Troubleshoot sendyou123

Infected operating system
Emui 8.0.0
Infected device
Huawei p10 lite
Infected device issues
When I turn on the phone, a small box opens saying "complete the operation with chrome or opera". If I click on either of them, it takes me to a website called sendyou123.com and I have to wait 15 seconds. In particular, if I look at the history, the trustedgatetocontent.com side comes out. This also happens when I leave the screen on for about 45 minutes but only in the morning or evening, never in the afternoon.
Steps taken to remove the infection
I tried to clear the browser data disable the pop-ups check if there are any suspicious apps or that have system administration but nothing. I have also done numerous scans with various antiviruses but they do not detect anything.

Jack

Administrator
Verified
Staff Member
Well-known
Jan 24, 2011
9,377
Hello,

Let's check to see if an app is responsible for these pop-ups. Let's start the tablet in Safe Mode and see if we have any pop-ups or not. To do this, follow the below steps:

  1. Press and hold the Power button.
  2. Tap and hold Power Off.
  3. When the Reboot to Safe Mode prompt appears, tap again or tap OK.
If done correctly, "Safe Mode" will display on the bottom left corner of the screen. If "Safe Mode" does not appear, repeat the steps above.

Once you're in Safe Mode, let me know if you see any of these pop-ups.

To exit Safe Mode, simply restart your phone and it will reboot normally.
 

Haidymoon

New Member
Oct 24, 2021
3
Do the same, restart the phone in Safe Mode and let me know if you are redirected to this site. Most likely an app that you guys installed is using malvertising (malicious browser redirects) to generate revenue.
I restarted the phone in safe mode and uninstalled all the applications that i have install recently..deleted all cache and any files unknown i also uninstalled all of the browsers on my phone.. I scanned my phone many times with cleaner apps and used many different antivirus & malware protections.. Didn't detect any!!
I
 

MarcGH

New Member
Oct 24, 2021
5
I don't have any suspicious app, the antivirus and malwarebytes says there are no threats and that page always opens.
 
  • Like
Reactions: Nevi

Jack

Administrator
Verified
Staff Member
Well-known
Jan 24, 2011
9,377
I restarted the phone in safe mode and uninstalled all the applications that i have install recently..deleted all cache and any files unknown i also uninstalled all of the browsers on my phone.. I scanned my phone many times with cleaner apps and used many different antivirus & malware protections.. Didn't detect any!!
What brand and model is your phone? Let's restore Chrome to its factory settings, then restart in Safe Mode and see if this redirect is still happening.

To reset Chrome go to:
  1. Go to Settings > App Info
  2. Go to your browser app icon in App info list (such as Chrome) and click on it
  3. Once in your browser’s App info, go to Storage & cache
    1. Click Clear Storage
    2. Click Clear cache
Restart your phone in Safe Mode and let me know if you still see the send123 redirect.


If yes, then open the Malwarebytes app on your phone, go to Menu > Your Apps > Installed (should be sorted by Update date). What are the apps that were updated in the last month?
 
  • Like
Reactions: Nevi and harlan4096

Jack

Administrator
Verified
Staff Member
Well-known
Jan 24, 2011
9,377
Samsung galaxy note 8
Reset Chrome and go to Safe Mode. Does this redirect still happen?

Reset Chrome settings
  1. Go to Settings > App Info
  2. Go to your browser app icon in App info list (such as Chrome) and click on it
  3. Once in your browser’s App info, go to Storage & cache
    1. Click Clear Storage
    2. Click Clear cache
Restart your phone in Safe Mode and let me know if you still see the send123 redirect.
 
  • Like
Reactions: Nevi

MarcGH

New Member
Oct 24, 2021
5
Reset Chrome and go to Safe Mode. Does this redirect still happen?

Reset Chrome settings
  1. Go to Settings > App Info
  2. Go to your browser app icon in App info list (such as Chrome) and click on it
  3. Once in your browser’s App info, go to Storage & cache
    1. Click Clear Storage
    2. Click Clear cache
Restart your phone in Safe Mode and let me know if you still see the send123 redirect.
in safe mode it doesn't happen to me
 

Jack

Administrator
Verified
Staff Member
Well-known
Jan 24, 2011
9,377
in safe mode it doesn't happen to me
Ok, so it's an app that's causing this behavior. In most cases, it's a game app, weather app, battery saver app, or remote control app that does this. The app could have been malicious or turned malicious via an update. To find it more easily, we will use Malwarebytes for Android.

Open Malwarebytes > Menu > Your Apps > Installed (sort by last update) > Which apps are the latest that got updated?
 

MarcGH

New Member
Oct 24, 2021
5
Ok, so it's an app that's causing this behavior. In most cases, it's a game app, weather app, battery saver app, or remote control app that does this. The app could have been malicious or turned malicious via an update. To find it more easily, we will use Malwarebytes for Android.

Open Malwarebytes > Menu > Your Apps > Installed (sort by last update) > Which apps are the latest that got updated?
I have left the phone in safe mode all night and that page does not open anymore
 

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top