Jump to content

[Android] Kaspersky can't remove dangerous trojan


Recommended Posts

Note: I rooted my device.

For some reason, my tablet has been turning off without warning or shutting down at weird battery percentages (when it shut down at 83% it now showed off 38%, or even it shut down at 80% and it showed off 0%, not sure if it's a battery issue or the Trojan Is eating up battery, or it even remains at 100% for a long time and then shuts down to 0%).

Screenshot_20230128-143712.png

Link to comment
Share on other sites

Hello @Catomax26

Welcome!

  1. First, we'd like to clarify which software is installed, for Android, Kaspersky has Kaspersky Internet Security or Kaspersky Standard; your topic is in Kaspersky Anti-Virus section & you've tagged the topic: Kaspersky Free? -> go to the main application window, select the Profile icon, scroll to the bottom of the page, select About - post a screen print of the About screen please? 
  2. Secondly, have hardware & power diagnostics on the phone been run? 
  3. Thirdly, has Kaspersky been uninstalled, the phone powered off & left off for 5 minutes, powered on, logged in, download & clean install a new Kaspersky software? 
  4. After the clean install, run a full scan, is the detection repeated? 
  5. IF you can access the detected object that cannot be quarantined - you may wish to submit it to Kaspersky for evaluation: Kaspersky Threat Intelligence Portal, or directly to Kaspersky support, via Email or Online Chat; support may request logs traces & other data, they will guide you. 
  6. Note: we recommend you: "un-root" the device before escalating the issue to Kaspersky support. 
  7. Note 1: Support is not available to users of Kaspersky Free, Kaspersky Trial or Kaspersky Beta software. 

Please post back? 

Thank you?
Flood?+?

Edited by Flood and Flood's wife
Link to comment
Share on other sites

1 hour ago, Flood and Flood's wife said:

Hello @Catomax26

Welcome!

  1. First, we'd like to clarify which software is installed, for Android, Kaspersky has Kaspersky Internet Security or Kaspersky Standard; your topic is in Kaspersky Anti-Virus section & you've tagged the topic: Kaspersky Free? -> go to the main application window, select the Profile icon, scroll to the bottom of the page, select About - post a screen print of the About screen please? 
  2. Secondly, have hardware & power diagnostics on the phone been run? 
  3. Thirdly, has Kaspersky been uninstalled, the phone powered off & left off for 5 minutes, powered on, logged in, download & clean install a new Kaspersky software? 
  4. After the clean install, run a full scan, is the detection repeated? 
  5. IF you can access the detected object that cannot be quarantined - you may wish to submit it to Kaspersky for evaluation: Kaspersky Threat Intelligence Portal, or directly to Kaspersky support, via Email or Online Chat; support may request logs traces & other data, they will guide you. 
  6. Note: we recommend you: "un-root" the device before escalating the issue to Kaspersky support.
  7. Note 1: Support is not available to users of Kaspersky Free, Kaspersky Trial or Kaspersky Beta software. 

Please post back? 

Thank you?
Flood?+?

1. Screenshot below

2. No.

3. Yes. It was formatted 3 times.

4. Yes.

5. I can't find it. It's a system file.

6. I don't know how to.

7. What a beautiful service, with cookies and all. How cute.

Screenshot_20230129-005048.png

Link to comment
Share on other sites

Hello @Catomax26

You're most welcome!

Thank you for the information!

  1. Kaspersky make no secret about not providing technical support to: users of Kaspersky Free, Kaspersky Trial or Kaspersky Beta software. 
  2. The apk dropper is not a genuine system file: 816b0e631cd85d917f27b27bde12bdab916a498c1529d3261d3feec365dfbdf7
  3. You need to research power & hardware troubleshooting for your Android Compumax BlueS10 (we can't do it for you, there's not enough information provided & it's OT for the issue.)
  4. Does "Yes. It was formatted 3 times." mean the Android Compumax BlueS10 has been factory reset 3 times? 
  5. Has the Kaspersky software been clean installed? 
  6. Unroot -> How to unroot your Android phone or tablet
  7. Re " What a beautiful service, with cookies and all. How cute." Absolutely no idea what you mean?
  • FYI:  The Community is composed of users of Kaspersky software - just like you, all of whom volunteer their time freely, to help other members of the Community - just like you. There is a small team of Kaspersky employees, all of whom are clearly identifiable, bc, their profile shows "Kaspersky Lab employee". For the most part, and according to our observations, volunteers are dedicated to providing technical analysis to address technical issues.

Thank you?
Flood?+?

Edited by Flood and Flood's wife
modified 2
Link to comment
Share on other sites

11 hours ago, Flood and Flood's wife said:

Hello @Catomax26

You're most welcome!

Thank you for the information!

