Instructions and issues with advertising on the screen and status bar, with SMS extortionists and blockers of all kinds

Rep: (2807)
Instructions and issues with advertising on the screen and status bar, with SMS extortionists and blockers of all kinds.

Redirect from browsers to third-party sites | Attention! SMS fraud on Android | Help in finding programs for Android OS | Help to flash the device | Help me find the firmware | Getting ROOT | Questions beginner root user | Android OS FAQ | Terms and jargon | Newbie Questions

Talk in topic: Viruses | Advertising in the notification panel | Annoying advertising notifications | Advertising banners | Advertising banners in browsers | Opening applications (for example Google Play) without a request | Advertising on the lock screen | Advertising banners fully blocking device | Install applications without prompting users | Suspicious files |

  • Where and what kind of advertising happens.
    It happens that by installing an application, or an update to a device, an annoying advertisement appears in the blind (notification panel). Sometimes it can be seen as a pop-up banner. Sometimes advertising appears on the lock screen. It even happens that the device is completely blocked and you see a message asking you to send an SMS, or pay a bill to unblock it.All this is cheating and do not believe him! Options for such "a divorce for money" lots of. Carefully read the instructions provided in the spoilers below to get rid of malicious files that run on the device advertising banners or otherwise harm you and your device.
  • "Infection"Sewn into the firmware initially.
    Unfortunately, increasingly"malware"There are sewn into the system files of the stock (standard) firmware of the device initially. Antiviruses may often not see them, the user may not notice anything for a long time (weeks or even months), but then advertising banners or other manifestations will appear"contagion".Most often this can be observed in Chinese devices and firmware. If you are just going to buy a new gadget, be sure to visit its profile topic on our forum. It is risky to buy devices that have just appeared, then you become a pioneer and if you yourself have no experience, then there will be no one to tell you about your device. If there is a suspicion that"infection"In the firmware, carefully study the header (first message) of the profile topic on the device firmware, in turn type in the search for the topic requests:"viruses", "banner" , "advertising" . If after that you did not find out the information, ask the question in the topic itself, whether someone from the user had such a thing. Read the recommendations below to find the source. "contagion" and getting rid of it. Read the ready-made instructions of those who solved the problem and shared this solution.
  • Banners in the browser.
    Banners may also occur while browsing the browser. The most unpleasant of them appear in pop-up windows, closing the main browser window. Contain frightening butcompletely lying information that "The device is locked MVD", "There is a virus on your device", or "You need to download an important update" and the like. The pop-up window (browser tab) must be closed using the browser, without clicking on the banner itself. It is recommended after that to clear the browser cache. Below you can find links to useful applications for blocking ads and pop-up banners in browsers, as well as learn how to block ads in other ways (for example, through the hosts file).
  • Advertising in applications and on the Internet.
    Regular advertising in installed applications, or while surfing the Internet is not dangerous. But you can get rid of it by installing the necessary program to block ads. Also, ads can be removed if you buy the full version, or by installing a modified / hacked version of the application without ads, most of these versions can be downloaded from our forum. In the application topic header, they may be indicated, for example, as:"Full", "Pro", "Without advertising", "Premium", "Ad-Free" ... Or you can order to modify the application, removing advertising from it in a special topic: Club Mod APK . Keep in mind that not all applications on our forum are allowed to modify. If the profile of the program says that the version and modification are prohibited, then you can’t ask about it on the forum.
  • Do not believe what is written on the banners.
    Never trust information on pop-up banners, or other manifestation."malicious". Do not send any messages or replenish the account to anyone! All this "divorce for money" and you will not receive any promised code! Do not follow the suggested links!
  • How to quickly stop data transfer.
    If, however, you clicked on the advertising link and the download began, or the sending of your personal data (usually occurs without a request),put the phone inFlight mode which will avoid sending SMS to premium numbers. In the case when all the same SMS sent and withdrawn funds from the account, read the recommendations from the topic: Attention! SMS fraud on Android .
  • Download applications from trusted sources.
    If you downloaded the application / game and advertising banners appeared, or other manifestations"malware",not always to blame the developer. Often,"malicious"can be added to a popular application by an attacker and uploaded to the website from which you downloaded the installation file.You can not download applications and games from unverified sources! The best applications, as well as their light versions without ads, banners, sending your personal data and other things, can be downloaded from our forum.
  • Find the source of the "infection".
    The appearance of advertising banners is not always solved by simply removing any one application. When fightingcomplex "malware"the most basic thing to do is find the source"contagion".Emerging banners, advertising in the curtain, self-installing applications do not arise from nowhere. It is necessary to find the services and files that activate the appearance"contagion".Carefully read the instructions below, they have all the necessary information on how to find the root cause and get rid of it.
First steps
  • We remember how it all began.
    First of all, you need to find out which applications, or files on your device aremaliciousand get rid of them. If the "trouble" began after installing some application, or a game and you remember what was installed last - feel free to delete it.
  • We scan the device with antivirus.
    Install antivirusDr.Web.Perform a full device scan for viruses. Remember that if you do not have Root-rights, the antivirus will not be able to remove malicious files that are registered as system files (they are in the system files). Only Root devices can access the system.
  • If necessary, we get Root-access.
    Most of the tips from this topic imply Root rights on the smartphone. How to get them is written in the theme of your Android - Devices, or you can tryuniversal methods for obtaining Root rights.
  • We are looking for a source"contagion".
    If suspicious files are found on the device; Self-installing applications (which reappear after your removal) need to find a malicious source somewhere in your device (most often in the system folders) and manage the installation and download of all these files.
  • Source Search Application"contagion"and control access to the internet.
    Keep track of applications that access the Internet before the appearance of advertising, or downloading questionable files will help firewall:NoRoot Firewall.A source"contagion",It often loads ads on your device via the Internet. The firewall also blocks access to the Internet to all applications that are trying to get it and shows you those applications that made such a request to the Internet access. Gradually allow access to applications and see in the "event log" of the firewall which applications went online when advertising appeared on your device or some files were downloaded.
  • Remove ads from the notification bar.
    If an advertisement appears in the notification panel, install the application:AirPush DetectorSometimes it helps to find which of the applications send ads to the notification panel. You can try to find out from which application the notification comes by holding your finger on the notification itself in the panel and then clicking on the exclamation mark that appears to the right.
  • The best way is flashing.
    If you don’t want to receive Root on a device, or it is not yet possible for this device - flash the device. Changing the stock (default) firmware to custom (unofficial, modified) is the easiest and most effective way to combat"malware"which were installed in the firmware initially. Also to those for whom independent source search"contagion"complicated and who fears do more harmflashing is recommended.In the firmware thread on your device, find out all the instructions on how to flash the device and how to choose the firmware.
  • We continue to study the instructions.
    Carefully read the topic header, a lot of useful instructions are available in the spoilers below. There is also a list of applications that users find dangerous.
  • Other applications.
    In all the recommendations from this topic it is proposed to use the most famous and well-proven applications, but if for some reason they are not satisfied, you can ask their counterparts in the subject.Help in finding programs for Android OS.
The authors of the instructions are not case of your wrong actions. Before any removal operations; replace; editing system applications is highly recommended Make a backup of the firmware through the recovery.
The device is completely blocked by the banner
Recovering after removing "malware"
Useful applications
Questions about how to use the applications are set in their profile topics at the indicated links. Search for other applications is conducted in the subject:Help in finding programs for Android OS
Dangerous applications
Information about the applications below cannot be 100% correct. It is possible that the developer has already deleted the virus code, or the application with the virus is distributed only on some sites. The list was not created to discredit the developer’s “honest name”, but as a warning to users, be careful with these applications.

