Want to highlight a helpful answer? Upvote!

Did someone help you, or did an answer or User Tip resolve your issue? Upvote by selecting the upvote arrow. Your feedback helps others! Learn more about when to upvote >

Newsroom Update

Apple is introducing a new Apple Watch Pride Edition Braided Solo Loop, matching watch face, and dynamic iOS and iPadOS wallpapers as a way to champion global movements to protect and advance equality for LGBTQ+ communities. Learn more >

Looks like no one’s replied in a while. To start the conversation again, simply ask a new question.

User profile for user: neonorm
neonorm Author
User level: Level 1
0 points

Virus - Suspicious.AD

When I connect my iPhone to my PC, and sync it with iTune installed on my PC, my PC anti-virus software auto-protect quarantined a virus called 'Suspicious.AD'. I deleted that virus using the anti-virus software; and yet when I disconnect and re-connect the iphone again for sync-ing, the same virus appear again and was quarantined. It happened many time and only happen when I connect my iPhone. I am not sure how to get rid of this as I believe it was coming thru my iphone. Prior to this, i downloaded a free appln from Apple store and my phone hanged and i could not even switched it off. After 10 mins or so, I managed to switched it off to reset the system. Then, this 'virus' thing happen. Can anyone advise ? Thanks so much for the help!

iPhone 3Gs, Windows Vista

Posted on Apr 19, 2010 5:32 PM

Reply
5 replies
User profile for user: jinx.pt
jinx.pt
User level: Level 1
40 points

Apr 21, 2010 2:59 AM in response to neonorm

"Suspicious.AD is a highly sensitive detection technology designed to detect new malware threats without utilizing the traditional signatures. Files detected as Suspicious.AD indicates that it has suspicious characteristics and may contain an unknown threat.
Damage Level: Low
Systems Affected: Windows"

Maybe you got a virus on an image you downloaded from somewhere and inserted on your iPhone's photo roll?

Anyways, it will 'only' affect windows. I somehow doubt your anti-virus can quarantine the files inside the iPhone, so that's why you get repeated quarantines. Furthermore, from the text above, it is only a probability of being a virus, it may or may not be one.

Anyways, what exactly are you using to sync, and did you buy the iPhone from a reliable source? If it is jailbroken, there could be other issues...
Reply
User profile for user: jinx.pt
jinx.pt
User level: Level 1
40 points

Apr 21, 2010 2:59 AM in response to Allan Sampson

Yeah, you're right, I don't think it can actually have a virus, they are actually .exe files, and only Windows can be 'tricked' into confusing an .exe as a JPEG. My mistake there. I don't see how the iPhone would be dupped like that.

So maybe it's just the anti-virus looking at a file, and thinking there might be a virus.

What anti-virus is the OP using?

edit: regarding jpeg viruses:
http://www.secureworks.com/research/threats/jpegvirus/
Didn't quite understand if that report had something to do with dupping windows to think it was a jpeg file, or if it was really a jpeg, that took advantage of some vulnerability when reading the file (hovering with the mouse accesses at least the metadata)

edit2: also, sophos has previously showed you can have JPEGS that execute code, but you'd first have to have 'installed' a virus (.exe file), that will then run the code present on the JPEG file. So you'd have to be infected first. Maybe he has such an image? (speculating is fun!)
http://www.sophos.com/pressoffice/news/articles/2002/06/va_perrun.html

Message was edited by: jinx.pt
Reply

Virus - Suspicious.AD

Welcome to Apple Support Community
A forum where Apple customers help each other with their products. Get started with your Apple ID.
Learn more Sign up