How to check for RottenSys and remove it from your Android phone

How to check for RottenSys and remove it from your Android phone

by Mihai Neacsu on 20 March 2018 · 4559 views

RottenSys is an unwanted ad-ware package which comes pre-installed on some Android phones, before the users even turn on the phones for the first time. In this article we'll cover what RottenSys is and how to permanently remove it from your Android phone.

RottenSys will aggressively show unwanted ads on infected Android phones, ads which, according to an estimate made by Check Point, have earned the attackers an approximately $115,000 USD in the last 10 days only.

The RottenSys app will not start displaying ads right away, as a means of disguising itself. After a while, it will start displaying pop-up ads, fullscreen ads and home screen ads. In order to keep the Android system from closing the malware app, RottenSys uses an open source framework called MarsDaemon, which keeps processes alive but hinders the phones' performance and drains the battery as a side effect.

Check Point researchers explain in detail how the malicious app works and link it with Tian Pai, a Hangzhou based mobile phone supply chain distributor.

How many Android phones are affected?

From 2016 to date, nearly 5 million phones have entered the market with this malware package pre-installed. According to Check Point's research team, the most targeted devices are: Honor, Huawei, Xiaomi, Oppo, Vivo, Meizu, LeEco, Coolpad, Gionee, Samsung. The last ones in this list are the least affected ones.

4 full How to check for RottenSys and remove it from your Android phone

5 large How to check for RottenSys and remove it from your Android phone

Photos source: research.checkpoint.com

The security researchers also point out that the ad-ware could be wider spread, so if you are worried that your phone could be infected, here's how to check for RottenSys and remove it.

Method1: Check for and remove RottenSys, the easy way

For this task, we'll use Ashampoo's tool called Ashampoo® RottenSys Checker, which automates the manual removal process described in method 2 below.

Step 1. Install Ashampoo® RottenSys Checker from Google Play

Step 2. Open Ashampoo® RottenSys Checker.

Step 3. Tap on the CHECK NOW! button. Next, the app will scan for the malicious packages. If nothing is found, you'll get an All clear! No malware app found. message.

2 large How to check for RottenSys and remove it from your Android phone

Step 4. If RottenSys is found on your phone, you'll get a prompt informing you of the malicous packages found, with the option to delete them, like in the screenshot below. Tap on the DELETE button and Ashampoo® RottenSys Checker will do the rest.

3 large How to check for RottenSys and remove it from your Android phone

Method 2: Check for and remove RottenSys manually

Step 1. Go into Android system settings, then to app manager

Step 2. Look for the following app packages:

  • com.android.yellowcalendarz - app named 每日黄历
  • com.changmi.launcher - app named 畅米桌面
  • com.android.services.securewifi - app named 系统WIFI服务
  • com.system.service.zdsgt

Step 3. Simply uninstall any of the packages listed above, if they are present on your Android phone. If you could not find any of these packages, then your phone is safe from this threat.

That's it. Your phone is now clear of any unwanted RottenSys packages. If you want to learn more about keeping your Android phone safe, we have a few more articles worth reading:

Comments (0)
Featured Articles