Remove Pop-up Ads, Redirects, or Virus from Android Phone (Help Guide)

The number of Android apps infected with malware in Google’s Play store nearly quadrupled between 2012 and 2014. Make no mistake about it, there is such a thing as Android malware, cyber criminals create malware-spreading apps in devious attempts to steal personal details and advertisers use it as a marketing channel by bundling pushy ads with apps. In the first case, the users’ mobile security is clearly compromised. In the second one, the ad-app bundle is seldom mentioned, so users who download it unknowingly face a mobile privacy threat.

[Image: Android pop-up virus]

Can my Android phone get a “virus”?

So what about malware? Should we be worried? The key thing to remember about malware on Android is that you have to actually install the malicious app. Malware writers will use increasingly clever techniques to try and trick you into doing just that.
As malware writers try to earn money for their bad deeds, they continually look for new ways to get their malicious software installed on your devices. The best recommendation is still to think twice before installing untrusted software or clicking on strange-looking links.

Apps designed to personalize people’s Android-based phones are most susceptible to be compromised, as well as entertainment and gaming apps. Some of the most malicious apps in the Google Play store downloaded since 2012 were Wallpaper Dragon Ball, a wallpaper app, and the games Finger Hockey and Subway Surfers Free Tips.
Both Wallpaper Dragon Ball and Finger Hockey, have malware that steals confidential information such as device IDs from infected devices. Subway Surfers Free Tips, meanwhile, uses a Trojan called Air Push to bypass a device’s security settings and subscribe infected phones to premium services

When downloading apps it’s imperative that you only do so from a legitimate app store; that means from companies like Google Playstore, Amazon, Samsung, or another major manufacturer or carrier.
These marketplaces are monitored and scanned for potentially dangerous or fraudulent programs. On occasion, however, malicious apps sometimes slip through the cracks, often disguised as legitimate ones. A fake BBM app recently appeared in the Google Play store and managed to secure more than 100,000 downloads before being removed. The app itself was nothing more than a spamming service.

Pirated or cracked apps are another way that cybercriminals use to infected Android phone with malware. They get legitimate Android application package (APK) file and binding it with a malicious program is a relatively simple process to infect the Android phones. Most pirated or cracked apps usually contain some form of malware so we advise you not to install such apps.

What can an Android malicious app do?

The vast majority of malware on Android is focused on stealing your information, which is obviously a major concern. Perhaps the worst case scenario at the moment is malware that sends SMS messages to premium rate numbers.

Android Premium SMS virus

Unfortunately, as we mentioned before, malware writers are employing ever more sophisticated techniques to fool you. There are apps that clone legitimate apps to fool you into downloading them and apps that are malware free when you first install them, but download malware through the update system.

As a way to make revenue, advertising companies are getting more and more aggressive by including functionality in their apps to display ads in the notification bar, adding bookmarks, or creating search engine shortcuts to the home screen. These advertising apps can also send off personal data pertaining to your device or account and will often require more permissions to access functionality of your device than the free app you downloaded requires.

Android malware

The most common Android malicious apps will do at least one of the following:

  • Collect and send GPS coordinates, contact lists, e-mail addresses etc. to third parties
  • Send SMSs to premium-rate numbers
  • Subscribe infected phones to premium services
  • Record phone conversations and send them to attackers
  • Take control over the infected phone
  • Download other malware onto infected phones
  • “Push notifications ads” delivering alerts to a phone’s notification bar – when the user swipes to pull down the notification bar from the top of the screen, an ad shows up under Notifications.
  • “Icon ads” inserted onto a phone’s start screen – when the user touches the icon, it usually launches a search engine or a web service.

How to remove malware from Android devices (Removal Guide)

This page is a comprehensive guide which will remove redirect and pop-up ads from your Android device. Please perform all the steps in the correct order. If you have any questions or doubt at any point, STOP and ask for our assistance.

To remove Pop-up Ads, Redirects or Virus from Android Phone, follow these steps:

If your Android smart phone is locked, and you are seeing an “ATTENTION! Your phone has been blocked up for safety reasons” notification from a law enforcement agency (FBI, Australian Federal Police, Metropolitan Police, U.S. Department of Justice) asking you to pay a fine, then you will need to follow our Remove Police or FBI virus from Android phone (Removal Guide).

STEP 1: Uninstall the malicious apps from Android

Android phone will get infected with viruses from a malicious app that is installed on the smartphones. In this first step, we will try to identify and uninstall any malicious app that might be installed on your Android phone.

