Android Malware Removal

How to Remove Malware from Android

Android OS is an operating system developed by Google and used by the majority of mobile devices sold on the consumer market. In terms of security Android is much safer to use than its Windows counterpart – but it is by no means impenetrable. This article will provide you with all the necessary information on how to remove malware from an Android phone or tablet.

Android Malware Removal

If you are seeing a larger-then-usual number of Ads on your Android device, then the most likely reason behind them is a malware App that has been installed. Another possibility is an android system malware, but these are quite rare and you need Google to fix them first before you will be able to do anything on your own.

  • Keeping your Android device up to date with the latest updates is vital for its security! Keeping threats out is easier than trying to perform android malware removal instructions afterwards!

Signs of an Android Malware infection

If you are unsure of whether your phone/tablet is really infected by an Android Malware, please look through the following symptoms. One could be a coincidence caused by another problem, but more than one likely points to a Malware loaded into your device.

  1. Poor battery life – you are already accustomed to your phone and you have a general idea of how long the battery should last when fully charged. This time will gradually reduce over time due to the age of the battery, but any sudden drops point to added consumption – likely from a malware associated hidden process.
  2. Call quality problems – if your phone calls are suffering from poor call quality and sometimes the connection breaks (and there are no issues with are coverage of course) then it’s likely that there is a piece of Malware on your device that interferes with your calls or even possibly records them.
  3. Ghost SMS messages – some Malware exists to spam SMS/MMS from infected devices. These could be just plain old spam, but they could also be dangerous links that infect other devices when clicked on. If your phone bill contains anything of the sort, then you have a problem.
  4. Data plan spike usage – much of the existing Malware requires a constant connection to the internet in order to send all data it records on your device. This outgoing traffic may not be recorded on your infected phone, but your company will definitely record it and charge you for the traffic. If you are suddenly asked to pay a much higher amount than usual, consider Malware as a possible reason.
  5. Poor overall performance – you know your own phone best. If you think it has been underperforming recently it’s likely that you caught the presence of a Malware stealing your system resources subconsciously.

Most Ad-creating Malware for Android function by displaying Ads on the internet browser you use. Most work as separate add-ons, but the most devious ones will attach to other applications and extension and make their identification very hard. The best way to get rid of any unwanted malware is to reset your browser to its default settings. You’ll find the instructions on how to perform the Android Malware removal in the guide found after the end of this article.

Tips on how to avoid getting infected with Android malware

There are two ways on how one can obtain android Apps:

  1. Through Google’s App store.
  2. Through downloading an .APK file from various locations.

Out of these two the App store is by far the safest option. Apps downloaded from the app store pass through rigorous inspections before they are made available for sale. If any problem should be discovered afterwards they are taken down immediately and the App store will notify you of the act so you can take appropriate action.

That said, please remember that no system is absolutely safe. A large number of positive reviews is not a good indication that an app is safe – especially if it is a brand new upload to the store. Whole companies exist to create (fake) positive Ads for Apps on the store. In addition to that, Google does not set limitations on the number of Ads an application is allowed to display – each developer decide for himself how obnoxious their product is going to be. The worst offenders simply try to make it as hard as possible for you to remove them (and they end up classified as malware – hence why there are so many search queries like “how to remove malware from android phone”). In most cases Ads created by Malware apps are limited to the internet browser and the app itself. Apps that operate outside of these limitations are very rare, but also extremely dangerous. Because they are a corner case scenario they will be handled in a future, separate article.

Installing Apps outside the App store leaves you more vulnerable to Android Malware

For various reasons App Developers will choose not to make their product available through the App store. This does not necessarily mean that such products are full with Malware – quite the opposite. Google takes a share of the profits from all Aps sold through the store (the biggest downside), but there are other downsides developers face such as approval time, time necessary to approve updates and more. Whatever the same may be sometimes the only way to obtain an App is to download it from a location that is not the Google App store. You need to recognize regular Apps from their malware brethren in order to be safe. Here is a list of tips for that:

  • Look for permission list. Аn App that organizes your notes does NOT need permission to your contact list.
  • Look for the memory and CPU usage – most Android Malware exists to collect personal data and will run a background service on your device. If your device is running slower than usual it is a reason to worry.
  • Don’t download hacked software. Paid apps cost money for a reason – any modified (hacked) copy can easily have malware added to it

Android malware usually operates through Ads (as mentioned), but can sometimes employ alternative means. As an example a certain Malware operated through the Ad Network Air Push. Infected devices had pop-ups added to their Apps, which asked the user to pay money for program updates that should have been free otherwise.

  • Remember, the Google App store uses the policy “Pay once, use forever”. App developers are allowed to develop additional Apps as a paid extension to current Apps, but no update should ever require any form of payment from you.

How to remove Malware from Android phone

This is a two-step process, which involves cleaning your internet browser(s) from any added code that may be creating the malware, as well as uninstalling any App that may be responsible. You’ll find the detailed instructions on how to do both in our guide below:

Android Malware Removal Guide

Android Malware Removal

To begin with you will need to boot your device into Safe Mode. To do this, press and hold the power button on your device until the power options menu shows up. 

