Forcible downloads ("This is a VIRUS.You computer is blocked") - What should I do?

dggxam1 wrote:

Has anyone else encountered this situation?

Just about everyone who has used an Internet-connected Mac or a PC.

What should I do?

Nothing. As in download nothing. Run nothing. Install nothing.

You did the right thing. Don't give it a second thought. Plenty of ill-mannered websites initiate automatic downloads to your Downloads folder. It's bad behavior, but a file downloaded to your Mac, wanted or not, can do nothing until you open it. Even then, it can do nothing unless you give it explicit permission by willfully providing your Mac's login credentials.

Read Phony "tech support" / "ransomware" popups and web pages. It describes the entire process from start to finish including what happens if you were to disregard all the protections macOS provides, disregarded all the warning signs, and nevertheless proceeded to install something nefarious.

I've seen reports of similar scam pages. What the OS normally does for same named files is append them with a numerical progression. But what these web sites sometimes do is force download the same file over and over, overwriting the identical item each time, so there's always only one.

A file being actively downloaded is considered temporary by macOS. It can change its name or appearance before it's complete. Perhaps that explains it. Either way, if the files are no longer present, then they can do nothing.

Don't you use Time Machine? As I wrote there is no justification for concern but if it's keeping you up at night you could consider restoring a backup created prior to that event.

To learn how to use Time Machine please read Back up your files with Time Machine on Mac.

In my opinion it's overkill for a situation that requires literally nothing though.

As long as you installed nothing (and you would know because you would have had to authenticate) then you're fine.

dggxam1 wrote:

I actually had the security set to allow apps downloaded from anywhere at the time.

Read Install an app from an unidentified developer in the Apple Support document I linked in my initial reply. You can leave Gatekeeper configured for a more secure setting.

That won't strictly prevent you from installing apps "downloaded from anywhere", but it will provide another security layer. Any effective security strategy is a multifaceted or "layered" one (for lack of a better term): Effective defenses against malware and other threats.

It may interest you to know that certain bad actors even include explicit instructions for disabling Gatekeeper, as though it's holding a gun to your head and asking you to please **** its trigger. That's either hilarious or pathetic depending on one's perspective.

(**** appears to have been caught by ASC's bad word filter. Substitute the word for "male gallinaceous bird")

dggxam1 wrote:

I actually had the security set to allow apps downloaded from anywhere at the time.

I'm glad you edited that, I was wondering. Allow apps downloaded from anywhere still asks you to authenticate with Admin password.