eBay

meccasks · ‎01-25-2015

I bought 4 tablets from seller and only after rebooting there were apps installed like baidu browser, and du speed booster which arent malicious but it tipped me off to something being up.What really tipped me off was I was getting a popup window from 'facebook' even though the facebook app wasnt installed advertising for a drone company, and weird things were happening like my default homepage being over-ridden and replaced with one of three sites.The files installed had names like com.android.popup and com.android.server and googlecalendarservice.

I managed to remove the files from one tablet before they got the chance to install and the other 2 tablets are infected, the fourth I sold to someone on a classified site and cannot contact them.Now here's the kicker I kept one tablet for myself and ran 360 Security anti-virus on it and removed the infected files but the people who set this up used some trickery so now my tablet has DEMO overlayed on the screen in big red letters and not even a factory reset will fix it.

I have read threads on forums where it is recommended to install a file called systemupdate.apk but when I scanned it with VirusTotal.com that file was infact infected and im pretty sure it just reinstalls the infected files that were removed.

Here is a post detailing exactly the files and problems encountered:

These tablets are loaded with this just from the factory and I havent contacted the seller because they will just DENY DENY DENY or try to shift the blame.

reallynicestamps · ‎01-25-2015

It sounds as if the machines are Not As Described.

I havent contacted the seller because they will just DENY DENY DENY or try to shift the blame.

Did you know that despair is one of the deadly sins?

Do contact the seller first. He actually may not know about it, just as you sold one without realizing the problem.

But don't wait too long for him to resolve the problem

I would start a Dispute about this. You only have 45 days from purchase to do so.

Of course, they were purchased in China, right? At a bargain price?

It will cost you about $40 or more to return them with tracking. And since you resold one, you can't return it. I hope you didn't buy all four as a lot.

OTOH, you probably can ship them together which may reduce the return shipping cost.

If the seller does not refund you when you prove delivery (not shipping, delivery) then Paypal will, and go after him for their money. There will be other fallout for him.

Or you can just accept that you were cheated and not do anything to recoup your money and protect other buyers.

maximus7001 · ‎01-25-2015

Why not just do a factory reset on them?

meccasks · ‎02-02-2015

Because the trojan is built into the firmware and lays dormant until the 4th reboot or so.I would post a link to the removal tool with a description of the trojan and what it does but no links allowed here.I cannot do a factory reset as it is built into every firmware so a factory reset will not get rid of it.If you get rid of the files yourself on the next reboot DEMO will be overlayed on the screen in big read letters.

If you google 'AllWinner trojan' you will find info.I'm done with this forum though it's a joke.

The trojan monitors things like ip changes and the homepage always changes to one of 3 or another if 'they' push a new homepage to the tablet or 'they' might push a new popup ad.

meccasks · ‎02-02-2015

Deadly sins? Keep your religion away from me, I don't want any of that poison.

ironchachi · ‎02-02-2015

Yes-I've had a similar Trojan virus before. You have to go into safe mode and manually take virus out of root directory...you will not remove this Trojan any other way. There will generally be the Trojan and a secondary file associated to the Trojan. You have to grab all of em. Run a scan to find any files associated with the Trojan and delete all when in safe mode. This process could take a couple of hours so take a deep breath.

If you can return this brick...I would do so...if not refer to above...gl