Android Malware Removal

How to Remove Malware from Android

Android OS is an operating system developed by Google and used by the majority of mobile devices sold on the consumer market. In terms of security Android is much safer to use than its Windows counterpart – but it is by no means impenetrable. This article will provide you with all the necessary information on how to remove malware from an Android phone or tablet.

Android Malware

If you are seeing a larger-then-usual number of Ads on your Android device, then the most likely reason behind them is a malware App that has been installed. Another possibility is an android system malware, but these are quite rare and you need Google to fix them first before you will be able to do anything on your own.

  • Keeping your Android device up to date with the latest updates is vital for its security! Keeping threats out is easier than trying to perform android malware removal instructions afterwards!

Signs of an Android Malware infection

If you are unsure of whether your phone/tablet is really infected by an Android Malware, please look through the following symptoms. One could be a coincidence caused by another problem, but more than one likely points to a Malware loaded into your device.

  1. Poor battery life – you are already accustomed to your phone and you have a general idea of how long the battery should last when fully charged. This time will gradually reduce over time due to the age of the battery, but any sudden drops point to added consumption – likely from a malware associated hidden process.
  2. Call quality problems – if your phone calls are suffering from poor call quality and sometimes the connection breaks (and there are no issues with are coverage of course) then it’s likely that there is a piece of Malware on your device that interferes with your calls or even possibly records them.
  3. Ghost SMS messages – some Malware exists to spam SMS/MMS from infected devices. These could be just plain old spam, but they could also be dangerous links that infect other devices when clicked on. If your phone bill contains anything of the sort, then you have a problem.
  4. Data plan spike usage – much of the existing Malware requires a constant connection to the internet in order to send all data it records on your device. This outgoing traffic may not be recorded on your infected phone, but your company will definitely record it and charge you for the traffic. If you are suddenly asked to pay a much higher amount than usual, consider Malware as a possible reason.
  5. Poor overall performance – you know your own phone best. If you think it has been underperforming recently it’s likely that you caught the presence of a Malware stealing your system resources subconsciously.

Most Ad-creating Malware for Android function by displaying Ads on the internet browser you use. Most work as separate add-ons, but the most devious ones will attach to other applications and extension and make their identification very hard. The best way to get rid of any unwanted malware is to reset your browser to its default settings. You’ll find the instructions on how to perform the Android Malware removal in the guide found after the end of this article.

Tips on how to avoid getting infected with Android malware

There are two ways on how one can obtain android Apps:

  1. Through Google’s App store.
  2. Through downloading an .APK file from various locations.

Out of these two the App store is by far the safest option. Apps downloaded from the app store pass through rigorous inspections before they are made available for sale. If any problem should be discovered afterwards they are taken down immediately and the App store will notify you of the act so you can take appropriate action.

That said, please remember that no system is absolutely safe. A large number of positive reviews is not a good indication that an app is safe – especially if it is a brand new upload to the store. Whole companies exist to create (fake) positive Ads for Apps on the store. In addition to that, Google does not set limitations on the number of Ads an application is allowed to display – each developer decide for himself how obnoxious their product is going to be. The worst offenders simply try to make it as hard as possible for you to remove them (and they end up classified as malware – hence why there are so many search queries like “how to remove malware from android phone”). In most cases Ads created by Malware apps are limited to the internet browser and the app itself. Apps that operate outside of these limitations are very rare, but also extremely dangerous. Because they are a corner case scenario they will be handled in a future, separate article.

