Antivirus By FSB Ransomware

Antivirus By FSB is a highly dangerous Android backdoor that pretends to be a legitimate antivirus tool. Once installed, it hijacks your device with broad permissions, allowing remote spying, data theft, and persistent background activity. Immediate removal is essential to avoid long-term compromise.

Threat Summary

Threat Type	Android malware, backdoor
Encrypted File Extension	N/A (backdoor does not encrypt files)
Ransom Note Filename	N/A
Email Contact (if any)	None
Detection Names	Avast-Mobile (Evo-gen [Trj]), Combo Cleaner (Android.Riskware.Agent.aAIZJ), ESET‑NOD32 (Android/Spy.Agent.ENK variant), Kaspersky (HEUR:Trojan‑Spy.AndroidOS.LunaSpy.b)
Symptoms	Sluggish performance, high data usage, overheating, app behavior anomalies, hidden services
Damage & Distribution Methods	Data theft (contacts, messages, photos), geolocation tracking, unauthorized mic/camera access; spreads via fake APKs disguised as security apps
Danger Level	High
SpyHunter Removal Tool →	SpyHunter Android Removal Tool

---

How Did I Get Infected With Antivirus By FSB?

This threat spreads through fake security applications posing as official tools, such as “Antivirus By FSB,” “GuardCB,” or “SECURITY_FSB.” These APKs are often shared via private messages or malicious websites. Once installed, the app looks convincing but secretly activates a powerful surveillance payload.

---

What Antivirus By FSB Ransomware Does to Your Files

Unlike classic ransomware, Antivirus By FSB doesn’t encrypt your files. Instead, it silently collects personal data, tracks your location, and records your interactions. The app requests a shocking range of permissions—contacts, call logs, SMS, storage, camera, microphone, and screen access.

It uses these privileges to:

• Record conversations
• Take photos or screenshots
• Monitor messages and browser activity
• Log keystrokes via accessibility features
• Send data to remote servers
• Prevent users from uninstalling it

This type of threat is often used in targeted attacks and can remain undetected for long periods.

---

Should You Be Worried About Antivirus By FSB?

Yes—this is a full-scale surveillance tool disguised as antivirus software. If you’ve installed any suspicious app claiming to be from a security authority or bank, and your phone has started acting strangely, you may be infected. The malware is capable of bypassing normal Android defenses and operates with root-like access.

---

Ransom Note Dropped by Antivirus By FSB

There is no traditional ransom note. Instead of locking files and demanding money, the app focuses on spying, data harvesting, and long-term control. That said, the damage it causes can be just as devastating as ransomware—especially if sensitive conversations, credentials, or documents are exposed.

Manual Removal of Backdoor Malware (For Advanced Users Only)

Step 1: Boot Into Safe Mode with Networking

1. Restart your computer and enter Safe Mode:
   • Windows 10/11:
     1. Press Windows + R, type msconfig, and press Enter.
     2. Navigate to the Boot tab, check Safe boot, and select Network.
     3. Click Apply and OK, then restart your PC.
   • Alternative Method:
     1. Hold Shift while clicking Restart from the Start menu.
     2. Select Troubleshoot > Advanced options > Startup Settings.
     3. Click Restart, then select Enable Safe Mode with Networking.

Step 2: End Malicious Processes Using Task Manager

1. Press Ctrl + Shift + Esc to open Task Manager.
2. Look for suspicious or unfamiliar processes consuming high CPU or RAM.
3. Right-click on the process and select Open file location.
4. If the file is in an unusual directory (e.g., C:\Users\Public or C:\Windows\System32), it might be malware.
5. End the process by right-clicking and selecting End Task.
6. Delete the related file from its folder.

Step 3: Delete Backdoor Files from System Folders

1. Open File Explorer and navigate to:makefileCopyEditC:\Users\YourUsername\AppData\Local C:\Users\YourUsername\AppData\Roaming C:\ProgramData C:\Windows\Temp
2. Delete any suspicious folders or files with random names (e.g., xhterou.exe, srvhosts.dll, temp0987.bat).
3. Clear the Temp folder:
   • Press Windows + R, type %temp%, and press Enter.
   • Select all files (Ctrl + A) and delete them.

Step 4: Remove Malicious Registry Entries

⚠️ Warning: Modifying the registry incorrectly can damage your system. Proceed with caution.

1. Press Windows + R, type regedit, and press Enter.
2. Navigate to the following keys and look for suspicious values:mathematicaCopyEditHKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
3. Delete unknown registry entries referencing suspicious .exe files.
4. Close Registry Editor and restart your PC.

Step 5: Remove Suspicious Startup Programs

1. Open Task Manager (Ctrl + Shift + Esc) and go to the Startup tab.
2. Look for unknown or suspicious programs and disable them.

Step 6: Reset Network Settings (Optional)

1. Open Command Prompt as Administrator:
   • Press Windows + S, type cmd, and select Run as administrator.
2. Run the following commands:perlCopyEditnetsh winsock reset netsh int ip reset ipconfig /flushdns
3. Restart your computer.

---

Automated Removal Using SpyHunter

If manually removing the backdoor malware is too complex or if you want a faster, more effective solution, use SpyHunter, a powerful anti-malware tool that specializes in detecting and removing backdoors and other threats.

Step 1: Download and Install SpyHunter

1. Visit the official SpyHunter download page: 👉 Download SpyHunter
2. Click Download and follow the on-screen installation instructions.

Step 2: Run a Full System Scan

1. Launch SpyHunter.
2. Click on Start Scan Now to initiate a full system scan.
3. Wait for the scan to complete. SpyHunter will detect and list all malware threats, including backdoor infections.

Step 3: Remove Detected Threats

1. Review the scan results.
2. Click Fix Threats to remove all detected malware.
3. Follow on-screen prompts to restart your computer if necessary.

Step 4: Enable SpyHunter’s Real-Time Protection

1. Open SpyHunter and go to Settings > Malware Protection.
2. Enable Real-Time Malware Protection to prevent future infections.

---

How to Prevent Future Backdoor Infections

• Use a reputable anti-malware tool like SpyHunter for real-time protection.
• Keep your software and operating system updated to patch vulnerabilities.
• Avoid downloading cracked software or opening suspicious email attachments.
• Enable firewall and network security settings to prevent unauthorized access.
• Use strong passwords and enable two-factor authentication (2FA) where possible.

---

Conclusion

Antivirus By FSB is one of the more dangerous Android threats in circulation. It mimics legitimate antivirus tools while quietly taking over your phone. If you suspect it’s on your device, disconnect from the internet immediately, back up your files, and remove the app using a trusted malware removal tool. Avoid sideloading unknown APKs and enable Google Play Protect to catch these threats earlier.