Topic: [TUT] Monkey Test and Time Service worm virus Removal (Read 9577 times)

10-01-15 08:48 AM
musicgeek
Full Member
  • Posts: 559
  • Thanked: 115
  • Reputation: 0
My Sony Xperia recently slowed down and upon checking the Running apps, 2 suspicious services are on the background named Time Service and Monkey Test. Surely this has made a monkey out of me and I have gone nuts trying to get rid of it. Luckily my phone is rooted and I have a clockworkmod backup. I have decided to restore from it to end my woes.

I want to share this Tutorial as a guide to help those who are stuck with this "unbreakable" virus and whose phone security has been compromised. Top anti-virus like Avast won't help as of this writing.

Para sa mga nabiktima at para na din sa mga watchmodes, eto mga nakalap ko at na-experience sa virus na ito. Remember, prevention is still the best solution. Sana makatulong:

Anong pakana ng gumawa nito?
Nagdodownload ito ng kung ano anong apps sabi nila, for those apps to gain popularity through unsolicited downloads.

Saan ito nakuha?
Sa kaso ko, sa Popslide pa yata tumawid. The worm virus was disguised as points-earner, ironicallynamed "data protection.apk" . Nung install ko na, it asked for system accessibility. By granting that privilege, the malware became an administrator and got full access of my phone. The virus has also disabled the option to revoke admin privilege.

Anong danyos nito?
Dahil magdodownload ito ng kung ano anong apks sa phone, babagal ang internet aside from the phone itself once multiple apps are installed by it.

How does it work?
The virus copies itself in the data/app and system/app dir and make itself a persistent service. In mycase it was ThemeManags.apk on the system/app and at least 2 more suspicious apks I did not install myself on data/app dir. 

The apks installed in the user data directory cannot be uninstalled coz android won't allow to remove apps with admin privileges. The virus has effectively exploited this Android loophole.

Though my phone is rooted, I cannot delete the apks manually using File Managers as deleting from one folder only triggers regeneration through the apks from the other infected directory.

Factory reset didn't help since only the user data are wiped out by it. The worm virus just regenerate through the system directory which is left untouched by the factory reset.

Remedies that may work?

Temporary fix / damage-control:
Disable installation from "unknown sources" and use a firewall to block the virus from doing its work. I use "Android Firewall" and "Mobiwol" for rooted / non-rooted phone respectively. You can also try the Titanium Backup freeze approach if your phone is rooted. Remember to freeze all apks related to the virus. This only stops the virus from downloading and installing apps. The phone is still on compromised state and depending on the other "tricks" that this virus has, it may manifest further threat.

Permanent Fix:
For non-rooted phones and with no plans to root, I don't think there's any other choice but to update or reflash your firmware. Consult your phone manufacturer how to individually go about with this procedure.

For rooted phones, simplest way is a full restore (user + system) from low-level backup like CWM. This will effectively rollback to an earlier state before the virus was installed. If you don't have a backup, reflash your custom firmware through CWM or similar recovery mode.

Good luck ka-PDs!

P.S. They say that "360 security" can remove this virus for rooted and non rooted though hindi ko pa natry. Download nyo na lang sa Google Play.
« Last Edit: 10-01-15 09:00 AM by musicgeek »

10-01-15 12:19 PM
txtwhizard
Jr. Member
  • Posts: 150
  • Thanked: 21
  • Reputation: 0
Nice topic surely for those using load earner apps like mcent.
[You are not allowed to view links. Register or Login]

10-03-15 06:46 AM
pist0ler0
Jr. Member
  • Posts: 64
  • Thanked: 1
  • Reputation: 0
Nag ka ganyan din 0+ 9.2 ko.. ginawa naka freeze na sya gamit ang titanium bumilis na ulit phone ko

10-06-15 05:55 PM
cream0922
Full Member
  • Posts: 1188
  • Thanked: 68
  • Reputation: 0
Ganyan sa kapitbahay ko ang masaklap yong tech na nag ayos ng cp mas lalong sinira yong cp wala atang alam yong tech na yun

10-06-15 06:29 PM
uragunn
Full Member
  • Posts: 609
  • Thanked: 62
  • Reputation: 0
nice info. salamat po. abangan ko yan kung may magpapagawa sa akin

10-08-15 01:47 AM
aquaman007
Full Member
  • Posts: 2274
  • Thanked: 1992
  • Reputation: 1


:ty: po . . . :D


pero mas madali ata yumg AVIRA AV . . . pakitry po . . . nasa playstore . . . ;)



01-07-16 09:40 PM
dituriaga015
Full Member
  • Posts: 1109
  • Thanked: 25
  • Reputation: 0
Eto pala yun  sa azus zenphone 5 big lanalang mag download kung ano ano ma apk ayaw ma stop kahit factory reset. At andaming adds nag papop up at nag papa install na apk na di monaman dinownload na nasa mmc nalang bigla. Now i know
Denmark

01-08-16 11:37 PM
cinuaq
Sr. Member
  • Posts: 5453
  • Thanked: 692
  • Reputation: 16
up. nangyari na eto sa phone ng kapatid ko

01-18-16 12:48 AM
duppy5
Semi-Newbie
  • Posts: 5
  • Thanked: 0
  • Reputation: 0
yun engriks na virus pano po mawala, un cp kc ng kapatid q ganyan ang problema? ty

01-18-16 08:37 AM
systematic
Full Member
  • Posts: 4281
  • Thanked: 124
  • Reputation: 1
ito na pala yong apps na monkey test/time service ganito pala!  ty ts laking tulong to sa newbie at takot mag root babala to xD, kahit flashing rom ba si epektibo? :kawali: hitted na

01-18-16 11:09 AM
javilloelmer
Full Member
  • Posts: 1601
  • Thanked: 255
  • Reputation: 1
nangyare din yan sa cherry mobile flame 2.0 ko dati. ang ginawa ko ni-root ko phone. install kingroot at sa kingUSer dun ko dinelete yung monkey test at time sevice.
LIES DON'T END RELATIONSHIPS...


USUALLY THE TRUTH DOES....

01-22-16 08:02 PM
uragunn
Full Member
  • Posts: 609
  • Thanked: 62
  • Reputation: 0
flash rom lang talaga. kung nadelete nyo man kc rooted. next time nyo magreformat andyan nman yan ulit

01-27-16 11:02 PM
Alesanah
Full Member
  • Posts: 973
  • Thanked: 165
  • Reputation: 1
mag ingat din kayo sa mga shop na nag fa flash ng rom at reprogram guys minsan yung stock firmware na nilalagay nila eh infected ng monkey virus. kaya ang mangyayare babalik at babalik kayo saknila pra ipa gawa. pinag kakakitaan ng mga tech yan.

01-28-16 05:15 PM
sheiksamson
Jr. Member II
  • Posts: 240
  • Thanked: 74
  • Reputation: 0
very nice topic TS! pero matanong ko lang... sinubukan mo na ba hanapin sa system/app yung malware apps na yan?

01-29-16 05:11 PM
cinuaq
Sr. Member
  • Posts: 5453
  • Thanked: 692
  • Reputation: 16

04-28-16 08:34 AM
Gigabyte
Jr. Member
  • Posts: 155
  • Thanked: 8
  • Reputation: 0
di naman natatanggal ng 360 ung virus. nadedetect lang pero di kaya tanggalin.

05-03-16 10:57 PM
lenerob17
Full Member
  • Posts: 878
  • Thanked: 129
  • Reputation: 1
suggest ko lang din para sa mga ka pd natin na naka encounter ng ganito try nyo din ang CM SECURITY sa play store meron nun ok din naman detected ang virus lalo na yung mga advertise na bigla nalang nalabas pag bukas palang ng wifi

06-10-16 08:46 PM
geboy23
Newbie
  • Posts: 2
  • Thanked: 0
  • Reputation: 0
MGA KA PINOY PWEDE MAGTANONG PAANO PO BA MAGTANGGAL VIRUS SA SAMSUNG GALAXY S3? SLAMAT PO....

06-22-16 10:22 PM
soultrack
Full Member
  • Posts: 1221
  • Thanked: 41
  • Reputation: 0
[You are not allowed to view links. Register or Login]
MGA KA PINOY PWEDE MAGTANONG PAANO PO BA MAGTANGGAL VIRUS SA SAMSUNG GALAXY S3? SLAMAT PO....
try mo itong manual removing
Quote
[You are not allowed to view links. Register or Login]

09-01-17 05:32 PM
Genstarwin
Full Member
  • Posts: 331
  • Thanked: 12
  • Reputation: 0
mga master patulong cp ko maraming ads na lumalabas patulong :ty: