Check Results

How to open check results

If Dr.Web Scanner detects threats, the scanner_threat sign appears on the screen.

To open check results, tap the sign.

If SpIDer Guard detects a suspicious change in system area or a threat, the following items appear on the screen:

The threatsicon icon (on Android 4.4—threat_detected_icon) on the Android status bar in the top left-hand screen corner.

Pop-up notification at the bottom part of the screen (see Figure 13).

The notif_monitor_threats icon on the notification bar.

A message with red indicator on the status bar.

To open check results, tap the notif_monitor_threats icon or the status bar message.


On Android 5.0 and later, the threat notification will appear on the lock screen where you can go to check results from.


Figure 16. Check results

Neutralizing Threats

On the Check results screen, you can review a list of threats and changes in system area. For each object, its type and title are specified as well as the option icon that is recommended to select for the object.

Objects are marked in different colors depending on the danger degree. Threat types with decreasing danger order:



3.Hacktool program


5.Changes in system area:

New files in system area

Change of system files

Deletion of system files

6.Joke program

To view the file path, select the necessary object. For threats that are detected in apps, the app package name is also specified.

Neutralizing multiple threats

To delete multiple threats at a time

In the top right-hand corner of the Check results screen, select Menu menu_bw > Delete all.

To move to quarantine multiple threats at a time

In the top right-hand corner of the Check results screen, select Menu menu_bw > All to quarantine.

Neutralizing one threat at a time

Each object has its own set of available options. To expand the option list, select the object. Recommended options are placed first. Select one of the options:

i_cureCure to cure the infected application.

The option is available for some threats in system applications if root access is allowed on the device.

i_deleteDelete to delete the threat from your device.

In some cases, Dr.Web cannot delete applications that use accessibility features of Android. If Dr.Web does not delete the app after you select the Delete option, reboot to safe mode and delete the app manually.

The option is not available for threats in system applications in the following cases:

If root access is not allowed on your device.

If the application cannot be safely deleted.

If a threat modification is detected. To identify if the app does pose a threat, report false positive.

i_quarantineMove to quarantine to move the threat to the isolated folder (see Quarantine).

If the threat is detected in an installed application, it cannot be moved to quarantine. In this case, the Move to quarantine option is not available.

i_ignoreIgnore to temporarily leave the change in system area or the threat as it is.

i_fpSend to laboratory or False positive to send the file to Doctor Web anti-virus laboratory for analysis. The analysis will show if there is a threat or a false positive. If it is a false positive, it will be fixed. To receive the analysis results, enter your email.

If the file has been sent to the laboratory successfully, the Ignore option is automatically applied to the object.

The Send to laboratory option is available only for added or changed executable files: APK, files of format ELF, JAR, ODEX, SO, etc.

The False positive option is available for threat modifications and for threats detected in system area.

i_infoMore on the Internet to view the detected object description on the Doctor Web website.