Fix your phone from viruses. Using Antivirus on your computer

Fix your phone from viruses. Using Antivirus on your computer

09.07.2022
Internet

How to identify an infected device? Bitdefender has released a list of five signs that may indicate a malware infection.

Huge phone bills

Last year, a botnet created for the Android platform, called SpamSoldier, was discovered. Infection begins with receiving an advertising message offering to download a copy of a popular game, for example, Need for Speed or Angry Birds Space. Having been tempted, the user clicks on the link in the message, and the corresponding application is downloaded and installed on his device. BUT, in addition to the game, a hidden installation of a copy of SpamSoldier also occurs at the same time. The malware then sends fraudulent SMS messages from the infected device for widespread distribution. In this case, the user does not notice SpamSoldier activity for some time, since the program deletes copies of sent messages and intercepts SMS delivery notifications and possible replies to them. Only the increased costs of communication services allow us to suspect something is wrong.

"Not everyone is that greedy," warns Bitdefender. "They may sometimes send an SMS once a month to avoid suspicion, or they may remove themselves, leaving a serious hole in your budget."


Outrageous phone bills certainly indicate malware ah, so review all your accounts carefully.

Restricting access to data

Most malware doesn't want to just sit on your phone, it either wants to steal data from your phone or use your phone to transfer information somewhere else.

Luckily, Android has some built-in tools to help you manage your data. On the menu Settings click Data Usage(Use of data) In chapter Wireless & Networks ( Wireless connection) . Here you can see how much data each app is using, and you can set a data limit.

Battery charging consumption

One of the most difficult to notice signs, since most mobile users everywhere experience problems with charger. However, Bitdefender notes that "malware can make itself known because it drains batteries faster."

This is because the malware operates in background, causing the device to work with double energy.

Before you try to install a battery optimizing app, try to remember if you have recently downloaded any unusual app or received some suspicious messages. Or just do a quick virus scan.

Decreased performance

“Depending on the characteristics of the hardware devices, malware can cause serious performance issues (reading, writing, transferring data),” Bitdefender notes. Like a low battery, poor performance can be difficult to notice but can mean something is wrong.

A good way to check is to go to the settings menu. Here, next to the running application, the amount of used random access memory. Here you can check the amount of available RAM.

If your device is slowing down simply because you have too many apps, widgets, and live screensavers, then it's probably not malware.

Missed calls

By their nature, malware affects other functions of the phone. Missed calls or strange glitches during calls may also indicate the presence of malware.

Of course, many other factors can lead to problems with calls. Your location, carrier issues, and even the weather can affect calls mobile phone. Your task is to narrow the circle possible reasons problems.

What to do next?

If you have ruled out all possible options for the problem, but it remains, then you should scan your phone. Many mobile antivirus scan programs as soon as they are downloaded, potentially preventing malware from being placed on the device. Reviews of the services from which you download applications can tell you whether the application is safe or not to install.

You can also prevent malware from being introduced by avoiding strange connections, unwanted messages Email with attachments, SMS and spam.

Leave your comment!

Advertising viruses on Android are a common phenomenon, which is often associated with the user’s carelessness and lack of awareness in terms of installing third-party applications. As a result, they see huge banners on their screens and sometimes even threats in the style of “send an SMS to such and such a number or your phone will be blocked.” How to remove ads on Android - read on Trashbox.

Problem Definition

First of all, you need to find out what exactly you are dealing with. If advertisements start appearing on top of all applications on your device, it means that an adware trojan has penetrated your Android. They come in different types:
  1. Common adware viruses that are installed with malicious applications.
  2. Advertising viruses that install like system applications.
  3. Trojans that are built into the firmware.



The first ones can be removed using standard means operating system Android, that is, go to the settings, find the malware and remove it from the device. Viruses of the second and third types can only be removed by obtaining root rights and special programs, or simply by flashing the gadget.

We remove the simplest viruses on Android

First, remember what you installed on your smartphone or tablet in anticipation of the ad appearing. Determine the range of these programs. The AirPush Detector program can help with this. It scans all applications for displaying advertising banners.

