Lists of frequently asked questions

• From your mobile device: open the application menu (the button with the three dots in the top-right corner of the screen), select About, and click on My Dr.Web. Go to the Support tab — Ask a question.
• From a PC or Mac: Use the special service on Doctor Web's site. Log on to the portal and go to the Support tab — Ask a question.

Use your My Dr.Web Portal—your personal assistant and guide to services. It is particularly from here that you can contact our technical support service. The history of your requests is also available here.

1. Open the application menu (the button with the three dots in the top-right corner of the screen), select License, and then I already have a license. Next, select Recover a purchase on Google Play.
   
2. Enter the email address that you used when purchasing the license, and your personal data.

IMPORTANT! If, during the activation process, the program reports errors, please contact our technical support service. Attach to your request the exact text or a screenshot of the error, the Google Play order number (GPA -...) and the Google account address (@ gmail.com) used to make the purchase.

1. Remove Dr.Web from your device.
2. Using Google Play, install the Dr.Web application on the other device and open it.
3. Go to License and select I already have a license.
4. Click on Recover a purchase via Google Play.
5. Enter the email address you used when you registered your license and your personal information. The license registered for the specified email addresses will be activated automatically.

• If you need help buying a commercial version: on the support request page of Doctor Web's site, select I do not yet have a commercial Dr.Web license, and ask your question.
• If you need assistance solving a technical problem, support is not provided with the free version of this product. Try to find the answers to your questions in the FAQ or get advice from other users on the Dr.Web forum.

• If you contact our technical support service from the Dr.Web for Android page at Google Play, via My Dr.Web Portal or via the support form on Doctor Web's site — specify your serial number or your Google Play order number and your Gmail address, or the Google Play order number (GPA -...) and the address of the Google account (@ gmail.com) used to make the purchase. If you do not have the order number, you probably purchased your Dr.Web license from another site. In this case, you need to submit your serial number.
  IMPORTANT! You can find your serial number on My Dr.Web Portal.
• If you contact our technical support via the link in your order confirmation — click on the link found in the support request form at Google Play, select the request topic, and ask your question. We will obtain all the required information from Google Play automatically.

If you have deleted the email confirming your purchase information, you can find the order number (Transaction ID) in your Google Wallet — information on all your orders is stored there.

Only users of the shareware version of Dr.Web for Android (comprehensive security) have serial numbers, which become available to them after they pay for their license on My Dr.Web Portal. Serial numbers are displayed in the Portal’s license information section.

Open the application menu (the button with the three dots in the top-right corner of the screen), and select About. If the application name contains the word Light, you are using the free version. Also, the application menu provides access to different sets of security components; the paid version has substantially more components.

You will receive an email receipt confirming your purchase; it will be sent to your Google email address (@gmail.com). The email will contain your order number and order information, and a link for contacting Doctor Web's support service with any purchase, payment, and refund questions. If you have not received such an email, please contact Google Play's support service — Doctor Web's support service won't be able to help you until your payment has been received.

The list of your paid purchases can be found in your Google Wallet. The list of applications that have been paid for and are thus available to you can be found in the My Apps section of your Google account.

In the program window, open the application menu (the button with the three dots in the top-right corner of the screen); select License, then Enter new serial number, and enter a valid serial number. If you purchased the license via Google Play, after selecting I already have a license, select Renew the license from Google Play. To activate the license, you must have Internet access and use the same Google account you used to make the purchase.

You can find more information about all the activation methods at: https://download.geo.drweb.com/pub/drweb/android/pro/HTML/en/index.html?dw_use_license_key_file_new.htm

According to Google Play's refund policy and under the agreement made between Doctor Web and Google, you can apply for a refund no later than 48 hours after payment is made.

• If you have a payment receipt email from Google Play, open it and click on the link in the phrase "Have a question? Contact Doctor Web seller". A Google Play support request form will be loaded. On the request page, select the option "I'd like to request a refund/return the item", and send the refund request. A Doctor Web employee will process your request, and you will get a refund.
• If you lost the purchase receipt, request a refund through the support request form on Doctor Web's site or in My Dr.Web Portal. Specify the Google Play order number (GPA -...) and the Google account address (@ gmail.com) used to make the purchase.

In both cases, you will receive a refund confirmation from Google Play.

Important! The time frame for a refund solely depends on how fast your bank processes such requests. If the money is not returned to your account within 2-3 days after you receive the confirmation from Google Play, contact your bank. Doctor Web cannot influence bank policies or expedite refunds. Our refund liabilities to our users are met once the refund confirmation is received from Google Play.

Chances are the funds have been temporarily blocked by the bank that issued your credit card. Doctor Web cannot influence bank policies. The funds will be returned to your account after the period defined by the bank expires. If the money is not returned to your account within 2-3 days after you receive your confirmation from Google Play, contact your bank.

• If your license has expired, you cannot transfer it to another device. Please purchase a new license.
• If your license is still valid, use your new phone to log in at Google Play under the account that was used to purchase the license. In My Apps, select Dr.Web, and tap Install. A valid license will be recognised automatically.

In My Apps, select Dr.Web and tap Install. A valid license will be recognized automatically.

