How To Remove The ‘Unremovable’ xHelper Malware...

How To Remove The ‘Unremovable’ xHelper Malware from Android

Tech Guru

How To Remove The ‘Unremovable’ xHelper Malware
Attribution link: 

From mid-2019, the xHelper malware emerged as a threat to Android devices. Within a few months, it took over thousands of Android devices leaving everyone clueless about its infection. Eventually, within six months, Symantec observed  ( atleast) around 45,000 devices infected with xHelper.

The malware appeared suddenly on a Android device and replicated quickly to take over the entire system. After an infection, xHelper would install other apps on the device, show ads, and manage device functions. While its properties resembled any other Android malware, what made it unique was its robust persistence on the device. The malware also remained undetected by all antimalware apps. Whereas, removing the malware manually also proved useless as xHelper would reinstall itself, even a factory reset would not remove the menace. Then the only viable option users could choose was to flash the device entirely and reinstall Android OS – something not viable for many users.

After months of trouble for Android users, and extensive work by researchers, Malwarebytes finally managed to devise a solution for the xHelper infection. They recommend the victims of xHelper to remove this malware by

following these steps:

1)  Install Malwarebytes for Android (free) app from Play Store

2) Install a File Manager from the Play Store, such as ASTRO, that can search for files and directories.

3)  Temporarily disable Google Play via Settings > Apps > Google Play, and tap on the ‘Disable’ button.

4) Start scanning the device with Malwarebytes for Android app to remove the malware.

Users can also manually uninstall xHelper if they can spot the apps ‘fireway’ and ‘xHelper in the installed apps list. Also, if the victim spots two ‘Settings’ apps, then remove the unrecognized one as it would likely be a malicious file. Open the newly installed File Manager and look for files starting with ‘com.mufc.’ Note down the last modified date of the files. Then delete these files, and delete any other unrecognized file with the same date. And that’s it. Users can then re-enable Google Play to continue using their devices safely.

Attribution link: