Checking Xiaomi smartphone for viruses through the computer: 5 working methods

Viruses on Xiaomi smartphones are not uncommon, especially if you install apps from unverified sources or ignore security updates. Unlike checking directly on your phone, computer-assisted diagnostics can detect hidden threats that Android antivirus apps can miss, such as some Trojans masquerading as system processes, and rootkits are embedded so deeply that they cannot be seen without special utilities for PCs.

In this article, we will discuss 5 proven ways to check out Redmi, POCO or Mi to viruses using a computer - from simple scanning through ADB You'll learn what tools to use, how to connect your phone properly, and what to do if the threat is confirmed, and why some viruses are actually false positives. MIUI, How to distinguish them from real danger.

Why checking on a PC is more effective than on a phone

Android antiviruses work in a limited sandbox β€” they can’t scan system files at the kernel level or analyze application behavior as deeply as desktop solutions.

  • πŸ” Rootkits embedded in the boot section (/boot or /recovery)
  • πŸ“¦ Modified APK, which replace the original system applications (e.g. com.android.settings)
  • πŸ•΅οΈ Hidden services run through JobScheduler or WorkManager

And many viruses block or mimic antivirus installations by showing false scan results. On a PC, you can:

  • πŸ–₯️ Use a sandbox (such as SandBoxie) to safely analyze suspicious files
  • πŸ”§ Use tools like ADB or Fastboot to check system partitions
  • πŸ“Š Compare hashes of files with virus database (VirusTotal, Hybrid Analysis)
πŸ“Š How often do you check your smartphone for viruses?
Once a month
Only if there is suspicion.
Never.
I'm using constant protection.

But there's a downside: not all methods are safe, like misuse. ADB This can cause data loss or even a "brickle" of the phone, so before you start checking, you should be sure to do it:

⚠️ Note: If your Xiaomi is locked with a pattern lock or password, do not connect it to your PC in Fastboot mode without first unlocking the bootloader!

Preparation of the phone and computer for inspection

Before you start scanning, you need to set up your phone and your PC correctly.

ComponentRequirementsWhere to download/configure
ComputerWindows 10/11 or Linux (for the ADB)Official Microsoft website
USB cableOriginal or certified (Type-C)Xiaomi phone or store kit
ADB driversFor phone recognition in debugging modeAndroid SDK
USB debuggingIncluded in the developer settingsSettings β†’ The phone. β†’ Version. MIUI (7 times to tap)

Now, Step-by-step,

  1. Activate Developer Mode on Xiaomi: Go to Settings β†’ About the phone Tapneta 7 times on the item Version MIUI Enter the password from your Mi Account if required.
  2. Put the debugging on. USB: Back to Settings β†’ Additionally. β†’ For developers, activate the debugging switch USB Confirm permission when connecting to the PC
  3. Install the drivers. ADB Download Platform Tools from Android Unpack the archive to the root of the disk C:\ Run CMD on behalf of the administrator and execute:
cd C:\platform-tools


adb devices

Make sure your phone is at least 50 times charged%|Shut down. VPN PC proxy|Close all background apps on your phone|Backup of important data-->

If the adb device command does not show the phone, try:

  • πŸ”Œ Reconnect the cable (use the port) USB 3.0)
  • πŸ”„ Restart your phone and PC
  • πŸ“‹ Install drivers manually through Device Manager (select) ADB Interface)

πŸ’‘

If you POCO F5 or Redmi Note 12 with MIUI 14+, Before connecting, disable the function MIUI Optimization in the developer settings – this will accelerate the exchange of data from the PC.

Method 1: Scanning through ADB (rootless)

This method is suitable for most Xiaomi models and does not require unlocking the bootloader. ADB to extract a list of installed applications and verify them through online services.

Step 1. Connect your phone to your PC and execute a command to get a list of packages:

adb shell pm list packages -f > packages.txt

This command saves a list of all applications in a packages.txt file on your computer.

Step 2: Analyze the file for suspicious packets.