If advertising and overlapping messages do not allow you to work normally with your smartphone, then it doesn’t matter. In this case you need reboot in Safe Android mode . To boot into Safe Mode on Android, you need to:
Safe mode on Android is a state where you can use the system without all third-party applications. That is, the same ones advertising banners and messages are not shown in it.

Go to Settings → Security → Device Administrators. All programs that have administrator rights are shown here. If there are any suspicious malware present there, then remove the rights from them.


After that, go to Settings → Applications. We look for all potential malware there and remove it. After that we reboot again, but in normal mode. Everything should be fine, but if not, read the instructions below.

Full reset

If you want to be completely sure that the virus has been removed, then reset your device to factory settings ( hard reset).


There are two ways to trigger a reset:
Through settings:
  1. Go to Settings → Backup and reset.
  2. There, find the “Reset settings” item. Select it.
  3. Click the Reset Phone button.
Buttons on the body: Android device manufacturers use different combinations to full reset. On most smartphones and tablets, this is holding down the Volume Down button and the Power button. You can find out about a similar combination for your device on the Internet.

How to remove system viruses on Android

Many viruses on Android receive administrator rights, root and are deeply embedded in the firmware. You can fight them in different ways.

Method one - flashing
The most reliable and easiest way to get rid of a virus that has taken root in the system is to reflash your smartphone. To avoid losing all your data, you can back up your apps using Titanium Backup, but you need root access to do this. Backups should be saved to an SD card, if available. To do this, you need the Pro version of the Titanium Backup application.

Transfer backup copies Titanium Backup to SD card - left to right


The firmware for your device can be found on various resources. It could be CyanogenMod, official firmware or some modification. To find the firmware for your gadget, just use a search engine.

Method two - getting root and deleting manually
Advanced users can remove a virus from Android in a more complex but reliable way. It consists of obtaining root rights on the device and manually removing all virus data. There are a great many ways to obtain root rights. The easiest one is to do it using a computer via KingoRoot.


After receiving root on Android, you need to install applications such as Root Explorer and Titanium Backup:

WITH using Root Explorer you can check all system Android folders for the presence of suspicious APK files and directories with viruses. No matter what rights the Trojan has, Root Explorer will be able to remove it. Mostly virus APKs and folders are located in /system/app/ or /system/xbin/ directory.

Titanium Backup can remove almost all applications, so it can be used to remove an infected program.

Install antivirus on Android

An antivirus or a simple malware scanner will not only help cure an already infected Android, but will also prevent this from happening in the future.


The editors of Trashbox can recommend the following antiviruses for Android:

All these programs can find malware and destroy it.

Let's start with the “fresh” thing - Triad today can be considered the newest and “bulletproof” virus for smartphones. It was discovered only in March 2017.

It is unique in its proximity to classic viruses, and not ransomware Trojans, as is usually the case on Android. You still need to manage to pick it up from “unverified sources,” but then a much fun “action movie” begins:

Triada is a virus that not only misbehaves in the system, but wedges itself into its vital areas

  1. Triada turns on after you install and give permissions to your favorite music downloader from VKontakte, for example. Afterwards, the program quietly finds out your smartphone model, firmware and Android version, amount of free space on storage devices and a list of installed applications. AND sends this information on the Internet, to your servers. There are a huge number of these servers, they are scattered in different countries, that is, it will not even be possible to come and organize a “mask show” at the location of the server with the malware.
  2. In response to Triada receives instructions(really, an individual approach to the patient!), how best to hide yourself specifically in this version of Android and this smartphone, is embedded in each (!) of the installed applications and takes control of system components to hide yourself in the list of installed applications and running processes. After this, the part of the virus standing alone in the system “covers up” its tracks - it no longer works as separate application, but coordinates its actions with the help of pieces of the infected system.
  3. Done, the system is conquered! From this moment on, the smartphone turns into a “puppet” to which attackers give commands at a distance and receive information on any of the available servers. Now Triada operates in a primitive way - it finds out the details of your bank card, withdraws money from it, takes out incoming SMS codes needed for payment, “draws” false numbers about the balance to the owner.

