GuidePedia

0
A+ A-

Dear members and visitors of TechKnow,

Due the fact the team and I see more and more people posting about their AllWinner tablet having a demo lock all the sudden we've investigated this issue and created a patcher for it. Use this tool to scan for the trojan if you have a AllWinner.

Download: AllWinnerDemoFix-v0.52.7z 2.48MB
Download: AllWinnerDemoFix-v0.61.7z 2.48MB
Download: AllWinnerDemoFix-v1.00_Incl_ADB_Driver_v1.1.1 @ huckleberrypie 10.65MB
Download: AllWinnerDemoFix-v1.00_Incl_ADB_Driver_v1.1.1 @ MediaFire 10.65MB
Download: AllWinnerDemoFix-v1.00_Incl_ADB_Driver_v1.1.1 @ 4Shared 10.65MB
Download: AllWinnerDemoFix-v1.20_Incl_ADB_Driver_v1.1.1 @ MediaFire 11.65MB
Download: AllWinnerDemoFix-v1.30_Incl_ADB_Driver_v1.1.1 @ MediaFire 11.65MB

AllWinner A20/A23 Demo Lock Removal Tool by Fsebentley and HcH

This will replace and remove files to get rid of that nasty DEMO LOCK that appears more often these days aka:

Dos.Backdoor.Coudw.Ljkj
Artemis!3849251DE0F1
HEUR:Backdoor.AndroidOS.Coudw.a
Trojan.AndroidOS.Generic.A
Trojan.AndroidOS.Agent
Android/Coudw.A!tr.bdr
Backdoor:Android/CloudInstall.B
a variant of Android/Agent.AD
Android.DownLoader.83.origin
AndroidOS/GenBl.3849251D!Olympus
Backdoor.AndroidOS.Coudw.ApxZ
Android/Agent.A.1444

A backup will be made before actual modification are made. To restore the backup, rename SystemUI-backup.apk to SystemUI-A20/A23.apk and restart the corresponding function.

HowTo use:
 1. Scan for Device: searches and verifies a connected android device.
 2. Scan for Trojan: checks if the trojan responsible for the demo lock is active.
 3. If 2. is positive, check the Build.prop to see if you have a A20 or A23 model.
 4. A20 FIX or A23 FIX, depending on the results from 3., you choose one of these.
 5. The script will reboot the device to recovery mode, manually perform a factory reset.


Definition for Cloudservice / DEMO Trojan:
For clarification let me state that Android by "default" or "origin" is not susceptible to virus' and being built on Linux platform it is "open source" so that is where you get some LAME people and large corporations making these virus' encoded into the devices original configuration [ROM] and NOT NATIVE TO ANDROID.
 
Perfect example for how we the users can infect our own devices would be the small flashlight apps we all use daily and available for free on Google Play Store... these can factually be classified as "Intrusive Adware" that we install for quick access to our devices camera flash for use as a flashlight and yet we tolerate the pop-ups generated by the app.

Again not NATIVE to Android... this is something we the USERS have put on our devices. Harmless but annoying and same principle.


What is the Cloudservice / DEMO Trojan?

 My definition based on learned knowledge as no "official" definition is or most likely will ever be available.

        [knowledge and infos acquired from www.TechKnow.me]

Firstly, in some devices it seems to be in a "sleep" mode until one day it simply "shows up" according to some reports. Our new Tool at TechKnow seeks and destroys the hidden files and configs totally eliminating all traces of the Trojan.

[SPECULATION: it could possibly be incorporated into some downloadable apps in the future. The same basic principle as adware is incorporated into the flashlight apps would suffice. However, it being included in downloadable apps is NOT confirmed and if/when it is the confirmed apps will immediately be reported to their distributor whether Google Play or Amazon App Store etc... by your friends at TechKnow]

It is a truly deceptive application that is hardcoded into the must have system dependent "framework-res.apk" on some of the newer Android devices ROM from the factory. The Trojan can track your app content such as Browser and can lock your device into a "demo" mode which will display large red DEMO text in caps across all your screens. The app is also linked to Baidu.

Baidu, Inc., incorporated on January 18, 2000, a Chinese web services company headquartered in the Baidu Campus in Haidian District in Beijing.

ok.... so you are being tracked and monitored by the Chinese?

         but that's not all...

The secondary part to the Virus/Trojan is more of a pain in the :wub: imho than tracking and reporting my web history to an unknown Chinese web service company [for who knows what they seek to learn or truly have access to with this Trojan on your device]... 

When the Virus/Trojan has matured it will lock your Browser's Homepage to www.baidu.com and can NOT be changed.

Cause for more concern:

"The homepage setting started changing on every start of the browser. What is more curious is that the changing homepage was different than the page displayed on the screen.
So, someone pushed the change to my tablet remotely"
                      - testimony from TechKnow member "bucho"
 
Don't get polluted with diluted info - Stay in the Know with TechKnow!
Posted by
Share to:

Post a Comment

Subscribe to: Post Comments (Atom)
 
Top