Why did your mobile phone suddenly start behaving differently than usual, or even “healed” with its “life”? Perhaps because a malicious program has settled in it. Today, the number of viruses and trojans for Android is growing exponentially. Why? Yes, because the cunning virus writers know that smartphones and tablets are increasingly being used by our fellow citizens as electronic wallets, and they are doing everything to move funds from the owners' accounts into their pockets. Let's talk about how to understand that a mobile device has picked up an infection, how to remove a virus from Android and protect yourself from re-infection.
Not all of these symptoms are 100% indicative of a virus, but each is a reason to immediately scan your device for infection.
If the gadget has kept working, the easiest way to remove the virus is with the antivirus installed on Android. Run a full scan of the phone's flash memory, if a malicious object is found, select the "Delete" option, saving the neutralized copy in quarantine (in case the antivirus mistook something safe for a virus).
Unfortunately, this method helps in about 30-40% of cases, since most malicious objects actively resist their removal. But there is control over them too. Next, we will look at options for when:
If you can't clean your phone or tablet normally, try using the safe mode. The bulk of malicious programs (not only mobile ones) do not show any activity in safe mode and do not prevent destruction.
To boot the device into safe mode, press the on/off button, put your finger on "Power off" and hold it until the message "Entering safe mode" appears. After that click OK.
If you have an old version of Android - 4.0 and below, turn off the gadget in the usual way and turn it on again. When the Android logo appears on the screen, press the Volume Up and Volume Down keys at the same time. Hold them until the machine boots up completely.
While in safe mode, scan your device with an antivirus. If there is no antivirus or it does not start for some reason, install (or reinstall) it from Google Play.
In this way, advertising viruses such as Android.Gmobi 1 and Android.Gmobi.3 (according to Dr. Web classification) are successfully removed, which download various programs to the phone (in order to increase the rating), and also display banners and ads on the desktop.
If you have superuser (root) rights and you know exactly what caused the problem, launch a file manager (for example, Root explorer), go to the location of this file and delete it. Most often, mobile viruses and trojans place their bodies (executable files with the .apk extension) in the system/app directory.
To switch to normal mode, simply reboot the device.
Removing viruses on the phone through a computer helps out when the mobile antivirus does not cope with its task even in safe mode or the device functions are partially blocked.
It is also possible to remove a virus from a tablet and phone using a computer in two ways:
To scan files on your mobile device with an antivirus installed on your computer, connect your phone or tablet to the PC with a USB cable, selecting the "Like a USB drive" method.
Then turn on USB.
After that, 2 additional “disks” will appear in the “Computer” folder on the PC - the internal memory of the phone and the SD card. To start a scan, open the context menu of each drive and click "Check for viruses".
Android Commander is a program for exchanging files between a mobile android gadget and a PC. Running on a computer, it provides the owner with access to the memory of a tablet or phone, allows you to copy, move and delete any data.
For full access to all the contents of the android gadget, you must first obtain root rights and enable USB debugging. The latter is activated through the service application "Settings" - "System" - "Developer Options".
Next, connect the gadget to the PC as a USB drive and run Android Commander with administrator rights. In it, unlike Windows Explorer, protected system files and directories of the Android OS are displayed - just like, for example, in Root Explorer - a file manager for root users.
The right half of the Android Commander window shows the directories of the mobile device. Find the executable file of the application (with the .apk extension) that is causing the problem in them and delete it. Alternatively, copy suspicious folders from your phone to your computer and scan each of them with an antivirus.
If the above operations did not lead to anything, the malware still makes itself felt, and also if the operating system has ceased to function normally after cleaning, you will have to resort to one of the radical measures:
Any of these methods will bring the device to a state as after purchase - there will be no user programs, personal settings, files and other information (data about SMS, calls, etc.) on it. Your Google account will also be deleted. Therefore, if possible, transfer the phone book to the SIM card and copy paid applications and other valuable items to external media. It is advisable to do this manually - without using special programs, so as not to accidentally copy the virus. After that, proceed to the "treatment".
This option is the easiest. It can be used when the functions of the operating system and the device itself are not blocked.
Go to the Settings app, open the Personal - Backup section and select Factory Reset.
A “hard” reset will help deal with malware if it is not removed by any of the above methods or has blocked the login. To our delight, access to the Recovery menu (system restore) is preserved.
Logging into Recovery on different phones and tablets is carried out in its own way. On some, you need to hold down the “Volume +” key when turning it on, on others - “Volume -“, on others - press a special recessed button, etc. The exact information is contained in the instructions for the device.
In the Recovery menu, select the option "wipe data / factory reset" or simply "factory reset".
flashingFlashing is essentially a reinstallation of the Android OS, the same last resort as reinstalling Windows on a computer. It is resorted to in exceptional cases, for example, when a certain Chinese virus is embedded directly into the firmware and lives on the device from the moment it was “born”. One such malware is the android spy 128 origin spyware.
To flash a phone or tablet, you will need root rights, a distribution kit (the firmware itself), an installation program, a computer with a USB cable, or an SD card. Remember that each gadget model has its own, individual firmware versions. They usually come with installation instructions.