But with the ability to “gut” any installed application or install a new one at a distance - these are just “flowers” ​​- the peculiarity of the “Triad” is that it is a modular virus, you can attach the most different types remote tricks.

As you can see, viruses for Android are not only primitive “your phone is blocked, you’re charged a hundred bucks”, which you can get rid of by deleting the application. And, if new versions of Android at least make it more difficult to access getting root and you can see something suspicious at the stage of requesting rights by the application, then older versions (Android 4.4, 4.3 and older) are absolutely defenseless against a new infection - only a complete flashing will save you.

Marcher

The so-called “banking malware” was developed back in 2013, but its “finest hour” came only in the summer of 2016. Famous for good camouflage and “internationalism,” so to speak.

Marcher is a simple Trojan that does not do anything supernatural, but simply replaces the service pages of a huge number of banks using pop-up windows. The mechanism is as follows:

  • Trojan penetrates the system along with the infected application. The peak of Marcher's popularity came with the "freshly stolen" versions of Super Mario Run from Nintendo. If you don’t remember, this is such a super-promoted “runner” from the creators of Pokemon GO!
  • Searches for banking applications on your smartphone and online shopping applications selects “blanks” in accordance with which bank you use.
  • Sends a “bait” to your smartphone- a message in the notification shade with a bank/store icon and a message in the style of “N rubles have been credited to your account”/“75% discount coupon for any product today only!”
  • Owner smartphone clicks on the notification. After which the Trojan opens exact copy , a 1-in-1 page similar to the one you are used to seeing in the official application. And it says something like “the connection to the network has been interrupted, please re-enter your bank card details.”
  • Owner smartphone enters bank card details. There's a lot of money here!

“Dude, I somehow forgot your card number. Don't you remind me?

In this simple way, the Trojan faked the process of buying airline tickets, purchasing goods in online stores and software on Google Play, and the operation of banking applications. Users caught in the distribution bank cards in Germany, France, Poland, Turkey, USA, Australia, Spain, Austria and the UK. Initially, the virus was “sharpened” for Android 6.x; there were significantly fewer smartphones running other versions.

Loki

Not even just one, but a whole cascade of “chameleon” Trojans, not as criminally severe as Triada, but just as painful for the operating system. Antivirus specialists paid attention to the malware at the beginning of 2016, and the malware began to penetrate en masse into people’s smartphones already in December 2016.

Loki is such an organized robbery by prior conspiracy in your smartphone

The malware acts so quickly and smoothly that you want to give them a standing ovation. Just look at this “multi-move”:

  • The first Trojan enters the system with a safe application and starts with it. After this, it immediately “requests reinforcements,” that is, it downloads the second Trojan from its sources and installs it with a pack of tools to obtain root rights. It monitors the system, waits for the smartphone user to turn off the display, and in this mode extracts root. Then he launches his “colleague”.
  • Second Trojan intercepts root rights, gains access to the /system partition (“factory” firmware files, which are saved even after resetting the settings), unpacks a couple more Trojans and shoves them into “fireproof” system partitions.
  • Third Trojan comes to life in this very section /system, in which it replaces the part of the system responsible for loading and removes the standard “gibles” of Android. If by some miracle the owner removes all previous viruses and gets to the third Loki, with its removal the smartphone firmware will “die.”
  • At that time fourth of the Trojan cascade operates from a protected system folder, from where it downloads another pack of viruses, “twists” advertisements, or simply increases the counters of application downloads/website visits on an infected smartphone. Blocks the downloading and installation of antiviruses, improves its protection.

It is impossible to “uproot” the traces of this violent activity from the smartphone’s brain, so an infection can be “cured” using Loki only by completely reflashing it with the loss of all data.

Faketoken

If previous Trojans deliberately act on the sly so that the smartphone user does not realize about the infection until the last moment, then Faketoken is simple and straightforward in its approach, like an experienced gopnik - it demands to be given the rights to any actions with the smartphone, and if the owner refuses, the algorithm comes into play “Listen, why don’t you understand? Then I’ll repeat it!”

