Back to Help and Support
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
1

Ask

2

Reply

3

Solution

Protect found threat on F1.apk - wont delete

chocchipcooki
3: Seeker
3: Seeker

‎13-01-2014 11:30 AM

On my HW P1

After running VF protect, I have found a threat.
"/cust/vodafone/es/app/F1.apk
(infected by Android/youmi/A1Gen)"
but Protect cant remove it, and I cant find this directory through my pc file explorer.

what can I do to get rid? (what is it anyway)
thanks

0 Thanks
20 REPLIES 20

DaveCD
Moderator (Retired)
Moderator (Retired)

‎13-01-2014 01:29 PM

Hi chocchipcooki

 

Unfortunately I've been unable to recreate this here.

The first steps to troubleshoot this would be to back up all of your contacts and files, and perform a factory reset to see if this continues.

 

Did you notice this after downloading any apps in particular?

 

DaveCD

0 Thanks

chocchipcooki
3: Seeker
3: Seeker
In response to DaveCD

‎13-01-2014 03:41 PM

 I guess you cant recreate it unless youve got the bad-code.

It was found after installing vfProtect. Dont know how long it'd been there.

 

If my FIRST step is to do a factory reset, what is the best way to back up contacts files etc.
Does that mean I lose all my apps too?

M

0 Thanks

Retired-Dave
Moderator (Retired)
Moderator (Retired)
In response to chocchipcooki

‎13-01-2014 07:50 PM

Hi chocchipcooki,

 

To back up your data from a Huawei Ascend P1, just follow these steps:

 

  • Go to menu > System settings
  • Scroll down and tap backup & reset
  • Select reset phone > Backup data > Backup.

 

Whilst the factory reset would remove any apps you have installed, your account will still recognise anything you have purchased or installed previously. This will allow you to add them back to the phone without paying again.

 

When you've done the reset, I'd test before restoring your data or reinstalling anything. This way you'll be testing with a "clean" phone. If there's no sign of an error then, reinstall things in stages, testing after each one. 

 

Dave

0 Thanks

hrym
17: Community Champion
17: Community Champion

‎21-01-2014 04:47 PM

The basic file manager has restricted access, but there are other apps which can show hidden and system files.  I have a feeling that Androzip is one of them (option in settings).  You could give that a try and see if it can find the relevant folder.

 

Or it may just be a matter of telling the pc to show hidden files.

chocchipcooki
3: Seeker
3: Seeker
In response to hrym

‎22-01-2014 10:20 AM

thanks. I'm still needing advice!!

 

I switched on hidden files option on the pc explorer. the problem file was not shown.

I have factory reset the phone 4 times now, by the time I reinstall vfProtect and run it, the issue is still there.!!

I have a feeling that google is reinstalling stuff off my account, (I need to sign in to get Protect reinstalled) I am definately unticking the "restore from google" box, too.

 

I will try and find androzip and investigate that.

 

I cant believe I am the only one with this issue.

0 Thanks

hrym
17: Community Champion
17: Community Champion
In response to chocchipcooki

‎22-01-2014 10:54 AM - edited ‎22-01-2014 03:04 PM

Googling for this doesn't bring up any results, so I'm wondering whether it's part of another problem and this particular file has been corrupted, or the file is corrupted but not infected, or whether it's a false positive.

 

You may need to show system files as well, but I'm pretty sure Androzip can look quite high up the directory tree.

 

The other possibility might be to leave Vodafone Protect off and try another AV app, such as Avast and see if that finds anything and can fix it.

thesoupdragon
17: Community Champion
17: Community Champion

‎23-01-2014 03:28 PM - edited ‎23-01-2014 03:29 PM

@chocchipcooki wrote:

On my HW P1

After running VF protect, I have found a threat.
"/cust/vodafone/es/app/F1.apk
(infected by Android/youmi/A1Gen)"
but Protect cant remove it, and I cant find this directory through my pc file explorer.

what can I do to get rid? (what is it anyway)
thanks

The Folder "Android" is usually found in...

/storage/emulated/0/

 

This might be slightly different on your device?

Basically the search tree is this;

/ = Home

storage/ = onboard memory

emulated/ = sub partition of storage

0/ = Folder in sub partition

 

Yours might be...

/sdcard/sdcard/Android

 

I use ES File Explorer as it can go right to the root directory. You might not be able to delete system files without Root priviledges though?

 

My honest opinion is that it is a false positive as hrym suggested earlier. You might want to raise the question with the F1 app developers?

 

 

chocchipcooki
3: Seeker
3: Seeker
In response to thesoupdragon

‎23-01-2014 03:36 PM

thanks all

Oddly, I havent got an F1 app installed!

I will try and find one of the file tools suggested and explore using that.

 

I'd happily delete both these files.

"Youmi" googles as a chinese ad-server - so who knows.

0 Thanks

hrym
17: Community Champion
17: Community Champion
In response to thesoupdragon

‎23-01-2014 03:56 PM

The other possibility would be to try another AV product and see it that can clear it or identify the folder more clearly.  It's also possible that the file has installed itself as system and that, yes, it can't be deleted without root privileges, even by Vf Protect.  That would be fairly typical malware behaviour.  The other possibility is that it's an ad server for another app that you've installed and not actually a thread at all.

 

@thesoupdragon  If it's hiding as a sysyem file, would a factory reset get rid of it, do you think?