lot

hi scanned the app using virus total . in first scan it has not detected com.sts saying its not in their database . then after i submitted the app for scanning then following pictures were shown in the detailed report . the link given by them is not valid i think because when i open that link no page opens…
thanks

Hello sumkum413,

The malware seems to be detected by Avast Mobile Antivirus as Android:Agent-DJS.
This specific malware it seems also to be pre-installed in devices like Iball slide 3G etc.
In order to remove the malware you need to root your device and remove the application or contact the device manufacturer and ask for instructions.

kindly look in my previous post i have posted the virustotal result. please note that tab i am using a new product of indian company iball … and if you will google about com.sts you wont find anything …
now i have three questions in mind :

  1. in an article mcfee or G-data, cant recall the name exactly stated about a china mobile firm whose device comes with preinstalled trojan … Is my case similar to such . well everyone knows maximum manufacturing process are carried out in china .

  2. is it possible since its a new app installed in new launched product in market and based on its behaviour only antiviruses are detecting it as trojan …and its just a false positive ? because even after software update its not solved .and till now i have not faced any thing so seriously ( well it make me some times doubt if my data like email credentials and other personel data are getting leaked by this app).

3)if i root my device will it be possible to remove this app in that case also i am afraid if i loose some functionalities of my device ? thanks

exactly . i am having iball 3g , and i have went to service center to complain about this . they said if i face any problem then i can contact them and they will forward the issue to head office of iball .

thanks

This malware is sending a message to this mobile phone:

+91 9870932094 India, Mumbai

The message contains the following data:

SubscriberId, SimSerialNumber, DeviceId, Location

You will either root the device and remove the application or contact again the manufacturer with the above info.

omg … thanks . but i want to know whether manually stopping the after app after clearing cache in setting of this app and every time i reboot i manually stop this app, will it help till i contact service provider ? disable option is not available for it , ya stop option is available and it starts itself only when i reboot …

btw i have checked the number in true caller it has been reported as spam by 80 people …

thanks a lot

will manually stopping the app work temporarily till i contact service center ? ya number u have given it has been reported as spam

The malware reboots itself on every boot.
Force stop from running and contact the support.