+3 votes
17 views
Viruses that are not removed even by "formatting" the cell phone

in Operating System by (475k points)
reopened | 17 views

1 Answer

+4 votes
Best answer

The solution

image

One of the most effective solutions when it comes to solving problems on a cell phone, including the possibility that it has a virus or malware, is to reset or format , that is, to restore its factory settings. This procedure restarts the "user-data" part of the storage that Android uses to save the settings made by the user on the computer, apps and saved data. There may be viruses or malware that have been installed inadvertently and that will disappear with that reset..

Unfortunately, there are more advanced viruses that can stay on the device even after formatting. Basically, this is due to the fact that these viruses, once they have managed to stay on the computer, try to obtain root or root access , using different "rootkits" that take advantage of the vulnerabilities of the Android system, the same "exploits" that are used by tools of intentional rooting like Mediatek SU , TowelRoot , Kingroot , Framaroot , Kingo and older ones like Memexploit or Exynosabuse.

image

Once this root access is achieved, the virus automatically migrates from the "user-data" partition (which as I said before is "erasable" with a reset) to the "system" partition, which is read-only and therefore not it changes its status even when formatting the equipment. The virus can become so complex, as seen with xHelper , that it can make its files "immutable" or invariable, and even lock the system partition in read mode (which CANNOT be put in write mode to alter it) and uninstall root apps such as "Superuser" or "SuperSU" on your own, which could make it easier to erase this virus..

Although xHelper is a recent virus, this type of malware has existed for several years on Android. The security firm Lookout discovered in November 2015 around 20,000 viruses distributed in application stores such as Google Play Store, which although they were only adware (not malware itself), were camouflaged in harmless apps to deceive the user (Trojan) as Facebook, WhatsApp or Candy Crush, which were distributed in those "APP stores" and which could also remain on the device even after restoring the factory settings, as xHelper does.

The solution

The only effective solution to eliminate viruses that are not removed even when restoring the factory settings of the computer, is to flash the firmware of the device. In the case of a Chinese cell phone (which has been one of the most affected by xHelper), whose original firmware already usually comes with viruses or malware and consequently is exposed to the same problem in the future, it is better to search a third party ROM to get rid of the problem. There is the possibility that there is no ROM for that computer, so the only option in that case is to change the device..

References : Android Police

Can a NEW cell phone come with a virus?

Android application stores (EJ: Google Play Store) have viruses?

How to remove viruses from your Android device


by (3m points)
edited

Related questions

+5 votes
1 answer
asked May 28, 2021 in Applications by backtothefuture (475k points) | 35 views
+5 votes
1 answer
+5 votes
1 answer
+4 votes
1 answer
9,124 questions
9,227 answers
417 comments
2 users