5 ways to find and remove a virus from an Android smartphone

Today we’ll figure out how to check your phone for viruses and remove them. There are three main ways:

1. Using antiviruses,
2. via computer
3. manually.

The step-by-step instructions are universal and suitable for all models and brands of Android: Alcatel, Asus, Lenovo, Meizu, Philips, Nokia, Oppo, Phillips, Prestigio, Sony Xperia, HTC, Samsung, Xiaomi (Redme), ZTE, BQ, Vertex, Micromax , Umidigi, Oukitel, Texet, Leagoo, Dexp, Doogie, Huawei (Honor), HomTom, etc.

How to find and neutralize

First, let's look at ways to remove malicious code that are available to any user.

Antiviruses

The first and most logical way is to use the functionality of antivirus software on your smartphone. “From the factory”, the option is not available on all devices.

Most often, built-in utilities are present in the shells of the Android operating system. For example, in MIUI from Xiaomi, its own security software is located in the security section.

If the standard antivirus cannot find malware or the utility is simply not on the system, you should download it from the Play Market.

It’s worth making an important caveat right away. You can install anti-virus software only from the official Google service! Using third-party and unverified APKs from obscure sites is highly discouraged!

List of popular antivirus programs for Android:

1. Kaspersky Internet Security: Antivirus and Protection. Kaspersky is a brand that is known all over the world. The utility works in the background and protects against viruses, Trojans, and phishing sites. Among other things, protection against gadget theft is provided. Application . There is a free version and a full subscription version. After downloading and installation, a background system check will start. If desired, you can enable forced scanning by clicking on the “Scan” button in the interface.
2. Dr.Web Light. The second largest manufacturer of antivirus software, distributed free of charge. Download the latest version from here. The main advantages of Dr.Web Light: unlocking the phone when ransomware Trojans are installed on the phone, minimal load on the processor and memory, careful battery consumption, finding and eliminating threats that are not yet in the database. After installation and launch, tap “scanner” and select “quick scan” or “full scan”.
3. AVG AntiVirus FREE. Based on the name, it becomes clear that the utility is distributed free of charge. Main advantages: good optimization of all processes inside the smartphone, scanning Wi-Fi networks for threats, connecting a VPN, indicating a lost phone on Google maps, optimizing battery charge. The scanning process is launched through the large blue “scan” button, which is located on the first screen.
4. McAfee Mobile Security: Ad tracker blocking, Wi-Fi Guard VPN, performance optimization, anti-theft protection and powerful search engine. All this can be downloaded from the official page of the device. After downloading and installing the application, click on in the figure shield.
5. ESET Mobile Security & Antivirus. Another application from a very famous developer in the world of security software. The program is available for 30 days free use with full functionality. After this period, limited protection will remain. However, the reduced functionality is more than enough. To start scanning, click “scanning apps”.

These are the 5 most famous and functional antivirus utilities on the market. If something doesn’t suit you, we recommend trying: 360 total security, Bitdefender Mobile Security, G-Data Internet Security.

PC or laptop

If the functionality on your mobile phone is not enough, “malware” manifests itself even after a full scan, you should use programs on your PC.

Of course, it will not be possible to fully scan a smartphone in this way, since the operating system will not give full rights to scan.

But this limitation can be partially circumvented by rooting Android, but more on that below.

Now let's look at the standard option:

1. Connect your phone to your PC or laptop.
2. Check that the correct drivers are installed on your phone. If this does not happen, set them manually.
3. Enable MTP (File Transfer) mode. The gadget itself will offer several methods to choose from when connecting to a PC.

From this moment on, the smartphone is visible to the PC as a removable storage device. All that remains is to select a program to scan and start the malware search process. We offer a choice of three antivirus utilities:

1. Avast Antivirus. A complete free antivirus. The trial version has all the necessary functions to check the system, as well as removable drives. To start scanning, launch the program and click .
2. Avira Free Antivirus. Another full-fledged free antivirus. Avira not only searches for viruses and Trojans, but also blocks annoying ads and spyware. You can download the current version of Avira Free Antivirus on the official website of the developer. To start scanning, click on the “smart scan” button.
3. Emsisoft Anti-Malware works in full mode with a 30-day trial tariff. Functionality: antivirus, protection against Trojans, bots, spyware, adware, keyloggers. by clicking on the “free 30-Day Trial” button. After installation and launch, click on the second blue tab “Scan&Clean”.

