How to remove a virus from an Android phone

In this article, we will look at how to remove a virus from a phone running on the Android operating system. Mobile devices are becoming more complex and functional every year; users use smartphones not only for communication, like a regular phone, but also for work or entertainment.

The phone contains various information and user data that attackers want to gain access to. They do not disdain anything, even petty theft, writing off money from a linked card. Adware viruses are especially common on Android devices.

Therefore, the amount of malicious software on Android mobile devices is growing at an avalanche pace. In addition to specially created malicious applications, a huge amount of legal software requires a variety of rights from the phone user, sometimes not at all necessary for the normal operation of the applications.

By obtaining rights, the application can gain access to contacts, install a spyware module, steal, and then send information to remote servers, which can then be monetized. The presence of viruses on the phone often reveals strange behavior of some applications or the mobile device itself.

Phone owners have questions about how to remove a virus from Android. The user needs to find the virus in the phone and remove it from the device.

In this article, we will look at several ways to remove malware from mobile devices running on the Android operating system.

How to find out if your Android phone is infected with viruses

The user needs to understand whether there are viruses on his mobile device. To determine the symptoms, you need to check the gadget for the following signs:

The presence of pop-up advertising when unlocking the phone or on the desktop.
The appearance of intrusive advertising in the browser and applications.
Fast discharge of the phone, even when the device is idle.
Unusual operation of applications, errors.
Glitches, automatic shutdown of the smartphone.
The appearance of strange folders and damaged files in the device memory.
Self-installation of applications by phone, self-downloading of files.
Receive frequent SMS messages about paid subscriptions.
Debiting funds from your account for services you have not activated.
A sharp increase in the volume of transmitted traffic, and mobile Internet or Wi-Fi turns on independently.

All these signs should alert the user. You need to make sure what caused the problems in the operation of your mobile device.

The presence of advertising banners in places where they should not be, for example, on the desktop background, indicates that the phone has an advertising virus that launches banners at inappropriate times and in inappropriate places.

Rapid battery drain may indicate secret mining on your phone, or your smartphone is participating in DDoS attacks. An attacker is using your phone to mine bitcoins, or has added your smartphone to their network, which they use to attack other devices.

Autonomous decision-making by your phone is a good reason to check your device settings.

There are three main types of viruses that attack phones:

Advertising banners that cannot be closed or disabled.
Spyware modules that record all user actions and send this information to attackers.
Trojans and worms that delete or encrypt files on your phone and transmit data from your device to the Internet.

The user experiences inconvenience, sometimes even the phone may fail. The saddest thing is that malware can steal money, gain access to your card data or email and social networking accounts.

Based on the above, it makes sense to check your phone settings, remove dubious applications, and scan for viruses on your device.

Signs of a viral infection

When a device is infected with a virus or any other malicious file (such as an unauthorized tracking program), the operating system begins to behave differently. Failures in its operation become noticeable, and often they are quite serious and can worry even an unsure user. To remove a virus, you need specialized software - antiviruses.

Main features:

the device turns on longer than usual, often too long, so it becomes noticeable (a common situation with a Trojan);
there are unknown numbers in the call list, funds have been debited from accounts, access to applications, including e-wallets, is lost;
there is noticeable activity on social pages, most often for sending spam emails and messages;
Intrusive advertising appears on the device, which was not there before (the first sign of the presence of an advertising virus);
The battery drains faster because the virus program consumes a lot of energy.

The listed factors may indicate not only the presence of viruses in the system. The cause of failures may be the user himself or a conflict between several applications. You can accurately determine it only with the help of an antivirus.

How a virus can get into a phone

The most common way is to install applications on your phone that have hidden functions. Some users independently install applications from APK files, bypassing official channels. Often these can be paid programs offered for free installation. Such applications can be modified and spread viruses or perform spying functions.

It is recommended to install programs on your Android device from the official Google Play store. But even there there are malicious applications. Lately, Google has been regularly clearing out dubious apps from its Google Play Store.

The virus can enter a mobile phone via a USB flash drive after connecting between devices. Do not connect your smartphone to other people's computers or phones.

By downloading files to your phone, or clicking on links on the Internet, or opening links in emails from unfamiliar recipients, there is a chance of picking up a virus on your mobile device.

Beware of downloading or transmitting data on public networks, due to the increased risk of becoming a victim of attackers.

Unofficial firmware also poses a danger, because it is unknown what was modified there.

Regularly install security updates for the system and applications on your device. Check your mobile phone for viruses periodically.

Removing suspicious or unknown programs

First, let's look at how to remove a virus from your phone manually. The problem may be resolved after removing the malware from the device.

Start by checking the apps installed on your phone. Some applications are pre-installed and are part of the Android operating system. Other applications you installed yourself, or they were installed secretly from you.

If you have a problem with debiting funds, turn on Airplane Mode on your smartphone to block applications from accessing the Internet. Then go through the list of programs and remove unknown or unnecessary applications. It is quite possible that after this, the problems with the phone will disappear.

Using the example of “pure” Android 9 Pie, the settings will look like this:

Go to your phone's settings, select "Apps & notifications" and then "Show all apps."
Open the application. On the "About App" page, you can immediately remove a suspicious or unnecessary application. To do this, click on the “Delete” button.
If you need the program on your phone, click on the “Permissions” option to view the permissions of this application. Here you can control the app's access to phone functions. Disable settings that you do not think should be allowed to work with this application.

When checking programs, follow these tips:

If the application is unfamiliar to you, find information about the program on the Internet. Look what they write about this program.
Pay attention to app permissions, especially non-specific features. It’s strange when, for example, the conditionally “Flashlight” program requires access to contacts or a microphone. This is very suspicious.
Check application traffic. See which programs consume the most traffic.

You can view the traffic consumed by applications in this way:

In settings, open “Network and Internet”, open the “Data transfer” option.
Click on the "Application Traffic" option. Here you can select a time period and see how much traffic specific applications consumed.

If among the programs there are unknown applications or programs that should not go online, there is a reason to carefully check suspicious activity on the network.

In the smartphone settings, in the “Special access” parameter, the user can disable various options for specific programs: installing unknown applications, changing system settings, access to notifications, access to usage history, etc.

If the problem is only an ad virus, you can use the help of mobile ad blockers. For example, the AdGuard program (paid) protects your device from annoying ads, saves traffic, and increases the overall level of phone security.

In some cases, viruses can block the removal of malicious applications from your phone. In this case, you need to enter Safe Mode in the Android operating system. Go to your device's settings, and then uninstall the problematic application.

Removing adware

Applications that add advertisements are also quite common. Unlike Trojans, their malicious action consists of adding advertising to the system interface and browser. As a result, the responsiveness of the interface slows down and traffic consumption increases! The most common way for this type of malware to enter a system is through the installation of pseudo-free games. The most effective way is to install the AdAvay application, which will block access to addresses from which advertising content is downloaded. However, this method comes with some difficulties, namely the need to obtain root access on the device being installed (without it the application does not work) and installing the application from the site, for which in the device settings you need to check the box Unknown sources , which is located in Settings -> Security . If these difficulties do not stop you, then as a result you will almost completely get rid of annoying pop-up and flickering ads in applications, as well as in the browser.

How to change application permissions for Device Administrators

Some applications can run on your phone with device administrator rights. You need to check which applications have elevated rights:

From Settings, go to “Security and Location”, click on “Advanced”.
Review apps that have device administrator rights.
If there are unknown programs here, take away elevated rights from these programs by moving the slider to the “Disabled” position.

It makes sense to remove such a program from your phone, because it is not for nothing that it received elevated rights to control the phone.

The Trojan has been removed. Is he still in the system?

To date, I have not yet encountered any samples that would infect system executable files for pinning. There are two reasons for this. Most malware is written in Java on the knees in a couple of hours, in order to quickly make money and run away. And also because Android OS is designed in such a way that the application has direct access only to its data and external media (it needs certain privileges). Of course, the limitation of the operating system can be bypassed by infecting native files, similar to viruses for Linux, but such code is too expensive for the purposes of attackers, and such capabilities are usually redundant. Also, not all virus writers have sufficient qualifications for this. Therefore, be on guard and do not allow your devices to be infected. Good luck!

How to remove a virus on an Android phone using an antivirus

Next step: run a scan of your mobile device using a specialized anti-virus program. This step is logical and in many cases will help solve problems encountered on the phone.

A large number of antivirus programs have been created for Android. Unfortunately, most of this software is outright junk. At best, these DIYs will put extra strain on your phone and won't cause any harm.

You should use products from time-tested, well-known manufacturers who have long proven themselves to work on computers with mobile versions. You can use well-known antiviruses: Malwarebytes, Zemana, Kaspersky, Dr.Web, Avast, ESET, Norton, etc.

Install an antivirus on your phone and then run a scan. After finding viruses, remove them from your phone. In severe cases, scan your smartphone with several antivirus programs in turn to get a positive result.

Trojan removal

The most popular type of malware is the Trojan . Its destructive activity consists of collecting and sending confidential information to criminals, ranging from personal correspondence in instant messengers to bank card data when making a payment. In addition, this malware can secretly send SMS to short paid numbers, which causes financial damage to the owner of the device.

To get rid of the malware, follow the instructions:

1) Install one of the popular antivirus solutions for Android from the Play Market: AVG , Kaspersky , Dr.Web and scan the system for viruses.

2) After the scan is completed, delete all suspicious files found. As a rule, voiced actions are enough to clean the Android system of Trojans .

How to remove a virus on Android via computer

In some cases, it is not possible to install a mobile antivirus due to lack of free space on the device. There is no time or opportunity to deal with files on the phone.

Therefore, you can try to remove the Android virus from your computer. You need to connect your phone using a cable to your PC in USB debugging mode. On the computer, the phone will appear as a connected disk. Check your device with antivirus from your computer.