How can I get rid of green popup malware

dgcoventry · Jul 13, 2017

https://image.ibb.co/bUjmaF/Screenshot_2017_07_08_08_57_15.png

I have some sort of infection on my Android device as shown on my screenshot above.

I have installed Malwarebytes but the scans tell me that the device is clean.

The green popups purport to download and install legitimate apps but if they are inadvertently tapped, they download malware.

The popups only appear in the various browsers. Ie. if I install Chrome, then they activate in Chrome and if I uninstall Chrome and install Firefox, then they appear in Firefox.

B. Diddy · Jul 13, 2017

Welcome to Android Central! Are you sure those popups aren't just associated with the sites you're visiting?

dgcoventry · Jul 13, 2017

Thank you.

No, the screenshot shows the popup on this website.

Edit:- Sorry, wrong screenshot uploaded.

B. Diddy · Jul 13, 2017

Ok, but do the popups appear exclusively while you're using a browser, or do they also appear on the homescreen or when running other apps?

dgcoventry · Jul 14, 2017

They don't appear in other apps: just in browsers.

Firefox, Chrome and the default browser which came with the tablet are all affected.

Other apps are not, as far as I can tell.

B. Diddy · Jul 14, 2017

Try going to Settings>Apps, select the browser, then Clear Cache/Clear Data. Also, in Chrome, go to the Privacy settings and clear all browsing data "from the beginning of time."

dgcoventry · Jul 16, 2017

Clearing the cache and data has no effect.

The popup is still there.

It really is a nuisance with it making the browser unresponsive.

B. Diddy · Jul 17, 2017

And you also cleared the browsing data as well, right?

The next step is to start uninstalling apps one by one to see if the problem goes away. Start with some of the more common culprits like 3rd party battery-saver apps, "RAM boosters," flashlight apps, antivirus apps (apart from well-respected ones like Malwarebytes), certain keyboard apps, and certain file manager apps.

dgcoventry · Jul 20, 2017

I have removed all downloaded Apps.

The problem still persists.

It's got to the point where I don't use the device anymore.

Rukbat · Jul 20, 2017

As B. Diddy said, it looks as if those are popups generated by the site. Does this site (if you go to it with a browser) generate the popup? If not, it's the sites you go to. (A website can put a popup anywhere on your screen, seemingly part of the web page or seemingly not part of the web page - the only difference is the 'target' of the popup, so it's trivial for someone to write the kind of popup you're getting. (If they did a better job, it would refer to Android tools, or "for Android professionals". A generic ad like that is just plain old improperly-developed adware.)

If it's not, try installing AdAway v3.2 or AdWare.

B. Diddy · Jul 21, 2017

@Rukbat makes a very good point. Unfortunately, the Android Central site tends to be plagued by intrusive ads. You may want to try using the Tapatalk app instead.

Doug Moffat · Jul 21, 2017

Android Central goes in phases. Sometimes it's unuseable on my browser because of pop-ups. Only seems to last a few days. I don't like Tapatalk and end up going back to the browser until a new roundup of pop-ups start. Most of the time the site is cool.

dgcoventry · Jul 21, 2017

The popups appear on all sites.

It will appear on androidcentral.com and it will appear on bbc.com, blender.org and others and it always takes the same form which is the green horizontal banner as in the screenshots above, so I doubt it has anything to do with the sites. Something has installed itself on my device.

I have removed everything, including watsapp and skype, but the problem still persists.

B. Diddy · Jul 21, 2017

Does this happen in Safe Mode as well?

RossJosh · Jul 21, 2017

What about your extensions? Maybe running processes? Have you taken a look at that? could be an issue. Also, does restarting your phone after removing apps help?

dgcoventry · Jul 23, 2017

The popups persist after removing all data and installed apps and shutting down and restarting does not affect them.

How do I reset the device to factory settings?

B. Diddy · Jul 23, 2017

I don't believe you mentioned which device you have yet, but typically, you can do a factory reset in the Settings>Backup & Restore menu. After the reset, during the Setup Wizard, don't restore previous data -- set it up as if it's a brand new device.

dgcoventry · Aug 28, 2017

I've reset the machine to factory settings using your instructions and for a while this sorted the issue.
However it seems to be back.

McAfee seems to have identified an app called "MediaService" which may or may not be the culprit. Mcafee does attempt to remove the app, after which it claims success, but the App always reappears shortly afterwards.

It may be legit as it claims to be packaged under the name "com.google.eMediaService", but I don't doubt that this can be spoofed.

weasel5i2 · May 24, 2018

It seems that it may exist in your phone's firmware, according to recent news:

https://blog.avast.com/android-devices-ship-with-pre-installed-malware

Apologies if you already knew about this. They actually link back to this thread on that blog post.

See here: https://blog.avast.com/android-devices-ship-with-pre-installed-malware

Itappears to be installed in your firmware. If you don't want to consider it a total loss, you could try rooting the handset and removing the malware for good with something like Titanium Backup.

The other option which may happen is that the manufacturer(s) could be embarrassed by the whole ordeal and offer updated firmware images sans-malware in the very near future.

--W5i2

Freddie Green · Jan 1, 2019

You Need A New Phone Those Ads Were Caused By Malware That Came Hideing With The Phone

How can I get rid of green popup malware

Member

Senior Ambassador

Member

Attachments

Senior Ambassador

Member

Senior Ambassador

Member

Senior Ambassador

Member

Retired Moderator

Senior Ambassador

Well-known member

Member

Senior Ambassador

Active member

Member

Senior Ambassador

Member

New member

New member

Similar threads

Forum statistics

Share this page