With reports of certain Chinese phones coming with infected ROMS it would be a good idea to detect if your phone has been compromised with uupay.A here is how.
Thankfully there is a simple way to see if your phone or tablet is infect with uupay.A and that is to simply install ESET Mobile Security and Antivirus from the Google Play store to your phone. Once installed you can run the apps virus and security checker to see if you have anything to worry about.
What if my phone is infected?
After testing your device and learning that you have been infected then we hope you can do the following:
Gizchina News of the week
- Indicate the device you have and the version of the ROM you are using (found in settings > about phone) and post the details in the comments below.
- Let us know which malware was detected.
- Let us know if this is an official or unofficial ROM
How to remove the malware?
Removing the malware or trojan should be as simple as installing a new ROM. Hopefully the official manufacturers ROM will be the best bet if not try one of the 3rd party ROMs designed for your device.
Also, please note that most Antivirus or security apps see that ROOT is a threat. Do not worry if this is the only problem your phone has as ROOT is normal and nothing to worry about.
If you have any other concerns about your phone, the ROM you are using or have some security tips and tricks please feel free to share them in the comments below.
[ GizChina.es ]
Scanned my Vivo Xplay 3S ROM is fine but ESET did not like Baidu music, Tudou or Youku apps
Andi I think you should let any post with link to your own site, gizchina, to be automatically approved. Some kind of whitelist maybe.
Sounds good will look in to it
is this even real? or another campaign for an app?
Well why don’t you check ebay if there are any Star N9500 left?
https://www.gizchina.com/2014/06/20/star-n9500-sales-ebay-device-banned-spyware-report/
That does not mean it is a real threat and not another Hoax against Chinese mobiles. There is so much money in the European market, especially the German one. Since the EU has decided to fuck that empire those crap companies called providers used to have, things have become rough. Hard to please your shareholders when you can’t rip off your clients as well any more.
Suddenly it’s not the NSA but the Chinese mobiles who are causing all this spying. 😉 And especially the copies…. And there especially the dual sim ones…. and those who won’t colaborate with the big companies so they get thier share… oooops…
Really dude wake up. If you think it’s coincidental then you are just as blind as darkness is.
Did not get what you’re trying to say. Simplify please?
Easy Logic. EU clamping down on phone providers, china phones becoming more popular = bad times for providers. Then suddenly…. A flash of light….. a German security firm finds a trojan virus (bad quality of china phones didn’t seem to scare people enough, so now we need a virus….)….
LOL guys don’t run after this ghost like lemmings.
I entertain this conspiracy theory more than the simple notion that a shady phone maker include shady apps on their phone.
JiaYu G5 ROM is also fine.
Great to hear 😀
Zopo c2 custom ROM lewa os fine.
A friend of mine found UUPAY.F on his clone of s4, but can’t recall where he bought it. Is this some kind of variant?
Sorry it is a clone of an s3. The file is called dataService.
G3000
model number: e1920_v77_zlh_9p017_asx
Android-version: 4.1.1
Any other rom he can install, or should he just delete the file?
http://forum.xda-developers.com/showthread.php?t=2395007
Read up this thread. It teaches how to remove without new ROM flashed. Basically a root is required with root explorer. For those of u that want a simple root download the app framaroot . it allows u to root your phone without a computer. Works with mtk6589 tested with my zopo c2. But as for spyware removal follow that guide.
My Huawei Ascend P6 is clean .
Star S7589 with latest stock ROM is Uupay.D positive. Well, nothing happened to me so far.
STAR W007 iphone clone is clear
Zopo C2 Platinum, stock ROM -> clean
Scanned my Vivo Xplay 3S ROM is fine but ESET did not like Baidu music, Tudou or Youku apps
Andi I think you should let any post with link to your own site, gizchina, to be automatically approved. Some kind of whitelist maybe.
Sounds good will look in to it
is this even real? or another campaign for an app?
Well why don’t you check ebay if there are any Star N9500 left?
http://www.gizchina.com/2014/06/20/star-n9500-sales-ebay-device-banned-spyware-report/
That does not mean it is a real threat and not another Hoax against Chinese mobiles. There is so much money in the European market, especially the German one. Since the EU has decided to fuck that empire those crap companies called providers used to have, things have become rough. Hard to please your shareholders when you can’t rip off your clients as well any more.
