Here is how you can remove malwares without flashing a new rom.
Busybox Installer
Terminal Emulator
Root Explorer Pro
Once you have installed everything here is what to do in steps:
[Note: USB DEBUGGING MUST BE ENABLED Turn on Usb Debugging by going to settings> developer options> Usb debugging]
1) Turn off wifi/3G/4G, and then go to settings> apps> all> disable time service and monkey test. (If already frozen via titanium backup or other app) skip this.
2) Open Root explorer go to system/xbin and see if there is any file starting with a dot (eg: .ext.base) also note that every (.) file has diff permission then the rest of other files. So just remember those files with dots because those are the one that you're going to remove in terminal emulator.
3) Go back to system and then go to Priv-app folder and look for these two files
[1] cameraupdate.apk [2] providerCertificate.apk and also notice permission of these two files are different then the rest of Apks so these two are the base of MT TS virus and needs to be deleted.
4) Open Terminal Emulator
5) WHAT TO TYPE IN TERMINAL EMULATOR
su
mount -o remount,rw /system
cd system/priv-app
chattr -iaA providerCertificate.apk
rm providerCertificate.apk
chattr -aA cameraupdate.apk
rm cameraupdate.apk
cd ..
cd system/xbin
chattr -iaA .b
rm .b
chattr -iaA .ext.base
rm .ext.base
chattr -iaA .sys.apk
rm .sys.apk
[NOTE: If you are using older version than KK you need not to type priv-app just type cd system/app]
6) Please make sure you type the file name correctly just as providerCertificate C is capital otherwise permission wont change.
7) Exit Emulator
Busybox Installer
Terminal Emulator
Root Explorer Pro
Once you have installed everything here is what to do in steps:
[Note: USB DEBUGGING MUST BE ENABLED Turn on Usb Debugging by going to settings> developer options> Usb debugging]
1) Turn off wifi/3G/4G, and then go to settings> apps> all> disable time service and monkey test. (If already frozen via titanium backup or other app) skip this.
2) Open Root explorer go to system/xbin and see if there is any file starting with a dot (eg: .ext.base) also note that every (.) file has diff permission then the rest of other files. So just remember those files with dots because those are the one that you're going to remove in terminal emulator.
3) Go back to system and then go to Priv-app folder and look for these two files
[1] cameraupdate.apk [2] providerCertificate.apk and also notice permission of these two files are different then the rest of Apks so these two are the base of MT TS virus and needs to be deleted.
4) Open Terminal Emulator
5) WHAT TO TYPE IN TERMINAL EMULATOR
su
mount -o remount,rw /system
cd system/priv-app
chattr -iaA providerCertificate.apk
rm providerCertificate.apk
chattr -aA cameraupdate.apk
rm cameraupdate.apk
cd ..
cd system/xbin
chattr -iaA .b
rm .b
chattr -iaA .ext.base
rm .ext.base
chattr -iaA .sys.apk
rm .sys.apk
[NOTE: If you are using older version than KK you need not to type priv-app just type cd system/app]
6) Please make sure you type the file name correctly just as providerCertificate C is capital otherwise permission wont change.
7) Exit Emulator