If you suspect that your smartphone has one or more viruses, you should use several applications or programs at once. This will increase your chances of catching the uninvited guest.

Do it yourself or manually

Sometimes manual cleaning helps. This method is less reliable, since a malicious application can leave “traces” and can then be restored to the gadget’s memory. To manually clean, do the following:

1. Open “Settings” → “applications” and carefully study the list. Feel free to delete those that you definitely did not install.
2. Remove the SD card from your smartphone and insert it into the PC card reader. Check the media for viruses or Trojans using anti-virus programs on your computer.

Removal methods

The virus does not always work in stealth mode. Sometimes he gives himself away:

1. Glitches,
2. general Android slowdown,
3. freezing,
4. sudden termination of programs,
5. displaying a large banner (often with indecent content) on the entire screen.

In this case, you will have to act based on:

• advertising hangs on the screen, but there is access to the device menu;
• The banner covers the entire display, and there is no access to the menu.

Let's consider both cases in more detail.

There is access to the menu

If you have access to the menu, then all is not lost.

We follow the algorithm:

1. Download and install 2-3 antivirus applications. Or we run a check using basic tools.
2. After installation, immediately disable network access. Turn on airplane mode in a good way.
3. We look for malware ourselves. Study the device's traffic consumption. Typically, the virus frequently accesses the network, spending many megabytes from the packet to transfer personal data to the attackers’ server.

Use programs on your PC and scan the SD card separately.

Access blocked

If the screen is blocked by a huge banner, be it extorting money for unlocking, an obscene image, or just an advertising banner. The situation is difficult, but not a hopeless situation.

If it is impossible to enter the “settings”, proceed according to the following scheme:

1. Under no circumstances should you send money to the specified details. This won't fix the situation.
2. Turn off the cell phone, take out the SIM card and memory card from the tray.
3. Now turn on the device in safe mode. Hold the power button and volume rocker down, video instructions are just below. The device will reboot into Safe Mode.
4. The operating system will boot without a banner. Now we remove all suspicious applications manually. If necessary, use antivirus software. You can also disable root access to Android, if it is activated on the device.
5. We reboot the smartphone in normal mode and evaluate the result.

If the above steps do not help, you need to perform the reset procedure before. But before that, you should save all important documents and media files to an external drive or PC.

Via buttons:

If the menu is available:

Symptoms of a virus infection on an Android device

• The gadget turns on longer than usual, slows down, or suddenly reboots.
• Your SMS and phone call history contains outgoing messages and calls that you did not make.
• Money is automatically debited from your phone account.
• Ads that are not associated with any application or site are displayed on your desktop or browser.
• The programs are installed by themselves, Wi-Fi, Bluetooth or the camera are turned on.
• I lost access to electronic wallets, mobile banking, or for unknown reasons the amount in my accounts decreased.
• Someone has taken over your account on social networks or instant messengers (if used on a mobile device).
• The gadget is locked, and a message is displayed on the screen that you have violated something and must pay a fine or simply transfer money to someone to unlock it.
• Applications suddenly stopped launching, access to folders and files was lost, and some device functions were blocked (for example, buttons could not be pressed).
• When launching programs, messages like “an error occurred in the com.android.systemUI application” pop up.
• Unknown icons appeared in the application list, and unknown processes appeared in the task manager.
• The antivirus program informs you when malicious objects are detected.
• The antivirus program has spontaneously deleted itself from the device or does not start.
• The battery of your phone or tablet began to discharge faster than usual.

Not all of these symptoms are 100% indicative of a virus, but each is a reason to immediately scan your device for infection.

FAQ

Let's look at the most frequently asked questions. Let's look at the intricacies of how malware works on Android and touch a little on iOS.

What can an “uninvited guest” do?

A rootkit is a “collection” of malware, a shell. Contain several potential threats at once. In addition, the rootkit can:

• in the background, collect and send user information to third-party servers: logins and passwords from personal accounts and social networks, PIN codes and passwords for bank cards, other confidential information;
• write off funds from bank cards;
• install banners with advertising, including those that completely block the operation of the device;
• overload the processor, video subsystem and other resources of the smartphone for cryptocurrency mining in the background;
• install hidden wiretapping,
• spyware for the purpose of subsequent blackmail.

