How to remove Android malware xHelper

xHelper is an Android malware that security vendor Malwarebytes detected in May 2019. This is a hidden malware removal program that reinfects users around the world even after the user restores factory settings.

Malwarebytes security researchers have been studying the threat, and in a recent blog post, the team said that while it was not clear how the malware reinstalled itself, it did find enough information about how it was doing so to permanently remove it and prevent xHelper Reinstall yourself after the factory settings are restored.

According to the Malwarebytes team, xHelper found a way to trigger a reinstall operation using a process within the Google Play Store app. With a special directory created on your device, xHelper can hide its Android app package (Android app package, APK) on disk. Unlike apps, their directories and files remain on Android mobile devices even after factory resets. As a result, the device will continue to be infected until the directory and files are deleted.

In its analysis of the malware, Malwarebytes explains that “Google Play is not infected with malware.” However, some events in Google Play trigger edire – it may be that something is being stored. In addition, some things may use Google Play as a smokescreen, masquerading as a source of malware installation, when in fact it comes from somewhere else. “

Ways to remove xHelper

It’s worth noting that the following removal steps rely on the user installing the Malwarebytes app for Android, but the app is free to use.

The specific removal steps are as follows:

Install a file manager from Google PLAY, which can search for files and directories.

Amelia uses ASTRO’s File Manager.

Temporarily disable Google PLAY to stop reinfection.

Go to Settings and Apps and Google Play Store

Press the disable button

Run a scan in Android’s Malwarebytes to remove xHelper and other malware.

Manual uninstall can be difficult, but the names you look for in the Application information are fireway, xhelper, and Settings (only if two settings applications are displayed).

Open the file manager and search for anything that starts with com.mufc.

If found, note the last modification date.

Pro Tip: Sort by Date in File Manager

In ASTRO’s File Manager, you can sort by date under view settings

Delete everything that begins with com.mufc. and anything with the same date (except the core directory, such as Download):

How to remove Android malware xHelper

Re-enable Google PLAY

Go to Settings and Apps and Google Play Store

Press the enable button