The virus for Android smartphones
Recently it happened to me that my Android smartphone behaved in a way as strange as it was annoying. Every few minutes, pop-ups appeared that forced me to install apps. The popups had the Facebook logo in the upper right, but it was understood that it was a bogus logo.
The apps were downloaded from parallel markets (they were certainly not secure apps) and, moreover, the continuous transfer of data also took place under the mobile network! Banners appeared everywhere, both while browsing, and when using other applications: while I was calling, while using the camera, everywhere!!!
What other blogs suggested
Needless to say, I have been very informed about the various blogs and I tried everything I was suggested. From the installation of an antivirus program for Android smartphones, type Avira, Avast O Malwarebytes to applications for type optimization CCleaner. Nothing: the banners kept appearing.
I then decided to reset the phone. Drastic operation, true, but necessary. Too bad that, after the restoration, nothing has changed! Unbelievable, the malware was still there. What to do? Should I throw away my smartphone as some gurus suggested on blogs?
Not at all. I decided to do it on my own. I am sure that these procedures that I will describe will be useful to others who have the same problem as me.
Android smartphone virus removal survey
First of all I tried to understand what this virus (or malware) was that had taken control of my smartphone. Checking the files on my phone, I noticed that APKs were being downloaded without my consent. So the virus responsible for these problems had to consume data traffic.
I checked the data consumption statistics via the menu Settings, Data usage, Statistics. In pole position there was SystemFQAD. Surely I had identified the process responsible for so many annoyances. Now it was just a matter of removing it.
I then installed another antivirus program: Kaspersky Internet Security. By starting the full scan, the process SystemFQAD it was identified as adware, but the removal was unsuccessful. In fact SystemFQAD it is a system process, already present in the ROM at the time of purchase of the phone. This also explains how the restore had not taken away the virus: it was already part of the system! It seems in fact that many Chinese mobile phones, like mine, a KenXinDa Proofing W8, factory come out with some adware installed. I don't know why, but it's an annoying situation.
The cancellation of the process SystemFQAD it was therefore not possible using the normal features of Android. In fact in the menu Settings, App, the process was visible, but it could not be uninstalled. Even to finish it, SystemFQAD it restarted autonomously after a short time.
First attempts to remove systemFQAD malware (virus for Android smartphones)
Since it is not possible to delete a system process, the first attempt I made to delete SystemFQAD was to install a firewall, to be precise NetGuard. NetGuard it is available for free on the Play Store. I disabled WiFi and Cellular data traffic on the process SystemFQAD. The situation improved slightly, as banners were rarer. However, the malware was able to bypass the firewall, especially when the phone started. In fact the process SystemFQAD it was the first to start, then the firewall started NetGuard: this delay allowed the virus to consume data traffic anyway. The method was therefore not 100% valid, but only a tamponade waiting to find the definitive solution.
The ultimate removal of the SystemFQAD malware
Assuming this malware was still a file, it was necessary to delete it. The removal of system files is not allowed by Android, so it was necessary to obtain root permissions, authenticate as a super user in order to freely modify all files, even system ones.
Before performing the following procedure, make sure to make a backup of all your data: from emails to sms, photos, documents, in short… everything there is in the smartphone. Also check that the procedure does not result in the loss of the phone's warranty.
The first attempt was to download and install FramaRoot. The installation failed on my smartphone. In fact, I remember that not all apps that allow you to obtain root permissions are compatible with all existing smartphones on the market.
The installation of KingRoot instead it was successful: here are the steps necessary to get root permissions on Android, installing KingRoot.
Step 1: Get root permissions, download KingRoot
Download the APK of KingRoot from the official website (you have to do a search on Google: since the link changes all the time, I can't put it here ...), the application will be downloaded and placed among the downloads.
Step 2: Get root permissions, install KingRoot
Go through downloads, look for the APK file of KingRoot just downloaded it and launch it.
In case the Android system settings do not allow you to install applications from unknown sources, you will see the following error: "Installation blocked. The phone is set to block the installation of applications obtained from unknown sources."
To allow the installation, click on Settings, or go to the Android system settings, then click on Safety.
Then allow the installation of applications from unknown sources, scrolling down the menu and using the appropriate command.
In my case, the installation of KingRoot it was successful on the first shot. I hope the same for you!
Step 3: Removing SystemFQAD system process with root privileges
Finally you can now remove the virus from offending Android smartphones: SystemFQAD. The same KingRoot contains an uninstall utility among the tools. Of course, if this is not present in other apps that you may have used to root your phone, you can use specific utilities such as System app uninstaller which, in combination with root privileges, is able to uninstall apps, including system apps and those already present in the ROM at the time of resetting the phone. System app uninstaller it is available for free on the Play Store.
Using KingRoot, click on More tools, then on Uninstall tool.
Among the various apps, identify malware SystemFQAD, select it, and… Remove! After removal, it may be that the process is still visible in the list of apps to remove. I recommend restarting your smartphone. After rebooting, the SystemFQAD Android smartphone virus will no longer be visible. The banners will disappear and the smartphone will return as new!
Then do a nice cleaning of the smartphone, also deleting any large files that SystemFQDA has downloaded without your permission.
Conclusions on SystemFQAD
The fact that system adware is being introduced inside smartphones of Chinese origin is quite disturbing. Anyway, I just described the step-by-step procedure to make its safe and permanent removal. My advice is to check if, within the system processes (via the icon of the Settingsselect App and go up All), adware is present SystemFQAD. If it is present, you are faced with a choice: root and delete it (although perhaps, at the moment, the virus for Android smartphones has remained inactive), with the risks involved, or whether to wait for the malware to activate and, therefore, have a valid reason to delete it.