Defend what you create

Other Resources


My library

+ Add to library

Contact us
24/7 Tech support Rules regarding submitting

Send a message

Your tickets


Lists of frequently asked questions

Start Dr.Web for Android. To suspend the file monitor, tap the green indicator next to SpIDer Guard. The system will immediately notify you that the monitor is turned off, and the mobile device may be exposed to threats. With the anti-virus disabled your mobile device becomes vulnerable. Be sure to activate Dr.Web as soon as you can.

Malignant applications for mobile OSs are the fastest growing malware segment. As popularity of an OS is growing among users, so does the interest in it on the part of intruders, whose main goal is to get money. The number of threats to Android increases most rapidly.

Yes, there are and their number is growing. Android.SmsSend Trojan horses that emerged as early as in 2010 are the most common threats to the OS. They are designed to send SMS messages at premium numbers and sign up subscribers to various services.

Mobile banking Trojans are designed to intercept SMS messages, steal mTAN-codes and pass them to criminals who perform various financial transactions with accounts of unsuspecting victims (for example, make online purchases) pose an extreme danger. Android.SpyEye.1 is a banking Trojan for Android OS.

Such malware as Android.MailSteal.1.origin, Android.Maxbet.1.origin, Android.Loozfon.origin and Android.EmailSpy.origin. steal e-mail addresses from devices' address books and send them to a remote server, so that attackers can carry out spam mailings.

While out of the office, employees are not protected from hackers, applications they use may have vulnerabilities, their computers and mobile devices can be infected with viruses and Trojans that steal banking and payment system access passwords and money from bank accounts.

Employees regularly connect to the company's network via their device, and thus put confidential data and money at risk—not only their personal assets but corporate too. Incidents when malware gets onto a local network from personal devices, including handhelds, account for up to 70% of intrusions.

In addition, banks often send SMS confirmations to maintain security of transactions. There are malignant programs that can modify such confirmation messages. An anti-virus guarantees that incidents when money is stolen from accounts will never be concealed.

You don't need to install anything — just visit a compromised web-site. And it won't necessarily be a site with objectionable content — from intruders' point of view, hacking news portals is much more useful. News sites are the most visited ones on the Internet. They usually do not cause any suspicion among users or system administrators from companies which do not block access to such sites. That's why news portals are a very attractive field of operation to intruders. By Spreading malware through such sites, they can cause damage to a huge number of users and companies.

Dr.Web for Android protects from viruses and other malicious programs that may steal or damage information stored on the mobile device. It prevents viruses from getting and running on a mobile device.

Note: Dr.Web for Android can only protect mobile devices and its virus databases are different from those used by the anti-virus maintaining security of desktops and laptops. To protect a computer, use corresponding products from Doctor Web.

Dr.Web anti-virus occupies about 1 MB in the device memory. Only the file monitor that keeps track of the system processes resides in the memory at all times. The monitor requires a certain amount of resources, but it has no noticeable effect on overall performance.

The most dangerous threats for mobile devices are those that penetrate the firmware and system areas. The main signs that malicious behaviour is occurring in the system area are as follows:

  1. The multiple appearance of the same threats in the same areas, even after the anti-virus has removed them. Threats usually reappear after a device reset.
  2. Notifications in Dr.Web Security Auditor.

! In such situations, due to the specific features of the Android OS, it's impossible to employ the standard features of ANY anti-virus to neutralise Trojans because, just like any other application, an anti-virus installed on a non-root device does not have administrative privileges: Dr.Web can detect malicious programs that get into the Android system directory, but it is not authorised to remove them.

To close firmware vulnerabilities and neutralise threats in /system, you can do the following:

  1. Disable (if possible) these applications. This will not eliminate a threat completely, but it will neutralise it until you can remove it permanently.
  2. If your device is rooted (with superuser privileges that allow you to make any type of change you want, including to the firmware), you can try to remove malicious applications with the help of special third-party utilities.

    ! In some cases, configuring root access may lead to the device manufacturer denying to provide you with warrantied maintenance.

    Make a backup of all user data; do a reset to the factory settings; and install new manufacturer-provided firmware that has had the Trojan removed from it. You may need to wait for an update, depending on how much support the manufacturer provides.

    ! If you are not provided with the firmware, your best course of action is to return the device you purchased to the seller. You should NEVER USE this device.

We also recommend that you read the Anti-virus Times issue dedicated to this topic — "A fish rots from the head down..." Please refer to the issue "Firmly rooted" to know how Trojans can find their way into firmware.

Start Dr.Web for Android. In the subsequent window go to the SpIDer Guard section and check if the Monitor is enabled and protects the system message is displayed. If it is, the anti-virus protects your device. If the message is Monitor disabled, the monitor is not running. Tap the monitor indicator button.

Launch Dr.Web for Android and select Statistics. The statistics window displays the number of processed files and information about all actions performed by the anti-virus components. It is possible to reset the statistics (Menu→Clear statistics), or save the log to a file (Menu→Save log).

Launch Dr.Web for Android and select Statistics. Tap Menu and choose Save log on SD card. The DrWeb_Log.txt file will be saved into the /Andoroid/data/com.drweb/files/ directory and a corresponding notification will be displayed. If you want to send a support request, use the web-form at To attach a file to your request, tap Browse, select the file you need and press Open. To send the request, tap the Send button.

Presently you can't update the anti-virus by copying virus databases onto a mobile device. To update the databases, use the built-in update module.

Note: an Internet connection is required for updating.

Start Dr.Web for Android and tap the Menu button on your mobile device. In the pop-up window select Settings.

Dr.Web for Android interface language corresponds to the current language of the operating system. Select English as the Android interface language and the anti-virus will switch to English automatically.

Note: to change the OS language tap Menu and point to Settings in the subsequent pop-up window. Go to Language & Keyboard, Select Language and choose the language you need in the succeeding window.

Ask your friend from the Buddies list you created when you configured Dr.Web Anti-theft to send your mobile phone an SMS message containing the text #RESETPASSWORD#.

When you receive the SMS with the command, the password reset will occur automatically. If your mobile phone is not blocked, you will see the Change password screen, where you can set a new password.

If your device was blocked, it will be unblocked.

All SMS commands for remotely controlling Dr.Web Anti-theft

Download memo (PDF)

Click on Forgot your password? on any screen that prompts you to enter your password. Read the instructions.

Open the Dr.Web account page and enter the key and email address you specified in the Forgot your password? window.

If the code is entered correctly, you will see this window.

Check your incoming messages—you will receive an email containing a confirmation code.

Enter this code in the Forgot your password? window, and click on Next.

Create a new password and remember it.

If you did not receive the email, click on the line Did not receive the email?, and you will automatically be redirected to the Doctor Web technical support page.

Since the new version 12 has a single password for the account and the Anti-theft settings, we will have to be sure that the person contacting us is indeed the owner of the device and the Dr.Web license.

In the support request:

  1. Specify the device IMEI (your device’s unique identifier; typically, this is a 15-digit number written in decimal digits).
  2. Attach to your request:
    • the corresponding receipt and a photo of the completed warranty certificate (if you have the device's box/packaging and the IMEI is readable, attach a photo of the box to your request);
    • proof of purchase of your Dr.Web license (an email from the eStore, a scanned copy of the payment document, or other). If you won your license during a Dr.Web auction—specify your Doctor Web account login. If you are using a trial version, please ignore this subitem.

Send the trusted friends on your Dr.Web Anti-theft contact list a memo containing the SMS commands used to remotely control the Anti-theft in emergency situations—that way they’ll know how to help you when needed.


In the application's main menu, select Anti-theft. In the Configuration Wizard window, enter and confirm a password. If necessary, create a friends list (a list of trusted numbers).

More detailed information about configuring the anti-theft can be found in the corresponding section of the documentation.

Then you can adjust anti-theft security parameters: set blocking conditions and the actions that the program will perform if those conditions are met. More information about this can be found here.

To activate the anti-theft, use the previously specified password.

There are three ways to choose from to unlock the device depending on the version of Dr.Web for Android you use and availability of the friends list.

