Justusson 0 Posted January 27, 2019 Share Posted January 27, 2019 Hi ESET, Recently I have been having an issue where a warning of "Adware.Agent.AA application" pops up every time I try to synchronize and/or create a backup for my iPhone. It cleans the file every single time. The issue remains though and keeps stopping me from finishing the backup - leaving me to pause the entire protection and disconnect from the internet to be able to backup. This is unsustainable. Can anyone help me with this? I would love some support on this topic. I have talked to Apple and they have referred me to you. Hope you can help me! Best regards/ Justusson Time;Scanner;Object type;Object;Threat;Action;User;Information;Hash;First seen here 2019-01-27 21:22:31;Real-time file system protection;file;E:\iPhone - Backup\0e7b0c8f461e70c1f978692ed6b65499266ac1e4\Snapshot\4f\4fe457df9af4825a23a2459835ab4270a4010bc8.upload;JS/Adware.Agent.AA application;cleaned by deleting;JUSTUSSON\Christoffer;Event occurred on a new file created by the application: C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileBackup.exe (FD162EA135DE4C50B40DC96E638CE0CDD7AFE50C).;ED63E9CDBF66FA8146219489199496E38507D19D;2019-01-27 21:22:24 Link to comment Share on other sites More sharing options...
ESET Moderators Peter Randziak 1,158 Posted January 30, 2019 ESET Moderators Share Posted January 30, 2019 Hello @Justusson, are you able to locate the file detected on your iPhone? Regards, P.R. Link to comment Share on other sites More sharing options...
Administrators Marcos 5,231 Posted January 30, 2019 Administrators Share Posted January 30, 2019 You could gather logs with quarantined files (needs to be selected in the ELC menu) using ESET Log Collector (ELC). We can then check what exactly was detected but I assume it was an html file that loads external ads from a questionable ad provider. Justusson 1 Link to comment Share on other sites More sharing options...
Justusson 0 Posted January 30, 2019 Author Share Posted January 30, 2019 (edited) Hi! Thanks both for your replies! Marcos: The html-file sounded familiar - I tried to look into the file last time but I had a hard time finding the files themselves on the iphone, but instead noticed some in the backup on my computer. Is there a specific path on the log, where I can find the content of which is affecting this, for the iPhone itself? I’m running a pc, so I cannot look into the iOS itself straight up. Thanks! Best regards! / Edited January 30, 2019 by Justusson Link to comment Share on other sites More sharing options...
Administrators Marcos 5,231 Posted January 30, 2019 Administrators Share Posted January 30, 2019 Since it was detected on a Windows machine, it should be in quarantine. Please gather logs with ESET Log Collector but also with "quarantined files" selected in the ELC menu. The detected file will be included in the generated archive and we'll be able to check what exactly was detected. Justusson 1 Link to comment Share on other sites More sharing options...
Justusson 0 Posted January 31, 2019 Author Share Posted January 31, 2019 Thank you Marcos! I originally had a thought that it might have been a specific internet app which behaved differently than the others. It seems to have been the case! I deleted all the saved adresses in this particular app - though they still exist in another app - and now the back-up went as smooth as possible! Thank you! You have saved me from tons of work! Best regards/ Link to comment Share on other sites More sharing options...
Most Valued Members Nightowl 206 Posted January 31, 2019 Most Valued Members Share Posted January 31, 2019 (edited) On 1/27/2019 at 10:39 PM, Justusson said: Hi ESET, Recently I have been having an issue where a warning of "Adware.Agent.AA application" pops up every time I try to synchronize and/or create a backup for my iPhone. It cleans the file every single time. The issue remains though and keeps stopping me from finishing the backup - leaving me to pause the entire protection and disconnect from the internet to be able to backup. This is unsustainable. Can anyone help me with this? I would love some support on this topic. I have talked to Apple and they have referred me to you. Hope you can help me! Best regards/ Justusson Time;Scanner;Object type;Object;Threat;Action;User;Information;Hash;First seen here 2019-01-27 21:22:31;Real-time file system protection;file;E:\iPhone - Backup\0e7b0c8f461e70c1f978692ed6b65499266ac1e4\Snapshot\4f\4fe457df9af4825a23a2459835ab4270a4010bc8.upload;JS/Adware.Agent.AA application;cleaned by deleting;JUSTUSSON\Christoffer;Event occurred on a new file created by the application: C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileBackup.exe (FD162EA135DE4C50B40DC96E638CE0CDD7AFE50C).;ED63E9CDBF66FA8146219489199496E38507D19D;2019-01-27 21:22:24 Is that backup includes the cache in the Browsers? , Did you check all of the apps that you have that none of them looks suspicious ? I don't know if ESET is available in iOS , if not try to use another scanner that is available on AppStore and let it deep scan your phone and see if it catches anything , maybe you could know the source of JS/Adware.Agent.AA Edited January 31, 2019 by Rami Link to comment Share on other sites More sharing options...
ESET Support notimportant 5 Posted February 4, 2019 ESET Support Share Posted February 4, 2019 On 1/31/2019 at 12:31 PM, Rami said: Is that backup includes the cache in the Browsers? , Did you check all of the apps that you have that none of them looks suspicious ? I don't know if ESET is available in iOS , if not try to use another scanner that is available on AppStore and let it deep scan your phone and see if it catches anything , maybe you could know the source of JS/Adware.Agent.AA There are no AV solutions for iOS. Every app runs in sandbox. Link to comment Share on other sites More sharing options...
Most Valued Members Nightowl 206 Posted February 4, 2019 Most Valued Members Share Posted February 4, 2019 Just now, notimportant said: There are no AV solutions for iOS. Every app runs in sandbox. Argh , I see , I didn't know that I have never used an Apple product hehe. Thanks for telling me. Link to comment Share on other sites More sharing options...
Recommended Posts