treed

It is not yet capable of being installed on Ventura, but we do have work underway right now to determine what (if anything) needs to be done to support Ventura. We hope to be able to release a new installer that will install on Ventura prior to the release of Ventura.

1) If you just installed the update, your phone is not jailbroken, as I mentioned. 2) Why do you assume that apps opening is malicious rather than a normal consequence of using iOS? I've already given you some reasons why they may open on their own - such as push notifications, which you would only receive if connected to a network - as well as an assertion that I see apps open after a restart here as well. 3) If you're not a journalist or an activist or in any other way someone who has gained the attention and ire of an oppressive nation-state, you are not infected with Pegasus or anything similar. This seems very much like a case of mistaken assumptions.

Most jailbreaks are not persistent across restarts. If this were due to a persistent jailbreak, though, upgrading to the latest version of iOS should remove it. Yet another reason to recommend installing that update. 🙂

How are you seeing this? Be aware that when you reboot the phone, you will see all the same apps that were open prior to the reboot still in the app switcher. This is normal. There is no system on Earth that is impenetrable. However, it does take some effort to infect an iPhone. You need to consider whether someone with access to high-dollar malware would be interested enough in you to spend the money to infect your device. Do you have some reason to believe that you are the target of a hostile nation-state?

That's not necessarily unusual, if the phone isn't plugged in at the time it wants to try installing the software, or if it's plugged in but the battery is low, or if it has difficulty downloading the update overnight for some reason. I've sometimes found that I have to install updates manually on my iPhone for whatever reason. It will eventually happen, but it may not happen right away. As I mentioned previously, I'm not aware of any current malware for iOS that's capable of surviving a restart, so at a minimum the restart needed to install the update should eliminate an infection, if present.

There are a couple completely legitimate reasons that your banking app could open. One is a hardware issue with the touch screen, as I mentioned previously. Another is that the app could receive a push notification from the company that owns the app. This is common with banking apps, as they may need to receive notifications about events happening with your account. When iOS receives a push notification for an app, it will open that app in the background to handle the notification. I can't comment on what's going on with your Windows PC or your router, but on your iPhone, what you're describing is not a symptom of any known malware. There's no known malware for iOS that can survive a reset to factory settings - and, in fact, none that I know of that even survives a restart. That said, if you believe that you are someone who may be targeted by nation-state malware like Pegasus - for example, if you are a journalist or an activist who has been critical of certain oppressive regimes - you should contact Amnesty International. However, keep in mind that the average person is never going to see Pegasus.

These are not typical symptoms of a Pegasus infection, and Pegasus would not be able to survive the phone being reset to factory settings. Some of what you're describing is sounding more like a hardware problem, perhaps with the touch screen. Such problems can cause taps to be missed, as well as spurious taps being detected when you weren't actually touching the screen. Problems with e-mail attachments can be caused by both a problem with your mail server and by the Mail app itself. I sometimes see this myself, where Mail gets stuck loading an attachment despite the phone being connected to a good wifi network. I'd recommend having Apple take a look at the device. If you can reproduce any of these issues, that will help Apple identify the problem.

Can you provide more details about exactly what you're seeing that leads you to believe your iPhone has been infected?

Nope, I think you're okay. I'd recommend removing Nektony, but it doesn't sound like you should need to worry about infection or doing anything else.

No, that should not be necessary. Files removed by "cleaning" apps tend to be files that macOS will rebuild over time, like caches and logs. They shouldn't cause any long-term issues.

We have reviewed Nektony software in the past, but at the time did not find sufficient justification to detect it as a PUP (Potentially Unwanted Program). Thus, we don't detect it. That said, though, using any kind of "cleaning" app or generic app uninstaller is a bad idea. "Cleaning" apps generally remove things that don't need to be removed, and that actually may harm performance in the short term. They can help only in very specific - and uncommon - cases, such as cache corruption. Generally speaking, if your cache is getting corrupted, there's a problem somewhere, and deleting the caches is only a short-term fix for the symptoms and not a cure for the root cause. Regarding app uninstallers, most apps should either provide their own uninstall functionality somehow - either within the software, within the installer, or as a separate uninstaller - or should not need any specific uninstallation. Anything from the App Store, for example, can just be dragged to the trash. Generic uninstallers often leave things behind or remove things they shouldn't have.

What specifically did you download, and from where?

I have to admit, I've had similar problems with Mail from time to time. At times, it seems to really struggle with downloading attachments, and it's not related to network speed. It happens with fast networks as well as slow ones. Over the years, I've experimented with other e-mail clients, but I always keep coming back to Mail for a variety of reasons. Yet the same old problems with Mail continue to happen. A few things that have helped me: If you tend to keep your Mac and the Mail app running without restarting for long periods of time, quit the Mail app every now and then and re-open it. That can clear up some of the connection issues. Consider rebuilding your mailboxes. You'll need to do this one at a time, by choosing a mailbox, then selecting Rebuild from the Mailbox menu. This can help in cases where mailboxes have gotten corrupt. Consider taking some other e-mail clients for a spin... maybe you'll have better results than me. https://www.macworld.com/article/668716/best-email-app-for-macs.html https://9to5mac.com/2022/04/01/whats-the-best-email-app-for-mac/

That's definitely not true. Are you sure you haven't got additional copies stored somewhere? Browser extension apps should need to be in an Applications folder to function, but the user Applications folder (~/Applications) is one that people sometimes put apps into and then forget about. If you definitely don't have multiple copies anywhere, you'll probably need to wait for someone from the Browser Guard team to comment.

I'm not seeing that here. Do you by any chance have multiple copies of the Browser Guard app on your computer? Does this persist if you restart the machine again?

You would need to look at the Help menu in the menu bar. See the below screenshot:

I'd like you to try something. Make sure you have your Malwarebytes license key or Malwarebytes account login information stored somewhere safe, then uninstall Malwarebytes. (Open the Malwarebytes app and choose Uninstall from the Help menu.) Next, test your e-mail for a while and see if the problem recurs. If it does, it's caused by something other than Malwarebytes. In that case, I'd be glad to give you some other ideas for what to investigate. If the problem goes away - and it's been gone long enough that you're sure that it's gone - try reinstalling Malwarebytes and activate with your license again. Let me know if the problem comes back, and I'll work with you on investigating further.

How are you viewing your e-mail? Is this within an e-mail client, such as the Mail app, or is it within a browser? This isn't something we've had any reports of, to my knowledge, so we would need more information.

I would not recommend trying to glean anything from a threat that's over a year old and that never provided any evidence of malware. I'd recommend starting your own thread, and make sure to post details about what you're seeing. Screenshots and other such concrete details will be particularly useful.

I see that you submitted more information to Support over the weekend. If you'd prefer to discuss all this more privately with support, that's fine, but if you're willing to discuss here, I may be able to help faster. I've provided some info to the support agents about your ticket, but don't want to discuss that here unless you're okay with it.

This is a classic tech support scam. They will try to convince you that your computer needs to be "cleaned" and will charge you outrageous prices for it. If you provided a credit card to the person you were talking to, report it to your credit card company. You'll need the charge reversed and probably a new card number issued. Never search for support numbers via Google or other search engines. Instead, go directly to the company's website (support.canon.com, in this case) and find technical support contact options there.

I don't understand how that e-mail suggests that your devices have been compromised. That looks, to me, like a standard e-mail in response to inquiries about data collection by Malwrebytes software, referring to our privacy policy. I don't understand what issue you believe that you have, or what you have seen to support that belief. Can you provide more details?

I also found your support tickets and the information you submitted, including the data gathered by our support tool. I'm seeing nothing at all out of the ordinary. I'm not sure I understand why you sent a sampling analysis of the corebrighnessd process. What do you see as a problem with that data?

The screenshot you're showing is completely normal, and not in any way an indication of infection. I have hundreds of those same messages in my Console after just a couple minutes of letting it run. Why do you believe this is an indication of infection? What specific events are you seeing on your devices that lead you to believe they're being attacked?

I'm glad to hear that!