cancel
Showing results for 
Search instead for 
Did you mean: 
1

Ask

2

Reply

3

Solution

Protect found threat on F1.apk - wont delete

chocchipcooki
3: Seeker
3: Seeker

On my HW P1

After running VF protect, I have found a threat.
"/cust/vodafone/es/app/F1.apk
(infected by Android/youmi/A1Gen)"
but Protect cant remove it, and I cant find this directory through my pc file explorer.

what can I do to get rid? (what is it anyway)
thanks

20 REPLIES 20

DaveCD
Moderator (Retired)
Moderator (Retired)

Hi chocchipcooki

 

Unfortunately I've been unable to recreate this here.

The first steps to troubleshoot this would be to back up all of your contacts and files, and perform a factory reset to see if this continues.

 

Did you notice this after downloading any apps in particular?

 

DaveCD

 I guess you cant recreate it unless youve got the bad-code.

It was found after installing vfProtect. Dont know how long it'd been there.

 

If my FIRST step is to do a factory reset, what is the best way to back up contacts files etc.
Does that mean I lose all my apps too?

M

Hi chocchipcooki,

 

To back up your data from a Huawei Ascend P1, just follow these steps:

 

  • Go to menu > System settings
  • Scroll down and tap backup & reset
  • Select reset phone > Backup data > Backup.

 

Whilst the factory reset would remove any apps you have installed, your account will still recognise anything you have purchased or installed previously. This will allow you to add them back to the phone without paying again.

 

When you've done the reset, I'd test before restoring your data or reinstalling anything. This way you'll be testing with a "clean" phone. If there's no sign of an error then, reinstall things in stages, testing after each one. 

 

Dave

hrym
17: Community Champion
17: Community Champion

The basic file manager has restricted access, but there are other apps which can show hidden and system files.  I have a feeling that Androzip is one of them (option in settings).  You could give that a try and see if it can find the relevant folder.

 

Or it may just be a matter of telling the pc to show hidden files.

thanks. I'm still needing advice!!

 

I switched on hidden files option on the pc explorer. the problem file was not shown.

I have factory reset the phone 4 times now, by the time I reinstall vfProtect and run it, the issue is still there.!!

I have a feeling that google is reinstalling stuff off my account, (I need to sign in to get Protect reinstalled) I am definately unticking the "restore from google" box, too.

 

I will try and find androzip and investigate that.

 

I cant believe I am the only one with this issue.

hrym
17: Community Champion
17: Community Champion

Googling for this doesn't bring up any results, so I'm wondering whether it's part of another problem and this particular file has been corrupted, or the file is corrupted but not infected, or whether it's a false positive.

 

You may need to show system files as well, but I'm pretty sure Androzip can look quite high up the directory tree.

 

The other possibility might be to leave Vodafone Protect off and try another AV app, such as Avast and see if that finds anything and can fix it.

thesoupdragon
17: Community Champion
17: Community Champion

@chocchipcooki wrote:

On my HW P1

After running VF protect, I have found a threat.
"/cust/vodafone/es/app/F1.apk
(infected by Android/youmi/A1Gen)"
but Protect cant remove it, and I cant find this directory through my pc file explorer.

what can I do to get rid? (what is it anyway)
thanks


The Folder "Android" is usually found in...

/storage/emulated/0/

 

This might be slightly different on your device?

Basically the search tree is this;

/ = Home

storage/ = onboard memory

emulated/ = sub partition of storage

0/ = Folder in sub partition

 

Yours might be...

/sdcard/sdcard/Android

 

I use ES File Explorer as it can go right to the root directory. You might not be able to delete system files without Root priviledges though?

 

My honest opinion is that it is a false positive as hrym suggested earlier. You might want to raise the question with the F1 app developers?

 

 

thanks all

Oddly, I havent got an F1 app installed!

I will try and find one of the file tools suggested and explore using that.

 

I'd happily delete both these files.

"Youmi" googles as a chinese ad-server - so who knows.

hrym
17: Community Champion
17: Community Champion

The other possibility would be to try another AV product and see it that can clear it or identify the folder more clearly.  It's also possible that the file has installed itself as system and that, yes, it can't be deleted without root privileges, even by Vf Protect.  That would be fairly typical malware behaviour.  The other possibility is that it's an ad server for another app that you've installed and not actually a thread at all.

 

@thesoupdragon  If it's hiding as a sysyem file, would a factory reset get rid of it, do you think?