How to check for viruses via computer: expert guide

Xiaomi’s MIUI or HyperOS-branded mobile devices are considered some of the most secure on the market, but no system is immune to threats. Smartphone owners often face intrusive advertising, strange pop-ups or a sharp battery discharge, which may indicate the penetration of malicious code. Checking the device through a computer is the most profound diagnostic method, allowing you to look under the hood of the operating system, where the average user from the phone will not get.

Using a PC to scan has a number of advantages: powerful desktop antivirus engines find what mobile scanners miss, and USB connectivity allows you to analyze the file system in real time. It is important to understand that modern viruses often masquerade as system processes, so simply checking the Downloads folder will not give a complete result. In this article, we will discuss professional diagnostic methods, including working with debugging on USB and analyzing system applications.

Before you start to take action, you need to assess the current state of the gadget. If the device behaves inadequately, spontaneously opens the browser, installs unknowns. APK-When you overheat in idle mode, computer intervention becomes a must. The most dangerous Trojan bankers can hide in the system partition. /system/app, It's not available for scanning without superuser rights or PC connectivity. Next, we'll look at a step-by-step algorithm for identifying and eliminating threats.

Symptoms of infection and primary diagnosis

The first step in dealing with threats is to pinpoint the problem. It's not always the strange behavior of a smartphone that means a virus; sometimes it's the result of a failure in the MIUI shell or conflicting applications. But you can't ignore the obvious signs of danger. If you notice that the device starts to slow down even after you've restarted, and strange names appear on the list of processes that are running, that's a cause for concern.

Pay attention to traffic consumption. Malware often runs in the background, transferring stolen data to remote servers. You can check this in the settings, but a more detailed analysis will show exactly the connection to the computer. Also alarming is the appearance of unknown shortcuts on the desktop or in the application menu, which cannot be removed by standard means.

To assess the situation first, use the system’s built-in tools. Xiaomi’s security menu includes a scan feature that, while not always effective against complex threats, can identify known signatures. Run a full security check through Security β†’ Antivirus. If the built-in scanner is silent but symptoms persist, move on to more serious measures.

  • πŸ“‰ A sharp drop in autonomy: the battery discharges in a few hours even with minimal screen use.
  • πŸ“‘ Unexplained traffic consumption: Mobile Internet or Wi-Fi are actively consumed by background processes.
  • 🚫 Blocking features: Inability to open settings, task manager or security menu.
  • πŸ“’ Intrusive Advertising: Pop-ups appear on top of other apps or on the desktop.

⚠️ Warning: If you see a message on the screen that you have locked your device to pay a fine or transfer money, you are not paying, and this is a typical sign of a virus-encryptor or blocker, which is solved by flashing or resetting settings.

Preparing the smartphone for connection via USB

In order for a computer to see the internal structure of a smartphone and perform deep scans, it is necessary to activate debugging mode. This is a standard procedure for developers to access system logs and files. Without this option, the PC will only see the phone as an external storage drive, which limits the ability to verify.

The process of activating the hidden menu may vary depending on the version of Android and the shell HyperOS. Usually the path is as follows: β†’ About the phone and quickly click on the line "Version" MIUIΒ» Seven times in a row, and when you get the "You're a developer" notification, you can go to the connection settings.

You need to find and activate the "Debug by USB" item in the "Developers" menu, and when you first connect to your computer, you'll see a request on your smartphone screen to confirm debugging from that computer, and be sure to tick "Always Allow from this computer" to ensure a stable connection during the scanning procedure.

β˜‘οΈ Connection readiness

Done: 0 / 4

It is worth noting that the use of the original cable is critically important: cheap cables often only support charging and do not transmit data, which will lead to errors when trying to establish a connection with debugging tools. If the computer makes the device connection sound but does not detect it in the Device Manager, try replacing the cable or USB-port.

Using antivirus scanners on PC

The most affordable way to check is to use a powerful antivirus installed on your computer. Current solutions from Kaspersky, ESET, Dr.Web or Bitdefender can scan connected mobile devices. When you connect a smartphone in file transfer mode (MTP), the antivirus can scan visible memory parts.

However, this method has limitations: antivirus on a PC will not be able to check the system partitions of Android, as they are hidden from direct access through the Internet. MTP-It'll only analyze media files, documents and installed files. APK-However, it is a great way to find infected files that you recently downloaded or received through instant messengers.

For more in-depth verification, many antiviruses offer special utilities for mobile devices that are installed on a PC. For example, Kaspersky Security Cloud or Dr.Web Connector allow you to manage the security of a smartphone remotely. By connecting the device, running a full scan and waiting for the results. If threats are found, follow the antivirus instructions to remove them or quarantine them.

πŸ“Š What antivirus is used on your PC?
Kaspersky
Dr.Web
ESET NOD32
Avast/AVG
I don't use it.

It is important to update the antivirus signature databases before starting a check. Viruses mutate daily, and the old database may not recognize the new threat. After updating, run a scan and carefully study the report. Even if "potentially unwanted applications" (PUAs) are found, it is better to remove them, since they often serve as a gateway for more serious malware.