Suddenly it’s not the NSA but the Chinese mobiles who are causing all this spying. 😉 And especially the copies…. And there especially the dual sim ones…. and those who won’t colaborate with the big companies so they get thier share… oooops…
Really dude wake up. If you think it’s coincidental then you are just as blind as darkness is.
Did not get what you’re trying to say. Simplify please?
Easy Logic. EU clamping down on phone providers, china phones becoming more popular = bad times for providers. Then suddenly…. A flash of light….. a German security firm finds a trojan virus (bad quality of china phones didn’t seem to scare people enough, so now we need a virus….)….
LOL guys don’t run after this ghost like lemmings.
I entertain this conspiracy theory more than the simple notion that a shady phone maker include shady apps on their phone.
JiaYu G5 ROM is also fine.
Great to hear 😀
Zopo c2 custom ROM lewa os fine.
A friend of mine found UUPAY.F on his clone of s4, but can’t recall where he bought it. Is this some kind of variant?
Sorry it is a clone of an s3. The file is called dataService.
G3000
model number: e1920_v77_zlh_9p017_asx
Android-version: 4.1.1
Any other rom he can install, or should he just delete the file?
http://forum.xda-developers.com/showthread.php?t=2395007
Read up this thread. It teaches how to remove without new ROM flashed. Basically a root is required with root explorer. For those of u that want a simple root download the app framaroot . it allows u to root your phone without a computer. Works with mtk6589 tested with my zopo c2. But as for spyware removal follow that guide.
My Huawei Ascend P6 is clean .
Star S7589 with latest stock ROM is Uupay.D positive. Well, nothing happened to me so far.
Zopo C3 stock ROM is clean.
Kingzone k1 stock rom is clean.
STAR W007 iphone clone is clear
I think it’s safe to say Star phones are unsafe. My Star S5 came up in ESET with
pulid (AdDisplay.Ads.Wo.C) and a trojan MediatekData(Spy.Spynlh.A).
And this on the stock rom. Both need root to uninstall. This is horrible,
My wife’s Jiayu G3 also has the MediatekData(Spy.Spynlh.A) app. Also stock rom. How do we know it came with the stock rom from the store and wasn’t installed with another app?
My Jiayu G3 (stock rom) has the UUPAY.F variant inside of dataservice.apk.
Zopo C2 Platinum, stock ROM -> clean
Ascend P6, Zopo ZP990, ZP998, Newman K1, Newman N2, ThL W11, Vivo Xplay, Oppo N1, Goophone i9 and Coolpad F1 are all clean. My Jiayu G3 is it of commission, so can’t check that.
Zopo C3 stock ROM is clean.
Kingzone k1 stock rom is clean.
I think it’s safe to say Star phones are unsafe. My Star S5 came up in ESET with
pulid (AdDisplay.Ads.Wo.C) and a trojan MediatekData(Spy.Spynlh.A).
And this on the stock rom. Both need root to uninstall. This is horrible,
My wife’s Jiayu G3 also has the MediatekData(Spy.Spynlh.A) app. Also stock rom. How do we know it came with the stock rom from the store and wasn’t installed with another app?
My Jiayu G3 (stock rom) has the UUPAY.F variant inside of dataservice.apk.
Ascend P6, Zopo ZP990, ZP998, Newman K1, Newman N2, ThL W11, Vivo Xplay, Oppo N1, Goophone i9 and Coolpad F1 are all clean. My Jiayu G3 is it of commission, so can’t check that.
Feiteng i9300 s3 clone stock 4.1.1 safe,will check my mlais mx59 htc one clone stock 4.2.2 when I get it up and running again (accidentally pressed format instead of upgrade rom in flashtool can’t find the original rom to reflash it 🙁 )
You can find official and community ROMs in a site called “needrom”. Screenshot: this one is the official rom
Feiteng i9300 s3 clone stock 4.1.1 safe,will check my mlais mx59 htc one clone stock 4.2.2 when I get it up and running again (accidentally pressed format instead of upgrade rom in flashtool can’t find the original rom to reflash it 🙁 )
You can find official and community ROMs in a site called “needrom”. Screenshot: this one is the official rom
Jiayu G4T is ok with original rom
Innos D10C original ROM, clean.
Infected Cubot a6589s rooted android 4.2.1 WITH UUPAY.F (variant) (in DATASERVICE) and UUPAY.D (in Play Store)
Jiayu G4T is ok with original rom
Innos D10C original ROM, clean.
Jiayu g2f custom rom clean
MLAIS MX59 AOSP (from pandawill) custom rom, also clean!
Infected Cubot a6589s rooted android 4.2.1 WITH UUPAY.F (variant) (in DATASERVICE) and UUPAY.D (in Play Store)
BTW, if you guys want to remove the trojan: Root the phone, open a root explorer, navigate to /system/apps/ and search for the two APKs “uuplay.apk” and “uuairpush.apk”. Delete them, reboot, and you are done.
Miz z3. Google play infected. Original rom.
Jiayu g2f custom rom clean
MLAIS MX59 AOSP (from pandawill) custom rom, also clean!
BTW, if you guys want to remove the trojan: Root the phone, open a root explorer, navigate to /system/apps/ and search for the two APKs “uuplay.apk” and “uuairpush.apk”. Delete them, reboot, and you are done.
Miz z3. Google play infected. Original rom.
SceneLauncher aoo with Agent.DK variant threat found on my Onn V8 Star.. not sure how hrmafull it is but i wont find a custom rom for this phone anywyay (very happy with the quality of the phone btw)
SceneLauncher aoo with Agent.DK variant threat found on my Onn V8 Star.. not sure how hrmafull it is but i wont find a custom rom for this phone anywyay (very happy with the quality of the phone btw)
Iocean x7hd was infected.. rooted and cleaned
Iocean x7hd was infected.. rooted and cleaned
Elephone P8 running official KitKat 4.4.2 shows uupay.d is installed.
It was very easy to uninstall with ES File Explorer which is available on Play store for free.
Gaining root access on the phone and rescanning with ESET returns a clean phone , no virus But , if you open the ES file explorer click on ” / ” then click the system folder , click app folder you will find the uupay.d apk still residing on your phone. Simply long tap on the uupay.d apk file and choose delete.
Elephone P8 running official KitKat 4.4.2 shows uupay.d is installed.
It was very easy to uninstall with ES File Explorer which is available on Play store for free.
Gaining root access on the phone and rescanning with ESET returns a clean phone , no virus But , if you open the ES file explorer click on ” / ” then click the system folder , click app folder you will find the uupay.d apk still residing on your phone. Simply long tap on the uupay.d apk file and choose delete.
Elephone P6 also infected. Easy to remove with root.
Elephone P6 also infected. Easy to remove with root.
…so heres wat we’ll do…we’ll put a virus thats detectable by ANY security firm thats really worth a s**t on some phones(prolly china tablets also) and force everybody to root their phones to remove it, then, after everybody roots their phone we’ll have a liiittle less security and we’ll stick a virus in there thats is almost UNDETECTABLE and REALLY cause some damage! Ok, dont get me wrong its COMPLETELY feasible and probably more likely than any of us will admit,but, it think its more of a monetary issue,liste…it ALWAYS comes down to the bottom line..MONEY…and if you dont think thats this COULD be exactly as Brooklyn701 states it is…then you truly ARE as “blind as darkness is”.
Hi , I am not sure if this is the right place to post but I have just bought a Cubot S208 and a scan with ESet & Avg both show Trojan COOEE MSLauncher as a threat . Can’t find much about this anywhere . Do I need to worry. Love the phone but worried about the Trojan. Don’t fancy rooting as I am a 65 year old female with limited knowledge. Help appreciated.
Hi , I am not sure if this is the right place to post but I have just bought a Cubot S208 and a scan with ESet & Avg both show Trojan COOEE MSLauncher as a threat . Can’t find much about this anywhere . Do I need to worry. Love the phone but worried about the Trojan. Don’t fancy rooting as I am a 65 year old female with limited knowledge. Help appreciated.
