How to remove a virus from an Android phone

In this article, we will look at how to remove a virus from a phone running on the Android operating system. Mobile devices are becoming more complex and functional every year; users use smartphones not only for communication, like a regular phone, but also for work or entertainment.

The phone contains various information and user data that attackers want to gain access to. They do not disdain anything, even petty theft, writing off money from a linked card. Adware viruses are especially common on Android devices.

Therefore, the amount of malicious software on Android mobile devices is growing at an avalanche pace. In addition to specially created malicious applications, a huge amount of legal software requires a variety of rights from the phone user, sometimes not at all necessary for the normal operation of the applications.

By obtaining rights, the application can gain access to contacts, install a spyware module, steal, and then send information to remote servers, which can then be monetized. The presence of viruses on the phone often reveals strange behavior of some applications or the mobile device itself.

Phone owners have questions about how to remove a virus from Android. The user needs to find the virus in the phone and remove it from the device.

In this article, we will look at several ways to remove malware from mobile devices running on the Android operating system.

How to find out if your Android phone is infected with viruses

The user needs to understand whether there are viruses on his mobile device. To determine the symptoms, you need to check the gadget for the following signs:

The presence of pop-up advertising when unlocking the phone or on the desktop.
The appearance of intrusive advertising in the browser and applications.
Fast discharge of the phone, even when the device is idle.
Unusual operation of applications, errors.
Glitches, automatic shutdown of the smartphone.
The appearance of strange folders and damaged files in the device memory.
Self-installation of applications by phone, self-downloading of files.
Receive frequent SMS messages about paid subscriptions.
Debiting funds from your account for services you have not activated.
A sharp increase in the volume of transmitted traffic, and mobile Internet or Wi-Fi turns on independently.

All these signs should alert the user. You need to make sure what caused the problems in the operation of your mobile device.

The presence of advertising banners in places where they should not be, for example, on the desktop background, indicates that the phone has an advertising virus that launches banners at inappropriate times and in inappropriate places.

Rapid battery drain may indicate secret mining on your phone, or your smartphone is participating in DDoS attacks. An attacker is using your phone to mine bitcoins, or has added your smartphone to their network, which they use to attack other devices.

Autonomous decision-making by your phone is a good reason to check your device settings.

There are three main types of viruses that attack phones:

Advertising banners that cannot be closed or disabled.
Spyware modules that record all user actions and send this information to attackers.
Trojans and worms that delete or encrypt files on your phone and transmit data from your device to the Internet.

The user experiences inconvenience, sometimes even the phone may fail. The saddest thing is that malware can steal money, gain access to your card data or email and social networking accounts.

Based on the above, it makes sense to check your phone settings, remove dubious applications, and scan for viruses on your device.

Signs of infection

If the following symptoms are observed on your tablet, it’s time to sound the alarm and go on a virus hunt:

the operating system “slows down”: the device responds slowly to commands or does not respond at all;
files are randomly deleted (photos, videos, application elements);
Loading pages in the browser and downloading programs slows down;
Money is automatically withdrawn from the account (without explicit user participation - sending SMS/MMS, making calls);
access to individual sections and system settings, files, folders, programs is blocked;
OS startup is blocked.

Otherwise, if you don’t react in any way, you can say goodbye to your confidential data (logins and passwords, payment details) and the money that you have in your telephone operator account and in electronic payment systems.

How a virus can get into a phone

The most common way is to install applications on your phone that have hidden functions. Some users independently install applications from APK files, bypassing official channels. Often these can be paid programs offered for free installation. Such applications can be modified and spread viruses or perform spying functions.

It is recommended to install programs on your Android device from the official Google Play store. But even there there are malicious applications. Lately, Google has been regularly clearing out dubious apps from its Google Play Store.

The virus can enter a mobile phone via a USB flash drive after connecting between devices. Do not connect your smartphone to other people's computers or phones.

By downloading files to your phone, or clicking on links on the Internet, or opening links in emails from unfamiliar recipients, there is a chance of picking up a virus on your mobile device.

Beware of downloading or transmitting data on public networks, due to the increased risk of becoming a victim of attackers.

Unofficial firmware also poses a danger, because it is unknown what was modified there.

Regularly install security updates for the system and applications on your device. Check your mobile phone for viruses periodically.

Infection methods

Attackers use different methods to force the user to download virus software on their own, attracting with “free cheese” or fueling interest in other ways, so the most common infection is as a result of the actions of the device owner. Common causes of infection are:

Lack of installed anti-virus software, old update databases;
"Surfing" on sites. Exploring the depths of the Internet for different purposes, it is quite possible to catch an “infection”, while it is not at all necessary to visit resources with “18+” content; there are enough viruses on portals with completely harmless topics;
Downloading software from dubious sites;
Launching unknown programs from unofficial resources;
Data exchange via open channels (Bluetooth, public Wi-fi).

Virus programs do not necessarily have the extension “.apk” and are registered in the downloads folder, where they are easy to find and neutralize. There are many modifications of viruses, the most insidious of them can hide under the guise of system processes and files, as well as useful applications, and it is difficult to find a well-disguised pest.

By the way, in most cases, the installed antivirus still warns the user about a possible danger, but not everyone can cope with the desire to download something if they already have it in mind and leave the page. In addition, security software often mistakes hacked applications for malware, so many people ignore the defender’s scolding and download the files anyway. Well, who wouldn’t want to get cracked programs for free with features that are only available in paid versions of the software? Many users sin by downloading unofficial applications and interesting “goodies”, risking bringing trouble to the device system, which is successfully exploited by attackers.

Often it becomes immediately clear to the user when the system has caught a virus, but in some cases the pest does not manifest itself at first. In addition, users are often not very attentive to what is happening in the device’s system, and by the time traces of sabotage are discovered, enough time will have passed for the virus program to achieve its goal. Let's figure out how to determine whether there is a threat from parasites and what to do if your Android tablet or smartphone still catches a virus.

Removing suspicious or unknown programs

First, let's look at how to remove a virus from your phone manually. The problem may be resolved after removing the malware from the device.

Start by checking the apps installed on your phone. Some applications are pre-installed and are part of the Android operating system. Other applications you installed yourself, or they were installed secretly from you.

If you have a problem with debiting funds, turn on Airplane Mode on your smartphone to block applications from accessing the Internet. Then go through the list of programs and remove unknown or unnecessary applications. It is quite possible that after this, the problems with the phone will disappear.

Using the example of “pure” Android 9 Pie, the settings will look like this:

Go to your phone's settings, select "Apps & notifications" and then "Show all apps."
Open the application. On the "About App" page, you can immediately remove a suspicious or unnecessary application. To do this, click on the “Delete” button.
If you need the program on your phone, click on the “Permissions” option to view the permissions of this application. Here you can control the app's access to phone functions. Disable settings that you do not think should be allowed to work with this application.

When checking programs, follow these tips:

If the application is unfamiliar to you, find information about the program on the Internet. Look what they write about this program.
Pay attention to app permissions, especially non-specific features. It’s strange when, for example, the conditionally “Flashlight” program requires access to contacts or a microphone. This is very suspicious.
Check application traffic. See which programs consume the most traffic.

You can view the traffic consumed by applications in this way:

In settings, open “Network and Internet”, open the “Data transfer” option.
Click on the "Application Traffic" option. Here you can select a time period and see how much traffic specific applications consumed.

If among the programs there are unknown applications or programs that should not go online, there is a reason to carefully check suspicious activity on the network.

In the smartphone settings, in the “Special access” parameter, the user can disable various options for specific programs: installing unknown applications, changing system settings, access to notifications, access to usage history, etc.

If the problem is only an ad virus, you can use the help of mobile ad blockers. For example, the AdGuard program (paid) protects your device from annoying ads, saves traffic, and increases the overall level of phone security.

In some cases, viruses can block the removal of malicious applications from your phone. In this case, you need to enter Safe Mode in the Android operating system. Go to your device's settings, and then uninstall the problematic application.

Do you need an antivirus for Android devices?

Virus programs are divided into four groups:

depleting the user's balance;
stealing access to electronic wallets and bank cards;
storing personal data - logins, passwords, documents;
blocking device.

Every year, new blocking components appear in antivirus software, and unique protective mechanisms are developed to block malicious programs. However, viruses continue to attack smartphones and tablets. This happens largely due to the fault of users who ignore pop-up system windows with danger warnings. The desire to install the game is sometimes stronger than the thought of a possible charge of money or blocking of the gadget.

Antivirus is necessary to protect Android devices, provided that the user responds to warnings and follows the instructions of the program.

How to change application permissions for Device Administrators

Some applications can run on your phone with device administrator rights. You need to check which applications have elevated rights:

From Settings, go to “Security and Location”, click on “Advanced”.
Review apps that have device administrator rights.
If there are unknown programs here, take away elevated rights from these programs by moving the slider to the “Disabled” position.

It makes sense to remove such a program from your phone, because it is not for nothing that it received elevated rights to control the phone.

How to deal with malware?

For each category of viruses - Trojans, worms, dialers (senders of paid SMS), blockers - there are special “recipes” that allow them to be neutralized and removed from the tablet. But many of them can only be performed by IT specialists - inveterate computer programmers who specialize in organizing security and setting up operating systems. But for ordinary users, in order to remove digital scourge from the memory of their “mobile pet”, it is still more advisable to use an antivirus. “Which and how?” - this is the second question. Let's look at the top solutions for iOS and Android.

How to remove a virus on an Android phone using an antivirus

Next step: run a scan of your mobile device using a specialized anti-virus program. This step is logical and in many cases will help solve problems encountered on the phone.

A large number of antivirus programs have been created for Android. Unfortunately, most of this software is outright junk. At best, these DIYs will put extra strain on your phone and won't cause any harm.

You should use products from time-tested, well-known manufacturers who have long proven themselves to work on computers with mobile versions. You can use well-known antiviruses: Malwarebytes, Zemana, Kaspersky, Dr.Web, Avast, ESET, Norton, etc.

Install an antivirus on your phone and then run a scan. After finding viruses, remove them from your phone. In severe cases, scan your smartphone with several antivirus programs in turn to get a positive result.

Root rights

There are situations when no methods help and the device malfunctions. Then a more thorough intervention is required in order to save not only the OS, but also the device itself. You can carry out a radical cleaning using the Android Commander utility.

The main purpose of this program is to transfer a simple user to “superuser” status. This means that you can move, format and delete any file in order to make profound changes to the operation of the operating system. This way, you can carry out serious diagnostics of your own tablet.

You should do this:

Click on the Google Play application shortcut (or on the website ler.ru.uptodown.com/windows), find and download Android Commander
Connect the tablet to the computer via a USB cable and activate the multimedia device function on the portable device
Find drive E through the “My Computer” menu and expand it
Diagnose files using an antivirus program on a desktop PC
All standard software infected with viruses must be removed only through “superuser” rights. Did the system recognize them as “sick”? Clean with confidence
Clear cache overload and browser data.

This method is suitable only for advanced users and requires at least entry-level IT knowledge. Newbies can cause serious damage to the entire platform and completely destroy the functioning of the computer. The Android Commander utility will definitely ask for Root rights to Android. What are they needed for? In order to have the right to deep administration.

How to remove a virus on Android via computer

In some cases, it is not possible to install a mobile antivirus due to lack of free space on the device. There is no time or opportunity to deal with files on the phone.

Therefore, you can try to remove the Android virus from your computer. You need to connect your phone using a cable to your PC in USB debugging mode. On the computer, the phone will appear as a connected disk. Check your device with antivirus from your computer.

List of effective antiviruses

If you discover that your smartphone is infected with a virus, first take out the SIM card to avoid zeroing your balance. Next, install an antivirus program and scan the system. Applications can be downloaded from the Play Store or from the official website of the developer. To install an .apk file from a computer:

Go to the antivirus developer's website and download the installation file.
Connect your smartphone or tablet to your PC in storage mode.
Open the removable disk and copy the antivirus file to the selected folder.
Disconnect your device from your computer.
In the gadget menu, find File Manager and use it to open the folder with the antivirus file.
Install the program.

Before installing the antivirus, allow the installation of applications from unverified sources in the “Settings - General - Security” menu.

An overview of effective free antivirus programs is given below.

Avast Mobile

AVAST antivirus is available to users for free on the Play Store. Antivirus features:

protecting your smartphone or tablet from viruses;
scanning applications for malicious elements;
scanning Wi-fi networks;
firewall;
cleaning RAM.

Download and install the program. To start a scan:

Open your antivirus.
In the main window, select "Test device". The antivirus will identify problems and vulnerabilities and offer to correct the situation.
Remove detected malicious files by clicking "Fix".

Gallery - Using AVAST

Step 1. Install an antivirus Step 2. Run the first scan Step 3. Fix vulnerabilities and remove malicious files Step 4. Block malicious applications
If a virus is detected in an application, open the application blocker and stop the malicious program, and then remove it.

AVG AntiVirus Security

AVG's antivirus application ensures the security of the user's personal data. Program functions:

real-time scanner;
scanning files and applications for viruses;
searching for a lost smartphone or tablet;
completion of processes that slow down the operation of the gadget;
blocking unauthorized access to confidential applications.

AVG antivirus can be downloaded from Google Play. To scan your system for viruses, open the application and click the “Scan” button.

