Malware on my tablet. :(

[electrolux]

So, on my tablet a purely nasty piece of software is installed called DU Speed Booster, I didn't install it just appeared on there one day. I've tried resetting twice after which it seems worse. It installs plenty of rogue apps which are called many weird and wonderful names to make them sound trustable to a true noob. It has placed an unwanted search bar in my pull down alert list, opens random tabs when I'm browsing and tries to download files through the browser.

Understandably I want to get RID of it. The question is, how? As I mentioned I have tried resetting, and disabling it from the app setting to no avail, so I come to EEV. How do I get rid of it?

[Mechanical Menace]

Windows tablet?

[microbug]

Buy an iPad?

[PedroDaGr8]

Go to a site like GeeksToGo.com or BleepingComputer.com they have trained helpers that will help you get rid of even the most nasty stuff for free (you can donate to the helper if you wish but is no way required). These guys go through hardcore training and are good at removing even the MOST difficult stuff.

Cheers!

EDIT: Just saw this was a tablet, what OS is it running?

[MikeW]

Nuke it from orbit.

It's the only way to be sure.

[Mechanical Menace]

If it was malware I would expect to find a rash of hits when searching on it.

There is a Windows malware calling itself DU Speed Booster, it has no relation to the Android one which is actually a generally respected app. Some OEMs have even licensed the code for their phones built in optimisers.

[Throwaway]

Try to enter into the bootloader/recovery, Google around since the procedure is different for every phone/tablet out there. Usually it's something like completely powering down the device (after disabling any power-save/fast boot features in settings), then powering up the device while holding the volume down button.

Once in the bootloader you should be able to select something like reset/restore factory defaults (there's no touchscreen so the volume buttons are used to select entries, and the power button to confirm). You'll loose all your files, but it's the only way to be sure*

*even then, in theory the malware could write itself to the recovery partition, meaning that the only way to get rid of it would be to flash a clean ROM from a computer

[Halcyon]

Buy an iPad?

No he said he wanted to get rid of malware, not install IOS on it ;-)

*even then, in theory the malware could write itself to the recovery partition, meaning that the only way to get rid of it would be to flash a clean ROM from a computer

As far as I know this isn't possible on Android. To write to the "ROM" or Recovery Partition, you need to invoke a special mode upon boot. Even the host operating system can't write to it when it's booted and operating in normal conditions. Regardless of whatever elevated privileges this malware might have, it still can't touch the recovery partition or boot loader. Android automatically restores the boot loader from the ROM upon a reboot.


Firstly, you've done well to get malware on your tablet. But yes, a factory reset is needed and the OS needs to be re-installed from ROM. What make/model tablet is it?

Secondly, let me just reinforce the point that antivirus should be running on every 'smart' device you own, PC, phone, tablet... regardless if you run Windows, Apple or Linux OS. You're asking for trouble if you don't.

[Mechanical Menace]

*even then, in theory the malware could write itself to the recovery partition, meaning that the only way to get rid of it would be to flash a clean ROM from a computer

As far as I know this isn't possible on Android. To write to the "ROM" or Recovery Partition, you need to invoke a special mode upon boot. Even the host operating system can't write to it when it's booted and operating in normal conditions.

That depends on the device. Most are set up to protect from bricking so only enough is protected to always get back into DFU mode. Just think about it, if you couldn't touch any of that from within the OS how could you do OTA updates?

Regardless of whatever elevated privileges this malware might have, it still can't touch the recovery partition or boot loader. Android automatically restores the boot loader from the ROM upon a reboot.

My main way into most is to install a custom recovery from within Android and get the phone to boot into recovery mode. Temporary privilege escalation is generally enough for that*. It's generally the OS install that restores the recovery image on boot. Sometimes you don't even need to unlock the bootloader, you're just stuck with using an OEM signed kernel then.



*I've got to admit though it's rarely easy if possible to make this process "silent."

[electrolux]

Windows tablet?

Android.

[electrolux]

Buy an iPad?

Very funny.

[electrolux]

Thanks for the replies, I've got rid of it now by installing NoBloat Free and forcibly uninstalling it.

[electrolux]

So, on my tablet a purely nasty piece of software is installed called DU Speed Booster, I didn't install it just appeared on there one day. I've tried resetting twice after which it seems worse. It installs plenty of rogue apps which are called many weird and wonderful names to make them sound trustable to a true noob. It has placed an unwanted search bar in my pull down alert list, opens random tabs when I'm browsing and tries to download files through the browser.

