How to check for RottenSys and remove it from your Android phone
RottenSys is an unwanted ad-ware package which comes pre-installed on some Android phones, before the users even turn on the phones for the first time. In this article we'll cover what RottenSys is and how to permanently remove it from your Android phone.
RottenSys will aggressively show unwanted ads on infected Android phones, ads which, according to an estimate made by Check Point, have earned the attackers an approximately $115,000 USD in the last 10 days only.
The RottenSys app will not start displaying ads right away, as a means of disguising itself. After a while, it will start displaying pop-up ads, fullscreen ads and home screen ads. In order to keep the Android system from closing the malware app, RottenSys uses an open source framework called MarsDaemon, which keeps processes alive but hinders the phones' performance and drains the battery as a side effect.
Check Point researchers explain in detail how the malicious app works and link it with Tian Pai, a Hangzhou based mobile phone supply chain distributor.
How many Android phones are affected?
From 2016 to date, nearly 5 million phones have entered the market with this malware package pre-installed. According to Check Point's research team, the most targeted devices are: Honor, Huawei, Xiaomi, Oppo, Vivo, Meizu, LeEco, Coolpad, Gionee, Samsung. The last ones in this list are the least affected ones.
Photos source: research.checkpoint.com
The security researchers also point out that the ad-ware could be wider spread, so if you are worried that your phone could be infected, here's how to check for RottenSys and remove it.
Method1: Check for and remove RottenSys, the easy way
For this task, we'll use Ashampoo's tool called Ashampoo® RottenSys Checker, which automates the manual removal process described in method 2 below.
Step 1. Install Ashampoo® RottenSys Checker from Google Play
Step 2. Open Ashampoo® RottenSys Checker.
Step 3. Tap on the CHECK NOW! button. Next, the app will scan for the malicious packages. If nothing is found, you'll get an All clear! No malware app found. message.
Step 4. If RottenSys is found on your phone, you'll get a prompt informing you of the malicous packages found, with the option to delete them, like in the screenshot below. Tap on the DELETE button and Ashampoo® RottenSys Checker will do the rest.
Method 2: Check for and remove RottenSys manually
Step 1. Go into Android system settings, then to app manager
Step 2. Look for the following app packages:
- com.android.yellowcalendarz - app named æ¯æ—¥é»„历
- com.changmi.launcher - app named 畅米桌é¢
- com.android.services.securewifi - app named 系统WIFIæœåŠ¡
- com.system.service.zdsgt
Step 3. Simply uninstall any of the packages listed above, if they are present on your Android phone. If you could not find any of these packages, then your phone is safe from this threat.
That's it. Your phone is now clear of any unwanted RottenSys packages. If you want to learn more about keeping your Android phone safe, we have a few more articles worth reading:
