Every year, the number of malicious applications (viruses) for devices running on the Android platform doubles, so almost every user of a phone, tablet or TV running Android OS has encountered the negative consequences of malware. Most often, of course, these are intrusive advertisements that can appear at any time, pop up when the device is unlocked, or even replace the desktop background. Moreover, viruses can replace advertisements that appear in various free Android applications, as well as redirect the user’s browser to various misleading and malicious sites.
Intrusive advertising is only the visible side of the activity of viruses and malware on Android devices. Very often, these parasites practically do not manifest themselves, but at the same time they can steal confidential information, passwords, logins, and also actively monitor all user activities, including the places he visits (using satellite navigation).
The easiest way to remove a mobile virus
If the gadget remains operational, the easiest way to remove the virus is to use the antivirus installed on Android. Run a full scan of the phone’s flash memory, and if a malicious object is detected, select the “Delete” option, saving the neutralized copy in quarantine (in case the antivirus detected something safe and mistook it for a virus).
Unfortunately, this method helps in about 30-40% of cases, since most malicious objects actively resist being removed. But there is control over them too. Next we will look at options when:
- the antivirus does not start, does not detect or does not remove the source of the problem;
- the malicious program is restored after removal;
- The device (or its individual functions) is blocked.
Removing a Trojan from Android: instructions
How to remove a Trojan from Android:
- You should install one of the anti-virus applications listed above (we will look at Dr.Web Light as an example);
- Open the application by clicking on the icon on the workspace;
- Launch the scanner by clicking on the corresponding button;
- Select scan type – full scan;
- Scanning will begin. This will take some time depending on the number of files and applications on the device. You should wait until the check is completed;
- If the antivirus finds viruses, the user will be asked to quarantine them or delete them. It is preferable to quarantine the Trojan. If after this action no problems occur, you can remove viruses from quarantine.
Removing malware in safe mode
If you can't clean your phone or tablet normally, try doing it safely. The majority of malicious programs (not just mobile ones) do not show any activity in safe mode and do not prevent destruction.
To boot your device into Safe Mode, press the On/Off button, place your finger on “Power Off” and hold it until the “Enter Safe Mode” message appears. After that, click OK.
If you have an old version of Android - 4.0 and lower, turn off the gadget in the usual way and turn it on again. When the Android logo appears on the screen, press the Volume Up and Volume Down keys simultaneously. Hold them down until the device boots up completely.
While in safe mode, scan your device with an antivirus. If there is no antivirus or it does not start for some reason, install (or reinstall) it from Google Play.
This method successfully removes advertising viruses such as Android.Gmobi 1 and Android.Gmobi.3 (according to Dr. Web classification), which download various programs to the phone (in order to increase the rating), and also display banners and advertisements on the desktop.
If you have superuser rights (root) and you know exactly what caused the problem, launch a file manager (for example, Root explorer), follow the path where this file is located and delete it. Most often, mobile viruses and Trojans place their bodies (executable files with the .apk extension) in the system/app directory.
To switch to normal mode, simply restart your device.
How to find out if your Android phone is infected with viruses
The user needs to understand whether there are viruses on his mobile device. To determine the symptoms, you need to check the gadget for the following signs:
- The presence of pop-up advertising when unlocking the phone or on the desktop.
- The appearance of intrusive advertising in the browser and applications.
- Fast discharge of the phone, even when the device is idle.
- Unusual operation of applications, errors.
- Glitches, automatic shutdown of the smartphone.
- The appearance of strange folders and damaged files in the device memory.
- Self-installation of applications by phone, self-downloading of files.
- Receive frequent SMS messages about paid subscriptions.
- Debiting funds from your account for services you have not activated.
- A sharp increase in the volume of transmitted traffic, and mobile Internet or Wi-Fi turns on independently.
All these signs should alert the user. You need to make sure what caused the problems in the operation of your mobile device.
The presence of advertising banners in places where they should not be, for example, on the desktop background, indicates that the phone has an advertising virus that launches banners at inappropriate times and in inappropriate places.
Rapid battery drain may indicate secret mining on your phone, or your smartphone is participating in DDoS attacks. An attacker is using your phone to mine bitcoins, or has added your smartphone to their network, which they use to attack other devices.
Autonomous decision-making by your phone is a good reason to check your device settings.
There are three main types of viruses that attack phones:
- Advertising banners that cannot be closed or disabled.
- Spyware modules that record all user actions and send this information to attackers.
- Trojans and worms that delete or encrypt files on your phone and transmit data from your device to the Internet.
The user experiences inconvenience, sometimes even the phone may fail. The saddest thing is that malware can steal money, gain access to your card data or email and social networking accounts.
Based on the above, it makes sense to check your phone settings, remove dubious applications, and scan for viruses on your device.
Removing mobile viruses via computer
Removing viruses on a phone via a computer helps when a mobile antivirus cannot cope with its task even in safe mode or the device’s functions are partially blocked.
There are also two ways to remove a virus from a tablet and phone using a computer:
- using an antivirus installed on a PC;
- manually through a file manager for Android gadgets, for example, Android Commander.
Using antivirus on your computer
To scan your mobile device files with an antivirus installed on your computer, connect your phone or tablet to the PC with a USB cable, selecting the “As a USB drive” method.
Then turn on USB.
After this, 2 additional “disks” will appear in the “Computer” folder on the PC - the internal memory of the phone and the SD card. To start scanning, open the context menu of each disk and click “Scan for viruses”.
Removing malware using Android Commander
Android Commander is a program for exchanging files between an Android mobile gadget and a PC. When launched on a computer, it provides the owner with access to the memory of a tablet or phone, allowing you to copy, move and delete any data.
For full access to all the contents of the Android gadget, you must first obtain root rights and enable USB debugging. The latter is activated through the service application “Settings” - “System” - “Developer Options”.
Next, connect the gadget to your PC as a USB drive and run Android Commander with administrator rights. In it, unlike Windows Explorer, protected system files and directories of the Android OS are displayed - just like, for example, in Root Explorer - a file manager for root users.
The right half of the Android Commander window shows the directories of the mobile device. Find the executable file of the application (with the .apk extension) that is causing the problem and delete it. Alternatively, copy suspicious folders from your phone to your computer and scan each of them with an antivirus.
How to remove a virus on an Android phone using an antivirus
Next step: run a scan of your mobile device using a specialized anti-virus program. This step is logical and in many cases will help solve problems encountered on the phone.
A large number of antivirus programs have been created for Android. Unfortunately, most of this software is outright junk. At best, these DIYs will put extra strain on your phone and won't cause any harm.
You should use products from time-tested, well-known manufacturers who have long proven themselves to work on computers with mobile versions. You can use well-known antiviruses: Malwarebytes, Zemana, Kaspersky, Dr.Web, Avast, ESET, Norton, etc.
Install an antivirus on your phone and then run a scan. After finding viruses, remove them from your phone. In severe cases, scan your smartphone with several antivirus programs in turn to get a positive result.
What to do if the virus is not removed
If the above operations did not lead to anything, the malicious program still makes itself felt, and also if the operating system ceases to function normally after cleaning, you will have to resort to one of the radical measures:
- reset with restoration of factory settings through the system menu;
- hard reset via the Recovery menu;
- reflashing the device.
Any of these methods will return the device to the same state as after purchase - there will be no user programs, personal settings, files or other information (data about SMS, calls, etc.) left on it. Your Google account will also be deleted. Therefore, if possible, transfer the phone book to the SIM card and copy paid applications and other valuable items to external media. It is advisable to do this manually - without using special programs, so as not to accidentally copy the virus. After this, begin the “treatment”.
Restoring factory settings through the system menu
This option is the simplest. It can be used when the functions of the operating system and the device itself are not blocked.
Go to the Settings application, open the Personal - Backup section and select Factory reset.
Hard reset via Recovery menu
A “hard” reset will help deal with the malware if it is not removed by any of the above methods or has blocked login. To our joy, access to the Recovery menu (system recovery) is retained.
Logging into Recovery works differently on different phones and tablets. On some, for this you need to hold down the “Volume +” key when turning on, on others - “Volume -”, on others - press a special recessed button, etc. The exact information is contained in the instructions for the device.
In the Recovery menu, select the option “wipe data/factory reset” or simply “factory reset”.
Flashing
Flashing is essentially reinstalling the Android OS, the same extreme measure as reinstalling Windows on a computer. It is resorted to in exceptional cases, for example, when a certain Chinese virus is embedded directly in the firmware and has been living on the device since its “birth.” One of such malware is the spyware android spy 128 origin.
To flash a phone or tablet, you will need root rights, a distribution kit (the firmware itself), an installation program, a computer with a USB cable or an SD card. Remember that each gadget model has its own individual firmware versions. Installation instructions are usually included with them.
Preventive measures
In order to avoid problems with viruses on your smartphone, you should follow these recommendations:
- install an antivirus application on your smartphone - not necessarily paid, but reliable;
- do not download applications from suspicious sites - it is advisable to install them from the Play Market;
- scan newly installed programs with an antivirus;
- do not click on unknown links received by email or SMS;
- try to do without root rights, which allow viruses access to system files, and do not install unofficial versions of the operating system (firmware);
- disable the service of automatically receiving MMS in the phone settings or in the telecom operator’s menu - multimedia messages are one of the ways to send viruses.
To protect your smartphone from the consequences of virus infection, disabling the auto-payment function will help. It automatically tops up your account from a bank card when your balance drops to a certain minimum amount. If a mobile device with such a function is infected with a virus, it can still send SMS to paid numbers. The result of the malicious code is the withdrawal of a significant amount from the bank account.
How to avoid virus infection of Android devices
- Install mobile applications only from trusted sources, refuse hacked programs.
- Update your device as system updates are released - in them, developers close vulnerabilities that are exploited by viruses and Trojans.
- Install a mobile antivirus and keep it always on.
- If your gadget serves as your wallet, do not allow other people to use it to access the Internet or open unverified files on it.
Other articles on the site
- How to install an application on Android via a browser
- The best Android OS emulator programs for your computer
- Fastboot mode on Android: what is it and how to get out of it
- 3 ways to reset your Samsung smartphone or tablet to factory settings
Method #3 – Removing Heavy Viruses Using Stubborn Trojan Killer (ROOT)
Sometimes we can find extremely stubborn viruses that install themselves as system applications, and if they can be detected and blocked by traditional methods, they cannot be removed. Stubborn Trojan Killer will cope perfectly with such situations. This is an application that requires root, which recognizes some of the most popular, stubborn viruses that display ads on Android and try to install additional applications.
Download Stubborn Trojan Killer
Unfortunately, this application requires ROOT or administrative rights to be fully functional. ROOT is performed in different ways, and it all depends on what model of device we are using. If you want to use this virus removal program, you must first start your Android. Below you'll find a few versatile rooting methods worth checking out:
- How to root using KingRoot
- How to root using Kingo Android Root
- How to root using VRoot or TowelRoot