Potential virus scare

exdeveloper · Apr 15, 2017

I know, there must be a lot of posts on this topic. I know, I should be cautious of clicking on suspicious link but unfortunately I did. Got virus warning on my mac pro and I clicked to find more information. It then took me to what looks like an Apple support site (mac-assistant-site) where the following message appears:

"Virus Found
is infected with (3) viruses. The pre-scan found traces of (2) malware and (1) phishing/spyware. System damage:28.1% - IMMEDIATE REMOVE REQUIRED!
A website you visited today has infected your mac with a virus. It is necessary to scan your entire system to find and remove malicious applications from your computer."

I did not click on the button that said "SCAN MY MAC". Is this message really from Apple? Does my Mac Pro really has virus? I worry though I did not do a scan of my mac but I did click on the first link when the virus warning appears. If my computer does have malware, I have a backup from 2 days ago, would restoring the data using Time Machine helps? Hope someone can help me with this issue. Thank you.

Stefan johansson · Apr 15, 2017

No,this has nothing to do with Apple,if you click the link,you might in best case just be offered to pay for a crappy antivirus that just remove the thing you saw,in worst case,a click on it will load your computer with ransomware,and force you to pay to unlock it.
Get a good antivirus protection,use it,and your problem is gone. Panda,kaspersky or any other large antivirus company will have something for you,and even if it cost some money,it's worth it all the way.

keysofanxiety · Apr 16, 2017

Browser based scareware. No need for concern.

You can run a scan through MWB for Mac to be sure: https://www.malwarebytes.com/mac-download/

ZapNZs · Apr 16, 2017

keysofanxiety said:
Browser based scareware. No need for concern.

You can run a scan through MWB for Mac to be sure: https://www.malwarebytes.com/mac-download/

I agree with this, x10000000000000000000000000000000000000000000000000000000000000

--------------------------------

Most of the instances of 'viruses' I have seen on Macs are scareware based popup ads (a few of which were fake ransomware that opened in full screen mode) - it sounds like this is little more than a browser-based popup ad from a company trying to tell you that you have a virus, to convince you to install a program so they can then try to sell product/service subscriptions to you (so you provide them with your credit card/identity information - which they may then steal/sell), or use to try to take/modify/damage some of your data. With the way both macOS and iOS operating systems are designed, they are inherently difficult to compromise - an attacker often has to resort to this scareware because they can't easily put a real virus on your system.

Many of the instances I have seen where Macs had actual malware were an outcome of people clicking on these scareware popups, downloading the program, and then installing what they believed was legitimate security/optimization software (by entering their password, they give the malicious program access to certain files on the hard drive, where it attempts to embed itself.) With all but one instance, the effect of these programs were more of an annoyance than they were the nightmare of file damage/data loss/unauthorized encryption that some malicious programs can cause, because the damage they can do is inherently limited (for example, these programs cannot compromise core operating system files.)

In the event you did download the program, entered your password to install it, and then it installed on the computer, Malwarebytes has always removed these things easily for me when working on the Macs' of others. Security programs from credible companies like Kaspersky, Trend Micro, BitDefender, ESET, Avast, etc. would probably also do the same - but Malwarebytes is free.

If you ever have any uncertainties about an Application, especially a security/optimization App, don't install it, and never provide it with your password. No credible organization will ever use the type of advertising as seen below. When installing anything downloaded from the World Wide Web, be vigilante of the risks, and always check that the URL (web address) matches with the company/organization that claims to have the file - spoof websites sometimes look almost identical to a legitimate organization, to fool you to download software that appears safe but is actually malicious. For obvious reasons, fake security websites that attempt to fool the User by faking the appearance of being a real credible company are not uncommon.

http://www.dell.com/downloads/ca/support/spot_fake_website_not_get_phished_dell_en.pdf
(a little dated and geared towards Windows Users in regards to the AV protection parts, but still contains good information on differentiating legitimate versus malicious, IMO)

These are nothing but lies, damned lies, and more damned lies, as acts perpetuated by people who are truly filthy, rotten, disgusting human beings.

MAC-Defender-Rogue-Anti-Virus-Analysis-and-Removal-Tips.png

exdeveloper · Apr 16, 2017

Stefan johansson said:
No,this has nothing to do with Apple,if you click the link,you might in best case just be offered to pay for a crappy antivirus that just remove the thing you saw,in worst case,a click on it will load your computer with ransomware,and force you to pay to unlock it.
Get a good antivirus protection,use it,and your problem is gone. Panda,kaspersky or any other large antivirus company will have something for you,and even if it cost some money,it's worth it all the way.

