That's the point. Just don't reboot it. If you really have to, as you've already said and I did 3 weeks ago, turn the WiFi off before you reboot it and stop system updates when you have. I've had no malware for  a few weeks,but still holding my breath for Virgin to hurry up and fix it. They won't.

Right so after following the previous post it seems I went to the wrong 'running' section, followed steps via apps and 'Show system', found system updates but it's already stopped from the last time I stopped it, it hasn't restarted and all greyed out options. Yet still redownloading the malware. 

I've just rebooted mine.

Just do this. 

Turn your WiFi off. 

Make sure all the dodgy apps gave been uninstalled.

Reboot it.

Go into Developer options.

Make sure Automatic System Updates is turned off.

Go into Running Services (in developer options). 

Click on System updates. Click Stop on both boxes. Go back and System updates will have disappeared from Running Services. 

Turn your WiFi back on. That should do it.

 This is the system updates you need to stop.

 click both stop boxes.

---

@SalemsLady wrote:

Right so after following the previous post it seems I went to the wrong 'running' section, followed steps via apps and 'Show system', found system updates but it's already stopped from the last time I stopped it, it hasn't restarted and all greyed out options. Yet still redownloading the malware. 

---

Yes, they have been, hence why they don't show up in that section for me. Only the above that I listed. 

I can find the actual program going via the app show system section, but as explained, it's already been stopped when I did the steps mentioned previously. It hasn't restarted but it hasn't stopped the malware from downloading. 

I have followed each and every step. The tablet has not been rebooted, turned off at all since following the steps. (And not at all since turning off system updater and returning to using WiFi AFTER all steps followed) And again, it was fine and dandy for an hour, but back in full swing since then. 

Hi Salemslady,

Sorry that's got me stumped, I assume it is the same Malware XIAOAN and Smart that is being installed?

Out of interest you do only have one user set up on the tablet? you can check in settings -> users .

I only have 'You (Owner)' and 'Guest'

Yep, me too. I'm pretty good with computers and it's frustrating as heck that even after everything it's still happening. 

Yes, same malware, it downloads the same 4 or 5 things in rotation, smart included. 

Let's hope VM rolls out something soon. -_-

Thanks for trying to help anywho.

Hi,

It might be worth installing AVG (Free) and running a scan and report the results, 

When I ran it it would find 3 threats  XIONAN, Smart as well as System Update, 

Since I removed System Update and uninstalled the malware mentioned above it now report 0 threats 

(It did still report System Update as a threat before I uninstalled it even when stopped, though I wasn't getting any problems when ir was stopped)

I had another look for dodgy looking packages last night and found these games:

So uninstalled them. Then found com.roco.autogen - which is mentioned here: NEWS: Android Firmware Vulnerabilities - November 2019 | Kryptowire

Might be unrelated, but binned it anyway - lets see what happens now!