Scan Results

If Dr.Web Scanner detects threats, the following will appear on the screen:

An icon on the Android status bar in the top-left screen corner:

threat_detected_icon on Android 4.4,

threatsicon on Android 5.0–11.0,

notifier_threat on Android 12.0 or later.

A pop-up notification at the top of the screen.

A red indicator on the scan screen.

To open scan results, tap the cross in the top-left corner of the scan screen, or the indicator in the notification or on the status bar.

warning_green

On Android 5.0 and later, the threat notification will also appear on the lock screen. Tap it to access scan results.

light_results_zoom50

Figure 7. Scan results

Neutralizing Threats

On the Scan results screen, you can review the list of threats and changes in the system area. For each object, its type and name are specified.

Objects are marked in different colors depending on the degree of danger. Listed below are the threat types in decreasing danger order:

1.Malware.

2.Modification. On the Check Results object type shows as Malware, but the color key differs.

3.Suspicious object.

4.Adware.

5.Dialer.

6.Joke program.

7.Riskware.

8.Hacktool program.

9.Exploitable software.

The least degree of danger is assigned to changes in the system area:

New files in system area.

Change of system files.

Deletion of system files.

To view the file path, select the object. For threats that are detected in apps, the app package name is also specified.

If an archive containing multiple threats is detected, you can view the full list of all threats in the archive by tapping Expand.

warning_green

Threats in archives are detected only when the Files in archives option is active.

Neutralizing all threats

To delete all threats

In the top-right corner of the Scan results screen, select Menu menu_green > Delete all.

To move all threats to the quarantine

In the top-right corner of the Scan results screen, select Menu menu_green > All to quarantine.

Neutralizing one threat at a time

Each object has its own set of available options. To expand the option list, select the object. Recommended options are placed first. Select one of the options:

delete 2Delete to delete the threat from your device.

In some cases, Dr.Web cannot delete applications that use accessibility features of Android. If Dr.Web does not delete the app after you select the Delete option, reboot to safe mode and delete the app manually.

The option is not available for threats in system applications.

quarantine-fillMove to quarantine to move the threat to an isolated folder (see Quarantine).

If the threat is detected in an installed application, it cannot be moved to the quarantine. In this case, the Move to quarantine option is not available.

i_ignore_lightIgnore to temporarily leave the change in the system area or the threat as it is.

edit 2Send to laboratory or False positive to send the file to the Doctor Web anti-virus laboratory for analysis. The analysis will show if there is a threat or it is a false positive. If it is a false positive error, it will be fixed. To receive the analysis results, enter your email address.

If the file is sent to the laboratory successfully, the Ignore option is automatically applied to the object.

The Send to laboratory option is available only for added or changed executable files in the system area: .jar, .odex, .so, APK, ELF files, etc.

The False positive option is available only for threat modifications and for threats detected in the system area.

infoMore on the Internet to view the detected object description on the Doctor Web website.