W.D.Fone W-5000 (STAR W-5000) – infected, rooted, deleted uuplay.apk and uuairpush.apk – now it seems OK in ESET… (but who knows)
W.D.Fone W-5000 (STAR W-5000) – infected, rooted, deleted uuplay.apk and uuairpush.apk – now it seems OK in ESET… (but who knows)
just got a feiting 9500.. great cheap smartphone for me. AND yes when I read this I downloaded the recommended security ware and found that my Google play was infected with the virus. When prompted if i wanted it fixed, it could not be removed. Then I scanned it again and it reported not problem. Is that a lie too? Scanned it five time, still no malware? Is it hiding?
Try to use deep scan option and you’ll probably see the malware again. It was the same with my phone. I will try what Christopher Strasser suggested to get rid of the pest.
just got a feiting 9500.. great cheap smartphone for me. AND yes when I read this I downloaded the recommended security ware and found that my Google play was infected with the virus. When prompted if i wanted it fixed, it could not be removed. Then I scanned it again and it reported not problem. Is that a lie too? Scanned it five time, still no malware? Is it hiding?
Try to use deep scan option and you’ll probably see the malware again. It was the same with my phone. I will try what Christopher Strasser suggested to get rid of the pest.
Phone : K47/C9_89
Build : v89_jhgg_notv_20130502
Android : 4.2.1
Detecting software Avast Anti Virus, however I needed to manually activate ‘File Shield’ – To do this, load up Avast and you’ll see a long list, Virus Scanner, Anti Theft, Backup(install), Application Locking etc. etc. Top Left above Virus Scanner, click on the Avast Icon and then select File Shield, ensure you have a tick in the ‘File Shield’ Box.
I had been running Avast for five or six months and only yesterday did I enable the file shield option, today I found that Google Play is infected with malware (alarm bells started ringing) so I read up on the problem. uuplay.apk was in my System applications folder.
I simply renamed uuplay.apk to uuplay.dis and rebooted. Seemingly that has resolved the issue and now that I’m sure everything is working as expected I can delete uuplay.dis.
Phone : K47/C9_89
Build : v89_jhgg_notv_20130502
Android : 4.2.1
Detecting software Avast Anti Virus, however I needed to manually activate ‘File Shield’ – To do this, load up Avast and you’ll see a long list, Virus Scanner, Anti Theft, Backup(install), Application Locking etc. etc. Top Left above Virus Scanner, click on the Avast Icon and then select File Shield, ensure you have a tick in the ‘File Shield’ Box.
I had been running Avast for five or six months and only yesterday did I enable the file shield option, today I found that Google Play is infected with malware (alarm bells started ringing) so I read up on the problem. uuplay.apk was in my System applications folder.
I simply renamed uuplay.apk to uuplay.dis and rebooted. Seemingly that has resolved the issue and now that I’m sure everything is working as expected I can delete uuplay.dis.
Kaspersky detects Uupay on the Zooz S5.5
Kaspersky detects Uupay on the Zooz S5.5
The 360 av on my newly bought tablet say that the ROM comes with 2 Trojans: system launcher and waterlocker trojans? Detailed instructions for cleaning or re flashing please. Do I have to root first?
The 360 av on my newly bought tablet say that the ROM comes with 2 Trojans: system launcher and waterlocker trojans? Detailed instructions for cleaning or re flashing please. Do I have to root first?
RPTPE0706 Tablet – system app ‘Device Management’ infected with Gedma.c
RPTPE0706 Tablet – system app ‘Device Management’ infected with Gedma.c
I have model number or rom 01v21_v89_gq3008s_89t_5g for a STAR M9899T
x com.uucun4470.android.cms adware found, what can I do to remove? It is in the playstore
I have model number or rom 01v21_v89_gq3008s_89t_5g for a STAR M9899T
x com.uucun4470.android.cms adware found, what can I do to remove? It is in the playstore
New Cubot GT95 -Malwarebytes and Avast have detected Android:Agent-FNR [Trj] in Google Search, also have NVRAM WARNING:Err=0 on wifi networks.
New Cubot GT95 -Malwarebytes and Avast have detected Android:Agent-FNR [Trj] in Google Search, also have NVRAM WARNING:Err=0 on wifi networks.
my problem is a china phone and you tell me to download from google?! really?!
my problem is a china phone and you tell me to download from google?! really?!