• I lost my Dr.Web license. How can I recover the license purchased through Google Play?
• If your license has expired, you will not be able to restore it. Please buy a new license.

1. If your license is still valid,-note that licenses purchased through Google Play are bound to the account under which they have been purchased.
2. Make sure that this account is set as the primary account on the device.
3. In the main Dr.Web window, select About.

• If your license has expired, you will not be able to restore it. Please purchase a new license.
• If your license is still valid, open the application menu (the button with the three dots in the top-right corner of the screen); select License, then — I already have a license, and select Recover a purchase on Google Play. To activate the license, you must have Internet access and use the same Google account you used to make the purchase.

1. Remove the application and all its data.
2. Install the application on a new device in the way that is most convenient for you, in accordance with these instructions: https://download.drweb.com/doc/
3. Activate the license on a new device: Open the application menu (the button with the three dots in the top-right corner of the screen); select License, then I already have a license, and enter your previous license number. If you purchased the license via Google Play, after selecting I already have a license, select Renew the license from Google Play. This license is bound to the Google account that was used to make the purchase.

IMPORTANT! The same steps should be taken to transfer a license from one device to another: users need not take any action to "unbind" the license from their previous device — they only have to remove the application.

Malignant applications for mobile OSs are the fastest growing malware segment. As popularity of an OS is growing among users, so does the interest in it on the part of intruders, whose main goal is to get money. The number of threats to Android increases most rapidly.

Yes, there are and their number is growing. Android.SmsSend Trojan horses that emerged as early as in 2010 are the most common threats to the OS. They are designed to send SMS messages at premium numbers and sign up subscribers to various services.

Mobile banking Trojans are designed to intercept SMS messages, steal mTAN-codes and pass them to criminals who perform various financial transactions with accounts of unsuspecting victims (for example, make online purchases) pose an extreme danger. Android.SpyEye.1 is a banking Trojan for Android OS.

Such malware as Android.MailSteal.1.origin, Android.Maxbet.1.origin, Android.Loozfon.origin and Android.EmailSpy.origin. steal e-mail addresses from devices' address books and send them to a remote server, so that attackers can carry out spam mailings.

While out of the office, employees are not protected from hackers, applications they use may have vulnerabilities, their computers and mobile devices can be infected with viruses and Trojans that steal banking and payment system access passwords and money from bank accounts.

Employees regularly connect to the company's network via their device, and thus put confidential data and money at risk—not only their personal assets but corporate too. Incidents when malware gets onto a local network from personal devices, including handhelds, account for up to 70% of intrusions.

In addition, banks often send SMS confirmations to maintain security of transactions. There are malignant programs that can modify such confirmation messages. An anti-virus guarantees that incidents when money is stolen from accounts will never be concealed.

You don't need to install anything — just visit a compromised web-site. And it won't necessarily be a site with objectionable content — from intruders' point of view, hacking news portals is much more useful. News sites are the most visited ones on the Internet. They usually do not cause any suspicion among users or system administrators from companies which do not block access to such sites. That's why news portals are a very attractive field of operation to intruders. By Spreading malware through such sites, they can cause damage to a huge number of users and companies.

Dr.Web for Android protects from viruses and other malicious programs that may steal or damage information stored on the mobile device. It prevents viruses from getting and running on a mobile device.

Note: Dr.Web for Android can only protect mobile devices and its virus databases are different from those used by the anti-virus maintaining security of desktops and laptops. To protect a computer, use corresponding products from Doctor Web.

Dr.Web anti-virus occupies about 1 MB in the device memory. Only the file monitor that keeps track of the system processes resides in the memory at all times. The monitor requires a certain amount of resources, but it has no noticeable effect on overall performance.

The name of your Dr.Web product can also be found in the License Manager on Doctor Web’s site.

If you inadvertently downloaded Dr.Web for Android Light instead of Dr.Web Security Space for Android, download a free 14-day trial for the full version (the trial is issued during installation) from Doctor Web’s site. You can also download the full version of Dr.Web from Google Play.

Download a free 14-day trial for the full version (the trial is issued during installation) from Doctor Web’s site.

You can also download the full version of Dr.Web from Google Play.

The validity period of your Dr.Web license can also be viewed in the License Manager on Doctor Web’s site..

The main signs that malicious behaviour is occurring in the system area are as follows:

1. The multiple appearance of the same threats in the same areas, even after the anti-virus has removed them. Threats usually reappear after a device reset.
2. Notifications in Dr.Web Security Auditor.

Due to the specific features of the Android OS, it's impossible to employ the standard features of ANY anti-virus to neutralise trojans in the system memory because, just like any other application, an anti-virus installed on a non-root device does not have administrative privileges: Dr.Web can detect malicious programs that get into the Android system directory, but it is not authorised to remove them. In addition, the quarantine option is not available for them (or for any other installed application).

To close firmware vulnerabilities and neutralise threats in /system, you can stop or disable some system applications. This will not eliminate a threat completely, but it will neutralise it until you can remove it permanently.

To stop an application: in the list of installed applications on the screen Settings → Applications, select the application that has been determined to be a threat and then on the screen containing the information about it, click on the Stop button.

This action will need to be repeated every time you restart the device.

Disable the application via the device settings: in the list of installed applications on the screen Settings→ Applications, select the application that has been determined to be a threat and then on the screen containing the information about it, click on the Disable button.

If your device is rooted (with superuser privileges that allow you to make any type of change you want, including to the firmware) and an application can be removed without disrupting device operation or cured, you will see the corresponding option in the anti-virus's interface.

With root access enabled, you can also try to remove malicious applications with the help of special third-party utilities.

In some cases, configuring root access may lead to the device manufacturer denying to provide you with warrantied maintenance.

If your device has custom firmware, you can restore the device manufacturer’s official software on your own or contact the service center. If you are using the device manufacturer’s official software, try to contact the manufacturer to get more information about this application.

If the manufacturer recommended that you update the firmware, before doing this, make a backup of all your user data and then do a reset to the factory settings.

To disable information about threats in system applications that cannot be removed without disrupting device operation, tick the System Applications box in the Settings section → General settings → Additional options.

We also recommend that you read the Anti-virus Times issue dedicated to this topic — System business. Please refer to the issue Firmly rooted to know how trojans can find their way into firmware.

Start Dr.Web for Android. In the subsequent window go to the SpIDer Guard section and check if the Monitor is enabled and protects the system message is displayed. If it is, the anti-virus protects your device. If the message is Monitor disabled, the monitor is not running. Tap the monitor indicator button.

To scan your mobile device for viruses, launch Dr.Web for Android, and tap Scanner. In the next window, specify the scan mode.

• Quick scan. The anti-virus scans only files of installed applications. The fewer there are applications, the sooner the express scan will be completed.
• Full scan. All files on your mobile device are scanned.
• Custom scan. Scan only certain files or folders for viruses. To run a custom scan, select objects you want to scan and tap the Scan button.

Abort scan at any time by tapping Abort.

Launch Dr.Web for Android and select Statistics. The statistics window displays the number of processed files and information about all actions performed by the anti-virus components. It is possible to reset the statistics (Menu→Clear statistics), or save the log to a file (Menu→Save log).

Tap on the Dr.Web icon on the notification panel. In the succeeding window you will see all the available information about the threat. Tap on this message, then select the desired action: delete the file, place it into the quarantine, or ignore the warning.

Warning! It is not recommended to choose the Ignore option! If you believe that the anti-virus has made a mistake, select Quarantine and after that send the file to Doctor Web for a detailed analysis.

Dr.Web cannot remove malware if the device firmware is infected. Contact the device manufacturer’s authorised service center to get your device’s firmware replaced.

SpIDer Guard is designed to constantly protect mobile devices against viruses and other threats. It loads into the memory upon Android start-up and scans all files accessed by a user or the system in real time.

1. Select Settings — Security — Device Admin Apps or Device Admins — For Dr.Web Security Space, toggle the switch to the Off position (or clear the box) — enter your Dr.Web account password and click on the Deactivate device admin button.

   If you have forgotten your Dr.Web account password, you can reset it:

   • click on the Forgot your password? button;
   • click on the Via email button;
   • go to https://acs.drweb.com and enter the 20-bit character code specified on the device screen,
   and your email address;
   • you will receive an email containing a verification code consisting of a series of digits;
   • in the Verification code field, enter the code you received;
   • click on Continue;
   • create a new password and enter it in the fields for entering a password; click on the Save button;
   • use the new password to deactivate the device administrator.

2. Remove Dr.Web the way you would an ordinary application: open the Applications menu and move the Dr.Web icon to the Trash. Confirm that you want to remove the application.

There are three ways to install the anti-virus:

1. Use HTC Sync. To install Dr.Web, you need to connect your device to your computer and sync them with HTC Sync. Use HTC Sync to run the Application Installation wizard, specify the path to the file drweb-600-android.apk and follow the wizard instructions.
2. Manually. Copy drweb-600-android.apk (download link) to the mobile device (from a computer, with a memory card or download OTA from our web-site). To run the file you will need a file manager.
3. Via Android Market. Go to the Android Market, find Dr.Web on the application list and select Install. In the subsequent window displaying information about the privileges required for the program, click OK, the application will be installed automatically.

Open the Dr.Web application; click on Menu → License → Enter a new serial number. Enter your serial number and click on Activate.

No additional actions, including reinstallation, are required. This same method can be used to activate a serial number for a purchase/renewal of Dr.Web Security Space that comes with a free mobile version.

Activation via a key file only works for an application that has been downloaded directly from Doctor Web's site (this method is not suitable for an application installed via Play Market!).

1. Copy the key file to any folder in the device's memory or to its memory card.

   You can extract the archive's contents and copy just the file with the *.key extension or transfer the entire ZIP archive to your device;

2. Click on Menu , select the License section, and then select I already have a license and the Use a key file option;
3. Open the folder that the key file or ZIP archive was saved to and select it.

The key file will be installed in the system, and a message notifying you about this will appear on the screen.

Select Menu → License → I already have a license:

Then click on Recover purchase from Google Play.

Enter the email address you used when purchasing this license, and your personal data

Start Dr.Web for Android. The list of application components opens — the icons that are enabled will be highlighted in green and accompanied by the text enabled. Select each item you want to disable — the disable button is at the top.

With the anti-virus disabled, your mobile device becomes vulnerable. Be sure to reactivate Dr.Web as soon as you can.

You can use whichever standard method is convenient for you to uninstall the application, either by going to Settings → Applications on your device or by clicking on the anti-virus icon in the context menu.

All the available ways to uninstall the application are listed in the documentation.

After its initial launch, Dr.Web establishes a network connection with the server from which it is receiving a license. Depending on the quality of the Internet connection and the performance of your device, this process may take about one minute. Just connect your device to the Internet and wait until the message saying that your license was not found disappears.

Update your browser and try to download the file again, or rename the file, replacing the zip extension with the apk extension.

Start the registration procedure from the beginning.

Follow the recommendations from this article.

You installed the Dr.Web Security Space version for Android that is not designed to work on a subscription basis — Dr.Web Mobile Life. Remove the product and install the appropriate version.

• If you need a license to protect only your mobile: select licenses here.
• If you need a license to protect your PC or Mac and your handheld: select licenses here.

Open the Dr.Web for Android application, and tap Menu (the three dots in the upper-right corner of the screen) → License → Renew license via Google Play. Open the link and pay for the license. When an attempt is made to renew a license that was not purchased on Google Play, the application will display an error message and another renewal method can then be selected.

• You don’t have your serial number, but you do have your registration email: :

  You can restore your serial number using the web form at https://support.drweb.ru/restore.

• You don’t have the email address you used to register your Dr.Web license, but you do have your serial number:

  If you know your previous email address, you can replace it with your new one using the web form at https://products.drweb.ru/register/change_email/.

• No serial number, no email access:

  Please contact our technical support service at https://support.drweb.com/support. You will need to attach copies of the following documents to your request.

By default, virus database updates are downloaded automatically in the background. To update the databases manually, on the main application screen, tap “Menu” (the three dots in the upper-right corner of the screen), and select Virus databases and then Update.

Presently you can't update the anti-virus by copying virus databases onto a mobile device. To update the databases, use the built-in update module.

Note: an Internet connection is required for updating.

Information about the number of virus definitions in the databases and date of the last update is contained in the anti-virus statistics.

1. On the main application screen, tap “Menu” (the three dots in the upper-right corner of the screen), and select Settings and then the section Virus database update;
2. Select the Update over Wi-Fi checkbox, and by default, mobile networks will not be used to download updates. If no Wi-Fi networks are available, you will be prompted to use the mobile Internet.

Your device doesn’t have enough free space or your network connection is not stable. Remove unneeded applications from your device to free up space.

Most likely, you are using the mobile Internet and, at the moment, the quality of the network connection is low.

Start Dr.Web for Android and tap the Menu button on your mobile device. In the pop-up window select Settings.

Dr.Web for Android interface language corresponds to the current language of the operating system. Select English as the Android interface language and the anti-virus will switch to English automatically.

Note: to change the OS language tap Menu and point to Settings in the subsequent pop-up window. Go to Language & Keyboard, Select Language and choose the language you need in the succeeding window.

For version 11.5:

1. Click on the Doctor Web icon in the system tray (in the bottom right of the screen).
2. Click on the padlock icon (Administrative mode), and allow the application to be launched.
3. Click on the gear icon (Settings) and then on Change, and select Reset settings. Click on OK to confirm the reset.
4. After the reset, the interface language will change to Russian, so you will need to change it back to English. To return to the English language interface, select Main→ Advanced. In the Language list, select Russian, click on English, and close the window.

For version 12:

1. Click the Doctor Web icon in the system tray (in the bottom right of the screen).
2. Select the Control Center, click on the padlock icon (Administrative mode), and allow the application to be launched.
3. Click on the gear icon (Settings), and in the Manage settings section, click on Change and then on Restore defaults. Click on OK to confirm the reset.

It is impossible to launch received updates without a system restart, so don't disable such notifications, and it's impossible to do this via the anti-virus interface.

If a system restart does not make such notifications go away, it may be due to certain features of your operating system. In this case, you should submit a written request to our technical support service and follow the instructions received from our support engineers.

For version 11.5:

1. Click on the Doctor Web icon in the system tray (in the bottom right of the screen).
2. Click on the padlock icon (Administrative mode), and allow the application to be launched.
3. Click on the gear icon (Settings) and then on Main → Notifications → Notification parameters. Select the type of notification you need (Threat detected, Critical, Major, Minor) as well as the notification method (email, screen).

It is strongly recommended that you do not disable notifications for these levels: Threat detected, Critical, Major.

For version 12

1. Click on the Doctor Web icon in the system tray (in the bottom right of the screen).
2. Select the Control Center, click on the padlock icon (Administrative mode), and allow the application to be launched.
3. Click the gear icon (Settings) and then on Main → Notifications → Notification parameters. Select the type of notification you need (Threat detected, Critical, Major, Minor) as well as the notification method (email, screen).

It is strongly recommended that you do not disable notifications for these levels: Threat detected, Critical, Major.

Dr.Web Security Space for Android version 12 has a new feature that lets you password-protect your Dr.Web account and the configuration of Anti-theft and Parental Control. Setting a password for your Dr.Web account ensures that outsiders can’t tamper with important anti-virus and system settings.

If you’re a Dr.Web user, when you upgrade to version 12, an account will automatically be created for you provided you enabled the Anti-theft component before the upgrade.

If you’ve downloaded Dr.Web version 12 for the first time, create an account so that you can set a password for accessing Dr.Web’s settings.

You will see confirmation that you have created an account. Click on Continue.

This same password will work both to protect the settings of certain Dr.Web components and to permit access to other applications installed on the device if the Parental Control blocks access to them.

The service is available at https://acs.drweb.com.

• In the appropriate fields, enter the code displayed on the screen of your locked device and the email address you used to register Dr.Web Anti-theft on www.drweb.com.

  

• Press the Get password button. A special code that you can use to unlock the device and disable Dr.Web Anti-theft will be sent to the email address you specified.

  Enter the code you receive in the Enter password field on the screen of your locked device. The device will be unlocked and Dr.Web Anti-theft will be disabled. To resume using Dr.Web Anti-theft, you need to enable and configure it again.

Ask your friend from the Buddies list you created when you configured Dr.Web Anti-theft to send your mobile phone an SMS message containing the text #RESETPASSWORD#.

When you receive the SMS with the command, the password reset will occur automatically. If your mobile phone is not blocked, you will see the Change password screen, where you can set a new password.

If your device was blocked, it will be unblocked.

All SMS commands for remotely controlling Dr.Web Anti-theft

Download memo (PDF)

Click on Forgot your password? on any screen that prompts you to enter your password. Read the instructions.

Open the Dr.Web account page https://acs.drweb.com and enter the key and email address you specified in the Forgot your password? window.

If the code is entered correctly, you will see this window.

Check your incoming messages—you will receive an email containing a confirmation code.

Enter this code in the Forgot your password? window, and click on Next.

Create a new password and remember it.

If you did not receive the email, click on the line Did not receive the email?, and you will automatically be redirected to the Doctor Web technical support page.

If you failed to unlock the Anti-theft via the anti-theft unlock service or using SMS commands, submit a written request to the technical support service.

Due to the features of anti-theft, which task is to prevent unauthorised access of other persons to the device management, the unlock service is provided only to device owners. When requesting, you will need to verify that you are the owner of the device.

In the support request:

1. Specify the device IMEI (the unique identifier for your device; typically, this is 15-digit number written in decimal digits. To see it, type in the phone * # 06 #).

2. Attach to your request:

   • the corresponding receipt and a photo of the filled out warranty certificate (if you have your device's box/packaging and it features a readable IMEI, attach a photo of the box to your request);
   • proof of purchase of your Dr.Web license (an email from the eStore, a scanned copy of the payment document, or other). If you won your license during a Dr.Web auction—specify your Doctor Web account login. If you are using a trial version, please ignore this subitem.
   • a screenshot of the lock screen (specifying the email address or Google account that has been used to register the anti-theft) displaying the code while tapping "Forgot your password?"

If you no longer have access to the email you used to register your account, you will need to remove your old account and create a new one.

When an account is deleted, the Anti-theft and Parental Control settings will reset—you will need to reconfigure them.

Dr.Web for Android Parental Control will protect applications from unauthorised access and anti-virus settings from tampering by outsiders or children. But first Dr.Web Parental Control must be enabled.

Dr.Web Security Space for Android can protect against both the downloading of new applications and the use of applications that have already been downloaded.

To prevent other users—your children, another family member, or outsiders—from downloading programs or using programs that have already been downloaded but have been determined by you to be harmful for them, use the special Parental Control feature to block those options.

Dr.Web doesn’t block the launch of an application. It only blocks the user from accessing the application window.

The URL filter in Dr.Web Security Space for Android 12 is disabled by default. We recommend that you configure it right after you install Dr.Web and that you password-protect access to it using Dr.Web Parental Control—this will prevent those close to you from visiting malicious and fraudulent websites.

In addition, you can configure website blacklists and whitelists or block access according to thematic groups of sites.

Only then will you be able to keep your children (or anyone else who has access to your device) from disabling the blocking options in the URL filter and visiting webpages you deem to be undesirable; they will be protected from fraudsters’ attempts to lure them to dangerous sites.

To prevent anybody from tampering with the settings you established for the URL filter.

Learn more about the URL filter settings from our video tutorial.

Open Dr.Web Security Space and click on the URL filter.

Click on the "Black and white lists" button.

Then, click on "White list".

Click on the "+" button.

Enter the site address to which you want to allow access and click on "Add URL".

This site will not be blocked by the URL filter provided that its address is not contained in the thematic group "Known infection sources".

Dr.Web Ant-theft performs three principle tasks. It:

1. Helps honest people return your smart phone or tablet to you if you ever lose it.
2. Prevents your data from being stolen if a thief gets hold of your device.
3. Helps you find your device on your own.

The service is available at https://acs.drweb.com.

• In the appropriate fields, enter the code displayed on the screen of your locked device and the email address you used to register Dr.Web Anti-theft on www.drweb.com.

  

• Press the Get password button. A special code that you can use to unlock the device and disable Dr.Web Anti-theft will be sent to the email address you specified.

  Enter the code you receive in the Enter password field on the screen of your locked device. The device will be unlocked and Dr.Web Anti-theft will be disabled. To resume using Dr.Web Anti-theft, you need to enable and configure it again.

Send the trusted friends on your Dr.Web Anti-theft contact list a memo containing the SMS commands used to remotely control the Anti-theft in emergency situations—that way they’ll know how to help you when needed.

Download

Your device must be running Android 4.0 or a later version; and for the Anti-theft to work properly, it must also have a SIM card.

The Anti-theft uses Dr.Web account information—a password is required to unlock the device. If a password hasn't been specified (or if a Dr.Web account hasn't been created), the feature won't work.

Meanwhile, if the Anti-theft is enabled, some Dr.Web and device settings become password-protected automatically—some key parameters (such as the device administrator list, Dr.Web Account, etc.) can't be changed without entering the password.

The only Dr.Web component that interferes with the Anti-theft's operation directly is the Parental Control. Both components use the same password, and if Parental Control is enabled, the fingerprint reader (if available on the device) can't be used to unlock a device that has been locked with the Anti-theft. The password will need to be entered.

If Parental Control is disabled, the fingerprint reader can be used to unlock the Anti-theft.

In the application's main menu, select Anti-theft. In the Configuration Wizard window, enter and confirm a password. If necessary, create a friends list (a list of trusted numbers).

More detailed information about configuring the anti-theft can be found in the corresponding section of the documentation.

Then you can adjust anti-theft security parameters: set blocking conditions and the actions that the program will perform if those conditions are met. More information about this can be found here.

To activate the anti-theft, use the previously specified password.

No, a password is required. Efficient blocking can only be accomplished by setting a strong password or enabling the fingerprint reader (if this feature is available on your device).

Trusted SIM cards — this is the list of SIM cards you use on your device. By default, if Dr.Web Anti-theft detects a SIM card that is not on its trusted list, it will block access to the device. In this case, if your device gets stolen and your SIM card is replaced, no one will be able to use the device. If one trusted SIM card gets replaced with another one on the list, the Anti-theft won't lock your device.

The card is identified by its unique ICCID identification number (this is the SIM card number in international format). You can see it on your SIM card or on the card on which it was delivered. You can also find out the SIM ID using special programs available on Google Play.

Each SIM card's ID is unique—unlike a phone number, which can be changed. There is no universal way to find out the ID that corresponds to a cardholder's phone number.

You can edit the trusted list at any moment by entering a name for each SIM card on the list.

To add a SIM card onto the trusted list, do the following:

1. Once you’ve inserted the SIM card you want to add onto the trusted list, the smart phone will be locked. Enter the Anti-theft password to unlock it.
2. A notification prompting you to add the new SIM card onto the list will appear in the top menu. Tap on the notification.
3. Select Confirm to add the SIM card onto the trusted list.
4. Enter the Anti-theft password for confirmation.

You can edit the trusted list whenever you like by entering a name for each SIM card or deleting a SIM card from the trusted list.

You can find out more about the Anti-theft and SIM cards here.

Once all the Dr.Web components are downloaded, the Anti-theft verifies whether the inserted SIM cards are on its trusted list. If they are not, the device is locked until a password is entered.

After you've entered the password and unlocked your device, you will be able to use a notification dialogue to add a new SIM card onto the trusted list.

Upon the Anti-theft’s initial launch, the SIM card currently in use on a device is regarded as trusted by default. This may come in handy if you’ve installed Dr.Web for Android but haven’t been using the Anti-theft and now want to enhance your device's security.

Important! If your device is running Android 5.1 or later and two SIM cards are installed on it, both SIM cards will be added onto the trusted list automatically when the Anti-theft is run for the first time. For earlier Android versions, only the active SIM card appears on the list automatically. The second one must be added onto the list manually.

1. Try to recall the password by picking several of the most likely possibilities. Take note of each attempt you make, and don't try more than 5-7 times. You only get 10 attempts to restore your password.
2. Contact some of your friends whose numbers are on your "buddies" list, and ask them to send the SMS command #RESETPASSWORD# to your number. Once the password is reset, enter a new one, and make sure that you will remember it.
3. If you are unable to contact any of your friends or your Anti-theft buddies list is empty, use the password-recovery service on Doctor Web's site.
4. If you can't recover the password on your own, contact Doctor Web's technical support service. You will need to provide our support engineers with your license's serial number as well as documentation confirming that the locked device really belongs to you.

There are three ways to choose from to unlock the device depending on the version of Dr.Web for Android you use and availability of the friends list.

