Trojan

Having paid for F Secure Safe I thought it would be able to remove a piece of malware by the name of COM.ANDROID.GESTURE BUILDER

Having scanned my tablet several times it keeps stating it has removed the malware but it keeps coming back in fact whilst writing this statement it has been removed twice and just keeps popping it's ugly head up

 

Comments

  • UkkoUkko Posts: 3,198 Superuser

    Hello,

     

    Sorry for my reply.

     

    I not friendly with Android platform, but based on brief try to search "COM.ANDROID.GESTURE BUILDER" -> I got potential view that there can be something as 'system' or 'pre-installed' application.

     

    And even it can be valid (?!) application for some situations - it possible that it can be modified android resource by manufacturer of device; Or pre-installed application (modified) by third party;

    Or indeed malware (with meanings not as backdoor or false positive; but indeed malware - which comes to device);

     

    You noted that F-Secure deleted (removed) it, but than it coming back. Maybe you have to try something as 'deactivate' such application/process (stop/deactivate) manually.

    Or maybe it can be placed on SD-card - which partly prevent proper removing/cleaning;

     

    Also maybe you have to re-check "Device Administrators" (as applications with high privileges); If there some other troubles under device;

     

    Sorry if I wrong understood your situation and if there another view.

     

    And if you need help with steps about check/try to deactivate such application (service, process) or even get proper understanding why this 'potential malware' comes back (while it marked as removed) - you just able to back with reply and maybe there will be response from experienced Android users (as additional to other kind of help);


    Thanks.

     

  • DevtheRevDevtheRev Posts: 2

    The thing is if I let F Secure Safe scan it but don't remove it it does not çome back but as soon as F Securesafe deletes it it comes back

    Ukko
  • UkkoUkko Posts: 3,198 Superuser

    @DevtheRev wrote:

    The thing is if I let F Secure Safe scan it but don't remove it it does not çome back but as soon as F Securesafe deletes it it comes back


    Hello,

     

    So, if F-Secure SAFE scan did not remove it - maybe it should not "comes back" because still placed under device (?!) with active status. Or you mean something else?

     

    But does your experience about F-Secure SAFE for Android? And scan by this application?

    Or you plug-in/connect tablet to computer and scanning 'device' by F-Secure SAFE for desktops?

    Maybe with any of meanings - when F-Secure SAFE remove this application - device doing something as 'recovery';

     

    Does this Help-page can be helpful for you?

    https://help.f-secure.com/product.html#home/safe-android/2016/en/task_1481FD0DA1404A3C907E29EB8092906A-safe-android-2016-en

     

    There have words that when malicious file is detected -> should be some options (for example, quarantine file) and additional information about application. You able to use this information for manual try to disable/uninstall/deactivate it. Because most likely - if application is deactivated/stopped - it not possible to do malicious tricks.

     

    I have experience (small) about Android device and there was pre-installed (third-party applications) - which some of security companies marked as malware/spyware or unwanted applications.

    With my experience it was not 'system'-part and .apk files just removed when I connect device to my laptop; But some of this pre-installed software was not possible to remove (system ones maybe) and I had to 'disable' them (deactivate/stop) only (with default configuration of Android device); As result - they no longer detected by most of security applications (but some of them still detected them under device; which proper information in fact - but with disabled status... such applications should be harmless);

     

    I still not sure - if you get detection 'COM.ANDROID.GESTURE BUILDER' properly (if there modified build); Or if there false positive and detection comes randomly.

     

    Sorry for long reply.

    Thanks.

This discussion has been closed.