  1. First, the user is forced to give administrator rights to the virus
  • Install you mean application with the usual label from some site vasyapupkinsuperwarez.net. You launch it, and after that they begin to “torture” you.
  • The Trojan opens a system window asking for administrator rights. In the best democratic traditions, the owner of a smartphone has two options - to allow the Trojan to access the system, or not to allow it. But in case of failure, Faketoken will open again request window system rights , and will do this constantly until the smartphone user capitulates.
  • After this, using the same thermorectal cryptanalysis method, the Trojan obtains rights to display pop-ups and replacing myself standard application to send SMS.
  • After success in the Trojan conquests contacts its command and control server on the Internet and downloads from there template phrases in 77 languages, which he will then use to blackmail the mobile phone user.
  • Then, using prepared phrases, Faketoken begins to mess with the system full screen messages in the style of “confirm the name and password of your Gmail account” and “we now have to link a card in Google Play, enter the required data.” Until the bitter end, of course.
  • The Trojan frolics in the system, sends and receives SMS, makes calls, downloads applications. And finally, it locks the screen, encrypts all files in internal memory and microSD and demands "ransom".

Godless

The Godless Trojan is impressive not even for its, so to speak, functionality, but for its camouflage - for a long time its presence in applications was not recognized even by the vaunted anti-virus scanning system on Google Play. The result is a little predictable - the malware infected over 850 thousand smartphones around the world, and almost half of them belong to residents of India, which seems to hint at the origin of the Trojan.

If you download a flashlight from Google Play, you get an undeletable virus with encryption and root rights

The functionality of the Trojan is slightly different from its many colleagues in 2016; only the “beginning” is new:

  • Smartphone user downloads application from Google Play, turns it on, as a result of which the Trojan is launched along with the application. Just don’t think anything bad about the Google check, because there is no malicious code in this “kit” - the Trojan downloads the malicious code when it is first launched.
  • To begin with Godless mines on a smartphone root rights, free without SMS. Using approximately the same set of tools as in your Towelroot, for example. The Trojan carries out such operations when the screen is turned off.
  • After this, the arrogant Trojan sends itself to the /system folder (from where it can no longer be deleted without flashing) and encrypts itself using an AES key.
  • WITH complete set Godless access rights starts little by little steal personal data users from a smartphone and install third party applications. In its initial versions, the Trojan, by the way, hid the standard Google Play from the user’s eyes and replaced it with a “parody” through which it stole the name and password from the account.

Among the applications that Godless was most often “attached” to were numerous “flashlights” and clones of famous Android games. viruses. worms , Trojans , adware(intrusive advertising) and "horror stories", but almost no one cares about such subtleties. They say that viruses are viruses.

The differences between the “grades of joy” are as follows:

  • Virus is a malicious program that sneaks onto your computer unnoticed due to system vulnerabilities. And, most importantly, it does not engage in sabotage on its own, but infects other files in the system. In the case of Android, such malware would have to penetrate after a banal click on an advertisement or visit a website, and then “rewrite” Gmail, VKontakte and other applications for itself in such a way that after the removal of the original virus, the infected applications would continue to do their dirty deed.
  • Worm- does a bad job and harshly, mercilessly, with all possibilities, distributes himself through all communication channels. On computers, worms sent themselves via e-mail, instant messengers, local network, flash drives - that is, they cloned themselves in the most shameless way.
  • Trojan never knocks on the system from the outside - you install and launch the malicious program yourself. This happens because Trojans replace ordinary, familiar and well-known applications, and sometimes they are simply “sewn” onto completely functional programs. That is, you buy and download a useful program and receive a malicious one as a gift!
  • "Scary stories" (scareware)- applications that cause panic: “Oh God, your entire smartphone is full of viruses and applications for wiretapping by intelligence agencies around the world! Download our antivirus and find out the whole truth!” You download, run, conduct a so-called scan, after which the program says: “There are a terrifying number of viruses in the system! Your phone will die if you don’t remove the viruses, but to do this you must enter your bank card details here and here.” This beauty is often ignored by all antiviruses, because it does not hack or steal anything from the system - it simply deceives the buyer and asks for money.