  1. To uninstall the malicious app from your Android device, go to the Settings menu, then click on Apps or Application manager (this may differ depending on your device).
    [Image: Go to Settings and select Apps]
  2. This will bring up a list of installed apps, including the malicious app. In our case the malicious app is “BaDoink” however this will most likely be different in your case. These are some known malicious apps: BaDoink, Porn-player, Browser update 1.0, Flash Player, Porn Droid or System Update.
    If you cannot find the malicious app, we advise you to uninstall all the recently installed applications.

    [Image: Search for the malicious app that is locking your Android phone]

  3. Touch the app you’d like to uninstall.This won’t start the app, but will open up the program’s App Info screen. If the app is currently running press the Force stop button. Next we will clear the cache and data, and we will uninstall the unwanted app.
    1. First tap on the Clear cache button to remove the cache.
    2. Next, tap on the  Clear data button to remove the app data from your Android phone.
    3. And finally tap on the Uninstall button to remove the malicious app.

    [Image: Touch the app you’d like to uninstall]

    If the Uninstall button is grayed out (this may happen if your phone is infected with the Android Screen Locker malware) then go to:
    1. Settings > Security > Device administrators.
    2. Tap the app that you cannot uninstall.
    3. Choose “Deactivate” > “OK” and immediately shutdown your device.
    4. Start your device again and then uninstall the malicious app.
  4. A confirmation dialog should be displayed for the malicious app, click on “OK” to remove the malicious app from your Android phone.
    [Image: Remove malicious app from Android phone]
  5. Restart your Android device.

STEP 2: Scan your device with Zemana Mobile Antivirus

In this step, we will scan your Android phone for malware with Zemana Mobile Antivirus application. Zemana Mobile Antivirus is a free anti-malware application which will help us detect if any malicious app or file is installed on your device.

  1. You can download Zemana Mobile Antivirus from the below link:
    ZEMANA MOBILE ANTIVIRUS DOWNLOAD LINK (This link will open a new web page from where you can download Zemana AntiMalware for Android)
  2. Click on the “Install” button, and when the app permissions will be displayed click on “Accept” to install Zemana Mobile Antivirus on your device.
    Install Zemana Mobile Antivirus
    Zemana Mobile Antivirus will be installed on your phone, this will only take a few seconds. When Zemana Mobile Antivirus has finished installing, open the app
  3. To perform a system scan with Zemana Mobile Antivirus, click on the “Full Scan” button .
    Zemana Mobile Antivirus Full Scan
  4. The scan may take a few minutes depending on how many apps you have installed.
    Zemana Mobile Antivirus while scanning
    If any malicious apps are detected, click on the “Delete All” button remove them from your Android device.
    Zemana removing Android malware

STEP 3: Clean-up the junk files from Android with Ccleaner

In this step we will clean the cache of your device with the Ccleaner application. CCleaner is a free app, which will help us clean up your device from junk files.

  1. You can download Ccleaner from the below link:
    CCLEANER DOWNLOAD LINK (This link will open a new web page from where you can download Ccleaner)
  2. Click on the “Install” button, and when the app permissions will be displayed click on “Accept” to install Ccleaner on your device.
    Install the Ccleaner app
    Ccleaner will be installed on your phone, this will only take a few seconds. When Ccleaner has finished installing, open the app
  3. To perform a system scan with Ccleaner, click on the “ANALYZE” button .
    Ccleaner Analyze button
  4. The scan may take a few minutes depending on how many apps you have installed.
    When analysis is completed, tap to mark the check-boxes next to “History” & “Cache”. You may also want check any other application that your want to delete its cached content.
    Ccleaner remove junk files
    Tap on the “CLEAN” button remove all the junk files from your Android device.

(OPTIONAL) STEP 4: Reset your router to the factory settings

In recent attacks, cyber criminals are infecting the router to redirect the Android devices to different websites. Resetting the router to the default settings will remove the malicious redirects, however you will need to reconfigure all the settings.

When you reset your router the following settings are changed:

  • Router username and password
  • Wi-Fi username and password
  • ISP username and password
  • Any port-forwards you have set up
  • Any firewall settings you have made
  • Basically, any configuration changes that you have made to your router.
As you can probably tell from the list above, resetting your router is serious business. Proceed with caution.
If you do not know how to configure a router, you should not perform this step.
  1. To reset your router find the tiny reset button usually located at the back of the router. While the router is on, use a pin or the end of a paper clip to press and hold the reset button. You will need to hold if for about 10 seconds.
  2. Reconfigure all the settings of your router (example: ISP username and password, Router username and password)

Your Android device should now be malware free.
If you are still experiencing problems while trying to remove malware from your Android device, please do one of the following: