Diana
Best answer by CameronP
View originalcan't remove a threat
My Secure anywhere detects Android.Gedma Smsreg com.mediatek.smsreg. It says it is a Trojan, but I cannot uninstall it. I have tried, but it keeps saying uninstall unsuccessful. What can I do?
Diana
Diana
Page 1 / 2
Userlevel 7
Well, i assume different versions of the file would have different MD5 so it would be possible to whitelist specific versions....
But another problem i had not thought of is not malicious versions of the file but the ability of other malicious files to exploit is one... it would admittesly leave a security hole and so might not be whitelisted?
But another problem i had not thought of is not malicious versions of the file but the ability of other malicious files to exploit is one... it would admittesly leave a security hole and so might not be whitelisted?
Userlevel 7
Hi David
Good call but I think that the issue really is that there are malicious version of this file (usually when found an not part of the OEM install) and therefore how does one differentiate between a file that could be there and should be as opposed to one that could be there but shouldn't. Not sure how this can be done in the context of a security app without decomposing the OEM install components to check the "could & should vs. could & shouldn't" position.
I may be wrong on this but that is the issue and if I am right about this then iti s likely that if WSA is being overly cautious in its determination then it is just possible (and I am saying POSSIBLE) that other security apps are not being so cautious, etc.
It will be interesting to see what Roy comes back with on this.
Regards
Baldrick
Good call but I think that the issue really is that there are malicious version of this file (usually when found an not part of the OEM install) and therefore how does one differentiate between a file that could be there and should be as opposed to one that could be there but shouldn't. Not sure how this can be done in the context of a security app without decomposing the OEM install components to check the "could & should vs. could & shouldn't" position.
I may be wrong on this but that is the issue and if I am right about this then iti s likely that if WSA is being overly cautious in its determination then it is just possible (and I am saying POSSIBLE) that other security apps are not being so cautious, etc.
It will be interesting to see what Roy comes back with on this.
Regards
Baldrick
Userlevel 7
I understand now that file exhibits behavior that would normally be flagged as malicious for good reason, but being an OEM file that came on the phone for the preinstalled software I would have thought there would be an exception made for this and the file whitelisted.
Thanks! 🙂
Had a reply from the Threat Research Team. Just stood by the SmsReg is bad and asked me to do all you had already advised in the forum i.e.Disable and ignore.
But ignored the rest of my issues - i.e. why their re-scan not ignore disabled app automatically (like quarantined ones) and the trouble I have to uninstall their app.
I inturn are asking CM and Norton their views of SmsReg as their apps don't flag this up at all in their scans.
But ignored the rest of my issues - i.e. why their re-scan not ignore disabled app automatically (like quarantined ones) and the trouble I have to uninstall their app.
I inturn are asking CM and Norton their views of SmsReg as their apps don't flag this up at all in their scans.
Userlevel 7
While we know a fix has been put in place, it is always possible that Support found and fixed one file version of it, but there may be other versions, older ones, that were not whitlisted.
Fixing a False Positive can be more difficult than whitelisting a single file. While in most cases only a single version of a file is the problem, i would suspect it also possible that a new FP issue is affecting not jist te most recent version of the file but older ones as well.
Let us know what Support says.... we are always curious how things turn out as that helps us learn more so we can help more,and be more efficient in doing it :-)
Fixing a False Positive can be more difficult than whitelisting a single file. While in most cases only a single version of a file is the problem, i would suspect it also possible that a new FP issue is affecting not jist te most recent version of the file but older ones as well.
Let us know what Support says.... we are always curious how things turn out as that helps us learn more so we can help more,and be more efficient in doing it :-)
Userlevel 7
Hi gulibo@ wrote:
Hi Baldrick,
Thank you for your welcome and your opinion.
1. False Positive on SmsReg
I have since loaded and scanned my phone with a couple other Security Apps - CM Security and Norton Mobile. Neither identified this as an issue.
2. Uninstalling
This separate problem to uninstall Webroot legitimately is even more alarming! For example I unstalled the Norton Mobile app easily after I ran tthe scan with ease!
So this experience has left with quite unimpressed with the app.
Gilbert
You are most welcome. And thank you for your feedback and opinions too. Always good to have these.
Regards
Baldrick
Userlevel 7
Hi gulibo
No need to apologise...I had indeed realised that the SMSReg may have been from OEM install...but as I do not have an intimate knowledge of your system (and hence what the OEM install was in your case) I advised on both possibilities, in the case that other users may read the thread but not have this installed as part of the OEM install, in their case.
The inability to remove the 'Threat' in the first place in my earlier postings, is due to the nature/type of the file in question, and if you do not want it then the right way to 'remove' it is to disable it from within the App Control features (there is another way if required to do so but if used Webroot Support will not support your installation...hence why I did not suggest it in open post for those that may find it useful). ;)
Regards
Baldrick
No need to apologise...I had indeed realised that the SMSReg may have been from OEM install...but as I do not have an intimate knowledge of your system (and hence what the OEM install was in your case) I advised on both possibilities, in the case that other users may read the thread but not have this installed as part of the OEM install, in their case.
The inability to remove the 'Threat' in the first place in my earlier postings, is due to the nature/type of the file in question, and if you do not want it then the right way to 'remove' it is to disable it from within the App Control features (there is another way if required to do so but if used Webroot Support will not support your installation...hence why I did not suggest it in open post for those that may find it useful). ;)
Regards
Baldrick
Sorry Baldrick- also thought you may have realised that the SMSReg was from OEM install (mediatek) hence the inability to remove the 'Threat' in the first place in my earlier postings.
Hi Baldrick,
Thank you for your welcome and your opinion.
1. False Positive on SmsReg
I have since loaded and scanned my phone with a couple other Security Apps - CM Security and Norton Mobile. Neither identified this as an issue.
2. Uninstalling
This separate problem to uninstall Webroot legitimately is even more alarming! For example I unstalled the Norton Mobile app easily after I ran tthe scan with ease!
So this experience has left with quite unimpressed with the app.
Gilbert
Thank you for your welcome and your opinion.
1. False Positive on SmsReg
I have since loaded and scanned my phone with a couple other Security Apps - CM Security and Norton Mobile. Neither identified this as an issue.
2. Uninstalling
This separate problem to uninstall Webroot legitimately is even more alarming! For example I unstalled the Norton Mobile app easily after I ran tthe scan with ease!
So this experience has left with quite unimpressed with the app.
Gilbert
Userlevel 7
Hi gulibo
May I somewhat belatedly welcome you to the Community Fora. :D
I think that we need to be careful here in terms of what is and what is not an FP. In the research I have done it appears that in some cases this is an FP (usually when part of the OEM install) but in some cases it is not (when not part of the OEM install).
The common denominator is .smsreg but there are apparently a number of variants and so it is possible that it is an FP but has not yet been recognised by Webroot, especailly if it is newish.
Well done for updating your Support Ticket with the latest information you have and requesting guidance from the Support Team/Threat Researchers...as they are the experts in the matter.
I hope that is of assistance?
Regards
Baldrick
May I somewhat belatedly welcome you to the Community Fora. :D
I think that we need to be careful here in terms of what is and what is not an FP. In the research I have done it appears that in some cases this is an FP (usually when part of the OEM install) but in some cases it is not (when not part of the OEM install).
The common denominator is .smsreg but there are apparently a number of variants and so it is possible that it is an FP but has not yet been recognised by Webroot, especailly if it is newish.
Well done for updating your Support Ticket with the latest information you have and requesting guidance from the Support Team/Threat Researchers...as they are the experts in the matter.
I hope that is of assistance?
Regards
Baldrick
Felt I should update earlier than planned because after posting my 'Trouble' ticket to Tech Support , I was going to try once again to force an update only to find the app have not only managed to update the Definition Set in the background to 777 but the app version as well to3.6.0.6579! The bad news though after I forced a scan it still reports the same threat from com.mediatek.smsreg.
Doesn't make sense now about Webroot has recognised this a False Positive and fixed it a week ago. Have also updated Tech Support my new findings.
Doesn't make sense now about Webroot has recognised this a False Positive and fixed it a week ago. Have also updated Tech Support my new findings.
Thanks David and Sherry for your help within the forum. As I've tried all the uninstall route including from within the app's menu to no avail, trust webroot team will be as responsive. Hope to update my outcome afterwards.
Userlevel 7
If you have tried to:
1) Force Update the Definitions
2) uninstall and reinstall the WSA-Mobile app
and you are still having problems, you will want to submit a Trouble Ticket
The information we have from Support is that the issue has been fixed and the fix fully distributed via the new definition set. As the app is either inable to update definitions or uninstall, it would appear that possibly something is corrupted that may require the assistance of Support..
1) Force Update the Definitions
2) uninstall and reinstall the WSA-Mobile app
and you are still having problems, you will want to submit a Trouble Ticket
The information we have from Support is that the issue has been fixed and the fix fully distributed via the new definition set. As the app is either inable to update definitions or uninstall, it would appear that possibly something is corrupted that may require the assistance of Support..
Userlevel 7
+62
Hi gulibo, I'm very sorry for your issues..All I can say is to contact support via support ticket and they'll get it all straightened out
To uninstall did you go into Webroot itself and when you open app. Go to the bottom of screen in Webroot ,you are protected screen and you'll see general settings, change password, register, about, uninstall. ...did you try that?
To uninstall did you go into Webroot itself and when you open app. Go to the bottom of screen in Webroot ,you are protected screen and you'll see general settings, change password, register, about, uninstall. ...did you try that?
Thanks David for point how to get to the force update button. When I got to this page it states the last check was on Thur,24Apr2014 (I am in UK)8:22pm. But pressing this to trigger Updating Definitions banner don't even change this Last Checked date! There is something seriously wrong with this app on my phone. The update frequency btw was on Daily, which should have been good enough to address my original issue! I have now changed it to hourly anyway. Background scan was at weekly I have changed this as well for now to Daily.
Definition still at set 775. Tried to uninstall from the app menu but gets the same hurdles that I can't over! The phone is running 4.2.2 Can"t believe this app can be so difficult to remove- real worry!
Definition still at set 775. Tried to uninstall from the app menu but gets the same hurdles that I can't over! The phone is running 4.2.2 Can"t believe this app can be so difficult to remove- real worry!
Thanks for your advice. But the issue gets more complicated.
A. Clearing the apps Cache will only reduce reported 24KB to 12KB. Then rebooting made no difference.
B. The Uninstall button is greyed out! So can"t from Manage App route. Then from the Apps View dragging it to the top of screen to remove triggers a new screen saying "Can't uninstall because this package is an active device administrator",with a button to 'Manage Device Administration'. selecting this presents a Check box each already ticked for both 1. Android Device Management and 2.Webroot Secure Anywhere.
Deactivating the former removes the tick in the respective box. But deactivating to extra functions on the second doesn't remove the tick in that box! Afterall this going back to apps icon view to drag it to uninstall just repeat the above again!
Its this app that is causing the biggest worry!
A. Clearing the apps Cache will only reduce reported 24KB to 12KB. Then rebooting made no difference.
B. The Uninstall button is greyed out! So can"t from Manage App route. Then from the Apps View dragging it to the top of screen to remove triggers a new screen saying "Can't uninstall because this package is an active device administrator",with a button to 'Manage Device Administration'. selecting this presents a Check box each already ticked for both 1. Android Device Management and 2.Webroot Secure Anywhere.
Deactivating the former removes the tick in the respective box. But deactivating to extra functions on the second doesn't remove the tick in that box! Afterall this going back to apps icon view to drag it to uninstall just repeat the above again!
Its this app that is causing the biggest worry!