Many thanks to all who filled and filled the topic with useful instructions. Special thanks to the distinguishedW.Masterfor the activity and constant assistance to users.

Theme needsCurator . Those who wish, please read Requirements for candidates to the curators of the forum . If the desire is not lost, the application can be left in the topic - I want to be curator .

Post has been edited4Serg13 - 20.01.20, 02:09
Reason for editing: Texet TM-5073

Rep: (2749)
Chelodoi Molovek @ 16.09.20, 01:23*
on another phone

No application that opens advertisements in chrome. According to the instructions of theInstructions and issues with advertising on the screen and status bar, with SMS extortionists and blockers of all kinds (W.Master Post # 66386858)you can calculate it.

Rep: (4)
* Zmejj , Dr. Web nothing intercepts. and the firewall of a huge list of lines on different domains and ip when you download a single page with this advertising, all inquiries from chromium.
it is not clear where to dig further.
and you can test someone, maybe it's true owners of the site are built? on on any page on any topic pops up. although at the time it is not clear why there is no other phone, Chrome the same version of the assembly.

Posted on 17/09/2020, 17:39:

that intercepts

Attached images
Attached Image
Attached Image

Rep: (4132)
Chelodoi Molovek @ 17.09.20, 17:35*
all requests from chromium.
it is not clear where to dig further.
Your situation is complicated by the fact that there is some universal method that could catch a program that causes Chrome to open links "their".

During the existence of this topic is nothing better - to keep all of one program and watch, do not come up.

Rep: (2749)
Chelodoi Molovek @ 17.09.20, 17:35*
it is not clear why no other phone, Chrome the same version of the assembly.

Again, on the other phone is offline application is thus clever way (open in a browser) kazhet advertising. The choice you have two: a) put a blocker typeAdguardAnd forget about advertising. b) The detailed approach to finding and neutralizing the malicious program to startInstructions and issues with advertising on the screen and status bar, with SMS extortionists and blockers of all kinds (Post Gridzilla # 33536915)
Estimate a time when advertising started - what applications are installed / updated. With them and start - one: butcher:

Rep: (4132)
Zmejj @ 17.09.20, 17:50*
Estimate a time when advertising started - what applications are installed / updated.
do not always find "time" helps.
Since the recent "popular" apps that contain advertising, but its starting to show a few months after the installation of the application.

Rep: (115)
* Chelodoi molovek , Scan the firmware virus total .

Rep: (4)
* Ozero6 ,
I do not understand how it works. most applications with a green jackdaw, but 15 pieces of gray question mark, type are not checked. red is nothing.

Posted 09/18/2020, 1:11:

* W.Master , Poudalyal pieces 5 applications that in the past few weeks I put. it's all vpn with guglpleya. did not help.
but then I decided to clean the browser itself, clear your cache and cookies, and think for advertising disappeared! : Shok:

Post has been editedChelodoi molovek - 18.09.20, 01:12

Rep: (4)
* Zmejj ,
did not understand that help is likely just brushing cookies. : Shok: already deleted applications returned except one, SuperVPN, most stuffed advertising in it in a couple of services virustotale found Adwar.
while advertising is not returned.

Post has been editedChelodoi molovek - 18.09.20, 01:19

Rep: (115)
* Chelodoi molovek , I have not used. The question should be sent for review.

Here islinkon a program, if there are questions.

Rep: (4)
* Ozero6 Yes, yes, already reached, sending everything. Slow Internet connection.

or maybe it was a purely browser-trick of some kind, a bug in chrome and advertising infection, hiding in the cache and cookies?
she got me in a couple of weeks, on every page: D
in any case, thank you to everyone who helped, myself I would not have started to dig. at the same time great bend found, firewall without root is a fire.

Rep: (4)
Yes, it seems calculated. It seems this vpn SuperVPN did muck.
https: //

set of guglpleya, startup allowed to do some work in the background. zakonnektil, and the same advertising is back. but now it is only with the active compound vpn. perhaps because of the Market download any new version, and I had a magic, because advertising climbed off at the client (I do it once ran and forgot).
or I could not download from the Market, the country's problems with access to internet, maybe downloaded from the telegram from xs.
All passwords can be changed ...: ph34r:

Post has been editedChelodoi molovek - 18.09.20, 01:53

Rep: (3)
Good day! Guys, prompt, how to remove this image when unlocking the screen.Attached fileS00918-17373869.mp4(5.65 MB)

Rep: (0)
Try to remove Aicy Glance application.

Rep: (0)
Good afternoon. The search engine has not helped.
The essence of the problem:
Night (as it was in the morning), the phone starts playing the audio ads - "I Maksim Orlov of Innova Trade".
How to get rid of this game?
This problem about 3 weeks, maximum 4.
The app was recently installed 3 months ago. And, in principle, with the New Year only 2 applications were installed: Auchan and ZSD.
Left no not set.
Thank you in advance for your help)

Rep: (2749)
* Ek-Makarok, via CatLog - Logcat Reader look that during commercials started from the application.

Rep: (3)
I'm not sure that I write in the right theme from Beeline is constantly spam pop-up messages Sim Toolkit about horoscopes, quizzes and etc., is it possible to somehow disable? Sunset in the LC, found no such

Rep: (4132)
Xavier Teodonius @ 08.10.2020, 14:19*
Sim toolkit
disable notification to this application.
Check that the Chameleon service has been disabled.

Post has been editedW.Master - 08.10.20, 14:57

Rep: (2749)
Xavier Teodonius @ 08.10.20, 14:19*
from Beeline is constantly spam pop-up messages

"Beeline" - Discussion of the mobile operator (Post froster_dandy # 87357010)

Rep: (0)
Hello, prompt in Wi-fi router to disable the service chameleon? The phone know how, but the router does not.

Rep: (33)
* valera_80 Apparently talking about a router with a modem? If so, it is easier to rearrange SIM cards in the phone and oklyuchit superfluous, and then rearrange the sim card back.

Full version    

Help     rules

Time is now: 22/10/20, 10:06