  • If you are using Dr.Web for Android 7.0 and higher, use the special service at.
  • If, when configuring the anti-theft (any version), you created a list of friends, you can disable the anti-theft by sending a corresponding SMS command from a trusted number. For more information about SMS commands, please follow this link.
  • If you use Dr.Web for Android 6.0 and didn't create a list of friends, you need to send a request to Doctor Web's Technical Support Service. In your request, you will need to provide the following information:
    • Your Dr.Web serial number
    • a photo of the box, warranty card, or other document that concerns the blocked device and contains a readable IMEI.

Launch Dr.Web for Android and select Statistics. The statistics window displays the number of processed files and information about all actions performed by the anti-virus components. It is possible to reset the statistics (Menu→Clear statistics), or save the log to a file (Menu→Save log).

Dr.Web for Android doesn't block outgoing calls.

The anti-virus places suspicious and infected files into the quarantine folder. Suspicious files are quarantined to be sent to Doctor Web's virus laboratory for analysis, infected ones are isolated if curing is not possible for some reason.

There are three ways to install the anti-virus:

  1. Use HTC Sync. To install Dr.Web, you need to connect your device to your computer and sync them with HTC Sync. Use HTC Sync to run the Application Installation wizard, specify the path to the file drweb-600-android.apk and follow the wizard instructions.
  2. Manually. Copy drweb-600-android.apk (download link) to the mobile device (from a computer, with a memory card or download OTA from our web-site). To run the file you will need a file manager.
  3. Via Android Market. Go to the Android Market, find Dr.Web on the application list and select Install. In the subsequent window displaying information about the privileges required for the program, click OK, the application will be installed automatically.

Start Dr.Web for Android. Then tap the Update button - all the necessary files will be automatically downloaded and installed. For a successful update, your mobile device must have access to the Internet.

Note. You can also enable automatic daily updating. To enable daily updating, tap the Menu button, then tap Settings. In the Update section tick the Automatic check-box.

To scan your mobile device for viruses, launch Dr.Web for Android, and tap Scanner. In the next window, specify the scan mode.

  • Quick scan. The anti-virus scans only files of installed applications. The fewer there are applications, the sooner the express scan will be completed.
  • Full scan. All files on your mobile device are scanned.
  • Custom scan. Scan only certain files or folders for viruses. To run a custom scan, select objects you want to scan and tap the Scan button.

Abort scan at any time by tapping Abort.

Dr.Web for Android is available free of charge and requires no registration. To use it, just download the distribution. Read more:

Launch Dr.Web for Android and select Quarantine. Tap the file you want to restore. In the succeeding window you will see all the information about this file and malicious code contained in tt. Tap the Restore button - the file will be moved to the original folder.

Go to the Settings menu of the device, select Applications→Manage applications. In the Third-party tab tap Dr.Web for Android. In the subsequent application information window tap Remove. To permanently delete the anti-virus, tap OK in the removal confirmation dialogue.

SpIDer Guard is designed to constantly protect mobile devices against viruses and other threats. It loads into the memory upon Android start-up and scans all files accessed by a user or the system in real time.

Tap on the Dr.Web icon on the notification panel. In the succeeding window you will see all the available information about the threat. Tap on this message, then select the desired action: delete the file, place it into the quarantine, or ignore the warning.

Warning! It is not recommended to choose the Ignore option! If you believe that the anti-virus has made a mistake, select Quarantine and after that send the file to Doctor Web for a detailed analysis.

To send a suspect file, use the form on our website: To attach a file to your request, tap Browse, select the file you need and press Open. To send the request, tap the Send button.

Information about the number of virus definitions in the databases and date of the last update is contained in the anti-virus statistics.


Nothing found

The Russian developer of Dr.Web anti-viruses

Doctor Web has been developing anti-virus software since 1992

Dr.Web is trusted by users around the world in 200+ countries

The company has delivered an anti-virus as a service since 2007

24/7 tech support

© Doctor Web
2003 — 2019

Doctor Web is the Russian developer of Dr.Web anti-virus software. Dr.Web anti-virus software has been developed since 1992.

2-12А, 3rd street Yamskogo polya, Moscow, Russia, 125040