Jump to content
Justusson

"Adware.Agent.AA application" found when creating a backup for my iPhone

Recommended Posts

Hi ESET,

Recently I have been having an issue where a warning of "Adware.Agent.AA application" pops up every time I try to synchronize and/or create a backup for my iPhone. It cleans the file every single time.

The issue remains though and keeps stopping me from finishing the backup - leaving me to pause the entire protection and disconnect from the internet to be able to backup. This is unsustainable. 

 

Can anyone help me with this? I would love some support on this topic. I have talked to Apple and they have referred me to you. 

 Hope you can help me!

Best regards/

Justusson

 

Time;Scanner;Object type;Object;Threat;Action;User;Information;Hash;First seen here
2019-01-27 21:22:31;Real-time file system protection;file;E:\iPhone - Backup\0e7b0c8f461e70c1f978692ed6b65499266ac1e4\Snapshot\4f\4fe457df9af4825a23a2459835ab4270a4010bc8.upload;JS/Adware.Agent.AA application;cleaned by deleting;JUSTUSSON\Christoffer;Event occurred on a new file created by the application: C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileBackup.exe (FD162EA135DE4C50B40DC96E638CE0CDD7AFE50C).;ED63E9CDBF66FA8146219489199496E38507D19D;2019-01-27 21:22:24
 

Share this post


Link to post
Share on other sites

You could gather logs with quarantined files (needs to be selected in the ELC menu) using ESET Log Collector (ELC). We can then check what exactly was detected but I assume it was an html file that loads external ads from a questionable ad provider.

Share this post


Link to post
Share on other sites

Hi!

Thanks both for your replies!

Marcos:

The html-file sounded familiar - I tried to look into the file last time but I had a hard time finding the files themselves on the iphone, but instead noticed some in the backup on my computer. 

Is there a specific path on the log, where I can find the content of which is affecting this, for the iPhone itself? I’m running a pc, so I cannot look into the iOS itself straight up. 

Thanks!

Best regards!

/

 

Edited by Justusson

Share this post


Link to post
Share on other sites

Since it was detected on a Windows machine, it should be in quarantine. Please gather logs with ESET Log Collector but also with "quarantined files" selected in the ELC menu. The detected file will be included in the generated archive and we'll be able to check what exactly was detected.

Share this post


Link to post
Share on other sites

Thank you Marcos!

I originally had a thought that it might have been a specific internet app which behaved differently than the others. 

It seems to have been the case! I deleted all the saved adresses in this particular app - though they still exist in another app - and now the back-up went as smooth as possible! 

Thank you! You have saved me from tons of work!

Best regards/

Share this post


Link to post
Share on other sites
On 1/27/2019 at 10:39 PM, Justusson said:

Hi ESET,

Recently I have been having an issue where a warning of "Adware.Agent.AA application" pops up every time I try to synchronize and/or create a backup for my iPhone. It cleans the file every single time.

The issue remains though and keeps stopping me from finishing the backup - leaving me to pause the entire protection and disconnect from the internet to be able to backup. This is unsustainable. 

 

Can anyone help me with this? I would love some support on this topic. I have talked to Apple and they have referred me to you. 

 Hope you can help me!

Best regards/

Justusson

 

Time;Scanner;Object type;Object;Threat;Action;User;Information;Hash;First seen here
2019-01-27 21:22:31;Real-time file system protection;file;E:\iPhone - Backup\0e7b0c8f461e70c1f978692ed6b65499266ac1e4\Snapshot\4f\4fe457df9af4825a23a2459835ab4270a4010bc8.upload;JS/Adware.Agent.AA application;cleaned by deleting;JUSTUSSON\Christoffer;Event occurred on a new file created by the application: C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileBackup.exe (FD162EA135DE4C50B40DC96E638CE0CDD7AFE50C).;ED63E9CDBF66FA8146219489199496E38507D19D;2019-01-27 21:22:24
 

Is that backup includes the cache in the Browsers? , Did you check all of the apps that you have that none of them looks suspicious ?

I don't know if ESET is available in iOS , if not try to use another scanner that is available on AppStore and let it deep scan your phone and see if it catches anything , maybe you could know the source of JS/Adware.Agent.AA

Edited by Rami

Share this post


Link to post
Share on other sites
On 1/31/2019 at 12:31 PM, Rami said:

Is that backup includes the cache in the Browsers? , Did you check all of the apps that you have that none of them looks suspicious ?

I don't know if ESET is available in iOS , if not try to use another scanner that is available on AppStore and let it deep scan your phone and see if it catches anything , maybe you could know the source of JS/Adware.Agent.AA

There are no AV solutions for iOS. Every app runs in sandbox. 

Share this post


Link to post
Share on other sites
Just now, notimportant said:

There are no AV solutions for iOS. Every app runs in sandbox. 

Argh , I see , I didn't know that I have never used an Apple product hehe.

Thanks for telling me.

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

  • Recently Browsing   0 members

    No registered users viewing this page.

×