Solved

threat found: com.android.mms


Hello,



Webroot says com.android.mms is a threat "threat found". When I try to remove the threat it fails. It fails because it tries to units tall "messenging app".



Please assist.



Thanks
icon

Best answer by RetiredTripleHelix 8 August 2014, 03:31

View original

91 replies

Userlevel 7
It cant be removed as its a system app. If your wife`s phone didnt get the last definition update then she wont get the FP. If she checks for an update now she will get the latest defs which doesnt have the FP
Or lose valued customers.
Webroot is saying it's infected all of a sudden.  Nothing I nor Webroot Complete installed on phone have done yet has cleared the warning/possible infection.
I just received notification that Webroot detected a spyware program called Android.SmsSpy in the messaging program on my phone, but when I try to remove the item it says "Messaging uninstall unsuccesful."  Has this happened to anyone else?  How do I get rid of it?!  I don't want tracking on my phone.  Especially since I don't know why it is there or where it came from.  I can't uninstall or force stop my messaging program, that's how I text.
Exact same problem found on both my wife and my phone earlier this evening. Have been troubleshooting and researching on line for at least 2 hours now and also found Tech Support already closed. We have Samsung Galaxy S-4's and up until a few hours ago we didn't have this problem. I've uninstalled and reinstalled Webroot Secure-Anywhere Complete on both phones, hoping it would prompt a new result...but no change. Found that this "Android.SmsSpy" is listed by Webroot and several other virus scanners as a Trojan Malware Messaging spyware which shows up on our threat scans as  "com.android.mms". The "F-Secure" website summarizes the threat as: SmsSpy.F is a malware that targets banking consumers in Spain, posing as an Android Security Suite application.

 

Well, suffice it to say, it's either a threat definition update that wasn't thoroughly run-through by Webroot before being deployed today, or something bigger is out there that a large number of people now have. I'm on the hold line with Sales to try and get a human-being that I can notify of this potentially high-risk threat...either high-risk to the user, or high-risk to the Webroot company because of the trouble it is now causing many customers...who may opt to use competitive software after this if Webroot doesn't get this under control ASAP. With luck, my already 15 minutes on hold will end with an empathetic and professional agent that will see the value in contacting some on-call technical support personnel to tackle this. I'll update again if a human-being finally answers and we get anything new. Thanks. Paul - Tampa
from tech support:

 

Hello,



Thank you for contacting Webroot Support. We apologize for any inconvenience this issue may have caused.



It does appear the detection in question was a false positive. We have re-evaluated the definition detecting the application you report and corrected the false positive on our end. Within the next 24-48 hours we will release a new definition set with those corrections and you should no longer see that detection. In the meantime, you may choose the option to "Ignore this threat" and this will prevent Webroot from displaying the alert again for that particular app. We appreciate your report and thorough troubleshooting!



Regards,



The Webroot Mobile Threat Research Team
I just got the notification as well. Won't uninstall because of messaging app. Hopefully it was a false positive and an update on a definition that was missed. I ignored it 😕 .... I HOPE it is nothing big or an actually spyware. I totally just put my GF through 21 questions asking if she installed a sms spyware onto my phone hahahaha....glad I'm not the only one going through this. ***crossing fingers in a definition problem and a false positive***
Userlevel 7
Badge +56
I have moved all posts to this one thread. We are sorry your having issues with this and support is aware of the False Positive!

 

Thanks for your patience and again we are sorry,

 

TH

 

From Support:

 

Hello,



Thank you for contacting Webroot Support. We apologize for any inconvenience this issue may have caused.



It does appear the detection in question was a false positive. We have re-evaluated the definition detecting the application you report and corrected the false positive on our end. Within the next 24-48 hours we will release a new definition set with those corrections and you should no longer see that detection. In the meantime, you may choose the option to "Ignore this threat" and this will prevent Webroot from displaying the alert again for that particular app. We appreciate your report and thorough troubleshooting!



Regards,



The Webroot Mobile Threat Research Team

 
Userlevel 7
Badge +56
@BB613 wrote:

@ wrote:

GZOne Commando w Android keeps getting a spyware threat for Android Messaging app which I can't uninstall or keep Webroot for flagging. I also cannot use my messaging app because the shield pops up.
Welcome to the community.

 

I suggest you contact information to Tech Support by submitting a support ticket. They will be able to help you out.

 

Please do let us know what they say and come back often and share your experiences!