Thank you for your input.
[doublepost=1492380449][/doublepost]

ZapNZs said:
I agree with this, x10000000000000000000000000000000000000000000000000000000000000

--------------------------------

Most of the instances of 'viruses' I have seen on Macs are scareware based popup ads (a few of which were fake ransomware that opened in full screen mode) - it sounds like this is little more than a browser-based popup ad from a company trying to tell you that you have a virus, to convince you to install a program so they can then try to sell product/service subscriptions to you (so you provide them with your credit card/identity information - which they may then steal/sell), or use to try to take/modify/damage some of your data. With the way both macOS and iOS operating systems are designed, they are inherently difficult to compromise - an attacker often has to resort to this scareware because they can't easily put a real virus on your system.

Many of the instances I have seen where Macs had actual malware were an outcome of people clicking on these scareware popups, downloading the program, and then installing what they believed was legitimate security/optimization software (by entering their password, they give the malicious program access to certain files on the hard drive, where it attempts to embed itself.) With all but one instance, the effect of these programs were more of an annoyance than they were the nightmare of file damage/data loss/unauthorized encryption that some malicious programs can cause, because the damage they can do is inherently limited (for example, these programs cannot compromise core operating system files.)

In the event you did download the program, entered your password to install it, and then it installed on the computer, Malwarebytes has always removed these things easily for me when working on the Macs' of others. Security programs from credible companies like Kaspersky, Trend Micro, BitDefender, ESET, Avast, etc. would probably also do the same - but Malwarebytes is free.

If you ever have any uncertainties about an Application, especially a security/optimization App, don't install it, and never provide it with your password. No credible organization will ever use the type of advertising as seen below. When installing anything downloaded from the World Wide Web, be vigilante of the risks, and always check that the URL (web address) matches with the company/organization that claims to have the file - spoof websites sometimes look almost identical to a legitimate organization, to fool you to download software that appears safe but is actually malicious. For obvious reasons, fake security websites that attempt to fool the User by faking the appearance of being a real credible company are not uncommon.

http://www.dell.com/downloads/ca/support/spot_fake_website_not_get_phished_dell_en.pdf
(a little dated and geared towards Windows Users in regards to the AV protection parts, but still contains good information on differentiating legitimate versus malicious, IMO)

These are nothing but lies, damned lies, and more damned lies, as acts perpetuated by people who are truly filthy, rotten, disgusting human beings.

Thank you very much.

exdeveloper · Apr 16, 2017

keysofanxiety said:
Browser based scareware. No need for concern.

You can run a scan through MWB for Mac to be sure: https://www.malwarebytes.com/mac-download/

Thank you for your input.

vault · Apr 16, 2017

What you've seen is probably an "ad" for the infamous MacKeeper software. As others have said, it's nothing to worry about.

Stefan johansson · Apr 17, 2017

When I see those mackeeper ads,I always have to clean browser history to stop that **** from reopening.

willmtaylor · Apr 17, 2017

exdeveloper said:
I know, there must be a lot of posts on this topic. I know, I should be cautious of clicking on suspicious link but unfortunately I did. Got virus warning on my mac pro and I clicked to find more information. It then took me to what looks like an Apple support site (mac-assistant-site) where the following message appears:

"Virus Found
is infected with (3) viruses. The pre-scan found traces of (2) malware and (1) phishing/spyware. System damage:28.1% - IMMEDIATE REMOVE REQUIRED!
A website you visited today has infected your mac with a virus. It is necessary to scan your entire system to find and remove malicious applications from your computer."

I did not click on the button that said "SCAN MY MAC". Is this message really from Apple? Does my Mac Pro really has virus? I worry though I did not do a scan of my mac but I did click on the first link when the virus warning appears. If my computer does have malware, I have a backup from 2 days ago, would restoring the data using Time Machine helps? Hope someone can help me with this issue. Thank you.

Did you not learn your lesson in 2015 when you started your MacRumors Forums account? This instance is no different.

Stefan johansson · Apr 17, 2017

willmtaylor said:
Did you not learn your lesson in 2015 when you started your MacRumors Forums account? This instance is no different.

That kind of messages is never ever from Apple,mostly they come from unknown companies trying to sell bad antivirus protection,or have you pay for something that block that specific message. Whatever it is,it's a fraud attempt. Remove it from your browser history.

willmtaylor · Apr 17, 2017

Stefan johansson said:
That kind of messages is never ever from Apple,mostly they come from unknown companies trying to sell bad antivirus protection,or have you pay for something that block that specific message. Whatever it is,it's a fraud attempt. Remove it from your browser history.

Not sure why you quoted me there.

ActionableMango · Apr 17, 2017

Not legit.
You need to install an ad-blocker.
Consider that not only is the ad itself bad news, but any websites willing to serve malware ads might be suspect in and of themselves.

Search

Search

Potential virus scare

exdeveloper

macrumors newbie

Stefan johansson

macrumors 65816

keysofanxiety

macrumors G3

ZapNZs

macrumors 68020

exdeveloper

macrumors newbie

exdeveloper

macrumors newbie

vault

macrumors regular

Stefan johansson

macrumors 65816

willmtaylor

macrumors G4

Stefan johansson

macrumors 65816

willmtaylor

macrumors G4

ActionableMango

macrumors G3

Our Staff