Help Help! i have adware that won't go away even after a factory reset!

[Android Question]

I have an iNew L4 running Android 5.1 on Giff Gaff (which always detects as O2 for some reason) in the UK.

I am getting pop-ups on the home screen asking me to try out various apps. If I tap on them it takes me to a web page - it's never got further than that before I've killed the browser. It has also lost all my contacts and won't let me answer a call, instead hanging up and giving me an advert pop-up instead. It has been getting worse for a while, but started a long while after I got the phone so I suspect it's something I've installed rather than being factory compromised, but I don't now what by this point.

I have installed virus scanner apps, removed the sdcard, and done a factory reset several times. I've also just tried rebooting into safe mode and rerunning the virus scanner - that didn't work. The malware won't go away.

I've tried several virus scanners. Avast, AVG, and Stubborn Trojan Killer all tell me I'm fine, but AVL actually gives me results, telling me I have 3 "risky files". They are (including the text in orange (i don't know how to make it orange here) below each one that I presume is the reason it's risky)

/system/priv-app/Settings/Settings.apk
NotVir/Android.AV/Agent.a[gen]
This app may have sms sending behavior without the user's consent

/system/priv-app/LQLauncher3/LQLauncher3.apk
Adware/Android.Waps.a[ads,prv,opd]

/system/app/Email/Email.apk
NotVir/Android.GenericDetect.a[gen]

As I'm getting adverts I suspect it's the second one. Unfortunately AVL doesn't seem to be able to remove the damn thing! Is there a better one out there that might work?

I've seen a suggestion of installing a root browser and deleting the files manually, but I suspect deleting the settings and launcher apps might be less than ideal!

Is there anything I can do that I haven't thought of? Do I need to flash a new rom onto my phone? iNew's download page doesn't have a rom for it (and asking their customer services was not very helpful), but this site does - I have no idea which of those I should use! Should I install Cyanogenmod or some other custom rom? Or Ubuntu Touch? (i am running Kubuntu linux on my desktop... though I have access to a windows machine if I need to use one to fix it). Should I just take it into a shop somewhere and ask them to do it?

I've been poking at this on and off for three or four days now and I'm just getting more confused and annoyed by this point!

 

[AZgl1500]

First of all, you need to stop from clicking on any advertisement link. That is how that pesky advert got on your phone in the first place.

2nd, I once experienced the same thing, and it was right after I inadvertently touched the bottom of my phone w/o looking to see where my fingers went....

and in my case, the only thing that got rid of it was the FDR.... but you say you have done that?
If it still remains on the phone, then I suspect you are going to have to use Odin and download a new copy of the OS into your phone.

whatever it is, has somehow, managed to get past permissions and modified one of the system files.

Have you tried the 3 finger boot up process? Then choose clear out Cache Partitions?
that has worked "sometimes".

 

[The_Chief]

What I'm seeing from your post are adware apps that have installed themselves into the /System partition, which is where your operating system is. A factory reset does NOT touch the /System partition. I would advise you to wipe data, cache and system and install a new OS... whether that is the stock firmware or Cyanogen or other custom ROM. Remember to have the new OS on the SD card BEFORE you wipe system, because once you wipe /System there will be nothing to boot to. My 2¢

 

[LozHensel]

AZgl1500, what is the three finger boot up process? Do you mean the factory settings menu? If so I found that - hold down volume down and power and it boots into it... took me a while to decode it because it was in Chinese, but I managed to find somewhere that had translations. I ran a factory reset from there, but it didn;t seem to do any good. There didn't seem to be a "clear cache" option. I saw a reference to holding volume up and volume down, and power, and I tried that to no avail - nothing happened at all!

The_Chief yes, it looks like that to me too. I hoped there was something I could do short of trying to flash a new OS on there, but if there isn't I guess I'll have to bite the bullet, pick one of the three from this page http://www.needrom.com/category/inew/l4/ and go for it! I've had a bit of a poke at getting adb to see it under Linux without success, but there are still things to try there.

 

[AZgl1500]

yes, the Factory Menu at boot.... on Samsungs, it takes 3 fingers to get it to work.

 

[LozHensel]

Ah right. Seems to be 2 on thing. I'm resigned to installing a new rom by this point. It's being fiddly though! The command line tools were out of date and not giving me the options the various walkthroughs I found told me should there... Still, I think i've got that sorted now, onto the next insurmountable task!

Thanks for your help, can I mark this solved somehow?

 

[Hadron]

Click "Best Answer" on one of the posts and that will mark the thread as "solved".

 

[LozHensel]

Thanks. Done

 

[LozHensel]

I've fixed it! I installed a new launcher and deleted the default on. now the symptoms have stopped and it's not being detected any more. Lets hope it stays that way!

Huge thanks to everyone who's helped me through this!