ELEPHONE P7000 /P#### WITH OFFICIAL ROM. X-LAUNCHER WITH MALWARE/ADWARE, THEY HAVE JUST NOW CLOSED THEIR OFFICIAL FORUM!!!!!! 🙁
ELEPHONE USE TO DELETE THE USERS FORUM COMMENTS, AND JUST NOW CLOSED THEIR FORUM, THE LATEST OTA OF P7000/P8000 THE PHONES BECOME SUDDENLY WITH ICONS, POPUPS, A RUSSIAN DOLL ON DESK OR A BERR THAT YOU CANT CLOSE UNTIL YOU CLICK, BIGPOOUS ON GMAIL, CHROME BROWSER, GMAIL APP, ETC… MALWARE TOOLBAR ON GOOGLE CHROME… ETC X-LAUNCHER/OFFICIAL ROM
http://www.htcmania.com/showthread.php?t=1078344
MALWARE/ LATEST OTA ELEPHONE
ELEPHONE P7000 /P#### WITH OFFICIAL ROM. X-LAUNCHER WITH MALWARE/ADWARE, THEY HAVE JUST NOW CLOSED THEIR OFFICIAL FORUM!!!!!! 🙁
ELEPHONE USE TO DELETE THE USERS FORUM COMMENTS, AND JUST NOW CLOSED THEIR FORUM, THE LATEST OTA OF P7000/P8000 THE PHONES BECOME SUDDENLY WITH ICONS, POPUPS, A RUSSIAN DOLL ON DESK OR A BERR THAT YOU CANT CLOSE UNTIL YOU CLICK, BIGPOOUS ON GMAIL, CHROME BROWSER, GMAIL APP, ETC… MALWARE TOOLBAR ON GOOGLE CHROME… ETC X-LAUNCHER/OFFICIAL ROM
http://www.htcmania.com/showthread.php?t=1078344
MALWARE/ LATEST OTA ELEPHONE
Have malicious software on Xiaomi Redmi note 2 from Aliexpress. Does flashing a new rom guarantee complete removal of the malware? I am afraid it will remain after the new rom too. I am so screwed. I shouldn’t buy this phone, now I have only problems!!!
Have malicious software on Xiaomi Redmi note 2 from Aliexpress. Does flashing a new rom guarantee complete removal of the malware? I am afraid it will remain after the new rom too. I am so screwed. I shouldn’t buy this phone, now I have only problems!!!
Hi, I have malware in the rom that cannot be removed via reset or disable.
Dragon Phablet E70.
I don’t know version as it doesn’t say ROM under SETTINGS. What is it called? Baseband, Kernel, Build Number?
Trojan: AndroidSystemService (Expense Trojan) – IN ROM
APPLOCK
PRIVACY RISK
Can anyone help?
Hi, I have malware in the rom that cannot be removed via reset or disable.
Dragon Phablet E70.
I don’t know version as it doesn’t say ROM under SETTINGS. What is it called? Baseband, Kernel, Build Number?
Trojan: AndroidSystemService (Expense Trojan) – IN ROM
APPLOCK
PRIVACY RISK
Can anyone help?
I have my Oppo R1011 that affected by trojan virus.
ROM 1.52GB (Available space) 4.0GB (Total space)
I have my Oppo R1011 that affected by trojan virus.
ROM 1.52GB (Available space) 4.0GB (Total space)
I have a homtom ht7 . seems to have a few bugs, cooee launcher and caller id. Also an ad virus. Can’t get rid of any if them
I have a homtom ht7 . seems to have a few bugs, cooee launcher and caller id. Also an ad virus. Can’t get rid of any if them
All ulefone phones has trojans disguised as a benign broswer, the phones keep visiting op.ule88.com site which is a malware distribution site according to google and virus total. Also their trojan “U Browser” will make any app you install to immediately open upon installation, it steals your data. Stay away from that company.
All ulefone phones has trojans disguised as a benign broswer, the phones keep visiting op.ule88.com site which is a malware distribution site according to google and virus total. Also their trojan “U Browser” will make any app you install to immediately open upon installation, it steals your data. Stay away from that company.