 

Beth

There is no need to contact support as they already know about the issue and it will be fixed in the next 24 to 48 hours.

 

From Support:

 

Hello,



Thank you for contacting Webroot Support. We apologize for any inconvenience this issue may have caused.



It does appear the detection in question was a false positive. We have re-evaluated the definition detecting the application you report and corrected the false positive on our end. Within the next 24-48 hours we will release a new definition set with those corrections and you should no longer see that detection. In the meantime, you may choose the option to "Ignore this threat" and this will prevent Webroot from displaying the alert again for that particular app. We appreciate your report and thorough troubleshooting!



Regards,



The Webroot Mobile Threat Research Team
Userlevel 7
Badge +56
@ wrote:

*HOPEFULLY* there will be no more rolling out a new definition file just as the tech support desk goes dark for the day.

This is something that should never happen to begin with, but to roll out new defintions at the end of the business day, come on.

 

They said they were sorry and they didn't go dark at least WSA doesn't remove it without your permission right? ;)

 

They have Support Worldwide so there is always someone to help 24/7/365

 

Thanks for everyone's understanding in this matter!

 

Daniel 😉
It just happened to me too!  You posted seconds before I did.  Glad to know I'm not the only one...I guess.  But this is disturbing.  It's a tracking program from what I found from searching on the web.
Same and phone tech support has called it a day.
Got the same message back from Tech Support.  Only thing kind of suspect is I got the reply a mere second or two after I submitted it.  Hope it's not just a blanket auto-reply for all false positive submissions. 
Userlevel 7
Badge +56
From Support:

 

Hello,



Thank you for contacting Webroot Support. We apologize for any inconvenience this issue may have caused.



It does appear the detection in question was a false positive. We have re-evaluated the definition detecting the application you report and corrected the false positive on our end. Within the next 24-48 hours we will release a new definition set with those corrections and you should no longer see that detection. In the meantime, you may choose the option to "Ignore this threat" and this will prevent Webroot from displaying the alert again for that particular app. We appreciate your report and thorough troubleshooting!



Regards,



The Webroot Mobile Threat Research Team

 

Thanks everyone,

 

TH
I contacted technical support and recieved an automated message that stated it is a false positive that will be fixed in 24-48 hours.  If you go into Application Manager and look at the messaging app info, you can clearly see that this app tracks your location and reads all your messages.  So even when this "bug" is fixed, you still will be tracked.  I guess just a lot more people are aware of it now! :8
Userlevel 7
Badge +56
From Support:

 

Hello,



Thank you for contacting Webroot Support. We apologize for any inconvenience this issue may have caused.



It does appear the detection in question was a false positive. We have re-evaluated the definition detecting the application you report and corrected the false positive on our end. Within the next 24-48 hours we will release a new definition set with those corrections and you should no longer see that detection. In the meantime, you may choose the option to "Ignore this threat" and this will prevent Webroot from displaying the alert again for that particular app. We appreciate your report and thorough troubleshooting!



Regards,



The Webroot Mobile Threat Research Team
Same here. Just woke up from a nap and threat keeps coming up on my messages. WTF?
Userlevel 6
@ wrote:

From Support:

 

Hello,



Thank you for contacting Webroot Support. We apologize for any inconvenience this issue may have caused.



It does appear the detection in question was a false positive. We have re-evaluated the definition detecting the application you report and corrected the false positive on our end. Within the next 24-48 hours we will release a new definition set with those corrections and you should no longer see that detection. In the meantime, you may choose the option to "Ignore this threat" and this will prevent Webroot from displaying the alert again for that particular app. We appreciate your report and thorough troubleshooting!



Regards,



The Webroot Mobile Threat Research Team

  ______________________________________________________________________________________________

@ wrote:

I contacted customer support via this website and received an automated message saying it is a false positive that will be fixed in 24-48 hours.  If you look at the messaging app info on your phone it clearly shows that it does track you and what messages you write, so even when this is "bug" is fixed, you're still monitored.  It's just that now a lot more people are aware of it!:8

Thank you arholland84 and thank you Daniel for contacting support and sharing their answer with everyone.

 

arholland84, I would also like to welcome you to the community!

 

Beth
Userlevel 6
I do hope everyone has seen the solution/report from tech support posted by TripleHelix and arholland84.

 

I see that many new members have received the same mesage from Webroot on their Android phone. I would like to thank all of you for sharing that information with us.