How does infection occur?

Most often, the user himself “opens the door” for malware:

• through clicking on tempting advertising banners in your browser or email;
• when visiting sites with “adult themes”;
• when you end up on a fake phishing site with content similar to the original;
• when he opens SMS messages or letters from unknown recipients and follows the links inside;
• in case of downloading unknown torrents;
• when using unknown or foreign SD cards.

Sometimes the virus comes as hidden “baggage” if the user installs the application via an APK file from an unverified site or forum.

How to spot a fake

To avoid running into a fake app, follow these rules:

1. Download any software only from Google services.
2. Do not install third-party APKs unless absolutely necessary (especially avito.apk, downloader.apk and the like). As a last resort, look for a file to download on the developer’s website.
3. Remove all utilities that ask for permissions that are not within their “competence”. For example, when a graphic editor asks for access to the phone book or SMS messages.
4. Check and, if there is suspicious activity, remove applications that consume an unreasonably large amount of network traffic (from 200-500 megabytes per week).

Finally: read reviews from real users about a particular program.

How to understand that the system is infected

Direct and indirect signs of infection:

• The performance of the smartphone dropped sharply, Android began to slow down even in normal mode;
• rapid drainage of the battery, heating of the rear of the case;
• increased consumption of traffic, minutes and SMS;
• numerous system errors, glitches;
• sudden reboots;
• intrusive or non-removable advertising;
• ransomware banners;
• applications in the general list that the user did not install.

Types of malicious codes

There are a huge number of viruses. Let's look at the most dangerous and common malware:

1. NotCompatible turns your phone into a hidden proxy server. It ends up in a closed network of similarly infected devices (botnet), and becomes part of the system. Spam is sent from the phone, attacks are carried out on servers and other devices.
2. Lastacloud. A cunning Trojan that steals account data, SMS messages and user contacts. Disguises as WhatsApp updates.
3. Android Police is able to completely block Android, encrypt personal data, and steal user logins and passwords. Android Police is not hiding. He identifies himself and asks for money for deactivation.
4. Svpeng. The “malware” closes the device’s screen, posing as messages from the FBI.
5. Mazar is a threat that arrives on a user’s smartphone in the form of an infected link in an SMS. When you click on the hyperlink, the code is downloaded. After which the virus changes the phone settings, sends messages to paid numbers, and also goes to prohibited sites.
6. Smartcars-hacking is used to hack Tesla cars. Gives access to open the door, starts the engine.
7. Gooligan. A very dangerous and cunning animal. It is built into the code of such useful utilities as: Memory Booster, Perfect Cleaner. Steals card data and withdraws money from them. About 74% of known devices are exposed to the threat.
8. Ghost Push has been known since 2014, it embeds itself into the system, steals the user’s personal data, installs incomprehensible applications, displays advertising banners and spies on the user.
9. Android ransomware. Gains access to super administrator rights, after which it begins spying on the owner. It records the entire browsing history in the browser, and a little later begins to blackmail the user with it. The virus threatens to send website lists to the entire phone book.

In fact, there are many more types of malware. At the beginning of 2019, 414 vulnerabilities were discovered in the Android OS. All of them are potential “windows” for the introduction of virus code.

Is online verification effective?

Yes, there is such a possibility, but it is not a very effective way. Only individual links and files will be scanned, but not the entire system.

List of popular services:

• virustotal;
• kaspersky VirusDesk;
• AVC UnDroid.

If your antivirus doesn't help

Most likely, there is still malicious code on the smartphone. You can get rid of it in the following ways:

1. Format the SD card. It is better to do this via a PC or laptop with a good antivirus.
2. Flashing – changing the version to a newer and more secure one, formatting all the changes made.
3. Reset to factory settings. In essence it is similar to the second point. To roll back to stock settings, you will need to go to the Recovery system menu.

If these methods do not help, you should contact a service center.

How to deal with constantly pop-up ads

Usually annoying and automatically pop-up advertisements do not contain virus code. All sorts of garbage “Casino volcanoes, lotteries, sweepstakes” are the result of subscribing to push notifications from sites.

