Defend what you create

Other Resources


My library

+ Add to library

Contact us
24/7 Tech support | Rules regarding submitting

Send a message

Your tickets


Lists of frequently asked questions

The most dangerous threats for mobile devices are those that penetrate the firmware and system areas. The main signs that malicious behaviour is occurring in the system area are as follows:

  1. The multiple appearance of the same threats in the same areas, even after the anti-virus has removed them. Threats usually reappear after a device reset.
  2. Notifications in Dr.Web Security Auditor.

! In such situations, due to the specific features of the Android OS, it's impossible to employ the standard features of ANY anti-virus to neutralise Trojans because, just like any other application, an anti-virus installed on a non-root device does not have administrative privileges: Dr.Web can detect malicious programs that get into the Android system directory, but it is not authorised to remove them.

To close firmware vulnerabilities and neutralise threats in /system, you can do the following:

  1. Disable (if possible) these applications. This will not eliminate a threat completely, but it will neutralise it until you can remove it permanently.
  2. If your device is rooted (with superuser privileges that allow you to make any type of change you want, including to the firmware), you can try to remove malicious applications with the help of special third-party utilities.

    ! In some cases, configuring root access may lead to the device manufacturer denying to provide you with warrantied maintenance.

    Make a backup of all user data; do a reset to the factory settings; and install new manufacturer-provided firmware that has had the Trojan removed from it. You may need to wait for an update, depending on how much support the manufacturer provides.

    ! If you are not provided with the firmware, your best course of action is to return the device you purchased to the seller. You should NEVER USE this device.

We also recommend that you read the Anti-virus Times issue dedicated to this topic — "A fish rots from the head down..." Please refer to the issue "Firmly rooted" to know how Trojans can find their way into firmware.


Nothing found

The Russian developer of Dr.Web anti-viruses
Doctor Web has been developing anti-virus software since 1992
Dr.Web is trusted by users around the world in 200+ countries
The company has delivered an anti-virus as a service since 2007
24/7 tech support

Dr.Web © Doctor Web
2003 — 2020

Doctor Web is the Russian developer of Dr.Web anti-virus software. Dr.Web anti-virus software has been developed since 1992.

2-12А, 3rd street Yamskogo polya, Moscow, Russia, 125124