Author Topic: JPG:PHPAgent-A [Trj] – Cannot deleted it.  (Read 944 times)

0 Members and 1 Guest are viewing this topic.

Offline Orygreds

  • Newbie
  • *
  • Posts: 3
JPG:PHPAgent-A [Trj] – Cannot deleted it.
« on: October 03, 2023, 11:31:08 AM »

I own a Macbook Air (2015), which I use for basic/office stuff.
I have been using Avast (Premium) Suite for the last three years without a problem.

This week, for the first time, I got a pop-up alerting me about a possible malware infection on one of my photo folders. It is located in the iPhotos library (as I could check in the route indicated by the Avast report).

It was first detected last week. It was put in quarantine and deleted. But after 4-5 deep system analysis, it has continued to appear (with a frequency of once a day).

The name of the possible infection is JPG:PHPAgent-A [Trj]. I've tried to access the folder in which the file is but is an empty one (?).

The laptop continues to work properly but I'm intrigued and would appreciate some suggestions.

I'm not an expert on IT so I'd appreciate it if you could get back to me in doable, simpler terms. I also speak Spanish so, if it is easier for you, go ahead and answer back using it. 

Many thanks.

Offline polonus

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 33938
  • malware fighter
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!

Offline Orygreds

  • Newbie
  • *
  • Posts: 3
Re: JPG:PHPAgent-A [Trj] – Cannot deleted it.
« Reply #2 on: October 05, 2023, 10:10:39 AM »
Thanks, Polonus.

The notification keeps appearing. I'll have a look at your resources but I believe I've already read about the WordPress site theory and the Exif Data of Images.

What I don't get is why in the world that has to do with my iCloud library and my personal photos...I mean, I do not find the correlation here (?).

Will try to find a fix but do you have a theory in mind to help me understand the nature of the attack?

The only trigger I can think of is that, a few weeks ago, I installed two plug-ins (external to Mac) to convert from RAW to JPG some high-resolution images...They were 2 or 3 but it seems plausible that may be the "backdoor" route for this malware.

One of the solutions is to delete all the folders containing those corrupted files right? My avast keeps pointing at the same file, over and over again. It seems like I cannot delete it.

I have proceeded to activate my FileVault (I know, that wasn't very smart to have it off). And also activated my Firewall. I guess this is a start.

Is there a more effective approach to this?

Thank you very much,

« Last Edit: October 05, 2023, 11:03:36 AM by Orygreds »

Offline Pondus

  • Probably Bot
  • ****
  • Posts: 37621
  • Not a avast user
Re: JPG:PHPAgent-A [Trj] – Cannot deleted it.
« Reply #3 on: October 05, 2023, 10:47:36 AM »
No one does malware removal help in this forum anymore, if you want help try Malwarebytes forum

« Last Edit: October 05, 2023, 10:49:24 AM by Pondus »

Offline Orygreds

  • Newbie
  • *
  • Posts: 3
Re: JPG:PHPAgent-A [Trj] – Cannot deleted it.
« Reply #4 on: October 05, 2023, 10:50:01 AM »
Ok. Thanks, Pondus.