# infected with fakeapp-nm



## quenosabe (Apr 17, 2012)

Hello, my android 5.1.1 just got infected with fakeapp-nm, avg removes it but keeps downloadin as 10008_1.jar.

What can I do?


----------



## AleXxCov (Aug 6, 2017)

I have the same problem


----------



## quenosabe (Apr 17, 2012)

Here is what I have tried so far, downloaded and ran malwarebytes, detected a malicious file and asked to remove the file, could not remove it. 

So I rebooted the phone in safe mode wen to the apps folder, deactivated it, restarted the phone in normal mode and... well... the problem seems to have stopped.

Went to the downloads folder and manually removed (21) 10008_1.jar files.

So, now is wait and see, will keep you posted if they... Aaaaaghh!!! bleeping things just reappeared!


----------



## quenosabe (Apr 17, 2012)

Malwarebytes detects: Android/PUP.adware.YeMoBi.a
Asks to uninstall the app, click on yes but displays : incorrect uninstall.

Daaah! as soon as AVG detects and blocks the download it just downloads again.


----------



## AleXxCov (Aug 6, 2017)

I already restore my phone two times and it's still hapening, I used AVG too and the file keeps downloading


----------



## AleXxCov (Aug 6, 2017)

Search for Beauty snap on google.


----------



## quenosabe (Apr 17, 2012)

Was that a hard reset you did on your phone?


----------



## AleXxCov (Aug 6, 2017)

Yes, and I think you need to root the phone to remove the virus.


----------



## quenosabe (Apr 17, 2012)

Was that a hard reset?


----------



## quenosabe (Apr 17, 2012)

Sorry for the dupe!!


----------



## quenosabe (Apr 17, 2012)

How do I root the phone?


----------



## AleXxCov (Aug 6, 2017)

you can try with kingroot.


----------



## AleXxCov (Aug 6, 2017)

after that rty again with malwarebytes


----------



## quenosabe (Apr 17, 2012)

Has it worked for you?


----------



## AleXxCov (Aug 6, 2017)

Im not quite sure, what i did was remove some files manually, look for the tencent and qqsecure files and remove them, after i did that the file 10008_1.jar downloaded again but the adds desapear, so it's probably that the virus it's still there but this is the only solution i found, somehow i desactivate it or something similar.
If you still have the problem tell me.

And try searching for tencent on google, all of these things are chinese ****.


----------



## Gilvan (Aug 7, 2017)

Solution.
In my case "/thirdapp/10008_1.jar".
Just delete it and replace it with an empty text file named "10008_1.jar".
Then, you may restart the phone and delete it either.


----------



## quenosabe (Apr 17, 2012)

I just tried that before I read your post, manualy deleted that same file. 

I'm on wait and see mode...
Ads seem to have stoped...

If anything turns up I'll let you know...

Thanks for the help!


----------



## Gilvan (Aug 7, 2017)

Phone got infected again.
Solution.
Deactivate "Beauty Snap".


----------



## quenosabe (Apr 17, 2012)

Hi Gilvan, the virus stayed quiet for a while but came back with a vengeance.

So after all this circus we have had with this virus, i installed no root firewall (by grey shirts) from uptodown.
You select which apps have access to internet, so I wiped off beauty snap, gangyun, com.android.snap and m4 pack.

Immediately, the virus tried to download the 10008_1.jar file, but since I only gave permission to the few apps that I know are safe, the download only registered an error. So far no ads, and since trying to download some 25 times in an hour, the action has stopped.

The virus is still there because the files keep reinstalling, but the firewall has effectively stoped the viruses downloads.

Hope this helps.


----------



## Gilvan (Aug 7, 2017)

My problem was solved by simply deactivating "Beauty Snap".
More than 24h has passed, and no sign of virus.


----------