Installing Apps outside the App store leaves you more vulnerable to Android Malware

For various reasons App Developers will choose not to make their product available through the App store. This does not necessarily mean that such products are full with Malware – quite the opposite. Google takes a share of the profits from all Aps sold through the store (the biggest downside), but there are other downsides developers face such as approval time, time necessary to approve updates and more. Whatever the same may be sometimes the only way to obtain an App is to download it from a location that is not the Google App store. You need to recognize regular Apps from their malware brethren in order to be safe. Here is a list of tips for that:

  • Look for permission list. Аn App that organizes your notes does NOT need permission to your contact list.
  • Look for the memory and CPU usage – most Android Malware exists to collect personal data and will run a background service on your device. If your device is running slower than usual it is a reason to worry.
  • Don’t download hacked software. Paid apps cost money for a reason – any modified (hacked) copy can easily have malware added to it

Android malware usually operates through Ads (as mentioned), but can sometimes employ alternative means. As an example a certain Malware operated through the Ad Network Air Push. Infected devices had pop-ups added to their Apps, which asked the user to pay money for program updates that should have been free otherwise.

  • Remember, the Google App store uses the policy “Pay once, use forever”. App developers are allowed to develop additional Apps as a paid extension to current Apps, but no update should ever require any form of payment from you.

How to remove Malware from Android phone

This is a two-step process, which involves cleaning your internet browser(s) from any added code that may be creating the malware, as well as uninstalling any App that may be responsible. You’ll find the detailed instructions on how to do both in our guide below:

Android Malware Removal Guide

First thing that must be done is to boot the device into Safe Mode – doing this will make it so that only essential processes would be active on the device and anything that may be related to the malware you are facing shouldn’t be allowed to run. Getting into Safe Mode is done differently on different phones. Still, on many phones it can be done in the following way:

Hold down the Power Button so that the shut down options appear on your screen.

When you see the different shut down options, press and hold the Power Button again and the Safe Mode/ Reboot to Safe Mode option should show up. Select it and then tap on Ok to confirm that you indeed want to enter Safe Mode.

Wait for the device to restart and if you see a small text that reads Safe Mode in any of the corners of your screen, this means that you’ve successfully entered that mode.

However, as we said, not all phones enter Safe Mode in the same way so you may have to look up How to Enter Safe Mode for your specific device. In most cases, it is easy to do it and should take you just a couple of minutes to figure it out. Once you have enabled Safe Mode on your device, continue with the next instructions.

Now, you must go to Settings > App Manager/Apps/Applications and find the list of all apps that are installed on the device (this list is usually labeled as All apps).

Once you get to the all apps list, sort the items shown there by date, from most recent to oldest. Now look at the apps near the top and try to figure out if any of them have been installed right before you started having problems with your smartphone. Also, if there’s an app in the list that you don’t remember downloading and installing on your own, this could be another red flag that this is the one you are looking for.

 

If you think that you’ve figured out which app may have brought malware into your system, tap on it and then select Uninstall to remove it from your phone.

If the uninstall button is grayed-out and you are prevented from uninstalling the app, do not worry and move to the next step. If you have been able to delete the app in question without problem, you can skip Step 3 and go directly to Step 4. Note that if you aren’t allowed to uninstall a given suspicious-looking app, this is a pretty good indication that this application could be related to the malware you are dealing with.

If you have not been able to delete the suspicious app in the previous step, return to Settings and type Admin in the search field at the top. From the results that show up, look for one labeled Device Admin Apps or something else along those lines and tap on it. In most cases, this option should be listed below Security and Privacy settings.

Now, look at the list of apps that have Admin privileges on your device. It is highly likely that you would find the suspicious app in that list. If it is there, revoke its Admin permissions and if asked whether you are sure you want to do this, select Yes regardless of what warning gets shown on your screen. After you are done here, return to Step 2 and try to uninstall the suspicious application again. After you do that, you can move onto Step 4.

The next thing you ought to do is clean your browser from any data related to the malware that has been bothering you lately. To do that, you must once again go to Settings > Apps Manager > All Apps and this time find the entry for your browser and select it (if you have several browsers, this step must be completed for all of them). Now, first tap on Force Stop, after that select Clear Data, and then Clear Cache.

The last step from this guide is to restart the device so that Safe Mode is no longer enabled and see how the phone behaves. In most cases, things should be back to normal because Android malware isn’t that difficult to eliminate if you know what you are doing. Still, if the problems seem to continue, you can always write us a comment under this post telling us about the issue and we will try to work with you towards solving it.


About the author

Violet George

Violet is an active writer with a passion for all things cyber security. She enjoys helping victims of computer virus infections remove them and successfully deal with the aftermath of the attacks. But most importantly, Violet makes it her priority to spend time educating people on privacy issues and maintaining the safety of their computers. It is her firm belief that by spreading this information, she can empower web users to effectively protect their personal data and their devices from hackers and cybercriminals.

77 Comments

  • Hi UltraSeven,
    you are most welcome. If you need solving other issue we are here to help you 🙂

  • You are most welcome niki. Remember to check our guides next time if you come across any other issue. We will be glad to help you 🙂

    • Please help me, someone has remotely, I believe, installed a program on my phone that is cloning system apps and has full access and control of my phone

      • You can try restoring the device to its factory settings if nothing else has worked. However, before you take such drastic measures, it is important to complete the guide present on this page. If that doesn’t help, you should back up all data you don’t want to lose and then factory reset the device (only if you are okay with it).

  • You are welcome Y2U! Remember to check us first next time, if you have this kind of issue 🙂

    • You are welcome Ana. Remember if you find something suspicious in the future we are here to help you 🙂

  • Can you rephrase the part where you explain the issue you are having. Generally, if you are dealing with some sort of shady/sketchy app that has gotten onto your phone, you should be able to remove it without rooting. However, if the software is coming from Google (which would make it legit even if unwanted) and is enforced by it, most of the time rooting the phone is the only way. Also, do not that sometimes there are applications/programs that seem to be coming from Google or other reputable developers while in fact, they are fake actually coming from some unknown and sketchy developer. Anyway, I did not quite understand what your issue was, so if you could, I would like you to once more explain what the problem is.

    • Sorry, this was the page given for android removal of dnsunlocker style browser hacks by the general dnsunocker article. I did not realise this was only a general malware page.

        • I don’t know what to say. It is the regular dnsunlocker like. I have outlined much more then people do on threads discussing it. This new version now seems to be more virulent and difficult to get rid of.

          amp.reddit. com/r/techsupport/comments/3kjbh0/removing_dns_unlocker_from_an_android_phone/

          • Does it appear in your applications menu and can you uninstall it from there?

  • wow… thank you sooooooo much!! howtoremove. guide is definitely the best malware removal website for me. Bookmarked it 😉

  • Just what I needed. Worked perfectly. Removed it from my month old Android phone. Alto the pictures do not match what I see on my Samsung 8, they were explanatory enough for me to determine what to do and return to normal – and hope that ts lurking somewhere else in my OS.
    Thanks for the clear instructions.

  • Trying to remove connectivitycheck.gstatic and following some guidance on another website but my honor 7 phone would not boot into safe mode follwing their generic android instructions and there is nothing in the phones user guide to say how to boot into safe mode so this small, basic but vital piece of info on your site enabled me to complete my task. Thank you

  • You guys rock! I’m usually very paranoid and careful about what I click and download, but trying to back out of a weather app on my Android phone, I fat-fingered the ad at the bottom of the screen and all hell broke loose. Everywhere I looked for help, they wanted me to download their removal tool, and I was really NOT about to download anything in my state of paranoid panic. Then I found your page. I have a newer Android phone and couldn’t figure out to reboot in safe mood, so I followed your instruction for clearing the Chrome browser, and it worked without a single glitch. Thank you, thank you, thank you, you are doing a great service here.

  • I see my android tv box have Newstarads. com “Virus” from Chrome.
    So anyone help me remove this?
    Thanks.

  • Great job, I have been looking for this solution for a long time. Tried numerous other sites and nothing worked until your fix! Thank you!

  • Thanks – had an annoying popup that just wouldn’t go away. The screens and directions didn’t directly correspond to what you show here, but it was explanatory enough that I managed to get rid of the popup. Thanks!

  • Now I’ve never left a comment on a forum/website like this, but i need to give thanks so let’s hope this posts:

    Wow! What a beautifully-laid out site! Instructions are clear and organized, and pretty bang on! I especially like the background info given here and there! Also, although I only need Android, I think it’s really great that the site is laid out for multiple OSs. Thank you, and thank you again!

  • I’ve got a complete take over. I see that all my core apps have zero mgs. Do not exist. Video and audio upload my default browser settings are false and say gstatic. I reset the device but I see in the recovery and logs in the hard reset option that there’s a developer Block to reload their system and to load it right back. My apps permissions, packages changed. I cannot get back into one device already, my dsmdung galaxy S6 my samsung account was change and my imei number. It’s in every device my boyfriend, children’s etc. I seen in e s file explorer where the platform has been rewritten using Odin download mode and use setting and configurations. Also stars for a Mac computer. My Google app is for a computer saying Mozilla and safari. I feel the Mac is the remote computer operating Mr phone . My internet has a false reading but the cap has been changed and there is a captive portal showing false. I see apps are changed upon create from playstore. Updates addex more. My entire opersting system has been changed. We view is disabled and settings greyed out. Days I’m running a nexus ohonne. My feedbacm is blocked and intercepted. I’m being recorded on audio and vudeo. It’s in a ndw phone soon as I actuvated it and I made a new googke account. My device dhiws servuce and is not provisioned . Twuce I received notice from Verizon sayinv nyst xevucr was iacttivated. Now it hazy a. Unknown own netwirk set as xefault . A radio network and I I can’t msje irvsr receive calls . I see 4 g in my service bars . I use a Wi-Fi calling app. I sent a message and document to cheetah mobile saying all was hacked and deteted by another cm app. ???? I’m at my end point pardon the pun . It looks like a java script remote code take over.

  • Thank you for being here to help those of us in need without trying to make us download more crap! But before I follow your directions (I’ll be attempting to rid my android of clients5.google malware) I wanted to know if resetting the browser settings,data, and cache will remove my bookmarks, saved passwords, personal settings, ect?? Please let me know what exactly it “resets” (doesn’t have to be 100 percent, just mostly curious on the specifics like saved passwords) thanks again for all your help!!

    • Doing this shouldn’t affect your bookmarks or passwords. Still, if you don’t remember some of your passwords, we advise you to change them and then write them down so that you won’t lose them.

  • Hi, thank you for being here. I’ve followed your instructions and I cannot find the app in any list on my phone to uninstall. It seems to be called “Promotion”. Maybe. Is there anything else I can do to find it?

    • You have to look through your other apps. It’s likely an app that’s not on our list. Are there any recently installed apps on your device or any apps that have recently had an update?

    • Maybe there is some other app not listed in this article that is causing the problem. What apps have you installed recently on your device?

  • I am trying to get rid of (con. ZTE. Accesswizard) once I put it on safe mode. I then went to settings, then security, then device administrator, but there was not a list of apps found. Also could not find device manager under device administrator. My problem still here. I know my ZTE phone started working poorly after COM. ZTE. ACCESSWIZARD WAS INSTALLED. ANY SUGGESTIONS WILL BE APPRECIATED.

  • My accounts phones and computer have been hacked and apps changed … They used open source programming and are downloading my info .. how can I find out where my files are going .. Google is no help

  • I have tried these steps to remove gestyy redirect malware from my android tablet however it still opens chrome by itself and goes to their unwanted website.I have not installed any apps before so I have nothing to uninstall.Any advice what to do next?

    • Sometimes old apps that receive updates can start to behave oddly or to spam you with ads. If any of your older apps has recently received a big update, this app may be the cause for the issue.

  • Thank you for your help. I got the luckyguys.top malware on my Android phone. I narrowed the problem down to a mainstream app – “Golf GPS Rangefinder: Golf Pad”. The developers have been responsive yet deny that their software caused the problem. I have downloaded the app 3 times and all 3 times I’ve gotten the malware. Any thoughts on this?

    • If removing this app rids you of the malware, then it doesn’t matter what the devs tell you. They may simply not want to admit that their software may be doing something you don’t want it to. It’s also possible that they may not be aware of some issue related to their app which may be connected to the malware. Regardless, if removing this app fixes the problem, then it’s best to keep away from said app, at least for the time being.

  • I feel my phone has been completely cloned and controlled . I tried removing app from administration but it pops back on Can’t uninstall it cause it says not installed. Someone one or group has all kinds of Google apps and links under my name and emails.in my Google account . Looks like it’s me doing all these activities and data. Possibly a credit card in my name. I no longer have any kind of signal or 4g showing on top .if I try to change something in settings, it shows error and shuts itself down. I’ve done numerous factory resets, lost my Facebook account ,photos, and videos..And when I search in chrome or Google it says” not your computer, search as guest. Under download your data in dashboard ,I see all these sites,etc. With my Google account and username.im afraid of what damage is being done to my reputation and sanity. My idenity is someone else’s, and I can’t enjoy my phone at all. Please if you can help me at least tell me what to do to find out the name or names of criminals making my life
    Misserable. Thank you!

    • new malware and adware apks can root over wifi or bluetooth… They can create hotspots and lure other devices in. Then leave BEACONS – physical ? smart appliances tvs streaming boxes etc…. Get a good reliable IT PROFESSIONAL! You’re stuck in an isolated intranet through developer cloud servers… Dobt trust your search engines or appstores!

  • Great info. Thanks. I had been using Malwarebytes but it didn’t detect this crazy pacprocessor Trojan. Thank you!

  • Hello and thank you for your guide to help removing web.bwanet.ca
    I didn’t succeed… The malware is still there through Google Chrome. So I have we desactivated Chrome.
    Please, would you have another solution ?
    Could it be possible that because of the malware I can not reach anymore the content of the articles of my website ?
    I was working on my website this evening and when I had the need to have a look on my last article I noticed that I couldn’t. A black page showed up instead, and the same black screen appeared whatever article I wanted to read.
    Could it be because of that ? So it means that the malware is both on my cellphone and my computer ???
    Thanks a lot for your help.

    • Hi Mary, try uninstalling any suspicious applications in your phone from Settings > Apps, maybe a malicious app has something to do with your problem. If you think the browser on your computer is infected you can try and follow this guide here, please share your results afterwards 🙂

  • Just wanted to let you know that this worked like a charm on my Google Pixel phone. Still not sure what app I downloaded, I am normally very careful, but somebody got in there and it was a pain in the neck until I followed these instructions. Back to normal now. Thank you!

  • This thing is on my mom’s cell phone, but she doesn’t have any app that provided it. Could it have happened from a link? If yes, how do I disable it?
    Please help me, I followed the instructions but it didn’t work.

    • Hi Jhenny Lanzel,
      yes it could have happened from a ling. Sometimes sites can deliver malware. Did you you go through the whole guide? Did you miss any step ?

  • A chrome extension saying ‘homepage mintav’ is what I am unable to get rid of.
    It’s a mobile and I am also unable to see the ‘extensions’ option on Chrome. Please Help 🙁

  • My Google Chrome browser was redirected to Homepage mintav in Xiaomi redmi phone could please tell me how to remove it? Is it a malware or not ?

    • Hi Serhyi,
      Most likely the problem is in the optimizer or the so called Huawei manager (aka system app that detects Google as a virus). First update Google again (the version where the virus is detected). Then, first: Force stop the Huawei optimizer/manager and then delete the data from its application. Hope this helps.

Leave a Comment

SSL Certificate

Web Safety Checker

About Us

HowToRemove.Guide is your daily source for online security news and tutorials. We also provide comprehensive and easy-to-follow malware removal guides. Watch our videos on interesting IT related topics.

Contact Us: info@howtoremove.guide

HowToRemove.Guide © 2024. All Rights Reserved.

Exit mobile version