  • πŸ“Œ Apps with random letters in a name (e.g. com.a.b.c.d)
  • πŸ“Œ Packages that mimic system (e.g. com.android.settings.fake)
  • πŸ“Œ APK, Unknown to you (check the date of installation)

Step 3: Check the suspicious files on VirusTotal:

  1. Download. APK from the phone: adb pull /data/app/com.suspicious.package-1/base.apk
  2. Upload the file to VirusTotal and wait for the results.
How to recognize false positives?
Many antiviruses label legitimate Xiaomi applications as viruses, for example: -com.miui.analytics (statistics collection). MIUI) - com.xiaomi.midrop (Mi Drop file transfer) - com.miui.hybrid (system component for hybrid applications) If you see a warning about such packages, but the phone is stable - most likely, it is a false alarm.

If a virus is found, remove it with the command:

adb uninstall com.suspicious.package

⚠️ Note: Do not remove Xiaomi system apps (starting with com.miui. or com.xiaomi.) – this can cause the phone to malfunction!

Method 2: Deep scan with Dr.Web CureIt!

Dr.Web CureIt! is one of the few antivirus solutions that can be run from an external medium (like a flash drive) and scan a connected phone.

  • 🦠 Trojans stealing bank card details
  • πŸ“± Spyware that's watching SMS and call
  • ⚑ Miners using phone resources to mine cryptocurrency

Instructions:

  1. Download Dr.Web CureIt! on PC.
  2. Connect Xiaomi in file transfer mode (MTP).
  3. Run the utility and select Connected Device Checker.
  4. Wait until the scan is completed (it can take 30 to 60 minutes).

If a virus is detected, Dr.Web will suggest:

  • πŸ—‘οΈ Delete the infected file
  • πŸ”§ Move him to quarantine.
  • πŸ“‹ Report false positives (if you are sure of file security)

πŸ’‘

Dr.Web CureIt! does not require installation and updates databases automatically every time it runs, making it one of the most reliable tools for one-time checks.

After removing the virus, restart your phone and check:

  • πŸ“΅ Do you have suspicious notifications?
  • πŸ”‹ Does the battery discharge faster than usual?
  • 🌐 Does not increase the consumption of mobile traffic?

Method 3: Checking firmware for rootkits

Rootkits are the most dangerous type of virus, as they enter system partitions and can survive even after resetting.

  • πŸ–₯️ Linux computer (or WSL Windows)
  • πŸ“¦ Unpackbootimg utility for analysis boot.img
  • πŸ” Hybrid Analysis to Check for Suspicious Binaries

Step 1. Download the firmware for your Xiaomi model from the official website (MIUI Downloads or via Xiaomi Firmware Updater.

Step. 2. Extract. boot.img from the firmware archive and analyze it:

unpackbootimg -i boot.img

Pay attention to the cmdline and board sections – if there are unfamiliar options there (e.g. androidboot.hacked)=1), this is a sign of infection.

Step 3. Check the binary files from the firmware on Hybrid Analysis.

  • /system/bin/su (if)
  • /system/xbin/daemonsu
  • /sbin/magisk (If you don't consciously install Magisk)
What to do if a rootkit is found?
If the analysis confirmed the presence of a rootkit: 1. Do not try to remove it manually - this can damage the firmware. 2. Make a full backup of data (photos, contacts, SMS). 3. Fastboot your phone with the official firmware from Xiaomi. 4. After the firmware, reset (Wipe Data in Recovery mode). If the rootkit is left, it means that the boot partition itself is infected. EDL-Mode (requires an authorized Xiaomi account).

For models POCO X3, Redmi Note 10 and newer rootkits are often disguised as:

  • πŸ“± com.qualcomm.qti.telephonyservice (a fake Qualcomm service)
  • πŸ”‹ com.android.thermalservice (fake temperature monitor)

Method 4: Analysis of traffic through Wireshark

Some viruses leave no trace in the file system, but they actively transmit data to remote servers, and to detect them, you can analyze the network traffic of your phone using Wireshark.

Step 1: Install Wireshark on your PC and connect Xiaomi to the same network via Wi-Fi.

Step 2: Start packet capture by selecting a network interface (Wi-Fi adapter).

Step 3: Turn off all apps on your phone except suspicious ones and watch for traffic.

  • 🌍 Connections to strangers IP-addresses (especially in China, Russia or the United States)
  • πŸ“€ Transferring large amounts of data to ports 8080, 4444, 5555
  • πŸ”„ Periodic β€œpins” to the same server (a sign of a botnet)

Step 4: If suspicious traffic is detected, block IP-address in the phone hosts file or via firewall.

