BLU is an American company that manufactures low-cost smartphones since 2009. Some of the smartphones produced by this company includes the C, G, and J series, VIVO, and other legacy devices. The price ranges from $40 to $150. The basic phones cost around $15-$20. A lot of consumers patronize this brand because of its cheap price. However, this low price comes at a cost.
Recently, several Android users have complained about encountering the UpgradeSys virus on their mobile devices. And once they connect their smartphone to their PC, Windows also gets infected by the malware. This has caused a lot of issues for several users who were perplexed as to how the virus ended on their phone.
But this is not the first time BLU has been called out for having pre-installed adups on their devices. In October 2016, Amazon suspended the sale of BLU smartphones after mobile security company, Kryptowire, found spyware on the best-selling BLU phone on Amazon, the Blu R1 HD. The tracking software was later removed by BLU from the R1 HD and Life One X2 phones. But after a few months, Amazon again suspended BLU from selling their devices on the platform after security experts discovered that the preloaded software on the phones collects sensitive data and sends it to an overseas server.
The spyware was from a Chinese company called Shanghai Adups Technology, is part of the pre-installed software on BLU devices that are impossible to uninstall without rooting the device. This malware leaves the affected devices vulnerable to remote takeovers, data theft, identity theft, keylogging, and other forms of data collection. Other security software have also detected the following files as malicious:
These files are associated with the Android Communication Sync and FotaProvider apps on BLU devices.
According to BLU’s statements, they have removed the bloatware pre-installed on their devices that are being flagged as viruses. However, it seems like the replacement is still not reliable as mobile security apps are still finding malware in BLU phones in the form of the UpgradeSys virus.
What is the UpgradeSys Virus?
UpgradeSys virus is an Android which is usually pre-installed on smartphones manufactured by BLU. Security experts categorize UpgradeSys as a potentially unwanted program (PUP), but this malware is also known to possess similar features to that of a Trojan Horse.
Upgradesys has a couple of components, including:
- Android/PUP.Riskware.Autoins.Fota – This is an auto installer that operates with system level privileges, allowing it to install new apps and update others without the user’s knowledge. The package names are com.adups.fota.sysoper and com.fw.upgrade.sysoper. In the app list, you should look for the name UpgradeSys. The name of its APK is FWUpgradeProvider.apk.
- Android/Backdoor.Agent – This component serves as the information stealer that collects user data, including text messages, location, and unique device identifiers. Its package name is com.adups.fota. In the app list, you should see System Update, Wireless Update, or other names. The name of APK is adupsfota.apk.
- Android/Trojan.Downloader.Fota.e – This is the downloader component with the package name, com.adups.fota. The names in the app list are System Update, Wireless Update, and others. The name of the APK file is adupsfota.apk.
UpgradeSys is a bloatware, which means that it has already been installed before the user even bought the smartphone. Because of this, the malware is provided with administrative rights, making it impossible to remove. The UpgradeSys virus has the capability to install new programs and upgrade the old ones without the user’s permission or notice. Rooting the device is even highly dangerous because the potentially unwanted program may be programmed to download other hazards.
A lot of users have reported their devices being infected by the UpgradeSys, but finding a working solution to this problem is quite a challenge. The UpgradeSys virus is difficult to remove because it is pre-installed on the device. According to user reports, resetting the phone to its factory settings is not enough to remove the UpgradeSys virus from the device.
What Does UpgradeSys Virus Do?
As mentioned above, the UpgradeSys virus usually comes pre-installed on BLU mobile phones with the Android OS. Because of this, the PUP is equipped with administrative rights, allowing it to perform various activities on the device. This is very dangerous because we do not know the extent of what the application called UpgradeSys can do.
One of the dangers of the UpgradeSys virus is that it is able to monitor your text messages, emails, chat messages, and other content saved on your device. This Trojan horse also connects to the remote command-and-control server to send the collected information to the developers of the virus. It can also take over your device and send messages itself.
There have also been several reports saying that the UpgradeSys malware can generate an annoying amount of intrusive pop-up ads on websites that you frequently visit. Even though it might only seem frustrating, it can be dangerous as well. Sponsored advertisements can redirect you to bogus pages where malware is distributed. Everytime you start a browsing session, your personal data and browsing information are always at risk.
