Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

FBI Ransomeware on Asus Tramsformer w/Android 4.0.3


  • Please log in to reply

#1
godawgs

godawgs

    Teacher

  • Retired Staff
  • 8,228 posts

Hi guys,

 

My wife just got hit with the FBI Ransom Ware virus on her Asus Transformer FT101 with Adnroid v4.0.3. Yep, she never updated the O/S.

 

I booted into Safe Mode and found the culprit. It is an app called Flash Player Update. The Uninstall button is greyed out. And there isn't anything in Device Administrators. So there isn't a way to disable it there.

 

Does anyone know of a way to force this malicious app to uninstall short of doing a factory reset?

 

Thanks.


  • 0

Advertisements


#2
Crowbar

Crowbar

    Teacher

  • GeekU Moderator
  • 4,163 posts

Hey buddy, I hope your day gets better!

That's a tablet right?

 

Look here, they talk about this nasty creature down a little past half way down the page.  Looks like your wife has a nice new version of that crap.

 

Not sure if it will work, but it describes your situation.  I would go with the Avast! install, if it's possible.  I have both Avast! and MBAM on my Android phone.


  • 0

#3
godawgs

godawgs

    Teacher

  • Topic Starter
  • Retired Staff
  • 8,228 posts

The tablet seems to be fine....except for the FBI warning that you can't get past. I've never touched that thing, except to show the wife how to update the O/S software...which she never did. So I finally found out last night how to get into safe mode. That's when I found the Flash Player Update app. Evidently this strain doesn't install as Device Admin., so it can't be deactivated. And the uninstall button is greyed out.

She told me that she got a popup when she was on Facebook telling her she needed a flash player update, probably to see one of the video's that the idiots are always posting. But that she pressed the Cancel button. If that's true, this thing installs no mater which button you touch.

Her other apps, and she doesn't have many, all have the uninstall button available and she says they have been installed for a long time, so I'm sure the the Flash Player Update is the culprit.

 

I found the site you linked to last night/this am after I had posted my topic. The very first image on the link looks exactly like what the tablet is showing. I haven't tried it yet. Thought I would give it the day and see if anybody has found a way to remove the app from within the tablet.

 

Thanks for the help.


  • 0

#4
Crowbar

Crowbar

    Teacher

  • GeekU Moderator
  • 4,163 posts

I'm not very good with Android, so i could be wrong, but if you go to google play with a PC, and sign in with the account the tablet uses, and choose to install Avast Ransomware Removal app, it will install on the tablet.  Not sure if that will be helpful, so just file it away for now, while you look for a way to do it directly from the tablet.


  • 0

#5
terry1966

terry1966

    Member 1K

  • Member
  • PipPipPipPip
  • 1,142 posts

ignore post,

 

missed where you said the app doesn't install as device admin, so only option so far is to do a factory reset in safe mode as explained in earlier link http://malwaretips.c...-virus-removal/ crowbar posted.
 

With Safe Mode booted (you’ll spot the “Safe Mode” legend in the bottom left of your display) only system apps will be running. Any third party apps you have downloaded and installed are disabled, much as with booting into Safe Mode in Windows.
Removing FBI Ransomware from your Android device requires you to first remove administrative privilege from the app in its Flash Player guise. Open Security > Device Administrator and select Flash Player, then Deactivate.
You can then remove the ransomware by opening Settings > Apps, selecting Flash Player and tapping Uninstall.

http://www.makeuseof...getting-remove/
 
:popcorn:


Edited by terry1966, 05 February 2015 - 01:40 AM.

  • 0

#6
godawgs

godawgs

    Teacher

  • Topic Starter
  • Retired Staff
  • 8,228 posts

Thanks for your reply terry1966, but this variant of the ransomeware doesn't install as Device Administrator. As a result it isn't in the Device Administrator so it can't be disabled. And it can't be uninstalled because the Uninstall button is greyed out.

Looks like the only way to remove this variant is to reset the tablet to factory settings.


  • 0

#7
terry1966

terry1966

    Member 1K

  • Member
  • PipPipPipPip
  • 1,142 posts

Thanks for your reply terry1966, but this variant of the ransomeware doesn't install as Device Administrator. As a result it isn't in the Device Administrator so it can't be disabled. And it can't be uninstalled because the Uninstall button is greyed out.

Looks like the only way to remove this variant is to reset the tablet to factory settings.

 

yes, noticed that and must have been editing my post when you replied.

 

did find this from one of the comments from an earlier link that may save you having to do a factory restore tho.

 

Hi! Just got encountered with this myself (my dad + new smartphone= mayhem) None of this was working for me also because of the latest malware, so what I did was went into safe mode like instructed, and accessed the Google Play Store. I downloaded this free antivirus called "Avast" and once it installed, restarted the phone in normal mode.
Once I restarted and it got to the where the FBI screen were to be, Avast caught the malware (in my case, a fake Norton Internet Security) and FINALLY allowed me to uninstall successfully. I restarted the phone again just to be certain it worked, checked settings and the virus was gone!
I told myself if I figured something out, I'd share this on all of the sites I used trying to find a way out of this mess, so I hope this works for you!!

http://www.wintips.o...id-koler-virus/

 

 

There you go again you are eating that  popcorn.gif.pagespeed.ce.r0mQrzhRQa8L34p  You better need to start exercising   spoton.gif.pagespeed.ce.y2QDjP8M6bftM26s I am sure you would have gained extra pounds now !  killcomp.gif.pagespeed.ce.-vKHI2f3xIbuDZ

think of it as my signature.  :D 

 

:popcorn:


  • 0

#8
godawgs

godawgs

    Teacher

  • Topic Starter
  • Retired Staff
  • 8,228 posts

I tried the Avast program, but didn't try rebooting into normal mode. I'll give that a try, but I don't hold out much hope.


  • 0

#9
godawgs

godawgs

    Teacher

  • Topic Starter
  • Retired Staff
  • 8,228 posts

Latest update for anyone interested.

None of the suggestions worked. Had to resort to resetting th tablet back to factory settings. If you get hit with this particular strain you can save yourself some time by going straight the a factory reset.

Wish I had better news.


  • 0

#10
terry1966

terry1966

    Member 1K

  • Member
  • PipPipPipPip
  • 1,142 posts

at least now your wife shouldn't fall for any such social engineering scams again and install everything that just pops up on her screen without thoroughly checking out what it is and where it came from first. :D

 

sorry there wasn't an easier fix than wiping everything.

 

:popcorn:


Edited by terry1966, 05 February 2015 - 04:21 PM.

  • 0

#11
godawgs

godawgs

    Teacher

  • Topic Starter
  • Retired Staff
  • 8,228 posts

She said she didn't install it this time. That she tapped Cancel on the installation popup. I've never seen a popup automatically install on a Windows system, but I've never used an Android tablet so maybe it's possible that it can happen on it. And obviously you haven't met my wife. :whistling:


  • 0

#12
Crowbar

Crowbar

    Teacher

  • GeekU Moderator
  • 4,163 posts

I'm interested, too bad you could not remove it without a hard reset, you know I was rooting for you :cool:

 

MBAM and Avast! work great on my Android phone


  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP