Help! My Android has malware!
What to do if you think you've got an infected Android phone or tablet
We've talked about antivirus apps for Android a little, specifically if you really need to use one at all. It's a good thing to talk about and sort through all the FUD and nonsense about malware on our smartphones and tablets.
Today, we're going to talk about what to do if you think you might be infected by malware. There's always plenty of discussion (and sometimes a bit of fear-mongering) about how to prevent malware on Android, but very little about what to do if it happens to you. Prevention is still the best idea, whether it's from careful monitoring of the things you do or by using an app to monitor for you, but you can survive a malware attack.
First, a word about Android "viruses"
Viruses do not exist for Android. The name gets used a lot, but technically there has never been a virus found to affect Android, and without some sort of crazy unknown exploit there never will be.
A virus is a bit of self-replicating executable code that can do its dirty work on one machine (yes, our Androids are machines) and also has the ability to automatically transmit itself to other machines. The way Android (and iOS, and some computer operating systems) is sandboxed means this can't happen. At least in theory.
To get malware on your Android, you have to have given it the OK to install itself. This doesn't mean that you said "Cool! Let me install this app that steals my data!" Malware is usually hidden inside something you want to install, or something you're tricked into installing.
Just know that you're not going to get malware from visiting a website or reading a message. You need to actually install it and approve the installation during the process.
Here's what to do if malware bites you
- Don't freak out.
Damage is already done if there is going to be any damage, and doing something silly like destroying your phone isn't going to undo anything. Your goals now are to remove the malware, and try to prevent any further data theft or loss. Then you go back and address what may have happened.
- Identify and remove the malware if you can.
Shut your Android off and use another computer to research things if you can here. You'll want to install and run one of the many Android AV apps (here are some free ones) to see if you can find any malware and get it removed. Read what we have to say about the various applications, read the forums to see what other folks have to say about the different Android AV apps, and decide which one you think is the best. Turn your Android back on, install it from Google Play, and let the app do it's thing.
- Access and address any damage
Never assume that you get away from something like this with no ill effects. Call your bank and change your online credentials. Do the same for your credit card companies, and get new cards sent with different numbers. Change the password for your Google account. Do the same for any other online accounts, like Yahoo or Microsoft or PlayStation or Android Central. If you see anything that looks like you didn't do it — credit card charges, crazy postings on FaceBook, or wire transfers from your bank to anywhere — be sure to let the people in charge know that it wasn't you who did it and that you had a bout with some malware during those dates. It happens. There is no need to be embarrassed about it and you'll find that people are willing to assist you any way they can. That's because they have seen it often enough to know that one day, they may be in your situation.
- Change some habits, maybe.
You might never be able to find out just how you got your phone or tablet infected, but you can evaluate if you need to do things a little differently to minimize the risk of it ever happening again. Maybe you need to stop using pirate app stores, or stop clicking "yes" without reading what you're agreeing to, or stop installing random email attachments. Nobody is blaming you for getting infected, but you're the only one who can prevent it from happening again.
Help! That didn't work!
First, see the top bullet point above and don't panic. You might not like doing it, but know that a factory reset will remove any malware you have inadvertently installed and kill it with fire.
If you have reason to believe your Android is infected but normal Android AV apps aren't finding anything, your last course of action is a factory wipe of all your data. This means all of your data, and the only thing you'll have left is what backed up online (think Google Play Games services) and media like pictures. We want to remove any and everything local that might be executable.
Back up all your pictures (and music and videos) to your Google account. Google+ is a great place to store your pictures, drop your videos in your YouTube account, and you can store up to 20,000 songs in your Google Play Music account. Utilize this free space Google gives you, even if it's just to store a few things while you pour digital bleach on everything.
Take the SD card out of your phone if it has one. Visit a computer (or a friend with a computer) and wipe and repartition it using the built-in software for disk management. Don't save anything — you need to be brutal to make sure anything nasty gets nuked.
On your Android, go into the settings and look for the backup and reset options. You want to perform a full factory reset of all your data, including any local storage space. Let it do it's thing, and when you set it back up be sure to not restore any backed up data from your Goggle account.
You still want to change passwords and contact your credit card companies. You also want to take a close look at the way you do things to try and prevent this from happening again. None of that changes.
If you rooted your Android
If you rooted your Android, you may have bigger issues here. Forget the app sandbox, forget Google's Bouncer, and throw out most of the rules that apply to people who didn't root their phone. The solution is simpler, but more brute-force.
Back up your media as described above. Next, go into a custom recovery and wipe everything. Flash a completely new ROM.
If you don't have a custom recovery installed, or one isn't available for your phone, talk to the guys and gals who are hacking and developing custom software with the same phone that you're using.
Going through the pain of a factory reset then finding out that some malware is written to the system files and not your user data means you did everything in vain. Take a few minutes to talk to other people with the same hardware as you.
Get the Android Central Newsletter
Instant access to breaking news, the hottest reviews, great deals and helpful tips.
Jerry is an amateur woodworker and struggling shade tree mechanic. There's nothing he can't take apart, but many things he can't reassemble. You'll find him writing and speaking his loud opinion on Android Central and occasionally on Twitter.
However, I'm so tired of people who twist things; equating malware on android as easily attainable like on a PC a decade ago. :(
Tin foil pants- check Posted via the Android Central App
No tin hat needed here, it's not fear driving my sentiment. Yours however does require faith.
For me eyes wide open. Posted via the Android Central App
Safe mode only shows the preinstalled apps, but you can get rid of others. Posted via the Android Central App
"That'S Perfect! Only with the help of this program was able to remove the virus file as an administrator! Thanks you."
I didn't understand what he was talking about, since I never intended for this to help uninstalling problematic apps (I made it to make it easy to uninstall any app).
I wonder if my app can really help in this. Which problematic app do you know that does this? I will try it out myself.
This is my app btw: https://www.androidcentral.com/e?link=https2F2F...
Sure you can have problems of course (they're computers after all) but 99.9999% of issues people have is mods and apps conflicting and or not knowing what they're doing when flashing and side loading apps etc. Posted via the Android Central App
A message that that says "Attention! Your device has been blocked for safety reasons listed below . All the actions performed on this device are fixed. All your files are encrypted. CONDUCTED AUDIO AND VIDEO::...followed by a shit ton of warnings ect.. BUT they will fix it for $500.00...And it sats you d an use PayPal or credit card... I was told that it in itself is a scam for money and the block can be removed easily yourself. .. it has FBI warning n blahhhh... I Just really like the phone and would lije to activate it through Verizon. .which is the company it is from ..as it reads Verizon at the top of tge phone. . Just throwing this out there hoping someone knows if its fixable or just junk now.. and HOW TO FIX.. FREE..I have a phone so if it can't be fixed ..like factory reset for free or something. .I will just toss ir donate it... But im hopeful that one if you has Good news or how to rectify this problem. THANKS IN ADVANCE TO ALL THAT READ N TRY TO HELP...
Any advice is much appreciated.
You are done . No need to download anything, not even from play store you will find help .
There's not anti mallware that can detect this .
I tried Mallwarebyes, it fail
I tried several others according to their ratings, they all fail to identify the root cause of the add,not until I manage to detect that it's the diagonal shaped bluetooth app sender was doing it.
Since I uninstaled it and deleted it's residual files, my S5 has remain free from anoying pop up adds.