 

Welcome to the community ypekhman, albuchs, RKSJBeck, LGP, rocke06, nwalden,  napierite, tl97, tblairmaylee, boochman123, nathanedwards810, Bearle, albuchs, rocke06, tholland38, OKSooner1,

gbn08, mcgyyvr,  and aimeehart!

 

I hope I did not leave anyone out

 

Please do come back often and share your experiences. Thats what its all about, sharing experiences, learning from one another and helping each other out!

 

See all of you around in the community!

 

Beth

 

 
Help! My antiviral says there is a critical threat in my messaging. It won't let me remove the messaging app. What do I need to do???
Userlevel 2
I have read through all of the pages of this thread up to thus far, but I have not gone through the other related threads.  I'm far from an expert on WebRoot and also must admit that aside from the contents of this thread I have relatively little knowledge of this situation other than my own experience.  Please forgive me for any lack of knowledge I may have on the subject.  So, just as I suspected when this popped up on my phone it is a false positive.

 

Not really saying anything that anyone else hasn't said so far; however, here are my thoughts on this issue.  I know I would (and I'm guessing at least a few others would) have liked to have had some form of official comunication out reach from Webroot notifying about the issue.  An e-mail to users with a registered Android device or even some type of in app notification pushed out would have been very valuable to me.  I know I was really worried and confused for at least a few hours as I was unable to really research the issue to find out what it was about.  To top it all off I was in the middle of a semi-important text conversation when the alert came in.  Another thing I would have found invaluable would have been for the app to provide more information on the infection than just a name.  Maybe a brief description and the location of the infected files to help me understand the nature of the infection.

 

Don't get me wrong these are not meant to be viewed as complaints.  These are intended to be viewed as suggestions or improvements that would perhaps make a situation like this better in the future.

 

I'm sure WebRoot will have the situation handled shortly, but in the mean time it is not too late to send out that message and help those that may still be out of the loop on the situation.

 

Now, perhaps this has already happened or is already available.  If so please disregard that part of this post.
Support posted this was a false/negative scripting alert.

They will release a fix for it with 24-48 hrs

Go to your webroot mobile app and find the FORCE UPDATE of definitions tool. Also set your scan settings from weekly to daily. This was a result of a Google sms unblock setting within Chrome or gmail. Look for the fix before 08/09/14
Userlevel 7
Badge +62
@ wrote:

I have read through all of the pages of this thread up to thus far, but I have not gone through the other related threads.  I'm far from an expert on WebRoot and also must admit that aside from the contents of this thread I have relatively little knowledge of this situation other than my own experience.  Please forgive me for any lack of knowledge I may have on the subject.  So, just as I suspected when this popped up on my phone it is a false positive.

 

Not really saying anything that anyone else hasn't said so far; however, here are my thoughts on this issue.  I know I would (and I'm guessing at least a few others would) have liked to have had some form of official comunication out reach from Webroot notifying about the issue.  An e-mail to users with a registered Android device or even some type of in app notification pushed out would have been very valuable to me.  I know I was really worried and confused for at least a few hours as I was unable to really research the issue to find out what it was about.  To top it all off I was in the middle of a semi-important text conversation when the alert came in.  Another thing I would have found invaluable would have been for the app to provide more information on the infection than just a name.  Maybe a brief description and the location of the infected files to help me understand the nature of the infection.

 

Don't get me wrong these are not meant to be viewed as complaints.  These are intended to be viewed as suggestions or improvements that would perhaps make a situation like this better in the future.

 

I'm sure WebRoot will have the situation handled shortly, but in the mean time it is not too late to send out that message and help those that may still be out of the loop on the situation.

 

Now, perhaps this has already happened or is already available.  If so please disregard that part of this post.

Welcome seven_7_vii_th

 

I missed your post yesterday and appreciate your feedback as well! I agree that an email would be helpful in these security issues! Maybe you could put this in our Ideas Exchange Here

 

Hopefully all this was sorted out for you! Please don't don't be a stranger and join in the Forum for we learn alot and we do have fun!

 

Thanks Again,:D
Userlevel 7
A fix has been pushed to QA and a new def will be released shortly. Thanks for your patience! 
Userlevel 7
Thats isnt how it works, its not a blanket whitelist of all messenging apps or that application. If the application gets an update and thus changes that ignore setting wont apply any more.

Reply