Good time!

Many viruses on the phone are insidious because for the time being they do not manifest themselves in any way: until suddenly you discover that the funds on your mobile have disappeared somewhere. This is where doubts creep in, whether Android has caught some kind of virus...

In general, the most common signs of Android infection are:

  • pop up banners, intrusive adware(where it has never been before);
  • loss of money from the phone balance;
  • frequent device freezes and reboots;
  • spontaneous installation and updating of applications;
  • inability to visit some sites, etc.

I should note that currently the number of viruses for Android devices is growing at some rate (apparently due to the fact that it is easier to “profit from” something from a phone than from a PC).

In general, in this article I want to look at several simple and effective options for removing viruses from Android devices (phone, tablet). I will also give the most common tricks and tricks of virus writers, and the main protective measures to counter them.

I hope the information will help you get your device back into working order and save money. Now, closer to the point...

If the menu opens and you can install applications

Using antivirus on Android

Perhaps this is the most obvious and quick way(will help against most viruses).

The algorithm of actions is approximately the following:


Unfortunately, some viruses cannot be removed in this way (they can actively block some functions of the security software and interfere with cleaning).

Addition!

Some viruses block access to Google Play Market. In this case, to download the antivirus, use its analogues:

Using Antivirus on your computer

Some Android phones can be connected to a computer like USB drive(note: if it is a USB drive, it means that it can be scanned for viruses, like an ordinary disk!).

Algorithm:


If some menus and settings do not open

A more problematic option. Often, some user data is lost. I recommend that before resetting the phone, try loading it into safe mode(very similar to safe Windows mode: also only the most required applications, without which the norms cannot be implemented. telephone operation).

Removing via Safe Mode

A lot of virus software works fine in normal phone mode, but absolutely cannot in safe mode (for example, various banners, pop-up and flashing messages, browser add-ons, etc. “garbage”).

To enter safe mode:

  1. press and hold the power button so that the service menu appears asking you to turn off/restart the phone;
  2. next item "shutdown" (not to be confused with the physical button on the side of the phone) press and hold for 2-5 seconds;
  3. A window should appear asking you to switch to safe mode - just click OK. See example below.

Note: to exit safe mode, simply restart your device.

In safe mode, you can also go to Google Play Market, download an antivirus and scan your phone with it (moreover, since the phone started with minimum set Software - then most likely, no pop-ups and banners will bother you!).

An example in the screenshot below. Please note that when you boot your phone in safe mode, you will see a notification about this at the bottom of the window (some applications will be unavailable (gray icons)).

Resetting the phone (Hard Reset)

This method should help even in the most difficult situations. Please note that after the reset, all your previous data and settings will be deleted (along with viruses), i.e. the phone will return to the initial state(as it was new when purchased).

How to reset:

Addition!

Detailed instructions for resetting Android settings to factory presets (the article will help you delete all data from your phone and tablet (including viruses)) -

Prevention measures (how to avoid infecting your phone in the future)

In most cases, phone infection occurs due to the user’s carelessness or carelessness. Many people, visiting various entertainment sites (torrents, sites for making money, collections of games, etc.), do not pay attention to some messages, and easily “fall” for scammers. Below I will give a few typical examples.

Let's say you are looking for a file and want to download it (in general, an ordinary situation). You come across a forum where the first message contains a link to a file, and then 10-15 people. actively thank the author of the topic. In 99% of cases, this is a scam, after downloading and running the file: you will either send a paid SMS (you will get a subscription) or catch some kind of virus.

Also be very careful when installing games. During installation, Android, by the way, always shows what permissions are required for a particular application. Please note that the fake game (most likely it is infected with some kind of “good”) requires permission to send SMS (of course, after permission to install it, you will lose part of your mobile balance).