Understandably I want to get RID of it. The question is, how? As I mentioned I have tried resetting, and disabling it from the app setting to no avail, so I come to EEV. How do I get rid of it?

If it was malware I would expect to find a rash of hits when searching on it. But I don't. What are the names of the rogue apps? There might be more clues there.  What exactly do you mean by "reseting"? Pressing the reset button with a paperclip or a full factory reset that reformats the tablet and erases everything?

Although there may be Android experts here I think you would be better served going to a specialist Android forum.

As I mentioned I've got rid of it now, but for the benefit of anybody else, one of the rogue apps was called Baidu Browser, and some others which I can't remember. I factory reseted it. Not pin resetting.

[Jeroen3]

You'd need to reïnstall the firmware to be sure it's gone. Reïnstall using the recovery bootloader, which is most likely called when holding some button when booting.

Meanwhile, you'd still better buy an iPad. http://fortune.com/2015/07/28/stagefright-google-android-security/

[Bob F.]

Baidu Browser is not malware, and neither is DU Speed Booster (they are however both sh*te).

What you describe sounds more like a normal "free" app popping up adverts (as that is how the developers make money on them) for other apps like Baidu Browser which you then clicked on and they were therefore installed at your request.  Baidu Browser then pops up more adverts while you use it as that is the way they monitize it.

All you probably had to do was go to Settings -> Apps, select the apps you didn't like from the list and uninstall them from there.  "Resetting" your tablet will not uninstall anything - until you hit the Nuke button and did a full factory reset of course - at which point you lost all your personal settings too. 

Oh, and malware does not bother popping up adverts - that went out in the 90's - they steal your private data, IMEI number, passwords and everything else they can QUIETLY in the background.

[electrolux]

You'd need to reïnstall the firmware to be sure it's gone. Reïnstall using the recovery bootloader, which is most likely called when holding some button when booting.

Meanwhile, you'd still better buy an iPad. http://fortune.com/2015/07/28/stagefright-google-android-security/

I don't think I'll bother doing the firmware bit (partly cos I don't know how to). As for the Ipad give me the dosh and I'll get it. :p

[electrolux]

Baidu Browser is not malware, and neither is DU Speed Booster (they are however both sh*te).

What you describe sounds more like a normal "free" app popping up adverts (as that is how the developers make money on them) for other apps like Baidu Browser which you then clicked on and they were therefore installed at your request.  Baidu Browser then pops up more adverts while you use it as that is the way they monitize it.

All you probably had to do was go to Settings -> Apps, select the apps you didn't like from the list and uninstall them from there.  "Resetting" your tablet will not uninstall anything - until you hit the Nuke button and did a full factory reset of course - at which point you lost all your personal settings too. 

Oh, and malware does not bother popping up adverts - that went out in the 90's - they steal your private data, IMEI number, passwords and everything else they can QUIETLY in the background.

I did do a factory reset which does uninstall all the apps and files, as for the second bit, perhaps I should rephrase it to 'adware'.

[Halcyon]

That depends on the device. Most are set up to protect from bricking so only enough is protected to always get back into DFU mode. Just think about it, if you couldn't touch any of that from within the OS how could you do OTA updates?

Even when doing an OTA update, the system reboots into a mode where it can be installed. It generally isn't done while the OS is running.

[Mechanical Menace]

Even when doing an OTA update, the system reboots into a mode where it can be installed. It generally isn't done while the OS is running.

Which boots the recovery partition, which can be overwritten from within the running OS, and isn't checked again until the OS boots if that isn't patched or replaced.

[bingo600]

Meanwhile, you'd still better buy an iPad. http://fortune.com/2015/07/28/stagefright-google-android-security/

I have a couple of Android Tablets wo. GSM installed.
I'd expect they're "good" as receiving a MMS isn't possible. Or ??

Ohh and i just did install a Custom Rom on one of them (Ionik) , as the delivered Android was lousy (as in factory defaulting when booted).
After the new Rom , now it's actually a quite nice Retina Quad core for 80€

But i do run AWG on my Androids.

/Bingo

[Jeroen3]

Remember those annoying pre-roll ads you cannot skip?