If Dr.Web Scanner detects threats, the following will appear on the screen:
•An icon on the Android status bar in the top-left screen corner:
▫
on Android 4.4,
▫
on Android 5.0–11.0,
▫
on Android 12.0 or later.
•A pop-up notification at the top of the screen.
•A red indicator on the scan screen.
To open scan results, tap the cross in the top-left corner of the scan screen, or the indicator in the notification or on the status bar.
|
On Android 5.0 and later, the threat notification will also appear on the lock screen. Tap it to access scan results. |
Figure 7. Scan results
Neutralizing Threats
On the Scan results screen, you can review the list of threats and changes in the system area. For each object, its type and name are specified.
Objects are marked in different colors depending on the degree of danger. Listed below are the threat types in decreasing danger order:
1.Malware.
2.Modification. On the Check Results object type shows as Malware, but the color key differs.
3.Suspicious object.
4.Adware.
5.Dialer.
6.Joke program.
7.Riskware.
8.Hacktool program.
9.Exploitable software.
The least degree of danger is assigned to changes in the system area:
•New files in system area.
•Change of system files.
•Deletion of system files.
To view the file path, select the object. For threats that are detected in apps, the app package name is also specified.
If an archive containing multiple threats is detected, you can view the full list of all threats in the archive by tapping Expand.
|
Threats in archives are detected only when the Files in archives option is active. |
To delete all threats
•In the top-right corner of the Scan results screen, select Menu 
> Delete all.
To move all threats to the quarantine
•In the top-right corner of the Scan results screen, select Menu > All to quarantine.
Neutralizing one threat at a time
Each object has its own set of available options. To expand the option list, select the object. Recommended options are placed first. Select one of the options:
Delete to delete the threat from your device.
In some cases, Dr.Web cannot delete applications that use accessibility features of Android. If Dr.Web does not delete the app after you select the Delete option, reboot to safe mode and delete the app manually.
The option is not available for threats in system applications.
Move to quarantine to move the threat to an isolated folder (see Quarantine).
If the threat is detected in an installed application, it cannot be moved to the quarantine. In this case, the Move to quarantine option is not available.
Ignore to temporarily leave the change in the system area or the threat as it is.
Send to laboratory or False positive to send the file to the Doctor Web anti-virus laboratory for analysis. The analysis will show if there is a threat or it is a false positive. If it is a false positive error, it will be fixed. To receive the analysis results, enter your email address.
If the file is sent to the laboratory successfully, the Ignore option is automatically applied to the object.
The Send to laboratory option is available only for added or changed executable files in the system area: .jar, .odex, .so, APK, ELF files, etc.
The False positive option is available only for threat modifications and for threats detected in the system area.
More on the Internet to view the detected object description on the Doctor Web website.