πŸ’‘

For analysis HTTPS-Install a Wireshark certificate on your phone MITM-Proxies (e.g. Fiddler or Charles Proxy) but remember: this temporarily compromises the security of connections!

Method 5: Checking through custom Recovery (TWRP)

If previous methods did not help, and you suspect infection at the firmware level, you can use the TWRP This is a way to scan system partitions. This requires an unlocked bootloader.

Step 1. Set it up. TWRP For your Xiaomi model (instructions are available on the XDA Developers).

Step 2. Load up your phone in Recovery (Power) mode + Vol Up).

Step 3: Connect your phone to your PC and mount the system partition:

adb shell


mount /system

Step 4: Copy critical files to your PC for analysis:

adb pull /system/bin /


adb pull /system/xbin /




adb pull /system/app />

Step 5: Verify your files via VirusTotal or Kaspersky Virus Removal Tool.

⚠️ Note: Do not edit files in /system directly TWRP β€” This can lead to a bootloop (locked boot) of the phone! If you want to remove the virus, do it through ADB or reflash the firmware.

What to do if a virus is detected

If the scan confirms the presence of a virus, follow the algorithm:

  1. Isolate phone: Turn off mobile internet and Wi-Fi Delete SIM-card if the virus steals SMS Turn off sync with Mi Cloud
  2. Remove the virus: For regular applications: adb uninstall package For system viruses: reflash the phone For rootkits: use MI Flash Tool is Clean All Mode
  3. Restore security: Change passwords from Mi Account, email, banking apps Install a reliable antivirus (e.g. Bitdefender Mobile) Enable app verification in Google Play Protect

If the phone after removal of the virus:

  • πŸ”„ Reboots accidentally β†’ Check the integrity of the firmware through fastboot getvar all
  • πŸ“΅ Not included. β†’ Try to download to Fastboot and reflash
  • πŸ”‹ It's discharged fast. β†’ Check the activity of the processes through the adb shell top

FAQ: Frequent questions about viruses on Xiaomi

Can you test Xiaomi for viruses without a computer?
Yes, but it's less effective. Use: Google Play Protect (built-in check in Play Market), Malwarebytes or Bitdefender (scanned). APK and system processes) Settings β†’ Annexes β†’ Safety check (in) MIUI 12+) However, such methods will not detect rootkits or viruses in the firmware.
How could a virus get on my Xiaomi if I didn’t install anything?
Main ways of infection: πŸ“Œ Fake updates MIUI (Phishing sites that offer a β€œnew versionΒ») πŸ“Œ Vulnerabilities in the Services (e.g., MediaProvider in the MIUI 11) πŸ“Œ Infected SD-cards (viruses in.nomedia or.thumbnails files) πŸ“Œ Hidden installation through ADB (Even official apps from the Play Market can contain malicious code (example: CamScanner in 2019).
After the virus was removed, the phone started to slow down.
Possible causes and solutions: Problem Cause Laga solution when opening applications Damaged Dalvik cache Run Wipe Dalvik Cache in TWRP Virus masqueraded as a system process Check the activity of the cores through the adb shell cat /proc/cpuinfo Fast battery discharge Background processes do not close Disable battery optimization for system applications If the brakes are left - do a reset (Wipe Data in Recovery), but first save the data!
How to protect Xiaomi from viruses in the future?
Preventive measures: πŸ”’ Disable the installation from unknown sources (Settings) β†’ Annexes β†’ Special access) πŸ”„ Update. MIUI (New versions are closing vulnerabilities) πŸ›‘οΈ Use it. DNS-filtration (e.g. 1.1.1.1 or 9.9.9.9) πŸ“± Install antivirus with real-time verification (e.g, ESET Mobile Security) πŸ” Periodically check the application rights through Settings β†’ On Xiaomi models with MediaTek processors (for example, Redmi 9, POCO M3) The risk of infection is higher due to vulnerabilities in drivers, and for them it is recommended to disable the Auto-start function for unknown applications.
Can you sell Xiaomi if it has a virus?
Only after you've cleaned it completely: Fly the phone with the official firmware through the Mi Flash Tool. Run Wipe All Data in Recovery mode. Make sure you're not in the same position. IMEI and SN Unmodified (check in *#06#) Reset Mi Account (if the phone was linked to your account) If the virus has damaged IMEI Or Baseband, the phone may not catch the network β€” such a device to sell unethical.