The Andyroid Virus: What It Is and How to Remove It

Is your computer secretly mining for bitcoins?

A conceptual illustration of the Andyroid Virus destroying a computer.

Theresa Chiechi / Lifewire

You might be running a bitcoin mining operation from your system and not even know it. The Andyroid virus is bitcoin mining malware that uses your computer's resources to do its work.

Andy, also known as AndY and Andyroid, is an emulator that makes it possible to run Android software on other types of operating systems. The malware is believed to be associated with it; hence the name.

The Andy emulator for Android works on Windows 10, Windows 8 and Windows 7, plus Ubuntu 14.04+ and Mac OS X 10.8+. Any of these operating systems can be impacted.

What Is the Andyroid Virus?

The AndY virus is a trojan malware that secretly mines for bitcoins using your computer. Bitcoins, also called cryptocoins, are digital currency that can be used to purchase a wide variety of items.

How Does the Andy Virus Work?

Bitcoin mining is a resource-intensive process, so hackers (not legitimate bitcoin miners) who seek to make money with bitcoins will attempt to use any computer they can to help in the process. This is the gist of how the Andyroid virus works: It infiltrates a victim's computer in order to take advantage of its resources and look for bitcoins. Aside from sucking great amounts of your computer's resources, it doesn't typically cause much harm.

Gamers are targets of choice for bitcoin mining hackers because they typically have systems with highly capable graphic processing units (GPU) or video cards. These are favored by hackers because they can process mining much faster than other kinds of computer systems. Don't be complacent if you're not a gamer, though, because hackers will use any system they can to mine.

How Do I Know If I Have This Virus?

You'll most likely notice that your computer is running painfully slow. The mining process can also cause your computer to overheat and you might see excessively high power usage even when you don't have any programs open.

You might also see an application error pop up window for updater.exe.

How Did I Get the Andyroid Virus?

It's important to differentiate Andy the emulator from Andy the potential threat. The emulator program itself is hugely popular and highly recommended by many experts.

The problem first came to light around 2016 when some users began to report that Symantec antivirus programs were removing the Andy program as a threat. Not long after that, a Reddit user reported that installation of the Andy program on his system also installed a GPU miner Trojan potentially through an adware bundler. According to the Reddit user, the miner was installed as C:\Program Files (x86)\Updater\updater.exe. When launched, that .exe file used up the GPU. The user's findings have been confirmed by others.

It appears, then, that installation of the Andy emulator, which uses a third-party installer, is the source of the Trojan. The creators of Andy, however, deny that their software is the source of the virus so it could be that the installer is the true source.

How Do I Get Rid of This Virus?

The most effective way to remove malware like the Andy virus is to use a strong antivirus software program that can tackle all kinds of threats. A good antivirus can thoroughly remove the Andyroid virus but it can take several hours to do so. You can try other methods, too.

  1. It might be possible to manually remove the Andy virus by uninstalling specific apps relating to it. Both Windows and macOS have clear ways to uninstall apps you no longer want to use.

    Once the suspected program is removed, run your antivirus software again to see if the warning still appears.

    This manual process is not always easy to perform since trojans can infect multiple programs; removal of a single program might not eliminate the problem

  2. If your antivirus is still triggering a detection warning, you might have a persistent malware infection. This means the virus will keep returning. You can try removing the virus without using an antivirus application but, most of the time, however, both antivirus and anti-malware will be needed to remove these types of infections.

  3. If nothing seems to work and your antivirus is still giving you a warning, then it might be time to try System Restore to return to an earlier point on your computer before you picked up the Andyroid virus. Be sure to select a period of time where you know you definitely didn't already have the virus on your computer. 

    A system restore means you will lose any files and documents you have created or updated since you acquired the virus. However, trojans are notorious for re-infecting systems so it might be your only option if nothing else is working. Try this as your last resort.

How Do I Avoid Getting a Computer Virus?

There are a couple of key ways in which you can lower your chances of being re-infected with the Andy virus (or any other malicious program).

  • Keep your antivirus software and malware protection up-to-date. New virus definitions are released regularly to keep your PC informed on what to look for with the latest virus and malware-based threats. When you don't update, you risk obtaining a virus that could have easily been caught through an antivirus update.
  • Watch carefully when downloading new programs. Always verify the legitimacy of the source of the programs and apps you download. Even reputable sites will bundle in extra add-ons that you don't require such as updater.exe file in Andyroid, however, so stay vigilant.
  • Block PUPs. Be sure to turn on the option to detect Potentially Unwanted Programs in your antivirus software. That helps you avoid accidentally installing add-ons that you don't want.
  • Don't click those pop up ads. If a site deluges you with pop-up ads, leave it immediately.