  1. Kaspersky make no secret about not providing technical support to: users of Kaspersky Free, Kaspersky Trial or Kaspersky Beta software. 
  2. The apk dropper is not a genuine system file: 816b0e631cd85d917f27b27bde12bdab916a498c1529d3261d3feec365dfbdf7
  3. You need to research power & hardware troubleshooting for your Android Compumax BlueS10 (we can't do it for you, there's not enough information provided & it's OT for the issue.)
  4. Does "Yes. It was formatted 3 times." mean the Android Compumax BlueS10 has been factory reset 3 times? 
  5. Has the Kaspersky software been clean installed? 
  6. Unroot -> How to unroot your Android phone or tablet
  7. Re " What a beautiful service, with cookies and all. How cute." Absolutely no idea what you mean?
  • FYI:  The Community is composed of users of Kaspersky software - just like you, all of whom volunteer their time freely, to help other members of the Community - just like you. There is a small team of Kaspersky employees, all of whom are clearly identifiable, bc, their profile shows "Kaspersky Lab employee". For the most part, and according to our observations, volunteers are dedicated to providing technical analysis to address technical issues.

Thank you?
Flood?+?

Thanks. About the troubleshooting, it works almost fine, the only issue for now Is the battery, but it may be an external issue. The MtkSettings.apk has to do wivh MediaTek systems. My android had to be formatted 3 times, and it has a preset ROM usted by my college, full of unnecessary programs and stuff. The Kaspersky software was indeed cleanly installed. My device Is unrooted as for now. The "confusing" quote was a word of disappointment, my bad.

 

Wdym by "the apk dropper Is not a genuine system"?

Link to comment
Share on other sites

3 hours ago, Catomax26 said:
  • it works almost fine, the only issue for now Is the battery, but it may be an external issue.
  • The MtkSettings.apk has to do with MediaTek systems.
  • My android had to be formatted 3 times, and it has a preset ROM trusted by my college, full of unnecessary programs and stuff.
  • The Kaspersky software was indeed cleanly installed.
  • My device Is unrooted as for now.
  • The "confusing" quote was a word of disappointment, my bad.
  • Wdym by "the apk dropper Is not a genuine system"?

Hello @Catomax26

You're most welcome!

Thank you for posting back!

  1. We're confused, in the first instance, you've reported "....battery blah, blah or the Trojan Is eating up battery.." & that you could not get rid of the trojan. 
  2. The MtkSettings.apk is the trojan. 
  3. We said: The apk dropper (which is MtkSettings.apk) is not a genuine system file: 816b0e631cd85d917f27b27bde12bdab916a498c1529d3261d3feec365dfbdf7
  4. Have you done a factory reset of the Android Compumax BlueS10? 
  5. IF you run a full scan *now* is the dropper still being detected? 

Thank you?
Flood?+?

Link to comment
Share on other sites

1 hour ago, Flood and Flood's wife said:

Hello @Catomax26

You're most welcome!

Thank you for posting back!

  1. We're confused, in the first instance, you've reported "....battery blah, blah or the Trojan Is eating up battery.." & that you could not get rid of the trojan. 
  2. The MtkSettings.apk is the trojan. 
  3. We said: The apk dropper (which is MtkSettings.apk) is not a genuine system file: 816b0e631cd85d917f27b27bde12bdab916a498c1529d3261d3feec365dfbdf7
  4. Have you done a factory reset of the Android Compumax BlueS10? 
  5. IF you run a full scan *now* is the dropper still being detected? 

Thank you?
Flood?+?

Yes and yes.

Why Is it not a genuine system? What does it need to have to be genuine?

The Trojan Is eating battery, so i want to get rid of it, but Kaspersky can't do it. Kaspersky Is the only one to detect this same trojan. Not even Malwarebytes can detect it.

Edited by Catomax26
Yes
Link to comment
Share on other sites

1 minute ago, Catomax26 said:

Why Is it not a genuine system? What does it need to have to be genuine?

Hello @Catomax26

You're most welcome!

Thank you for posting back!

  1. ?IF you did a factory reset it should have cleared the apk dropper - MtkSettings.apk - trojan?
  2. Is the MtkSettings.apk a part of the original build / shipped with the android from the factory or added by you or your college? 
  3. What is the MtkSettings.apk version

Thank you?
Flood?+?

Link to comment
Share on other sites

Yes. I'm starting to think it's a battery issue because i haven't seen significant processing issues. But still, i think yes-no that this Is a false positive, but it's weird because in the first year using this tablet i did several Kaspersky scans and none detected this. I think that the Trojan self inserted itself into the preset school ROM.

I have no idea about the original version.  I can't provide the current version because i don't know what it's old version was.

On 1/29/2023 at 7:12 PM, Flood and Flood's wife said:

Hello @Catomax26

You're most wec WS uslcome! 

Thank you for posting back!

  1. ?IF you did a factory reset it should have cleared the apk dropper - MtkSettings.apk - trojan?
  2. Is the MtkSettings.apk a part of the original build / shipped with the android from the factory or added by you or your college? 
  3. What is the MtkSettings.apk version

Thank you?
Flood?+?

 

Link to comment
Share on other sites

Please sign in to comment

You will be able to leave a comment after signing in



Sign In Now


×
×
  • Create New...