Delete malicious code, which got into the gadget with any application or through a browser from the Web, can be done in different ways. Sometimes it is enough to install a simple free mobile antivirus and clean the system with it, sometimes these actions do not lead to the expected result. We will tell you further how to remove a virus from Android different ways safe for your device.

Finding and Removing Malware Using Antivirus

This is the easiest way to clean your phone of malicious code, but it helps in no more than 40% of cases of infection. Nevertheless, work on restoring the system's performance should begin with it. We list the most effective:

This simple method does not always allow you to get rid of a malicious utility. Sometimes it is simply not detected by the scanner, sometimes the already deleted application manages to recover spontaneously. In some cases, certain functions of the smartphone may not be available after cleaning. When such problems arise, it often helps to put the gadget into safe mode and check it with an antivirus utility.

Removing malicious code in safe mode

Most of the programs in this mode of operation do not interfere with the operation of scanners. Therefore, we will describe how to remove a virus or trojan from Android in safe mode, because by going into it, getting rid of malware from an Android phone is obtained in a much larger number of cases. But for this you need to know what to do to go into safe mode on a device with OS version 4.0 and higher:

1. Press and hold the "Power" button on the device until the shutdown window appears;
2. Keep your finger on touch button"Disable the device" of this window, until the gadget is prompted to switch to the desired mode, click "Ok".

If your device is controlled by an Android version lower than 4.0, then the procedure for switching to Safe Mode will be different:

1. Turn off the device completely and then press the power button again;
2. When the company logo is displayed, hold the volume up and down rockers at the same time until the OS is fully loaded.

After going into safe mode, download one of the antiviruses mentioned above and scan the gadget. After that, to switch to normal operating mode, reboot the device.

Removing malicious code via PC or laptop

You can “catch” a Trojan on Android through a browser. We will describe how to remove it from the system. Sometimes setting mobile application security and OS scanning even in safe mode malware can't be removed. In this case, the task can be solved using a desktop utility by scanning the gadget with it through a computer. Cleaning the system is done as follows:

All that remains is to run a scan, after which a powerful desktop application with huge databases will most likely be able to find Trojans that have got on the device and remove the virus from the phone.

Most mobile browsers are not equipped with ad blocking modules, so when using them, there is a high probability of accidentally clicking on a graphic banner that will download a virus file without you noticing. After that, when the device is working, advertising banners may appear at the most unexpected moment.

In this case, you can remove a virus from a tablet or smartphone manually using android apps Commander (http://android-commander.ru.uptodown.com/windows), which exchanges files between a PC and a gadget.

True, this will require root rights and USB debugging enabled on the phone (To enable the option, go to the “Settings” section of your device, then “System” and “Developer options”).

1. Connect your Android device to your computer as a storage device.
2. Run Android Commander on your laptop or PC as an administrator. Using this application, you can manage incl. system files mobile OS that regular Windows Explorer does not see.
3. Among the system directories, find the folder with executable files (with APK extension), delete the infected file or move it to a computer disk, where you can remove the virus from the file with any specialized scanner.

If the virus cannot be removed

If it is impossible to solve the problem using the methods described, consider how to remove viruses by flashing the system. In this case, user data will be deleted along with all malware, so this way is the most radical. Let's describe the procedure hard reset on the example of Samsung devices.

Virus, how did you get here? It is these emotions that a malicious application gets on your device, and at this moment it doesn’t matter “How?”, What matters is “What to do next?” In fact, there are not so many infected devices, and not because they all cease to function normally, it's all because of the good standard protection from Google. A few days ago, we already learned how to avoid getting a virus on your smartphone, but if a previously unknown creature still penetrated the expanses of the system's program code, you should definitely resort to our advice.

However, before starting, let's determine for ourselves the main reasons for the appearance of a virus, however, it is more correct to say a malicious application, because, in fact, you cannot harm a smartphone by clicking on a web link. A device can become infected only by installing an infected application, and it is not necessary that it includes only a virus, the application will perform its functions, while penetrating into your system along with it programming code that will steal, destroy and fill with garbage everything in its path.

Head up

First of all, reassure yourself: for many, this is a strong moral blow, the word “virus” causes excitement in any non-professional, after all, everyone has heard about the capabilities of such “creatures”, and, indeed, they are not so stupid, nevertheless, you should not give up , come to your senses, assess the situation and act - the enemy is always defeated.

Recognize and remove

Your main goal is to destroy the malicious code. If you notice something unusual in the behavior of your smartphone, for example: an unreasonable increase in memory, both operational and permanent, strange running processes, posts you have not previously written on Facebook - any strange behavior should alert you. First of all, remember which nearest programs you have installed and are there any suspicious ones among them? If yes, delete without hesitation. However, this is the easiest way.
The best option would be to turn off your device immediately after suspicious activity. Next go to Google Play through a computer and analyze all known anti-virus programs, read reviews, ask for advice from professionals. Then turn on your device again and download the selected antivirus application, scan and determine the presence of a virus.

Protect your data

To protect yourself from losing bank card data, personal accounts, accounts, try to change passwords from VKontakte, Twitter, Facebook, and other sites that are important to you, this will help you not become a victim of criminals. Whatever you say, but their key goal is to make a profit.

Reset your settings

If the antivirus did not find any malware, but the phone continues to behave strangely, it will help you full reset settings: all your data, including music and photos, as advised by colleagues from androidcentral transfer to a computer or transfer to Google Drive, then use our factory reset.

Do you have Root?

Some of you are probably familiar with root access, firmware, custom recovery. For these users, everything is much simpler, because they can simply change the firmware, before doing a full reset through the recovery, including battery statistics and so on, just to be sure.
What methods of fighting viruses do you use?

Alas, Android systems, as well as stationary Windows versions, are susceptible to viruses and malicious codes. Each new virus The "Android system" itself does not know how to recognize, although in the most fresh versions system has a pre-installed scanner. Therefore, you have to use all sorts of third-party software (at least to get rid of the threat so accurately). However, you should not panic even if the mobile device can store confidential information, used, for example, by banking applications. But in most cases, virus attacks are aimed specifically at them. About how to remove a virus from Android on a phone or tablet, the conversation will go on.

For such cases, several solutions can be proposed, which, however, differ quite strongly from each other. We will separately consider issues related to situations where the virus cannot be removed by the proposed methods. Unfortunately, such situations also occur, and many protection tools turn out to be powerless in terms of bypassing blocking access to virus files (programs like Unlocker are not provided for mobile devices). But first things first.

How to check Android for viruses: problems and difficulties

The biggest problem with half of the known versions of Android is that initially they did not provide any serious means of protection. At least the anti-virus packages had to be installed from the repository Play market(Android games without viruses or other programs can also be downloaded there, but recently they have been attacked, and the user uploaded to mobile device pre-infected application).

In versions above four, a virus detection tool appeared, but it has nothing to do with how the same stationary scanners at the entrance work. Thus, the most primitive solution to the question of how to check Android for viruses can be its use. Relying on 100% success, of course, is not worth it, since such a statistical scan reveals threats only in 30-40% of cases, nothing more.

In such a situation, it is better to use third-party applications downloaded from the same repository, however, they may not be installed due to the effect of the virus on the system. Next, we will consider how to remove a virus from Android for different situations. It is assumed that at least one solution will work (dramatic measures will have an effect for sure, but more on that later). And most of these methods are not as complicated as it might seem at first glance.

How to remove a virus from Android on your phone: basic steps

If we outline the processes of removing infiltrated mobile device threats in a general sense, there are several main options that will help eliminate threats. Among them, the priorities are:

• use of special software directly on the gadget;
• scan and remove viruses when connected to a computer;
• full reset to factory settings.

Concerning last point, separately we can say that the problem of how to remove a virus from Android, recovery from backup is not resolved. Firstly, the backup itself may initially contain a virus, and secondly, the threat may settle on a removable card, and recovery will be performed exclusively for the main (internal) drive.

We use built-in protection for versions 4.0 and higher

So, first of all, all owners of operating systems higher than the fourth version are recommended to check their gadget with a built-in antivirus immediately after the first symptoms of infection appear. Signs of a threat penetration can be a slowdown in the device, a spontaneous reboot, the appearance of calls that the user did not make or sent messages of the same type, installation of applications in the background without the knowledge of the owner, loss of access to electronic wallets or bank cards, violation of the launch of installed applets with issuing errors about crashes in com.android.systemUI, fast discharge battery, etc.

In this case, you just need to run the scanner and see what it finds. There is little hope for him, but in some cases it is possible to get rid of the most primitive threats in this way.

What to do with OS below the fourth modification?

For modifications below the fourth, the problem of how to remove a virus from Android can be solved at the initial stage by installing third-party software. You can find quite a lot of programs, but it is better to use utilities from well-known developers.

The first step is to install Kaspersky Anti-Virus on Android and fully check the system. Of course, the load on resources, if you keep the application active all the time, will increase quite a lot (similar to Windows), but you can simply scan and remove viruses, and then uninstall the main program itself.

If the application is not installed from the Play Market, access to which or its operation may be blocked due to a threat, you need to find another trusted source on the Internet (official site), download mobile version applications from there, transfer it to a removable memory card and install through the APK file.

Using advanced antivirus software

But only narrowly focused utilities can not be limited. So, for example, many optimizer programs designed to clean the system of debris and speed up its work also have built-in anti-virus modules.

If it is the antivirus software that is not working or does not find any threats, you should scan in applications of a more general nature. Perhaps the virus does not recognize them as software that counteracts its functioning.

Safe mode

Finally, the question of how to remove a virus from Android, if the software is not installed or the threat itself is not removed, can be resolved by switching the device to the safe boot. Sadly, not all users know how to do this.

To do this, hold down the on / off button and hold the confirmation button on the screen until a message appears prompting you to switch to safe mode (for versions higher than the fourth). For modifications of OS 4.0 and below, you need to turn off the device in the usual way, turn it on again, when the system logo with a green robot appears, simultaneously hold down the volume up and down keys and hold them until the device is fully loaded. After that, you can perform the above steps again.

Removing viruses when connected to a PC

Now let's see how to remove viruses from Android through a computer. There shouldn't be any problems here. Just connect the device with a USB cable, after allowing debugging.

Windows Explorer will display two drives (internal and external). Through RMB on each of them, simply select a check using the command line of the installed standard antivirus for this. If that doesn't help, use portable utilities with media selection as targets for scanning.

Resetting the settings using the standard method

Finally, a few words about how to remove non-removable viruses from Android, when none of the methods proposed above gave the desired effect. In this situation, only a complete reset of the settings or a flashing of the device will help.

In the very simple case in the settings section, select the appropriate item from the menu Reserve copy and recovery, wait for the process to finish and reboot the device.

To restore the factory firmware, as they say, from scratch, you can use specially designed utilities. For example, for Sony it could be Xperia Companion- an application that is installed exclusively on a computer or laptop. For other models, you can also find utilities of this kind. You just need to visit the official website of the manufacturer and download them from there. This process will take more time, but you can be completely sure that after that the user will receive a phone or tablet in the same condition as if it had just been purchased.

hard reset

However, if these methods do not work, you can forced reset, which is called Hard Reset. The Recovery menu is entered in different ways (mainly by holding the volume and power buttons). However further actions are the same.

In the recovery menu, select wipe data / factory reset and wait for the settings to be restored, which is akin to formatting a disk in conventional computer systems.

Summary

As you can see, there are a lot of ways to fight malware. It's hard to say what to use. It all depends on each specific case. But the most effective method, if the user has previously made a copy of contacts or some other important information, of course, is a factory reset with complete removal all information from a mobile gadget. But this is, so to speak, the most cardinal method.

In simpler situations, if you still manage to install anti-virus software, scanning utilities should not be neglected either. At the very least, you can tolerate the load on system resources during the verification period. After neutralizing all the threats found, there is nothing easier than simply removing an unnecessary applet by installing some more lightweight scanner like McAfee or 360 Security at the input, which will not particularly affect system performance.

However, there are enough such programs even in the Play Market, not to mention their huge number on the Internet. But it is highly recommended to download such utilities exclusively from the developers' websites, since on other resources, oddly enough, along with the antivirus, you can also catch a virus that is initially embedded in the installation shell. apk file, and then activated in the background when installing the main application.

If your device started to work poorly, live its own life, then most likely your phone has caught a virus.

• the phone turns on longer than usual;
• there are numbers unfamiliar to you in the call list;
• excess funds are debited from the account;
• you are unable to use your electronic wallets and other financial management systems;

• your pages in in social networks used to send prohibited materials or spam.
• the battery will be discharged much faster, because the virus program consumes a lot of energy.

Remove viruses with 360 Security Lite

by the most in a simple way"Treating" an android device from malicious files and programs is cleaning it with an antivirus program.

360 Security Lite- one of the most popular antivirus programs for Android devices. In order to clean your device or provide future protection, you should:

1. Install.

2. After installing the application, click on the icon on the desktop, and run the program.
3. In the Anti-Virus tab, click the Scan button.

4. The app will start scanning your device for viruses.

5. The next step is to remove the malware software. If you find something - no quarantines are needed - immediately put the switch on all to the delete position.

Note: I think it's obvious to everyone that this method only works if the android device is fully functional. The same applies to other antivirus programs.

Using Avast Mobile

Another good antivirus application is Mobile Security & Antivirus Avast. How to use it, read below.

1) Download the application from the official site or install.
2) Mark that you are familiar with license agreement and privacy policy.

3) Go to Smart check - Check device.

4) Anti-Virus will immediately start updating virus databases.

5. After the scan is completed, you will be prompted to choose actions in relation to threats. Now the antivirus will monitor your device.

Treatment in safe mode

The thing is that the vast majority of virus programs do not work in safe mode. This means that if you start the device in this mode, the virus simply will not work, respectively, it can be easily removed.

To start safe mode, follow these steps:
1. Hold down the power button of the device.
2. Hold your finger on "Disable Device" until you see this message:

Once your Android device is in safe mode, scan it with an antivirus and remove it malware. If antivirus program does not start, reinstall it by downloading it again from the Google Play Market.

How not to catch the virus again - prevention

To prevent viruses from infecting your device, follow these tips:

• install applications of any kind only from trusted sources, for example, from the Google Play Market, here administrators carefully check their content;
• install from sites you trust - for example: site :-)
• always update the OS of your device;
• do not visit suspicious sites or click on links like "Your Android device is blocked" or "Viruses have been found on your phone", if you click on such messages, you will definitely acquire a virus.

Brief summary

In this article, I told you how to solve the problem of viruses on Android devices. I hope it will be useful to you, and you can easily get rid of unwanted and extraneous programs. Good luck!

Let's start with the "fresh" - Triad today can be considered the newest and "bulletproof" virus for smartphones. It was only discovered in March 2017.

It is unique in its proximity to classic viruses, and not to ransomware Trojans, as is usually the case on Android. You still need to manage to pick it up from "unverified sources", but then a much more fun "action movie" begins:

Triada is a virus that not only hooligans in the system, but wedged into its vital parts

1. Triada is enabled after you install and give permissions to your favorite music downloader from VKontakte, for example. After the program quietly finds out the model of your smartphone, firmware version and Android, volume free space on drives and a list of installed applications. And sends this information on the Internet, to their servers. There are a huge number of these servers, they are scattered in different countries, that is, it will not even work to come and arrange a “mask show” at the location of the server with malware.
2. In reply to Triada receives instructions(really, an individual approach to the patient!), how best to hide yourself specifically in this version of Android and this smartphone, is being introduced into each (!) Of the installed applications and takes control of system components to hide yourself in the list of installed applications and running processes. After that, a separate part of the virus in the system "sweeps" its traces - it no longer works as a separate application, but coordinates its actions with the help of pieces of the infected system.
3. Done, system conquered! From this moment on, the smartphone turns into a “puppet”, to which attackers give commands from a distance and receive information on any of available servers. Now Triada is acting primitively - it finds out the data of your bank card, takes money from her, takes it out of incoming SMS the codes necessary for payment, "draws" false numbers about the balance to the owner.

But with the ability to "gut" any installed application or installing a new one at a distance is just "flowers" - the peculiarity of the "Triad" is that it is a modular virus, it will be possible to fasten a variety of types of remote tricks to it.

As you can see, viruses for Android are not only primitive “your phone is locked, you have a hundred bucks”, which you can get rid of by deleting the application. And, if in new versions of Android at least access to getting root and you can see something suspicious at the stage of requesting rights by the application, then the old versions (Android 4.4, 4.3 and older) are absolutely defenseless against a new infection - only a complete flashing will save.

marcher

The so-called "banking malware" was developed back in 2013, but its " finest hour” came only in the summer of 2016. Known for good disguise and "internationalism", if I may say so.

Marcher is a simple Trojan that does nothing supernatural, but simply replaces service pages huge amount banks using pop-up windows. The mechanism is as follows:

• Trojan gets into the system along with the infected application. The peak of the Marcher's popularity came with the "freshly stolen" version of Super Mario Run from Nintendo. If you don't remember, this is such a super-hyped runner from the makers of Pokemon GO!
• Looking for banking apps on smartphone and applications of online stores chooses "blanks" in accordance with which bank you use.
• Sends a "bait" to the smartphone- a message in the notification shade with a bank/shop icon and a message in the style of "Your account received N rubles"/"75% discount coupon for any product today only!".
• Owner smartphone clicks on the notification. Then the Trojan opens exact copy, a 1-in-1 page similar to what you are used to seeing in official app. And he says something in the style of "the connection to the network is interrupted, re-enter the data of the bank card."
• Owner smartphone enters bank card details. Here's some denyuzhki bye-bye!

“Dude, I forgot your card number. Don't you remember?"

In this simple way, the Trojan faked the process of buying air tickets, buying goods in online stores and software on Google Play, and the operation of banking applications. Users of bank cards in Germany, France, Poland, Turkey, the USA, Australia, Spain, Austria and Great Britain got under distribution. Initially, the virus was “sharpened” under Android 6.x, there were much fewer smartphones running other versions.

Loki

Not even a loner, but a whole cascade of “chameleon” Trojans, not as criminally severe as Triada, but equally painful for operating system. Antivirus experts noticed malware in early 2016, and malware began to massively infiltrate people's smartphones as early as December 2016.

Loki is such an organized robbery by prior conspiracy in your smartphone

Malware act so quickly and harmoniously that I want to give them a standing ovation. Just take a look at this "multi-move":

• First Trojan gets into the system with a safe application and starts with it. After that, it immediately “requests reinforcements”, that is, it downloads the second Trojan from its sources and installs it with a bunch of tools to obtain root rights. Monitors the system, waits for the smartphone user to turn off the display, and in this mode extracts root. Then he launches his "colleague".
• Second Trojan intercepts root rights, gains access to the /system partition (“factory” firmware files that remain even after resetting), unpacks a couple more Trojans from itself and stuffs them into “fireproof” system partitions.
• Third Trojan comes to life in this very section / system, in which it replaces the part of the system responsible for loading, and removes the standard Android giblets. If by some miracle the owner removes all previous viruses and gets to the third Loki in a row, the smartphone’s firmware will “die” with its removal.
• At that time the fourth in a cascade of Trojans operates from a protected system folder, from where it downloads another pack of viruses, “twists” ads, or simply cheats counters of application downloads/site visits on an infected smartphone. Blocks the download and installation of antiviruses, improves its protection.

It is impossible to “root out” the traces of this violent activity from the brains of a smartphone, therefore, an infection with the help of Loki is “cured” only by a complete flashing with the loss of all data.

fake token

If the previous trojans deliberately act on the sly so that the smartphone user does not know about the infection until the last moment, then Faketoken in its approach is simple and straightforward, like an experienced gopnik - it requires granting him the rights to any actions with the smartphone, and if the owner refuses, the algorithm comes into play "Listen, don't you understand? Then I'll do it again!"

1. First, the user is forced to give administrator rights to the virus

• Install you mean Appendix with the usual shortcut from some site vasyapupkinsuperwarez.net. You start, and after that they begin to "torture" you.
• The Trojan opens a system window asking for administrator rights. In the best democratic traditions, the owner of a smartphone has two options - to allow the Trojan access to the system, or not to allow it. But in case of refusal, Faketoken will open again window asking for system rights, and will do this constantly, until the smartphone user capitulates.
• After that, using the same thermorectal cryptanalysis, the Trojan extracts rights to display pop-ups and replace myself standard application to send SMS.
• After success in conquering the Trojans communicates with its management server on the Internet and downloads template phrases from there in 77 languages, with which he will then blackmail a mobile phone user.
• Then, with the help of prepared phrases, Faketoken starts to spoil the system full screen messages in the style of "confirm the name and password of your account in Gmail" and "now we need to link a card on Google Play, enter the required data." Until the end, of course.
• The Trojan frolics in the system, sends and receives SMS, makes calls, downloads applications. And finally - locks the screen, encrypts all files in internal memory and microSD and demands a ransom.

godless

The Godless Trojan impresses not even with its, so to speak, functionality, but with its disguise - for a long time even the vaunted anti-virus scanning system on Google Play did not recognize its presence in applications. The result is somewhat predictable - the malware has infected more than 850,000 smartphones around the world, and almost half of them belong to Indians, which hints at the origin of the Trojan.

You download a flashlight from Google Play - you pick up an unremovable virus with encryption and root rights

The functionality of the Trojan differs little from its numerous colleagues in 2016, only the “inception” has become new:

• Smartphone user downloads app from google play, turns it on, as a result of which the Trojan is launched along with the application. Just don't think something bad about Google verification, because there is no malicious code in this "kit" - the Trojan downloads the malicious code at the first start.
• To start Godless extracts on a smartphone root rights, free without SMS. With the help of about the same set of tools as in these of your Towelroot, for example. The Trojan performs such operations when the screen is off.
• After that, the arrogant Trojan sends itself to the / system folder (from where can't be deleted without flashing) and encrypts itself with an AES key.
• FROM complete set Godless permissions starts little by little steal personal data users from a smartphone and install third party applications. In its original versions, the Trojan, by the way, hid from the user's eyes standard google Play and replaced it with a "parody", through which he stole the name and password from the account.

Among the applications to which Godless was most often "screwed" were numerous "flashlights" and clones of well-known Android games. viruses. worms , trojans , adware (intrusive advertising) and "horror stories", but almost no one cares about such subtleties. Like, viruses - they are viruses.

The differences between the "grades of joy" are as follows:

• Virus- a malicious program that quietly penetrates a computer due to a vulnerability in the system. And, most importantly, it does not engage in sabotage on its own, but infects other files in the system. In the case of Android, such malware would have to penetrate after a banal click on an ad or visit a website, and then “rewrite” Gmail, VKontakte and other applications for themselves in such a way that after the removal of the original virus, the infected applications would continue to do their dirty work.
• Worm- does a bad deed and harshly, mercilessly, with all the possibilities spreads itself through all channels of communication. On computers, worms sent themselves out via e-mail, instant messengers, local network, flash drives - that is, they cloned themselves in the most shameless way.
• Trojan never knocks on the system from the outside - you install and run the malicious program yourself. This happens because Trojans replace ordinary, familiar and well-known applications, and sometimes they are simply "sewn" to fully functional programs. That is, buy download useful program- and get malware as a gift!
• "Scary stories" (scareware)- applications that cause panic: “Oh my God, yes, your whole smartphone is full of viruses and applications for wiretapping by special services of the whole world! Download our antivirus and find out the whole truth! Download, run, carry out the so-called check, after which the program says: “A terrifying amount of viruses in the system! Your phone will die if you do not remove viruses, but for this you must enter your bank card details here and here. Such charm is often ignored by all antiviruses, because it does not hack or steal anything in the system - it simply deceives the buyer and asks for money.