Manual analysis of the file system

Manual analysis requires attention, but it is often more effective than automatic scanners. When you connect your smartphone in file transfer mode, open it with My Computer. Your goal is to find suspicious ones. APK-files or scripts that may have been downloaded without your knowledge. Pay particular attention to Download, Bluetooth and other folders. WhatsApp/Media.

Look for files with the.apk extension that don't tell you anything, or that have strange names consisting of a set of characters. Often viruses masquerade as system components, such as SystemUpdate.apk or FlashPlayer.apk. If you see such a file in the download folder and don't remember downloading it, this is a sure sign of a threat.

Also worth checking is the Android/obb and Android/data folder, which may be hiding modified game or application files that have introduced malicious code, and deleting these files can disrupt the application, so it is better to copy suspicious items to your computer before cleaning for analysis on the VirusTotal website.

Location of the fileRiskAction.
/Download/*.apkHigh-pitchedDelete or check on VirusTotal
/Bluetooth/*.apkMedium.Delete if you don't know the file
/System/app/*.apkcriticalDo not remove manually (needs to be removed) Root/ADB)
/Android/data/cacheLow.Clear the app cache
What is VirusTotal?
VirusTotal is a free online service that checks files and URL-Viruses addresses, using more 70 Upload a suspicious file to a website and the system will show how many antiviruses consider it dangerous. 3-5, file-definitely malicious.

The first is ADB (Android Debug Bridge)

The most professional method available to advanced users is the use of the ADB toolkit. This method allows you to obtain lists of installed packages and identify hidden system applications that do not appear in the usual menu.

After installing the tools and connecting your smartphone, open the Command Prompt (CMD) or PowerShell on your computer in the folder with ADB. Enter the adb device command to make sure the device is visible. If all is right, you will see the phone serial number and device status.

To find suspicious packages, use the command to output a list of all installed applications:

adb shell pm list packages

The resulting list will be huge, so it is better to save it to a text file by the command adb shell pm list packages > packages.txt and analyze it on PC. Look for packages with unknown names or those that masquerade as system (for example, com.android.system.update.fake). Knowing the name of the package, it can be deleted by the command adb shell pm uninstall --user 0 name packet.

πŸ’‘

The ADB command line gives access to packet management even without Root rights, allowing you to remove system debris and viruses that cannot be removed through settings.

Be extremely careful when removing packets through ADB. Removing a critical system component can lead to a smartphone bootloop. Always check the name of the package online before removing it. If you are unsure of the purpose of the process, you should skip it.

Radical measures: resetting and reflashing

If none of the methods worked and the infection symptoms persist, the only reliable option is a full reset to the factory settings (Hard Reset), which completely clears the user's data section, removing all viruses, Trojans and hidden miners.

Reset via the Recovery menu. To do this, turn off your smartphone, then press the button combination (usually Volume Up + Power) before the Mi logo appears. In the Recovery menu, select the language (English), then Wipe Data β†’ Wipe All Data. Confirm the action and wait for the process to end.

In the most difficult cases, when the virus has penetrated the system partition (which is rare, but possible with Root-rights), only reflashing the device through the Mi Flash Tool utility will help. This will return the phone to the factory state at the partition level, guaranteed to remove any software interventions. Download the official firmware for your model from the site miui.com and follow the instructions for firmware in Fastboot mode.

⚠️ Warning: Flashing through the Mi Flash Tool in Clear All mode will completely destroy all data on your phone, including photos, contacts and messages.

Prevention and protection in the future

After successfully cleaning the device, it is important to take steps to ensure that the situation does not happen again.The main reason for infection on Xiaomi is the installation of applications from unknown sources. APK-Files from browsers and instant messengers, leaving this option only for Google Play and GetApps.

Update your operating system regularly. Xiaomi engineers are constantly releasing security patches to close the vulnerabilities that viruses can penetrate your phone, and it’s also helpful to run the built-in security scanner once a month and check the list of applications with device administrator privileges.

πŸ’‘

Install an app to hide IP-Addresses or use reliable DNS (for example, DNS over TLS privately DNS), to block access to malicious sites and advertising at the network level.

Don't connect to open Wi-Fi networks without protection for financial transactions. Use two-factor authentication for all important accounts. Digital hygiene is the best protection against viruses that don't require heavy antivirus software to slow down your smartphone.

Can you test Xiaomi for viruses without a computer?
Yes, you can use built-in antivirus in the Security app or install a third-party scanner from Google Play, like Dr.Web or Kaspersky, but they have less access to system files than a PC.
Will the virus remove the reset to factory settings?
In 99% of cases, a full reset (Wipe Data) removes all user viruses, except for rare cases of infection of the bootloader or system partition that require firmware reflashing.
Is it safe to use the Root rights on Xiaomi?
Getting Root rights (unlocking the bootloader) significantly reduces the security of the device, because it removes the restrictions on access to system files.
How to distinguish a system process from a virus?
System processes are usually prefixed with com.android or com.miui. Viruses often use similar names but with typos or strange endings. Always check for unknown processes through an Internet search before deleting.