0

About a week ago, while browsing the internet - with my Lenovo S860 / Android / Chrome -, some popups came out, and initially i thought that the site has some ads, but it was something else. I've found an article about an adware that's auto-rooting your phone, and you can't get cleaned with hard-resetting, or scanning with any type of antivirus. Ref: http://www.cmcm.com/blog/en/security/2015-09-18/799.html

So, after connecting the device to my PC, (i think) the adware moved on my PC also. So now i have that virus on my phone, and also on my PC. I've tried reinstalling browsers (Firefox, Chrome), reinstalling Windows - formatting HDD - scanning with different antiviruses (AVG, BitDefender, Kaspersky, Malwarebytes, Spyhunter, AdwCleaner and many other) but without success.

The ads are appearing both in Firefox and Chrome, on different events - link click, background click. On my phone appears a site, with the message "Your battery has [some number] battery viruses" and vibrates. On my PC different sites are opened, like Alibaba, some radio websites. Any idea is appreciated!

Suspect domains included on webpages: 

ntvk1.ru
tarkita.ru
cukcopo.ru
darangi.ru
onclickads.net
morgdm.ru

Another thing is that i've found out that Google Analytics is including these domains in the source - now i have blocked these domains and google-analytics.com in hosts file, but i don't think it's the best solution.

Thanks in advance!

K Attila
  • 1

1 Answers1

0

*I can't comment yet, so I have to make suggestions in an answer to get context.

Are you sure the Adware hasn't installed a plugin in the browsers? Check for anything installed through Chrome/Firefox. The fact that you've re-formatted means its unlikely the Malware/Adware is sitting within your hard-drive.

I've never experienced an attack that moves from my phone to my PC, but I can see how it MIGHT be possible.

Of course - One thing you should really do is backup your data and reformat the phone. Using the TWRP Bootloader should wipe your phone properly if its in a rooted state.

Then, the next thing is to check where the Adware/Malware is sitting within your system.

Are there any strange processes running on your machine? Check Windows Task Manager for this. Do you have any plugins installed that appear strange? Remove them completely.

Happy to help a bit further if nothing above helps you.

Also, it might be good to find out how you got this? Did you visit a strange website? Download a weird app?

Dandy
  • 400