By the way, even if you yourself do not visit various “gray” sites, it may happen that scammers will send you an ill-fated SMS to your phone. Most often, this can be associated with the most popular sites: VK, OK, Avito, etc. (after all, many have a profile there, and it’s quite easy to interest an inexperienced person).

According to statistics, 2-5 people will click on the message below. out of 100!

Another extremely popular way infections are various offers to check the device for viruses, or speed up its performance (some promise as much as 2-3 times!). Naturally, these are all fake messages.

If you want to check your device for viruses, go to the Play Market, download an antivirus from a reputable manufacturer, and check your phone with it (rather than agree to various “good” offers).

  1. try to install applications only from (and preferably only well-known developers);
  2. don't get it root rights (if the virus gets to them, it will be much more difficult to remove it);
  3. install one of these on your phone (and check the device regularly);
  4. do not follow suspicious links, do not agree to various “anti-virus” checks on little-known sites, etc. (I discussed some of the “tricks” above);
  5. install protection on your phone or other devices from “foreign” hands;
  6. do not connect control bank account via SMS, auto-replenishment (for example, if a virus starts sending paid SMS, then bank auto-payment will “help” it empty your account).

In general, I personally would give one more piece of advice: for work, get yourself a simple and very ordinary phone; for entertainment - use Android with dozens of applications. In my opinion, such a measure will seriously protect your funds and nerves.

That's all. Additions on the topic are welcome!

Protects our gadgets from malware special program from Google. But it has small loopholes and infections of phones with the Android operating system are rare, but they do happen. Viruses almost always enter the system along with low-quality applications. There are several types of malware. Each of them will have to be dealt with differently. In this article you will find the most simple ways remove viruses from your phone.

How to remove adware from Android

This type of malware is the most harmless. His task is to sell a product, not to damage the system. There are several ways to solve this problem.

  • Most often, an ad virus gets into the phone along with games. If you don't want to delete interesting application, just block annoying ads. To do this, turn on airplane mode on your phone. Access to the Internet will be blocked, and without access to the network, advertising will not appear.
  • Scan your phone with antivirus. The most popular is Dr. Web. You can download it at Google play. It will easily detect and neutralize any advertising virus.


How to remove Trajan virus from Android

There are many types of “Trajan”. Some send SMS to paid numbers, others steal passwords or bank card numbers. Most often, the virus disguises itself as another, completely harmless application. To remove it, follow the following algorithm:

  • download a high-quality one to your device antivirus program, for example, Lookout;
  • scan your phone;
  • remove all suspicious applications that the antivirus detects.


How to remove a virus banner from Android

This type of malware completely blocks the phone from working. The virus demands a large sum of money to remove the banner. But it won't be difficult to get rid of it:

  • get a SIM card as soon as possible before money is withdrawn from your balance;
  • charge the switched off phone to 100%;
  • turn on the device;
  • as quickly as possible, before the virus banner appears, go to the settings;
  • find “For Developers”;
  • enable “USB Debugging”;
  • select the debug field containing the malicious banner;
  • remove the infected application;
  • return your phone settings to factory settings.

Thus, it is easy to eliminate the virus from any device on Android based. To prevent the appearance of malware in the future, install only popular applications and periodically scan your gadget using an antivirus.

Articles on the topic
More articles from this section
Recovering damaged NTFS partitions Recovering damaged NTFS partitions
How to transfer a system from SSD to HDD without reinstalling How to copy a system to ssd How to transfer a system from SSD to HDD without reinstalling How to copy a system to ssd
PE Builder - creating bootable WinPE media PE Builder - creating bootable WinPE media
Recovering virtual machine files Recovering a virtual machine with Hetman Partition Recovery Recovering virtual machine files Recovering a virtual machine with Hetman Partition Recovery
How to transfer the boot sector? How to transfer the boot sector?
VHD recovery v3.02. Restoring individual files from a system image To export a virtual machine VHD recovery v3.02. Restoring individual files from a system image To export a virtual machine

© 2023 hecc.ru - Computer technology news