• If you are using Dr.Web for Android 7.0 and higher, use the special service at.
• If, when configuring the anti-theft (any version), you created a list of friends, you can disable the anti-theft by sending a corresponding SMS command from a trusted number. For more information about SMS commands, please follow this link.
• If you use Dr.Web for Android 6.0 and didn't create a list of friends, you need to send a request to Doctor Web's Technical Support Service. In your request, you will need to provide the following information:
  • Your Dr.Web serial number
  • a photo of the box, warranty card, or other document that concerns the blocked device and contains a readable IMEI.

The password dialogue is temporarily locked, and there is no way to unlock the device during this period.

To make sure that your information never gets stolen, you can configure the Anti-theft to wipe all of your user data from the device after the tenth failed attempt and reset the device to its default settings.

Dr.Web Anti-theft is not equipped with a kill switch that would render the device non-operational. It can only wipe all the user information (after receiving the corresponding SMS command, or automatically, after 10 failed password-entry attempts if the Remove data option was on). At the same time, if Dr.Web does not have administrator rights on the device, it will not be able to reset all the settings and delete the installed applications, so the smartphone will remain locked. But, overall the device will remain operational.

You can add numbers from your phone book and call and SMS history or enter them manually.

You can find out more about how numbers can be added onto the buddies list here.

Some Anti-theft features are only available if an active SIM card is being used on the device. Those features include the buddies list, location services, and remote SMS commands. All other key Anti-theft features—locking the device, wiping user data after ten failed password-entry attempts (if that option had been enabled), showing a message on the lock screen—will be available.

More information about the "no SIM card" mode can be found in the documentation.

Yes. In this case, the anti-virus security is managed by the Dr.Web Server administrator who oversees the security of their company’s entire information infrastructure, including employee handhelds.

To learn how you can get your personal Dr.Web-protected device connected to your company's anti-virus protection system, read here.

1. Start the Dr.Web anti-virus.
2. On the main screen, select Anti-theft.
3. Enter your Dr.Web account password.
4. In the Anti-theft window, in the top-right corner of the screen, disable the component.
5. In the newly opened window, click on OK.
6. In the device settings, select Applications or Application Manager.
7. In the list of installed applications, select Dr.Web and click on Remove.

Start the Dr.Web Anti-virus application, and click on Anti-theft — Forgot password. At the bottom of the application screen, you’ll see the list of contacts who can help you change your Anti-theft password. Ask any person whose phone number appears on this list to send you an SMS message with the text #RESETPASSWORD#. Create a new password.

Launch Dr.Web for Android and select Statistics. The statistics window displays the number of processed files and information about all actions performed by the anti-virus components. It is possible to reset the statistics (Menu→Clear statistics), or save the log to a file (Menu→Save log).

Launch Dr.Web for Android and select Statistics. Tap Menu and choose Save log on SD card. The DrWeb_Log.txt file will be saved into the /Andoroid/data/com.drweb/files/ directory and a corresponding notification will be displayed. If you want to send a support request, use the web-form at https://support.drweb.com/support_wizard/. To attach a file to your request, tap Browse, select the file you need and press Open. To send the request, tap the Send button.

To avoid downloading a huge amount of data via the mobile Internet, temporarily disable it for an application. To do this:

• run Dr.Web;
• open the Firewall component;
• click on the “Applications” tab;
• select the application you need;
• in the “Access to data transfer” section, click on "Mobile Internet" so that it becomes inactive.

When you need to download a major update, for example, via free or home Wi-Fi, you can use this same method to allow the application to use mobile traffic to connect to the Internet.

To view applications whose network access parameters were specified in the Firewall:

• run Dr.Web;
• open the Firewall component;
• click on the “Applications” tab;
• take note of the applications marked with the red gear icon.

If present, this icon indicates that the application settings in the Firewall were changed or that an active rule was set for it.

The floating window containing traffic-usage information is disabled by default because it takes up screen space, which may not always be convenient when working with a mobile device. When no acute need to control traffic exists, the window can be disabled, but when the amount of traffic and where it is coming from is important to know, it is better to have this data on view.

To enable the display of the floating window:

• run Dr.Web;
• open the Firewall component;
• click on the “Limit” tab;
• select "Current traffic information";
• place the floating window on the screen so that it does not bother you while you are working with your mobile device.

Immediately after this option is selected, the floating traffic-information window will appear; in the future, it will appear on top of other windows.

For user convenience, network traffic-usage information is displayed in two ways.

To obtain full information on application network activity while the Firewall is in operation:

• run Dr.Web;
• open the Firewall component;
• click on the "Applications" tab.

To view data pertaining to an application you are interested in, select the application from the list—the settings window, containing complete information, will open.

The user can also control this information via the floating window—we've described how to enable it here.

If you need to prevent an application from accessing a website, you can do this on the Dr.Web Firewall’s "Traffic" tab:

• run Dr.Web;
• open the Firewall component;
• click on the "Traffic" tab;
• select the application you want to prevent from accessing the website;
• from the drop-down list containing connections used by applications, select the connection that needs to be blocked;
• you will see a pop-up menu that lets you add an “allow” or “block” rule. Select "Add blocking rule".

The firewall will now automatically block access to this resource.

If you want to restore access to a previously blocked resource, you can do this by removing the corresponding blocking rule.

You can also explicitly specify an address that you don’t want any programs connecting to. To do this:

• run Dr.Web;
• open the Firewall component;
• click on the "Applications" tab;
• select the program you want to keep from accessing the website;
• in the newly appeared window, in the "Rules for IP addresses and ports" section, select "Block connections from list";
• click on "Add rule", and in the "New rule" window, specify the server address and the connection port you need to block access to;
• click OK to finish creating the rule.

The firewall can restrict the use of mobile traffic and, if necessary, block an application's access to the Internet via a selected connection type: Wi-Fi, mobile Internet, and in roaming.

With this option, you’ll find it very convenient to receive notifications informing you that you are reaching your limit. To enable these notifications, select the “Notifications” checkbox in the “Limit” tab.

Since limited Internet plans are usually offered for a specific amount over a specific period (for example, 100 MB per 24 hours or 5 GB per month), the traffic limitation option can be configured to prevent users from suddenly and significantly exceeding their usage limits.

With this option, you’ll find it very convenient to receive notifications informing you that you are reaching your limit. To enable these notifications, select the “Notifications” checkbox in the “Limit” tab.

Two of the tools incorporated into the Firewall can be used to view current network activity.

The first one is the floating window, which, in minimised format, displays the total amount of traffic used and, in expanded format, displays the list of applications currently using an Internet connection.

If the floating window is disabled, do the following to get the latest network activity information:

• run Dr.Web;
• open the Firewall component;
• click on the Firewall's "Traffic" tab.

Here, the user can find information about the applications and services currently using an Internet connection and the amount of traffic they are using.

If, for some reason, you have to completely block an application’s access to the Internet, the best solution will be to prevent the application from being able to transfer data.

To create a rule that restricts or allows an application to engage in any kind of network activity, do the following:

• run Dr.Web;
• open the Firewall component;
• click on the "Applications" tab,
• select the program for which you want to create the rule;
• in the newly appeared window, go to the "Rules for IP addresses and ports";
• create an “allow” or “block” rule, as described below.

For each application that uses Internet access, the Firewall collects statistics related to incoming and outgoing traffic.

Here, users can find complete traffic information (incoming and outgoing) for the application and a network-usage diagram. Users can see how much data the application received during a defined period.

If you need to delete an existing rule:

All Firewall actions are logged and recorded in the Firewall Log. The report contains the following information about applications and actions involving them:

1. Application name.
2. IP address, port, and protocol via which the data was exchanged.
3. Date and time of connection (for TCP) or time taken to receive data packets with the corresponding amount of traffic (for UDP). For example: 21/11/2017 22:19:39 — 21/11/2017 22:19:42.
4. Local address and local port. For example: src: 192.168.0.102:55512.
5. Incoming and outgoing traffic (bytes) or the number of blocked packets. For example: in:124 out:79 or blocked packets:1.
6. The identifier of the application on the device associated with this traffic (User ID). For example: uid=10011.
7. Number of network congestion incidents (for TCP only). For example: traffic jam=0. Traffic congestion is a special situation when a client program fails to offload a TCP buffer, and that can be the cause of data transfer slowdowns over the network.

After this, the Firewall starts operating. By default, all network activity is allowed except the use of the Internet in roaming. To manage traffic at your own discretion, you will need to configure the Firewall.

Since monitoring and recording all network application activity is one of the main tasks of the Firewall, the Application Log stores all the information about application-specific network activity:

1. Time an event occurred
2. Resource name
3. Resource IP address
4. Protocol via which the connection was established
5. Connection status
6. Amount of incoming traffic
7. Amount of outgoing traffic

To access the Application log, do the following:

• run Dr.Web;
• open the Firewall;
• click on the "Applications" tab;
• select the application you need, and in the newly appeared window, click on the icon that looks like a vertical ellipsis. Select "Application Log".

The Call and SMS Filter protects against phishers and vishers. But fraudsters can ask children to disable the restrictions their parents have established in this component.

Dr.Web Parental Control will reliably protect your children provided you ensure that they cannot tamper with the Call and SMS Filter settings.

Learn more about the Call and SMS Filter settings from our video tutorial.

Dr.Web for Android doesn't block outgoing calls.

The anti-virus places suspicious and infected files into the quarantine folder. Suspicious files are quarantined to be sent to Doctor Web's virus laboratory for analysis, infected ones are isolated if curing is not possible for some reason.

To send a suspect file, use the form on our website: https://vms.drweb.com/sendvirus/. To attach a file to your request, tap Browse, select the file you need and press Open. To send the request, tap the Send button.

Launch Dr.Web for Android and select Quarantine. Tap the file you want to restore. In the succeeding window you will see all the information about this file and malicious code contained in tt. Tap the Restore button - the file will be moved to the original folder.

This error can occur due to server overload. Please visit this page later. Or send a written unlock request to our technical support service. Please attach and specify the following data and documents.

Possible reasons:

• problems with the Internet connection;
• no settings were specified for the proxy server, if one is used.

Solution:

• connect to the network in another way (via another Wi-Fi point, via a mobile operator). Or submit your request to our technical support service.