But what makes the Upgradesys virus more dangerous is its ability to install new applications on the users’ mobile phones or computer, and upgrade already existing apps. Letting it download new software is risky because Upgradesys might download and install other malicious applications without your consent. So if your device has been infected, it is highly recommended to remove the UpgradeSys virus immediately.
If you’re not sure what to do, you can follow our Upgradesys virus removal guide below.
How to Remove the UpgradeSys Virus from Your Device
In order to remove the UpgradeSys virus, you need to clean it thoroughly to prevent the virus from coming back. We’ll share with you the step-by-step process on how to get rid of the UpgradeSys virus on both Android and Windows devices.
Upgradesys Virus Removal Guide for Android
Because the UpgradeSys virus is preinstalled, this means it is already installed on your mobile device at the system level. Therefore, it cannot be easily removed, but can only be disabled using the device’s app information page. However, there have been reports stating that the preinstalled PUP known as UpgradeSys or Adups cannot be disabled via the app information page either.
If this is the case, you can use our method below to uninstall the UpgradeSys adup without rooting your device. This method requires the use of the ADB command line tool via Android Studio.
This UpgradeSys removal method is done by using the following command:
adb shell pm uninstall -k –user X
User X refers to the current user logged in on the device. This means that the app will only be uninstalled for the current user and not for the other users on the device. The app will still be available on the device, but it will no longer run and won’t appear in the app information. However, doing a factory reset will restore the bloatware UpgradeSys on your mobile device.
Keep in mind that this uninstallation method might damage your device if it is not done correctly. To be safe, make a backup of your important files on the cloud or on a separate device.
To proceed with this removal process, you will need the following:
- Android Studio and other additional files required for it to function. You can also choose to install the standalone SDK Platform Tools if you do not have enough storage space for Android Studio.
- Setting the path and environment variable to ADB after installing the Android Studio. The path to be used is C:\Users\<username>\AppData\Local\Android\Sdk\platform-tools\. For the standalone SDK Platform Tools, the folder where the files were unzipped should be made into the environment variable.
- USB to connect the mobile device to the PC.
- Google USB Drivers
To uninstall the UpgradeSys virus from your computer, follow the steps below:
- Turn on USB debugging on your mobile device.
- Connect your mobile device to your PC.
- A message will pop up on the mobile device’s screen, tap “USB for…” and choose Transfer files.
- Launch Command Prompt on your computer.
- Type in the following command to list all apps on the mobile device. This should also confirm presence of com.adups.fota and/or com.adups.fota.sysoper: adb shell pm list packages -f
- You can also copy and paste into the text editor and search for com.adups.fota and/or com.adups.fota.sysoper.
- Before you proceed, make sure to copy and paste the path of the apk somewhere.
- Type in the following commands to uninstall the UpgradeSys virus:
adb shell pm uninstall -k –user X com.adups.fota
adb shell pm uninstall -k –user X com.adups.fota.sysoper
- You should get a Success notification after each command.
- Type in this command again: adb shell pm list packages -f. This is to ensure that the UpgradeSys virus has been removed from the list.
Upgradesys Virus Removal Guide for PC
If your computer has been somehow infected by the Upgradesys virus, here are the steps you need to do to remove it:
Step 1: Stop the Background Process from Running.
- Right-click on any space in the Taskbar and click on Task Manager.
- Under the Processes tab, search for the UpgradeSys or Fotasysoper process.
- When you see any of these processes, right-click on them and choose End Task.
- Do this for all malicious processes associated with the UpgradeSys virus.
Step 2: Use Your Anti-Malware Program to Scan the Computer.
Use Malwarebytes or other reliable anti-malware programs to scan your computer for the presence of the UpgradeSys malware. Once detected, you can use your security program to either quarantine or delete the infected files. You can also use a PC cleaner to sweep your system for other infected files and delete them.
Step 3: Revert Changes to Your Browser.
UpgradeSys is also known to deliver annoying ads whenever the user launches the browser, which means that the virus has tampered with your browser settings. You need to reset your browser to undo these changes after the virus has been removed. This step is done last because any changes you make to the browser before the virus has been deleted will be useless. UpgradeSys will just change it back again and again, unless you remove the malware first.