Solved

can't remove a threat


My Secure anywhere detects Android.Gedma Smsreg com.mediatek.smsreg. It says it is a Trojan, but I cannot uninstall it. I have tried, but it keeps saying uninstall unsuccessful. What can I do?
Diana
icon

Best answer by CameronP 21 April 2014, 18:44

View original

32 replies

Userlevel 7
Hi gulibo
 
No need to apologise...I had indeed realised that the SMSReg may have been from OEM install...but as I do not have an intimate knowledge of your system (and hence what the OEM install was in your case) I advised on both possibilities, in the case that other users may read the thread but not have this installed as part of the OEM install, in their case.
 
The inability to remove the 'Threat' in the first place in my earlier postings, is due to the nature/type of the file in question, and if you do not want it then the right way to 'remove' it is to disable it from within the App Control features (there is another way if required to do so but if used Webroot Support will not support your installation...hence why I did not suggest it in open post for those that may find it useful). ;)
 
Regards
 
 
Baldrick
Userlevel 7
@ wrote:
Hi Baldrick,
 
Thank you for your welcome and your opinion.
 
1. False Positive on SmsReg
I have since loaded and scanned my phone with a couple other Security Apps - CM Security and Norton Mobile.  Neither identified this as an issue.
 
2. Uninstalling
This separate problem to uninstall Webroot legitimately is even more alarming! For example I unstalled the Norton Mobile app easily after I ran tthe scan with ease!
 
So this experience has left with quite unimpressed with the app.
 
Gilbert
Hi gulibo
 
You are most welcome.  And thank you for your feedback and opinions too.  Always good to have these.
 
Regards
 
 
Baldrick
 
 
Userlevel 7
While we know a fix has been put in place, it is always possible that Support found and fixed one file version of it, but there may be other versions, older ones, that were not whitlisted.
 
Fixing a False Positive can be more difficult than whitelisting a single file.  While in most cases only a single version of a file is the problem, i would suspect it also possible that a new FP issue is affecting not jist te most recent version of the file but older ones as well.
 
Let us know what Support says.... we are always curious how things turn out as that helps us learn more so we can help more,and be more efficient in doing it :-) 
Had a reply from the Threat Research Team. Just stood by the SmsReg is bad and asked me to do all you had already advised in the forum i.e.Disable and ignore.
 
But ignored the rest of my issues - i.e. why their re-scan not ignore disabled app automatically (like quarantined ones) and the trouble I have to uninstall their app.
 
I inturn are asking CM and Norton their views of SmsReg as their apps don't flag this up at all in their scans.
Userlevel 7
@  Can you take a second look?  While I was mistaken thinking that this was related to the now fixed issue with some Samsumg phones, this being an OEM file I would have thought that it would be a case of maybe not a False Postive but a 'mistaken positive' if you will.
 
I understand now that file exhibits behavior that would normally be flagged as malicious for good reason, but being an OEM file that came on the phone for the preinstalled software I would have thought there would be an exception made for this and the file whitelisted.
 
Thanks!  🙂
Userlevel 7
Hi David
 
Good call but I think that the issue really is that there are malicious version of this file (usually when found an not part of the OEM install) and therefore how does one differentiate between a file that could be there and should be as opposed to one that could be there but shouldn't.  Not sure how this can be done in the context of a security app without decomposing the OEM install components to check the "could & should vs. could & shouldn't" position.
 
I may be wrong on this but that is the issue and if I am right about this then iti s likely that if WSA is being overly cautious in its determination then it is just possible (and I am saying POSSIBLE) that other security apps are not being so cautious, etc.
 
It will be interesting to see what Roy comes back with on this.
 
Regards
 
 
Baldrick
Userlevel 7
Well, i assume different versions of the file would have different MD5 so it would be possible to whitelist specific versions....
 
But another problem i had not thought of is not malicious versions of the file but the ability of other malicious files to exploit is one... it would admittesly leave a security hole and so might not be whitelisted?

Reply