Remove in one of the following ways:

• Disabling the display of notifications in the Google Chrome and Yandex browser settings,
• built-in or third-party antivirus;
• manually after starting the device in safe mode.

Read more detailed instructions here.

If the online bank swears and issues warnings

Applications from banks, such as Sberbank Online, Alfa-Bank, Tinkoff and others, have their own protection against rootkits built into them. Often triggered automatically when it detects suspicious activity on the system. The user sees a message like: “A virus has been detected. To safely conduct financial transactions, you must completely remove this program." In this case, the installed antivirus may remain silent.

If you encounter this problem:

1. It is recommended to refrain from using online banking on a smartphone.
2. Log into the web version of your personal bank account on your PC or laptop and transfer money to another card that is not accessible through the utility on your phone. For example, a wife or a friend.
3. Now use all the methods described above to remove malware from your gadget.

If everything went well, make the transfer back to your card.

Why check iOS on iPhones

iOS is considered one of the most secure in the world. Therefore, checking your iPhone for viruses is pointless. The thing is that all software developers in the App Store undergo strict verification. The minimum risk of infecting a smartphone occurs only when using the jailbreak procedure (essentially hacking iOS).

How to avoid getting infected with a virus on Android - useful tips

There are two ways to install applications on Android devices:

1. Via Google Play Market
2. Through downloading the .APK file from different sites and manual installation.

Of these two options, Play Market is the safest option. Apps downloaded from this store undergo rigorous testing before they are made available for sale. Even if any problem is found after the scan, it will be fixed immediately and the app store will notify you about the incident so that you can take appropriate action.

However, it is worth remembering that no system is completely secure. A large number of positive reviews does not mean that an application is safe - especially if it has just recently appeared in the store. There are entire companies dedicated to creating fake positive reviews for games and programs. In addition, Google does not set limits on the number of advertisements that an application is allowed to display - each developer decides how disgusting their product will be. The most unscrupulous publishers are simply trying to make it as difficult as possible for you to uninstall the app (and they end up being classified as malware). In most cases, advertisements generated by malware are limited to the Internet browser and the application itself.

Recommendations to avoid getting infected

Follow simple rules to prevent viruses from getting into Android:

1. Download applications only from Google Play. Do not use APKs from dubious sites.
2. Do not click on links in emails or SMS messages. More often they come from unknown contacts or social network profiles. But they can also come from your friend’s hacked profile. Be careful!
3. Do not click on dubious advertisements online. Visit adult sites less often.
4. Stop using MMS messages. They often contain hidden macros with malicious code.
5. Disable root rights if you have them.
6. Disable auto payments in all services. They can leak your bank card information.
7. Do not use custom firmware. They often contain “baggage” in the form of Trojans and rootkits.

We recommend checking your system with built-in and third-party antivirus software at least once a week.

conclusions

So, we figured out how to check your phone for viruses. Rootkits, Trojans, spyware and other malware can be tracked and removed.

1. To begin with, we recommend using in automatic mode the most well-known antiviruses from third-party developers: Kaspersky Internet Security, Dr.Web Light, AVG AntiVirus FREE, McAfee Mobile Security, ESET Mobile Security & Antivirus.
2. Check your phone from a PC. To do this, activate the “MTP” mode (Media Transfer Protocol), and then scan the system: Avast Antivirus, Avira Free Antivirus, Emsisoft Anti-Malware.
3. If third-party applications and programs do not help, you need to try to remove the Trojan yourself. This is easier to do if you have access to the menu. If the screen is completely locked, you will have to enter through safe mode.

To avoid infecting your smartphone, follow these recommendations:

• Download utilities only from Play Market,
• do not click on unclear links from messages,
• try not to use auto payments,
• disable MMS messages,
• scan memory with antiviruses once a week.

If all else fails, contact the service center.

Can phones get infected with viruses?

The phone may become infected with a virus. As smartphones have surpassed computers in popularity as a personal device, hackers have also taken advantage of this trend: mobile malware has begun to actively develop. While a traditional virus replicates itself as it runs, mobile device viruses target weaknesses in your operating system to mine data, gain financial gain, or damage your network.

Data sharing capabilities are typically blocked between applications, but some applications have been scrutinized for improper data handling, leaving their users more vulnerable to these types of attacks.