How to set up smartphones and PCs. Informational portal
  • home
  • Windows 7, XP
  • How to clean your browser from viruses on Android. Ransomware - Interior Ministry banners, battery damage

How to clean your browser from viruses on Android. Ransomware - Interior Ministry banners, battery damage

12.07.2019 Windows 7, XP

The problem of the security of mobile devices is one of the most urgent today. There are many questions about the protection of personal data on your phone. Not everyone can find the answer to them. Most of the malicious programs are advertisements and banners, but even among them there are extremely unpleasant viruses, the purpose of which is to siphon money from a mobile account, make purchases and transfers from your bank card linked to your account, and copy your personal information: contacts , photo, video, SMS - messages. So how do you remove a virus from your phone? First, let's figure out how to understand that the device is infected:

  1. Advertising banners appear. This is an adware virus. Announcements, notifications come to the desktop, in the browser, even when you are not online.
  2. The smartphone itself downloads and installs applications.
  3. Materials on the map or in the internal storage are not available: damaged or deleted.
  4. Some applications do not work correctly, "crash", spontaneously close.
  5. The phone overheats and runs out of battery quickly.
  6. There were SMS-mailings to unfamiliar numbers, advertising. This is an SMS virus that is dangerous due to a possible leak of personal data.

The article describes tips on how to properly remove a virus from Android and more. Let's look at several options.

Antivirus check

Scanning a smartphone via a computer

It's no secret that viruses infecting the PC operating system are much more diverse and more dangerous than their "younger brothers" on Android. Consider the same Petya virus that infected corporate computers around the world and inflicted massive damage on asset management companies. It is because of such moments that antiviruses that protect your PC are much more powerful and productive. To check your mobile device using PC antivirus, in the "Settings" menu, check the box next to the "USB debugging" item. Then connect the smartphone to the computer via USB - cable and scan the PC with an antivirus. Despite the fact that mobile viruses have a different program code, the defender on the computer can easily cope with it.

Removing a virus manually

This removal option implies tracking malware through the manager of running applications to identify the infected file. First you need to go to the "Settings" menu and open the "Application Manager". After that, find the "Running Applications" tab and see which ones are currently running.

Be careful! When using this method, it is possible to close "healthy" system programs, which can lead to incorrect operation of the mobile OS. After you have found an unknown program, find the root folder with the infected .apk file and delete it. After all these operations, reboot the device.

Removing a virus from an Android phone in safe mode

Sometimes the program blocks the system functions of the device and the malicious file is not deleted. Then you need to go to safe mode, in which only system applications are launched. For this:

  • hold down the power key of your smartphone until a window appears asking you to turn off the device;
  • press with a long tap on the "Disable" option. The Go to Safe Mode icon will appear;
  • wait for the phone to reboot;
  • remove applications and files that you could not remove before.

The possibility that the activity of the remote malware will resume is minimal.

Rollback to factory settings

Unless it can be removed by other means, this virus removal method is the most recent and most radical. When you use a rollback to factory settings, all information stored on your smartphone will be destroyed, and the phone will return to its original form in which you purchased it. In order to save all the information, we recommend copying it either to the cloud storage or to your PC. This type of struggle is the simplest and most effective, and also suitable for "beginners".

How not to get infected?

It is impossible to protect one hundred percent from infected files, but you can significantly protect yourself from the possible risk. To do this, you should follow a few rules:

Viruses on a smartphone are removed quite easily and quickly, but it is still better to avoid such situations and adhere to the security rules listed above.

Today OS Android is positioned as one of the most popular operating systems - more than 70% of devices around the world are running it.

The reason is its availability: the manufacturer uses open source code for "sharpening" for numerous gadgets and makes it possible to independently change the appearance of the shell, flash a smartphone, get it, and so on.

This desire for personalization was ultimately taken over by attackers, and as a result, a huge amount of malware was born that infiltrates open source and transfers the reins of control of the device into the wrong hands.

How do you get a virus?

Android is considered a fairly secure operating system. It's not for nothing that smart people came up with Google Play - most of all software is filtered for viruses, which protects the user from unauthorized introduction. By removing the ban on installation from unknown sources, you can open access to the device system to dubious applications with your own hands.

Basically, most malware enters the system by downloading software from third-party file hosting services, for example, when the owner of a smartphone tries to purchase a paid application or program that is not available on Google Play for free. You can also "catch" a virus when you enter a phone number on various sites: this will lead you to the cybercriminals' database, after which messages with strange links will begin to arrive on your phone, after which the malware will automatically download to the device and harm its owner.

What viruses are there?

Classic Trojans... As old as the world, but still functioning successfully. Their main purpose is to steal the user's personal data: contacts, personal correspondence, logins / passwords from sites and bank card numbers. You can earn such an attack both through a dubious application, and by clicking on a short link from SMS messages familiar to everyone like “You have received a photo, look here”.

Recently, such viruses are increasingly tuned in to hack applications like Mobile Banking, since this is how attackers can transfer all the victim's money to their account.

Viruses that make it possible to get root-rights... At the moment when the smartphone is infected with this virus, the attackers gain administration rights. From this moment, they have access to any remote actions with the device: sending SMS on behalf of the user, making calls, controlling the operation of the device, installing software, all access codes, passwords, and so on.

Sending paid SMS messages... At one time they were very popular on file hosting sites containing free applications. As soon as the owner of the device downloads the program, messages are automatically sent from his number to paid short numbers. Or, as an option, subscriptions are automatically issued to some non-existent content, for the alleged use of which the owner of the device pays from 20 to 60 rubles. daily.

As a rule, while the reason for the rapid loss of funds is established, the user will have time to lose a decent amount.

"Eavesdropping viruses"... This kind of software is designed to record all the user's telephone conversations, some subspecies are configured to selectively catch important information from these conversations: phone numbers, bank accounts and credit cards, logins, passwords and other confidential information.

Application ad modules... Probably, everyone has noticed, while working with some applications, an intrusive advertising banner that suddenly pops up in the middle of the screen. In some cases, when clicking on it, the creator receives a certain amount from the user's account. For the most part, such a promotion is one-time and does not entail regular loss of funds, although sometimes the owner of a smartphone receives a package of parallel viruses.

How to avoid catching a virus?

To protect against a variety of malicious software, owners of Android smartphones should refuse to install software from unverified sources, use antivirus software, and just be prudent on a regular basis.

Let's start with "fresh" - the Triad today can be considered the newest and most "bulletproof" virus for smartphones. He was discovered only in March 2017.

It is unique in its proximity to classic viruses, and not to ransomware Trojans, as is usually the case on Android. You still need to manage to pick it up from "unverified sources", but then a much hilarious "action movie" begins:

Triada is a virus that does not just hooligan in the system, but wedges into its vital areas

  1. Triada turns on after you install and give permissions to your favorite music download from VKontakte, for example. After that, the program secretly finds out the model of your smartphone, the firmware and Android version, the amount of free space on the drives and the list of installed applications. AND sends this information on the internet to their servers. There are a huge number of these servers, they are scattered in different countries, that is, it will not even work to come and arrange a "mask show" at the location of the server with the malware.
  2. In response to Triada receives instructions(actually, an individual approach to the patient!), how best to hide yourself specifically in this version of Android and this smartphone, is embedded in each (!) of the installed applications and takes control of system components to hide yourself in the list of installed applications and running processes. After that, a separate part of the virus in the system "covers up" its tracks - it no longer works as a separate application, but coordinates its actions with the help of pieces of the infected system.
  3. Done, the system is conquered! From this moment, the smartphone turns into a "puppet", which the attackers give commands from a distance and receive information on any of the available servers. Now Triada acts primitively - it finds out the details of your bank card, withdraws money from it, gets the codes necessary for payment from the incoming SMS, "draws" false numbers about the balance to the owner.

But with the ability to "gut" any installed application or install a new one at a distance, these are just "flowers" - the peculiarity of the "Triad" is that it is a modular virus, it will be possible to screw on a variety of types of remote tricks.

As you can see, viruses for Android are not only primitive "your phone is locked, you have a hundred bucks" that you can get rid of by uninstalling the application. And, if in new versions of Android at least access to getting root is complicated and you can see something suspicious at the stage of requesting rights by the application, then old versions (Android 4.4, 4.3 and older) are absolutely defenseless against a new infection - only a complete flashing will save.

Marcher

The so-called "banking malware" was developed back in 2013, but its "finest hour" came only in the summer of 2016. Famous for good disguise and "internationalism", so to speak.

Marcher is a simple Trojan that does nothing supernatural, but simply replaces the service pages of a huge number of banks using pop-up windows. The mechanism is as follows:

  • Trojan enters the system along with the infected application. The peak in popularity of Marcher fell on the "freshly stolen" versions of Super Mario Run from Nintendo. If you don't remember, this is such a super-hyped "runner" from the creators of Pokemon GO!
  • Searches for banking applications on a smartphone and online store applications selects "templates" in accordance with which bank you use.
  • Sends a "decoy" to a smartphone- a message in the notification curtain with a bank / store icon and a message in the style of “N rubles have been received on your account” / “75% discount coupon for any product just today!”.
  • Owner smartphone clicks on the notification. Then the Trojan opens an exact copy, a 1-in-1 page similar to the one you are used to seeing in the official app. And he says something in the style of "the connection to the network is interrupted, please re-enter the bank card details."
  • Owner smartphone enters bank card details. Here denyuzhki bye-bye!

“My friend, I have forgotten your card number. Can you remind me? "

In such a simple way, the Trojan forged the process of buying air tickets, purchasing goods in online stores and software on Google Play, and the operation of banking applications. The distribution covered users of bank cards in Germany, France, Poland, Turkey, USA, Australia, Spain, Austria and Great Britain. Initially, the virus was "sharpened" under Android 6.x; smartphones under the control of other versions turned out to be much smaller.

Loki

Not even a loner, but a whole cascade of "chameleon" Trojans, not as harsh as Triada, but equally painful for the operating system. Antivirus specialists drew attention to malware in early 2016, and malware began to penetrate into smartphones en masse as early as December 2016.

Loki is such an organized robbery in your smartphone

The malware acts so quickly and smoothly that one wants to give them a standing ovation. Just take a look at this "multi-pass":

  • First Trojan enters the system with a safe application and starts with it. After that, it immediately "requests reinforcement", that is, it downloads a second Trojan from its sources and installs it with a bunch of tools to obtain root rights. Monitors the system, waits for the smartphone user to turn off the display, and in this mode extracts root. Then it launches its "colleague".
  • Second Trojan intercepts root rights, gains access to the / system partition ("factory" firmware files, which are saved even after resetting the settings), unpacks a couple more Trojans from itself and shoves them into "non-combustible" system partitions.
  • Third Trojan comes to life in this very section / system, in which it replaces the part of the system responsible for loading, and removes the standard Android "guts". If by some miracle the owner removes all previous viruses and gets to the third Loki, the smartphone's firmware will "die" with its removal.
  • At that time the fourth of the Trojan cascade acts from a protected system folder, from where it downloads another pack of viruses, "spins" advertisements, or is simply engaged in cheating application download / site visit counters on an infected smartphone. Blocks the download and installation of antiviruses, improves its protection.

It is impossible to "root out" the traces of this violent activity from the brains of a smartphone, therefore, infection with the help of Loki is "cured" only by a complete flashing with the loss of all data.

Faketoken

If the previous Trojans deliberately act on the sly so that the smartphone user does not know about the infection until the last moment, then Faketoken in its approach is simple and straightforward, like an experienced gopnik - it demands to grant him the right to any actions with the smartphone, and if the owner refuses, the algorithm comes into play “Hey, you don’t understand what? Then I will repeat! "

  1. First, the user is forced to give administrator rights to the virus
  • Install you mean Appendix with the usual shortcut from some site vasyapupkinsuperwarez.net. Launch, and after that they start to "torture" you.
  • The Trojan opens a system window asking for administrator rights. In the best democratic traditions, the smartphone owner has two options - to allow the Trojan to access the system, or not. But in case of failure, Faketoken will reopen window asking for system rights, and will do this constantly, until the smartphone user surrenders.
  • After that, using the same thermorectal cryptanalysis method, the Trojan extracts itself pop-up display rights and a replacement for the standard application for sending SMS.
  • After the success in the conquest of the Trojans communicates with its C&C server on the Internet and downloads from there template phrases in 77 languages, which will then be used to blackmail the user of the mobile phone.
  • Then, with the help of prepared phrases, Faketoken starts to shit in the system full screen messages in the style of "confirm the name and password of your account in Gmail" and "we now have to link a card on Google Play, enter the required data." Until the bitter end, of course.
  • The Trojan frolics in the system, sends and receives SMS, makes calls, downloads applications. And finally - it locks the screen, encrypts all files in internal memory and microSD and demands a ransom.

Godless

The Godless Trojan impresses not even with its, so to speak, functionality, but with its disguise - for a long time its presence in applications was not recognized even by the vaunted anti-virus scanning system on Google Play. The result is a bit predictable - the malware has infected over 850,000 smartphones around the world, and almost half of them belong to the inhabitants of India, which seems to hint at the origin of the Trojan.

Downloading yourself a flashlight from Google Play - you catch an unremovable virus with encryption and root rights

The functionality of the Trojan differs little from its many colleagues in 2016, only the beginning is new:

  • Smartphone user downloads app from google play, turns it on, as a result of which the Trojan is launched along with the application. Just don’t think something bad about checking Google, because this "bundle" does not contain malicious code - the Trojan downloads the malicious code when it is first launched.
  • For starters Godless extracts on smartphone root rights, free of charge without SMS. With the help of about the same set of tools as in these your Towelroot, for example. The Trojan performs such operations when the screen is off.
  • After that, the impudent Trojan sends itself to the / system folder (from where it can no longer be deleted without flashing) and encrypts itself with the AES key.
  • With full set of Godless permissions starts little by little steal personal data users from smartphones and install third-party applications. In its initial versions, the Trojan, by the way, hid the standard Google Play from the user's eyes and replaced it with a "parody" through which it stole the username and password from the account.

Among the applications to which Godless was most often "tied" were numerous "flashlights" and clones of famous Android games. Viruses, worms , trojans , adware(intrusive ads) and "Horror stories", but almost no one cares about such subtleties. They say, viruses - they are viruses.

The differences between the "grades of joy" are as follows:

  • Virus- a malicious program that invisibly penetrates the computer due to the vulnerability of the system. And, most importantly, it does not engage in sabotage on its own, but infects other files in the system. In the case of Android, such malware would have to penetrate after a banal click on an advertisement or visit a website, and then “rewrite” Gmail, VKontakte and other applications for itself in such a way that, after removing the original virus, the infected applications would continue to do their dirty work.
  • Worm- does a bad deed and harshly, mercilessly, by all means spreads himself through all communication channels. On computers, worms sent themselves by e-mail, instant messengers, local networks, flash drives - that is, they cloned themselves in the most shameless way.
  • Trojan never knocks on the system from the outside - you install and run the malicious program yourself. This happens because Trojans replace ordinary, familiar and well-known applications, and sometimes they are simply "sewn" onto fully functional programs. That is, you buy, download a useful program - and get a malicious one as a gift!
  • Scareware- applications that induce panic: “Oh my God, you have all your smartphone in viruses and applications for wiretapping by intelligence agencies of the whole world! Download our antivirus and find out the whole truth! " Download, run, carry out the so-called check, after which the program says: “An awful number of viruses in the system! Your phone will die if the viruses are not removed, but for this you must enter your bank card details here and here. " Such a charm is often ignored by all antiviruses, because it does not hack or steal anything in the system - it simply deceives the buyer and asks for money.

Adware viruses on Android are a common phenomenon, which is often associated with inattention and ignorance of the user in terms of installing third-party applications. As a result, they see huge banners on their screens and sometimes even threats like “send an SMS to this number or your phone will be blocked”. How to remove ads on Android - read on Treshbox.

Defining the problem

First of all, you need to find out what exactly you are dealing with. If ads start to appear on your device on top of all applications, it means that an adware Trojan has infiltrated your Android. They are of different types:
  1. Common adware viruses that are installed with malicious applications.
  2. Adware viruses that are installed as system applications.
  3. Trojans that are embedded in the firmware.



The former can be removed using standard Android tools, that is, go to the settings, find the malware and remove it from the device. Viruses of the second and third types can be removed only by obtaining root rights and special programs, or simply by flashing the gadget.

We remove the simplest viruses on Android

First, remember what you installed on your smartphone or tablet ahead of the ad. Define the scope of these programs. The AirPush Detector program can help with this. It scans all apps for banner ads.

If ads and overlapping messages prevent your smartphone from working properly, then it doesn't matter. In this case, you need reboot into Android Safe Mode... To boot into Safe Mode on Android, you need:
Safe Mode on Android is a state where you can use the system without all third-party applications. That is, the very advertising banners and messages are not shown in it.

Go to Settings → Security → Device Administrators. All programs that have administrator rights are shown here. If any suspicious malware is present there, then remove the rights from them.


After that, go to Settings → Applications. We search there for all potential malware and remove it. After that, we reboot again, but in normal mode. Everything should be fine, and if not, read the instructions below.

Full reset

If you want to be completely sure that the virus has been removed, then do a hard reset.


There are two ways to trigger a reset:
Through settings:
  1. Go to Settings → Backup & reset.
  2. There, find the item "Reset settings". Choose it.
  3. Click the Reset Phone Settings button.
Buttons on the case: Android device manufacturers use different combinations for hard reset. On most smartphones and tablets, this is holding down the Volume Down and Power buttons. You can find out about a similar combination for your device on the Internet.

How to remove system viruses on Android

Many viruses on Android get administrator and root rights and are deeply embedded in the firmware. You can deal with them in different ways.

Method one - flashing
The most reliable and easiest way to get rid of a virus rooted in the system is to reflash your smartphone. In order not to lose all data, you can back up applications using Titanium Backup, but for this you need to get root access. Backups should be saved to an SD card, if available. This requires the Pro version of the Titanium Backup application.

Transferring Titanium Backup to SD Card - Left to Right


The firmware for your device can be found on various resources. It could be CyanogenMod, official firmware, or some kind of modification. To find the firmware for your gadget, just use a search engine.

Method two - getting root and deleting manually
Advanced users can remove the virus from Android in a more sophisticated but reliable way. It consists in obtaining root rights on the device and manually deleting all virus data. There are a lot of ways to get root rights. The simplest of them is to do it using a computer through KingoRoot.


After receiving the root on Android, you need to install applications such as Root Explorer and Titanium Backup:

Using Root Explorer, you can check all Android system folders for suspicious APK files and directories with viruses. Whatever rights the Trojan has, Root Explorer will be able to remove it. Mostly viral APKs and folders are located in the / system / app / or / system / xbin / directory.

Titanium Backup can remove almost all applications, so it can be used to remove the infected program.

Install antivirus on Android

An antivirus or a simple malware scanner will not only help cure an already infected Android, but also prevent it from happening in the future.


The Treshbox editorial staff may recommend the following antiviruses for Android:

All these programs are able to find malware and destroy it.

Often, when a virus is detected on their favorite gadget, users are perplexed as to how the malware managed to penetrate the device. Then even more unpleasant questions arise: "What to do now?" In fact, finding an infected tablet or smartphone still takes some hard work. This state of affairs is greatly facilitated by the rather high-quality built-in protection of the operating system from Google. But what should a user do who is still faced with a virus on the device they are using? First of all, do not despair, and we will give advice on overcoming a harmful misfortune in this article.

First, let's find out where you can pick up a virus, which, in fact, would be more correct to be called a malicious application, since simply following a link on the Internet it is impossible to harm a smartphone. At the moment, the infection can penetrate the gadget only if an infected application is installed. At the same time, the functionality of the application is usually preserved - it honestly does everything that is required of it, however, along with it, malicious code enters the system, the purpose of which is to steal confidential information, destroy other programs or clog the system.

Correct attitude

First of all, you should calm down, since many users are unreasonably lost in a generally not so tragic situation. Unpleasant thoughts arise because many have heard about the possibilities of malicious software. Of course, these programs are quite tricky, but while maintaining composure, correctly assessing the situation and choosing the correct sequence of actions, the enemy will not have the slightest chance of winning.

Find and destroy

The main goal of the owner of a smartphone or tablet when there is a suspicion of infection of an android device with a virus is to detect and remove malicious code from the system. It can manifest itself in different ways: unreasonably high consumption of RAM or clogging of the built-in storage for some unknown reason, unknown running processes, publication of third-party posts on Facebook on your behalf, etc. All this indicates that not everything is so smooth on the gadget. First of all, you should pay attention to recently installed applications, especially unpopular ones, about which it is difficult to find a sufficient amount of information or reviews from other users. If something like this has been installed, it is worth getting rid of such applications first.
It is best to turn off your smartphone or tablet when detecting oddities and launch Google Play on a PC, where you can safely analyze the most famous, consult with people who understand this issue. Then you should start the device and install it on it, with which you can completely scan all the memory. Such programs detect malicious code with a probability of more than 99%.

Data protection

In order to prevent unauthorized persons from getting your personal data, it is worth trying to change passwords from the services used: Facebook, Twitter, VKontakte, etc. Most often, viruses are aimed specifically at making a profit through theft and subsequent use of personal passwords and data.

Reset

If the antivirus was unable to identify the danger, you can run

Top related articles

The best programs for creating basic and electronic music
The best programs for creating basic and electronic music
General structure of theme files
General structure of theme files
Basic principles of using color in web design
Basic principles of using color in web design
Categories:
© 2021 bumotors.ru. How to set up smartphones and PCs. Informational portal.