Here’s How To Remove The ‘Unremovable’ xHelper Malware

From the many viruses emerging or spreading last year, xHelper was the most robust one for Android users. Within a short time, it infected thousands of devices. The method in which it manifested made it difficult to remove the malware, however, there’s now a ray of hope. Researchers have come up with a method to remove xHelper malware from an Android device.

The ‘Unremovable’ xHelper Malware – A Quick Recap

From mid-2019, the xHelper malware emerged as a threat to Android devices. Within a few months, it took over thousands of Android devices leaving everyone clueless about its infection. While victims were seeking help online by posting questions in different forums yet the malware continued to be active. Eventually, within six months, Symantec observed around 45,000 devices infected with xHelper.

The malware appeared suddenly on a device and replicated quickly to take over the entire system. After an infection, xHelper would install other apps on the device, show ads, and manage device functions.

While its properties resembled any other Android malware, what made it unique was its robust persistence on the device. The malware also remained undetected by all antimalware apps. Whereas, removing the malware manually also proved useless as xHelper would reinstall itself, even a factory reset would not remove the menace.

Then the only viable option users could choose was to flash the device entirely and reinstall Android OS – something not viable for many users.

How To Remove xHelper From Your Device

After months of trouble for Android users, and extensive work by researchers, Malwarebytes finally managed to devise a solution for the xHelper infection. They recommend the victims of xHelper to remove this malware by following these steps.

  1. Install Malwarebytes for Android (free) app.
  2. Install a File Manager from the Play Store, such as ASTRO, that can search for files and directories.
  3. Temporarily disable Google Play via Settings > Apps > Google Play, and tap on the ‘Disable’ button.
  4. Start scanning the device with Malwarebytes for Android app to remove the malware. Users can also manually uninstall xHelper if they can spot the apps ‘fireway’ and ‘xHelper in the installed apps list. Also, if the victim spots two ‘Settings’ apps, then remove the unrecognized one as it would likely be a malicious file.
  5. Open the newly installed File Manager and look for files starting with ‘com.mufc.’
  6. Note down the last modified date of the files. Then delete these files, and delete any other unrecognized file with the same date.

And that’s it. Users can then re-enable Google Play to continue using their devices safely.

If you have been a victim of xHelper and plan to try this method, then do let us know if it works for you.

Related posts

Water Facilities Must Secure Exposed HMIs – Warns CISA

Microsoft December Patch Tuesday Arrived With 70+ Bug Fixes

How to Improve Your Cyber Resilience by Strengthening User Privileges