My iPad and iPhone transfer malware to my PC.

Question

Level 1

9 points

My iPad and iPhone transfer malware to my PC.

My iPad and iPhone transfer malware to my PC whenever I sync or backup. These are browser redirects and other unwanted programs. KipodToolsCby, FakePDF and Upatre.AA. How do I get rid of them from my ios devices? My anti-malware on my PC (Malwarebytes and Windows Defender) catches them, but i don't want to keep transferring them to my PC. I don't believe they are hurting my ios devices, but I'd like to purge them so as to not potentially put my PC at risk. I likely have some infected word or PDF files on my iphone/ipad, but how do I find out which are the rogue files? Thanks. It also seems like the App store had some of the anti-virus programs removed and I've had bad experiences with McAfee and Norton.

The malicious files are always found in my AppData\Roaming\Apple Computer\MobileSync\Backup\ and always occurs during the backup phase of my ios sync.

iPad Air, iOS 8.4, null

Posted on Jul 31, 2015 12:21 PM

Reply

Answer 1

Best reply

Briansyddall

Level 7

25,521 points

Jul 31, 2015 12:41 PM in response to bobbpix

Hi

You CANNOT get malwear on iphones/ ipads unless

They have been jailbrooken

Go to settings - Safari clear History / Cookies.

If you still have a problem Restore to Factory Settings

Use same Apple ID to get your Apps & Data back

Do yhis over your WiFi .

Cheers

Brian uk

Reply

Answer 2

bobbpix Author

Level 1

9 points

Jul 31, 2015 1:06 PM in response to Briansyddall

Thank you. I thought I tried that but I will do it again and re-sync to see if it works. FWIW, on settings/safari it allows me to clear History and Website Data - nothing about cookies specifically, but I assume this should do the trick.

While I agree my phone doesn't HAVE malware, it certainly acts like a CARRIER for it. Without question every time i backup my iphone, my PC turns positive for malware. So even though my phone isn't misbehaving, I'd like to have software to track down the rogue files that have hitched a ride on my ios devices. Otherwise I have to backup my devices, scan and clean my PC for the malware, then reset and restore my devices. A lengthy process. Would be easier if Apple and others admitted that ios devices can 'transmit' malware and had a program to scrub for it. There seems to be an attitude that Apple devices cannot have malware and hence we should not be allowed to have programs to look for malware signatures anyway.

BTW, my iphone has not been jailbroken.

Reply

Answer 3

bobbpix Author

Level 1

9 points

Jul 31, 2015 1:27 PM in response to bobbpix

Clearing the Sarari data did not help. My PC is getting plastered with Malware on a new sync that Windows Defender is cleaning now. I suspect that some file I have in either GoodReader, or Evernote or QuickOffice or some other program is carrying the malware. So while malware may not currently be able to affect an ios device, it certainly seems that my ipad DOES have malware that it keeps infecting my PC with.

Can anyone recommend an ios app that scans for malware. I fear the alternative is a long process of backup, malware scan on PC, then reset and restore my ios devices. One other idea: if i could decipher the longer cryptic names in my PC directory (AppData\Roaming\Apple Computer\MobileSync\Backup) I could then link that to the actual program or file that is carrying the payload. Malwarebytes actual gives the name of the file with the malware, but it is just a long string of letters and numbers. Any ideas for that?

Reply

Answer 4

ShagCA

Level 5

6,335 points

Jul 31, 2015 3:09 PM in response to bobbpix

Here's what I think. Your suspicion (about infected Word or PDF documents in your iPad) may be correct. However, I doubt they're infecting your PC. To infect the PC, you must open the Word/PDF document on your PC. Merely backing up your iPad/iPhone does not automatically infect the PC. That's like copying infected documents from the iPad to the PC.

You can store infected Word or PDF documents in your computer but they don't automatically infect your computer unless you open them. When you copy infected documents, your anti malware/virus real time will catch and stop you from doing that. Your option is to find out which document(s) is (are) infected and delete them from the iPad.

Reply

Answer 5

bobbpix Author

Level 1

9 points

Jul 31, 2015 3:23 PM in response to ShagCA

ShagCA,

That's what I'm saying: I'd like help in finding which documents are infected on my ipad/iphone. So long as my anti-malware software runs on my PC I should be fine, but I don't like the idea of knowingly putting malware on PC when i do my weekly sync of my ios devices.I understand that the compromised files may never harm my PC, but it can't be a best practice to routinely introduce such files.

When you say my "option is to find out which document(s) is (are) infected and delete them from the iPad.", did you have a method or software in mind that will assist me in finding the compromised files? Thanks.

Has anyone here used any anti-malware software on an ios device?

Reply

Answer 6

ShagCA

Level 5

6,335 points

Jul 31, 2015 3:42 PM in response to bobbpix

bobbpix wrote:

ShagCA,

When you say my "option is to find out which document(s) is (are) infected and delete them from the iPad.", did you have a method or software in mind that will assist me in finding the compromised files? Thanks.

Has anyone here used any anti-malware software on an ios device?

I was referring to manual method but it'll be very difficult if you have so many documents. I don't know any anti malware app that works effectively on the iDevices. Perhaps someone else knows.

Looking at it from another point of view, if it can't infect the iDevice (even if you open them) nor your PC (unless you open them on the PC because they're designed to infect PCs), why not exclude the iTunes backup folder from real time (or manual) scan? If your goal is to remove those infected documents from your iOS device, I have no suggestions, sorry.

Reply

Answer 7

Jul 31, 2015 3:48 PM in response to ShagCA

Btw, many 'Malware programs' like McAfee and Kapersky Pure often give 'False Positives' of Malware. What they think is malware, but actually is not. I saw this just yesterday on a long support call with McAfee on Windows 10, and it detected the AutoRun on MS Office original disc as being malware. You may want to download the free version of MalwareBytes (well-respected anti-malware program) - it has a free version, and premium trial for 30-days - run it and see if your PC has any malware at all. Disable MS Windows Defender (it'll go red), and then re-sync your iDevice and see if MalwareBytes Premium free-trial pops-up at all - this is a sure fire way to tell if there really is an infection or not.

Reply

Answer 8

ShagCA

Level 5

6,335 points

Jul 31, 2015 3:54 PM in response to Neil Yates

Neil Yates wrote:

Btw, many 'Malware programs' like McAfee and Kapersky Pure often give 'False Positives' of Malware. What they think is malware, but actually is not. I saw this just yesterday on a long support call with McAfee on Windows 10, and it detected the AutoRun on MS Office original disc as being malware. You may want to download the free version of MalwareBytes (well-respected anti-malware program) - it has a free version, and premium trial for 30-days - run it and see if your PC has any malware at all. Disable MS Windows Defender (it'll go red), and then re-sync your iDevice and see if MalwareBytes Premium free-trial pops-up at all - this is a sure fire way to tell if there really is an infection or not.

Look at the first post, Neil. You have a valid point. I'd treat it as 'false positive' and exclude the backup folder from scanning.

Reply

Answer 9

Jul 31, 2015 3:56 PM in response to Neil Yates

Hi there. I am **** sure you computer will not get any malware, adware or spyware from your IPHONE. It;s just that, there are some third party application on your computer. Which can gives you a pop up on browser and eventually it will give you like false information such as COMPUTER DETECT MALWARE and other stuff.

Now what you going to have to do is, put your PC on safemode which will disable all the third party application and that will be the perfect time to go ahead and uninstall all the unknown application on your computer. And that will bring back everything to normal.

It will be a bit more complicated to solve this issues on your own, if you are not a tech savvy person.
I am a technicians, if you want extra help, I am free righnow, give me your number and I'll give you a hand. 😀

I'll make you computer invulnerable to threads.

Cheers

Freddy

Reply

Answer 10

Jul 31, 2015 4:05 PM in response to Briansyddall

I agree with this statement.

Clean-up and delete all backups on your Windows PC via iTunes with this function from Apple:

Find and manage your iTunes backups - Apple Support

Then re-backup, performing the encrypted full backups using this method from Apple:

https://support.apple.com/en-ca/HT203790

Perform a factory-reset on your iDevices using this action:

Use iTunes to restore your iPhone, iPad, or iPod to factory settings - Apple Support

Restore your iDevices manually from the Cloud - don't restore from the encrypted backups, as those appear tainted, but they are there in case you must return to them. Sign-in to the iDevices with your AppleID(s) and then manually re-download, re-configure your devices. It's the only way to be sure that infection is eliminated and not re-transmitted in the future. Once the devices are back to how they were via the manual fashion, perform a non-encrypted backup as you usually do, and all will be fine again.

Reply

Answer 11

bobbpix Author

Level 1

9 points

Jul 31, 2015 4:34 PM in response to Neil Yates

I am using the paid version of Malwarebytes as well as Windows Defender (formerly MSE). Malwarebytes finds three bad files and Defender finds two of them.

I'm curious as to why people think it's safe to assume these are false positives and that i can just ignore alerts that two programs are dertermining to be malware. (One is 'only' a PUP, potentially unwanted program, that might merely install adware on my browser. One is called Trojan.FakePDF. The third seemed far more malicious from the link to the MicroSoft website about it.)

Reply

Answer 12

UGADog

Level 4

1,971 points

Jul 31, 2015 4:47 PM in response to bobbpix

You might have malware on the PC. You can let the programs put them in a vault if you like and see if your system still runs fine without the programs. I think the others were pointing out that the programs default to being overly secure and may give false positives but that doesn't mean you shouldn't isolate those files and see if your system runs better.

Reply

Answer 13

bobbpix Author

Level 1

9 points

Jul 31, 2015 4:51 PM in response to Neil Yates

Neil,

Not sure why i can't use my cleaned itunes backups, IF i decide to wipe my devices. The backups are scanned daily and only come up positive for malware when i backup/sync my devices. Also, as they are 64gb devices i don't think i have enough space to backup and restore them from the cloud, if that's what you're saying.

I've done backup/restores and it's time consuming and and not my first choice. But it looks like there are no ios apps to scan for malware. Articles point out that in March 2015, Apple removed software from the App store that scanned for infected files. Maybe these files can never harm an ios device, so Apple wanted to give the impression that there devices couldn't be harmed. But i feel pretty confident that i have files on my ios devices that 'could' harm an unprotected PC.

Reply

Answer 14

bobbpix Author

Level 1

9 points

Jul 31, 2015 5:00 PM in response to UGADog

The malware gets quarantined while my iphone or ipad backup is occuring. It stays quarantined until i delete the files. Given that i'm careful i don't think this is so dangerous for me. But i have a wife and kids with three other computers and three other ios devices. They are not so careful and maybe some day they will disable the antimalware SW. I've seen them do worse things on their computers.

I'm making the case that people are pretty blase about ios devices and malware. I was too. I would only open suspect email attachments at work on my ipad, thinking it couldn't get a virus. Well maybe that's how my ipad became a carrier. For that matter, one hundred years ago when i was using a RadioShack TRS-80 Model 1, i didn't believe that viruses existed and thought Norton was a scam. But eventually I saw the light and realized you had to have AV software (though some of them pester you to buy stuff and are so hard to remove that the cure seems worse than the disease!)

Reply

Answer 15

UGADog

Level 4

1,971 points

Jul 31, 2015 5:25 PM in response to bobbpix

I'm pretty sure a document containing a virus, trojan, malware cannot infect your PC with the aforementioned without you opening the file. Something has to execute or it just lies dormant I think.

I've heard of some malware that can install an app on your iOS device from camouflaged web links, but then you would be able to see the process running. And you would have had to granted permission for it to install. Have you checked to see what's running on iPhone?

Reply