Defend what you create

Other Resources


My library

+ Add to library

Contact us
24/7 Tech support | Rules regarding submitting

Send a message

Your tickets


Lists of frequently asked questions

Malignant applications for mobile OSs are the fastest growing malware segment. As popularity of an OS is growing among users, so does the interest in it on the part of intruders, whose main goal is to get money. The number of threats to Android increases most rapidly.

Yes, there are and their number is growing. Android.SmsSend Trojan horses that emerged as early as in 2010 are the most common threats to the OS. They are designed to send SMS messages at premium numbers and sign up subscribers to various services.

Mobile banking Trojans are designed to intercept SMS messages, steal mTAN-codes and pass them to criminals who perform various financial transactions with accounts of unsuspecting victims (for example, make online purchases) pose an extreme danger. Android.SpyEye.1 is a banking Trojan for Android OS.

Such malware as Android.MailSteal.1.origin, Android.Maxbet.1.origin, Android.Loozfon.origin and Android.EmailSpy.origin. steal e-mail addresses from devices' address books and send them to a remote server, so that attackers can carry out spam mailings.

While out of the office, employees are not protected from hackers, applications they use may have vulnerabilities, their computers and mobile devices can be infected with viruses and Trojans that steal banking and payment system access passwords and money from bank accounts.

Employees regularly connect to the company's network via their device, and thus put confidential data and money at risk—not only their personal assets but corporate too. Incidents when malware gets onto a local network from personal devices, including handhelds, account for up to 70% of intrusions.

In addition, banks often send SMS confirmations to maintain security of transactions. There are malignant programs that can modify such confirmation messages. An anti-virus guarantees that incidents when money is stolen from accounts will never be concealed.

You don't need to install anything — just visit a compromised web-site. And it won't necessarily be a site with objectionable content — from intruders' point of view, hacking news portals is much more useful. News sites are the most visited ones on the Internet. They usually do not cause any suspicion among users or system administrators from companies which do not block access to such sites. That's why news portals are a very attractive field of operation to intruders. By Spreading malware through such sites, they can cause damage to a huge number of users and companies.

Dr.Web for Android protects from viruses and other malicious programs that may steal or damage information stored on the mobile device. It prevents viruses from getting and running on a mobile device.

Note: Dr.Web for Android can only protect mobile devices and its virus databases are different from those used by the anti-virus maintaining security of desktops and laptops. To protect a computer, use corresponding products from Doctor Web.

Dr.Web anti-virus occupies about 1 MB in the device memory. Only the file monitor that keeps track of the system processes resides in the memory at all times. The monitor requires a certain amount of resources, but it has no noticeable effect on overall performance.

In the top-right corner of the main application window, click on the menu icon, and select About.

On the newly appeared page, you'll find information about the name and version of the Dr.Web solution you’re using to protect your device.

The name of your Dr.Web product can also be found in the License Manager on Doctor Web’s site.

If you inadvertently downloaded Dr.Web for Android Light instead of Dr.Web Security Space for Android, download a free 14-day trial for the full version (the trial is issued during installation) from Doctor Web’s site. You can also download the full version of Dr.Web from Google Play.

Download a free 14-day trial for the full version (the trial is issued during installation) from Doctor Web’s site.

You can also download the full version of Dr.Web from Google Play.

In the top-right corner of the main application window, click on the menu icon, and select License.

On the newly appeared page, you can find out who owns the license and when the license expires.

The validity period of your Dr.Web license can also be viewed in the License Manager on Doctor Web’s site..

The most dangerous threats for mobile devices are those that penetrate the firmware and system areas. The main signs that malicious behaviour is occurring in the system area are as follows:

  1. The multiple appearance of the same threats in the same areas, even after the anti-virus has removed them. Threats usually reappear after a device reset.
  2. Notifications in Dr.Web Security Auditor.

! In such situations, due to the specific features of the Android OS, it's impossible to employ the standard features of ANY anti-virus to neutralise Trojans because, just like any other application, an anti-virus installed on a non-root device does not have administrative privileges: Dr.Web can detect malicious programs that get into the Android system directory, but it is not authorised to remove them.

To close firmware vulnerabilities and neutralise threats in /system, you can do the following:

  1. Disable (if possible) these applications. This will not eliminate a threat completely, but it will neutralise it until you can remove it permanently.
  2. If your device is rooted (with superuser privileges that allow you to make any type of change you want, including to the firmware), you can try to remove malicious applications with the help of special third-party utilities.

    ! In some cases, configuring root access may lead to the device manufacturer denying to provide you with warrantied maintenance.

    Make a backup of all user data; do a reset to the factory settings; and install new manufacturer-provided firmware that has had the Trojan removed from it. You may need to wait for an update, depending on how much support the manufacturer provides.

    ! If you are not provided with the firmware, your best course of action is to return the device you purchased to the seller. You should NEVER USE this device.

We also recommend that you read the Anti-virus Times issue dedicated to this topic — "A fish rots from the head down..." Please refer to the issue "Firmly rooted" to know how Trojans can find their way into firmware.

Start Dr.Web for Android. In the subsequent window go to the SpIDer Guard section and check if the Monitor is enabled and protects the system message is displayed. If it is, the anti-virus protects your device. If the message is Monitor disabled, the monitor is not running. Tap the monitor indicator button.

To scan your mobile device for viruses, launch Dr.Web for Android, and tap Scanner. In the next window, specify the scan mode.

  • Quick scan. The anti-virus scans only files of installed applications. The fewer there are applications, the sooner the express scan will be completed.
  • Full scan. All files on your mobile device are scanned.
  • Custom scan. Scan only certain files or folders for viruses. To run a custom scan, select objects you want to scan and tap the Scan button.

Abort scan at any time by tapping Abort.

Launch Dr.Web for Android and select Statistics. The statistics window displays the number of processed files and information about all actions performed by the anti-virus components. It is possible to reset the statistics (Menu→Clear statistics), or save the log to a file (Menu→Save log).

Tap on the Dr.Web icon on the notification panel. In the succeeding window you will see all the available information about the threat. Tap on this message, then select the desired action: delete the file, place it into the quarantine, or ignore the warning.

Warning! It is not recommended to choose the Ignore option! If you believe that the anti-virus has made a mistake, select Quarantine and after that send the file to Doctor Web for a detailed analysis.

Dr.Web cannot remove malware if the device firmware is infected. Contact the device manufacturer’s authorised service center to get your device’s firmware replaced.

SpIDer Guard is designed to constantly protect mobile devices against viruses and other threats. It loads into the memory upon Android start-up and scans all files accessed by a user or the system in real time.


Nothing found

The Russian developer of Dr.Web anti-viruses
Doctor Web has been developing anti-virus software since 1992
Dr.Web is trusted by users around the world in 200+ countries
The company has delivered an anti-virus as a service since 2007
24/7 tech support

Dr.Web © Doctor Web
2003 — 2021

Doctor Web is the Russian developer of Dr.Web anti-virus software. Dr.Web anti-virus software has been developed since 1992.

2-12А, 3rd street Yamskogo polya, Moscow, Russia, 125124