Malware on Android Xiaomi

system · 2015-10-11T21:24:28.000Z

Hi,

I am a new member here and I have been looking for my problem but haven’t found any solution so I am going to post a new post here.

Last week I bought a XIAOMI REDMI NOTE 2 (Lollipop 5.0.2) from China. It has been rooted by the shop I bought it with kingroot. Since the day I started using it, I downloaded Avast Mobile Security from Play Store and it detected several malwares that were solved. However, there are one malware that still persists.

When I ran virus scanner, it detects one issue in classes.dex located in GoogleSearch.apk whose directory is /system/priv-app/search. Activity Log notifies this issue:
*Problem in: /storage/emulated/0/Android/data/com.estrongs.android.pop/tmp/zip/GoogleSearch/classes.dex
Android:Agent-HNN [Trj]
Android:Agent-HNN [Trj]

This problem still persists because when I ran antivirus, Avast still notifies me the issue and I can’t even delete that apk (GoogleSearch.apk nor classes.dex ) or that folder because it belong to the system (also I don’t now if that apk is important for the smartphone).

Note: I have also ran Kasperky Internet Security and it detects in GoogleSearch.apk this:
*UDS:DangerousObject.Multi.Generic
*HEUR:Trojan-Spy.AndroidOS.Agent.el

I enclose one screenshot of Activity Log. (I enclose KIS Lot too in case it might be helpful).

Can you help me please? :‘( :’(

So much thanks in advance!! ;D ;D

Pondus · 2015-10-11T21:37:16.000Z

you may upload and test suspicious file(s) at www.virustotal.com / www.metascan-online.com
if tested before, click rescan for a fresh result
you may post link to scan results here

since this is Android related, you may post in Avast mobil products forum section and give link to this topic
malware removers in this section mostly work on windows PC

Pondus · 2015-10-11T21:42:51.000Z

Is Xiaomi Secretly Sending User Data to Chinese Servers? (Updated: Xiaomi Responds)
http://gadgets.ndtv.com/mobiles/news/is-xiaomi-secretly-sending-smartphone-user-data-to-chinese-servers-567686

system · 2015-10-11T22:30:23.000Z

Thanks so much Pondus,

I did what you said. I used the www.virustotal.com / www.metascan-online.com and the results are:

https://www.virustotal.com/es/file/7edea678cd63c5ef8186c1555b20bdc387213b4476af4bc16bbb54805b8b7f94/analysis/
https://www.metascan-online.com/#!/results/file/9d840b8ee57b4453b3f187da38973bee/regular

It clearly seems to be an issue in there but I don’t know what to do now. Maybe delete that apk? (delete that apk (GoogleSearch.apk or classes.dex ) would be impossible since they belong to the system). Or maybe are there another tool to remove it? (I don’t know any).

I post this in Avast mobil products forum section as you said. By the way can you tell me your opinion about this and the results of the virustotal and metascan?

Thanks so much! ;D ;D

Asyn · 2015-10-12T06:19:14.000Z

Answered here: https://forum.avast.com/index.php?topic=177539.msg1258749#msg1258749

Announcements