The program allows you to selectively scan suspicious folders and files. To start the process:

In the main window, select “Protection”.
Select "Check Files".
Check the boxes for folders and files to scan and click “Scan”.

Gallery - working with AVG

Step 1. Click the “Scan” button Step 2. If necessary, remove malware Step 3. Run a scan of suspicious folders Step 4. Mark suspicious folders for scanning Step 5. The smartphone will scan, then evaluate the results
Delete infected files and set up a daily device scan by timer.

Mobile Security and Antivirus (ESET)

Mobile Security from NOD32 protects the user when surfing the Internet and making online payments. Program functions:

protecting your device from virus threats;
filtering of unwanted SMS messages and calls;
application review and management;
scanning files;
anti-phishing.

After installation, the program prompts you to enable real-time protection, and then automatically scans your smartphone or tablet for viruses. You can pause the scan by going to the “Antivirus” section and clicking the corresponding button. In the same menu, scanning settings are available - “Deep”, “Intelligent” and “Fast”, as well as database updates and a list of quarantined files.

Gallery - working with ESET NOD32

In the free version, the user has three menu items available. The scanning process takes 2–5 minutes. Once the scanning is completed, you can set the settings for a new scan.

Anti-phishing is available to users who have purchased the Premium version. ESET embeds its components into the browser and blocks malicious sites that collect user personal information.

The Security Scan menu allows you to detect and eliminate device vulnerabilities for viruses. The antivirus also examines applications for the presence of rights that harm the security of the Android system. And if, for example, a weather widget requests access to SMS messages, ESET signals this.

Trust&Go Antivirus and Mobile Security

TrustGo developers pay special attention to the activity of suspicious applications. After installation from the Market, the program starts scanning and protection in real time. When installing an unsafe application, the program alerts the user about possible risks, and blocks particularly dangerous ones.

To check your gadget for viruses, open the main program window and click “Scan”. The program will scan, find dangerous files and offer to delete them or mark them as trusted. If you are not sure about the reliability of the application, it is better to select the “Delete” option.

The antivirus assigns security ratings to installed applications. You can view them in the Application Manager and, if necessary, remove risky programs.

Gallery - using the TrustGO program

Step 1. Install antivirus from the market Step 2. Click “Scan” Step 3. Remove the malware Step 4. Configure program settings for subsequent scans

Do not install two antiviruses at the same time - the protective components conflict with each other and reduce the degree of protection. If you want to make sure that the malicious application is destroyed, download and run several antiviruses one by one.

How to remove a virus from an Android phone by resetting the device

If all else fails, there is one more option left: resetting your phone to factory settings. When you reset the settings, the system will be reinstalled, therefore the viruses will be removed.

Attention! After this operation, all data, settings and applications will be deleted from the mobile device, and the phone will be returned to its original state to factory settings. You will again have to install the necessary applications, install updates, register for services, etc.

Follow these steps:

Enter “Settings”, open the “System” section.
Click on Advanced, select Reset.
The Reset window has three options:

Reset network settings - Reset network settings.
Reset settings - Reset application settings.
Reset settings—reset the device.

Click on "Reset settings".
In the “Erase all data (factory reset)” window that opens, read the information, and then click on the “Reset phone settings” button.

The device will reboot. The process of resetting your phone takes some time.

Make sure in advance that the battery on your phone has sufficient charge to complete this operation.

Types of viruses

The most important goal of any virus software is to cause financial harm to the owner of the device or obtain other material benefit. Moreover, they absorb Internet traffic in huge quantities. If you pay for a specific number of megabytes used, you may not like this situation. Absolutely all pirated programs “eat up” battery power at an insane speed.

All types of malware are divided into this type:

Banner advertising. It bothers the owner of a tablet computer with constant intrusive offers of unnecessary services. Completely covers the device screen and interferes with applications. It is simply impossible to listen to music without interruption. Advertising actively uses Internet traffic and blocks continuous playback of music content.
Trojans. They penetrate with third-party software as embedded code. They infiltrate the system and transfer confidential information about the cardholder to third parties. Capable of reading login and password from pages on social networks. Fortunately, they are very easy to get rid of with a simple antivirus program.
Extortionists. They completely stop the operation of the device and require the transfer of funds to the specified account. They work due to the effect of surprise and cause a feeling of panic. After transferring funds, the screen is unlocked in one case out of a hundred.
Spam. Works like automatic mailing. Constantly sends SMS messages from the owner’s number and charges a fee for this from the account. It can be eliminated by an antivirus program on its own.