cancel
Showing results for 
Search instead for 
Did you mean: 
1

Ask

2

Reply

3

Solution

Protect found threat on F1.apk - wont delete

chocchipcooki
3: Seeker
3: Seeker

On my HW P1

After running VF protect, I have found a threat.
"/cust/vodafone/es/app/F1.apk
(infected by Android/youmi/A1Gen)"
but Protect cant remove it, and I cant find this directory through my pc file explorer.

what can I do to get rid? (what is it anyway)
thanks

20 REPLIES 20

Detail I thought I'd included, but on checking, seems not.

 

On reset, and reinstalling Protect, after running the check, the "threat" is gone. (I've unticked all the reinstall-stuff options on google) 

Then about 2 hrs later Protect finds it again, with no usage by me, at all.

thesoupdragon
17: Community Champion
17: Community Champion
@hrym yes it would but reinstalling the app automatically from the Play Store would return the problem.
As you mentioned, I think it's a false positive. Otherwise it would be big news by now..?

hrym
17: Community Champion
17: Community Champion

@thesoupdragon  I Googled for a problem with that file and couldn't find one, so the file itself isn't a problem, though I think Protect is saying it's been infected by something else.  What's odd is that, as I understand it, the OP hasn't installed an F1 app, which implies the file is coming from somewhere else.  Even if it's a false positive, it doesn't explain how the file gets there - unless it isn't at all and Protect has completely lost its marbles (not completely unknown for an AV program...)

 

Two things, really. 1. Is the file there? 2. Can something like Avast find it and/or zap it?

 

@chocchipcooki  Before the thing came back, did you reinstall any apps?  I'm still wondering whether it's come from somewhere else.  If this was Windows, I'd say it was one of those nastys that have the survival ability of a cockroach, but Android is different and, afaik, a factory reset really does clear everything.

 

One thing you could do is to boot into recovery mode and reset again, adding the clear system cache option.   It's just possible that some kind of installer is lurking there.

thesoupdragon
17: Community Champion
17: Community Champion

@hyrm I'm wonderring if this is simply one of those advertising redirect things that you get if you click on an in-app advert?

 

@chocchipcooki do you have a micro sd card inserted into the Phone? if you do, the file could be stored on there?

 

thanks guys.

1) ES file explorer has found the vodafone/es/app/F1.apk
but will not delete it.
Oddly. If I touch F1.apk, it asks to install an app from a non-google source. So i havent done that!

 

NB F1 is NOT installed on the phone.

 

2) trying a different tack, I still cant find the youmi/A!Gen file that supposedly has infected it.

/sdcard/Android only has "data" directory, no files.

 

3) I'm doing another factory reset.
v annoyed with this. I dont like having something that may be doing something to my phone.

 

hrym
17: Community Champion
17: Community Champion

Now you've found the file, can you make a cable connection to a pc and find it again from there.  I think we tried this before, but it may be show hidden and system files.  It may also be a long shot, but it's possible that a different OS/file system can delete it, or you may be able to change the attributes and unlock it.

 

I'm wondering with the youmi file is in the system cache and I suspect you need to clear this as part of the reset process.  I referred to booting into Recovery Mode, but then remembered we weren't on the Samsung board and know if it's possible on a Huawei.

 

It's not uncommon for malware to install another file that reinstalls the program itself and to make this part of the system so that it's hard to get rid of.

 

Could you also give another AV app a go as well?

I now think the dodgy F1.apk is there immediately after the reset.

The Youmi/A!Gen "cause" is not to be found.

 

I've tried clearing the cache at various times.

Avast didnt find anything.

I'm just running AVG now. Nothing to be found.

 

False positive. Looks like vodafone standard installation

 

where can i put the protect install file on my phone so i dont have to connect to Play.?

Is there a file in a download folder.


@chocchipcooki wrote:

where can i put the protect install file on my phone so i dont have to connect to Play.?

Is there a file in a download folder.


Not sure what you mean here...?

 

It looks to me as if the F1.apk is being installed along with the Vodafone protect App...?

What happens if you uninstall Vodafone Protect, does the F1.apk go as well?

F1 seems to be part of factory build.

Its there before Protect.

hrym
17: Community Champion
17: Community Champion

Ah.  A bit like all those trial versions you get with a new pc!  I suppose they get the odd few pence for including it.  Anyway, as it appears to be an installer, I think we can fairly confidently say you're safe.