Android Malware Removal

After this, long-press the power button again until a box appears, asking whether you want to reboot into safe mode. Tap OK. 

Android Malware Removal

Android Malware Removal

Whether you use the default “Internet” App for browsing or a different browser like Chrome you need to go to:
Settings/More/Application Manager/All

Android Malware Removal

Locate the Browser/App in question and tap on it.

Android Malware Removal

Now the method is effectively the same for users using both “Internet” and Chrome/Other Browsers, yet for more clarity we have provided instructions for both:

For “Internet” Browser Users:

Tap the Force Stop button.

Android Malware Removal

Now tap the Clear Data and Clear Cache Buttons.

Android Malware Removal

For Google Chrome Users:

Click on Force Stop.

Android Malware Removal

Then click on Clear Data and Clear Cache.

Android Malware Removal

Android Malware Removal

Restart your Browser. It might be a good idea to Reboot your Android device, just in case. Also, try doing the following?

Instructions on how to remove suspicious Apps

Normally you remove Android apps from the Settings menu -> Apps -> (Select the suspicious app)

Naturally, “Flashlight” is not suspicious, merely an example to show you how the menu should look like.

Android Malware Removal

In most cases you can click on the Uninstall button and be done with it. In rare occasions, however, the Malware may have managed to give itself administrator permissions and you’ll see that the Uninstall button is grayed out. In order to enable it you should leave the Apps folder and go to:

  • Settings -> Security -> Device Administrators

In there you will see a list of apps that have admin status within your system. They’ll probably be listed under the Android DeviceManager. Remove the problematic App from this list. Now you should be able to remove it as normal.

Android Malware Removal

  • Important!

If you are still seeing Ads in your browser, it is likely they are generated by the websites you visit and there is nothing you can do about it.

However, if you are seeing Adverts outside of your internet browser, then one of your installed Apps contains the problematic Adware. In this case you need to take a look at this guide.

Did we help you? Please, consider helping us by spreading the word!


About the author


Nathan Bookshire


  • You are most welcome niki. Remember to check our guides next time if you come across any other issue. We will be glad to help you 🙂

    • Please help me, someone has remotely, I believe, installed a program on my phone that is cloning system apps and has full access and control of my phone

      • You can try restoring the device to its factory settings if nothing else has worked. However, before you take such drastic measures, it is important to complete the guide present on this page. If that doesn’t help, you should back up all data you don’t want to lose and then factory reset the device (only if you are okay with it).

  • Can you rephrase the part where you explain the issue you are having. Generally, if you are dealing with some sort of shady/sketchy app that has gotten onto your phone, you should be able to remove it without rooting. However, if the software is coming from Google (which would make it legit even if unwanted) and is enforced by it, most of the time rooting the phone is the only way. Also, do not that sometimes there are applications/programs that seem to be coming from Google or other reputable developers while in fact, they are fake actually coming from some unknown and sketchy developer. Anyway, I did not quite understand what your issue was, so if you could, I would like you to once more explain what the problem is.

    • Sorry, this was the page given for android removal of dnsunlocker style browser hacks by the general dnsunocker article. I did not realise this was only a general malware page.

        • I don’t know what to say. It is the regular dnsunlocker like. I have outlined much more then people do on threads discussing it. This new version now seems to be more virulent and difficult to get rid of.

          amp.reddit. com/r/techsupport/comments/3kjbh0/removing_dns_unlocker_from_an_android_phone/

  • Just what I needed. Worked perfectly. Removed it from my month old Android phone. Alto the pictures do not match what I see on my Samsung 8, they were explanatory enough for me to determine what to do and return to normal – and hope that ts lurking somewhere else in my OS.
    Thanks for the clear instructions.

  • Trying to remove connectivitycheck.gstatic and following some guidance on another website but my honor 7 phone would not boot into safe mode follwing their generic android instructions and there is nothing in the phones user guide to say how to boot into safe mode so this small, basic but vital piece of info on your site enabled me to complete my task. Thank you

  • You guys rock! I’m usually very paranoid and careful about what I click and download, but trying to back out of a weather app on my Android phone, I fat-fingered the ad at the bottom of the screen and all hell broke loose. Everywhere I looked for help, they wanted me to download their removal tool, and I was really NOT about to download anything in my state of paranoid panic. Then I found your page. I have a newer Android phone and couldn’t figure out to reboot in safe mood, so I followed your instruction for clearing the Chrome browser, and it worked without a single glitch. Thank you, thank you, thank you, you are doing a great service here.

  • Great job, I have been looking for this solution for a long time. Tried numerous other sites and nothing worked until your fix! Thank you!

  • Thanks – had an annoying popup that just wouldn’t go away. The screens and directions didn’t directly correspond to what you show here, but it was explanatory enough that I managed to get rid of the popup. Thanks!

  • Now I’ve never left a comment on a forum/website like this, but i need to give thanks so let’s hope this posts:

    Wow! What a beautifully-laid out site! Instructions are clear and organized, and pretty bang on! I especially like the background info given here and there! Also, although I only need Android, I think it’s really great that the site is laid out for multiple OSs. Thank you, and thank you again!

  • I’ve got a complete take over. I see that all my core apps have zero mgs. Do not exist. Video and audio upload my default browser settings are false and say gstatic. I reset the device but I see in the recovery and logs in the hard reset option that there’s a developer Block to reload their system and to load it right back. My apps permissions, packages changed. I cannot get back into one device already, my dsmdung galaxy S6 my samsung account was change and my imei number. It’s in every device my boyfriend, children’s etc. I seen in e s file explorer where the platform has been rewritten using Odin download mode and use setting and configurations. Also stars for a Mac computer. My Google app is for a computer saying Mozilla and safari. I feel the Mac is the remote computer operating Mr phone . My internet has a false reading but the cap has been changed and there is a captive portal showing false. I see apps are changed upon create from playstore. Updates addex more. My entire opersting system has been changed. We view is disabled and settings greyed out. Days I’m running a nexus ohonne. My feedbacm is blocked and intercepted. I’m being recorded on audio and vudeo. It’s in a ndw phone soon as I actuvated it and I made a new googke account. My device dhiws servuce and is not provisioned . Twuce I received notice from Verizon sayinv nyst xevucr was iacttivated. Now it hazy a. Unknown own netwirk set as xefault . A radio network and I I can’t msje irvsr receive calls . I see 4 g in my service bars . I use a Wi-Fi calling app. I sent a message and document to cheetah mobile saying all was hacked and deteted by another cm app. ???? I’m at my end point pardon the pun . It looks like a java script remote code take over.

  • Thank you for being here to help those of us in need without trying to make us download more crap! But before I follow your directions (I’ll be attempting to rid my android of clients5.google malware) I wanted to know if resetting the browser settings,data, and cache will remove my bookmarks, saved passwords, personal settings, ect?? Please let me know what exactly it “resets” (doesn’t have to be 100 percent, just mostly curious on the specifics like saved passwords) thanks again for all your help!!

    • Doing this shouldn’t affect your bookmarks or passwords. Still, if you don’t remember some of your passwords, we advise you to change them and then write them down so that you won’t lose them.

  • Hi, thank you for being here. I’ve followed your instructions and I cannot find the app in any list on my phone to uninstall. It seems to be called “Promotion”. Maybe. Is there anything else I can do to find it?

    • You have to look through your other apps. It’s likely an app that’s not on our list. Are there any recently installed apps on your device or any apps that have recently had an update?

    • Maybe there is some other app not listed in this article that is causing the problem. What apps have you installed recently on your device?

  • I am trying to get rid of (con. ZTE. Accesswizard) once I put it on safe mode. I then went to settings, then security, then device administrator, but there was not a list of apps found. Also could not find device manager under device administrator. My problem still here. I know my ZTE phone started working poorly after COM. ZTE. ACCESSWIZARD WAS INSTALLED. ANY SUGGESTIONS WILL BE APPRECIATED.

  • My accounts phones and computer have been hacked and apps changed … They used open source programming and are downloading my info .. how can I find out where my files are going .. Google is no help

  • I have tried these steps to remove gestyy redirect malware from my android tablet however it still opens chrome by itself and goes to their unwanted website.I have not installed any apps before so I have nothing to uninstall.Any advice what to do next?

    • Sometimes old apps that receive updates can start to behave oddly or to spam you with ads. If any of your older apps has recently received a big update, this app may be the cause for the issue.

  • Thank you for your help. I got the luckyguys.top malware on my Android phone. I narrowed the problem down to a mainstream app – “Golf GPS Rangefinder: Golf Pad”. The developers have been responsive yet deny that their software caused the problem. I have downloaded the app 3 times and all 3 times I’ve gotten the malware. Any thoughts on this?

    • If removing this app rids you of the malware, then it doesn’t matter what the devs tell you. They may simply not want to admit that their software may be doing something you don’t want it to. It’s also possible that they may not be aware of some issue related to their app which may be connected to the malware. Regardless, if removing this app fixes the problem, then it’s best to keep away from said app, at least for the time being.

  • I feel my phone has been completely cloned and controlled . I tried removing app from administration but it pops back on Can’t uninstall it cause it says not installed. Someone one or group has all kinds of Google apps and links under my name and emails.in my Google account . Looks like it’s me doing all these activities and data. Possibly a credit card in my name. I no longer have any kind of signal or 4g showing on top .if I try to change something in settings, it shows error and shuts itself down. I’ve done numerous factory resets, lost my Facebook account ,photos, and videos..And when I search in chrome or Google it says” not your computer, search as guest. Under download your data in dashboard ,I see all these sites,etc. With my Google account and username.im afraid of what damage is being done to my reputation and sanity. My idenity is someone else’s, and I can’t enjoy my phone at all. Please if you can help me at least tell me what to do to find out the name or names of criminals making my life
    Misserable. Thank you!

    • new malware and adware apks can root over wifi or bluetooth… They can create hotspots and lure other devices in. Then leave BEACONS – physical ? smart appliances tvs streaming boxes etc…. Get a good reliable IT PROFESSIONAL! You’re stuck in an isolated intranet through developer cloud servers… Dobt trust your search engines or appstores!

Leave a Comment