Userlevel 7
To force an update of thr definitions, please do the following:
- Open the WSA Mobile interface
- Click the Security button at the bottom
- Click Anti Virus
- Click the Schedule button at the bottom
- Click Force Definition Update Now
Userlevel 7
+62
😃 Helo gulibo, Weclome to the Community, I was lookin on my Android Mobile and my version is the same as yours but my Definition set is: 776. So it seems to me you are missing something here. Can you go to settings and clear out the cache and then reboot and see if that works for you? Otherwise I would suggest if I may to have you uninstall WSA if the definitions don't update..First make sure you have your code for WSA upon reinstalling. ok?
1: clear cache
2: uninstall WSA
3:reboot
4:install WSA
Only do this if clearing the cache doesn't work.
Please post back if you need further assistance and even then let us know if we solved your problem so that we may help others.
Have a great weekend,
Regards
1: clear cache
2: uninstall WSA
3:reboot
4:install WSA
Only do this if clearing the cache doesn't work.
Please post back if you need further assistance and even then let us know if we solved your problem so that we may help others.
Have a great weekend,
Regards
Thanks for the update. Great! But I can't find a way amongst the options on the app to force an update. All I can see on info is that my definition set is at 775 and v.3.6.0.36759
Userlevel 7
The problem was a False Positive, and a fix went out for it well over a week ago. If you are still having a problem, please make sure your device has up to date definitions: force update definitions if you need to.
If you still have the problem after that, you will want to submit a Trouble Ticket (link below) so that Webroot Support can help get this fixed for you.
If you still have the problem after that, you will want to submit a Trouble Ticket (link below) so that Webroot Support can help get this fixed for you.
Hi, I had the same issue raised on my phone just today.Is this a new finding as I have not downloaded any new app the past month and had both the phone and Webroot running for the past year! Yet this is supposed to be in the phone system in the first place.
Same experience with Webroot reporting can't be uninstalled after alerting this threat and offering to uninstall.
I am puzzled at Webroot logic still reporting this as a Threat even when as suggested here to have it diabled . I only rescan after rebooting the phone and double checked the SmsReg is still Disabled in the Apps List. Surely by choosing to tell Webroot to ignore, what if a future app install a new copy of SmsReg? Better Webroot Scan is set up to ignore apps that are disabled.
Same experience with Webroot reporting can't be uninstalled after alerting this threat and offering to uninstall.
I am puzzled at Webroot logic still reporting this as a Threat even when as suggested here to have it diabled . I only rescan after rebooting the phone and double checked the SmsReg is still Disabled in the Apps List. Surely by choosing to tell Webroot to ignore, what if a future app install a new copy of SmsReg? Better Webroot Scan is set up to ignore apps that are disabled.
Thank you very much to all who replied!!! I disabled the app and then scanned my tablet again. Webroot still detected it as a threat so I checked "always ignore" and tapped "ignore threat" as CameronP said to do. Everything seems to be working fine now! Thank you!
Userlevel 7
Hi Cameron
Many thanks for the clarification...that is good to know for the future.
As volunteers we always need to make sure that we advise appropriately and within the bounds of our remit/know when we need the Support Team professionals brought in.
Cheers
Baldrick
Many thanks for the clarification...that is good to know for the future.
As volunteers we always need to make sure that we advise appropriately and within the bounds of our remit/know when we need the Support Team professionals brought in.
Cheers
Baldrick
Userlevel 4
I would say it's totally appropriate to provide those standard Android steps to use the app management to disable the app, like you said. My toes certainly won't feel stepped on 🙂
Userlevel 7
Hi Cameron
Thanks for the intervention...always good to get the Professional's view/approach to how to handle this.
Duly noted for future reference...and I presume that as the solution here is making use of standard Android functionality to disable this app, then we in the Community are not stepping on the Support Team's toes...so to speak...by providing it ourselves?
Regards
Baldrick
Thanks for the intervention...always good to get the Professional's view/approach to how to handle this.
Duly noted for future reference...and I presume that as the solution here is making use of standard Android functionality to disable this app, then we in the Community are not stepping on the Support Team's toes...so to speak...by providing it ourselves?
Regards
Baldrick
Page 1 / 2
Reply
Login to the community
No account yet? Create an account
Enter your E-mail address. We'll send you an e-mail with instructions to reset your password.