Carried out procedure for removing it from safari, deleting website data, but on accessing safari the page is still present warning of virus infection?
What is the next step please.
Philip
[Re-Titled by Moderator]
iPad, iPadOS 17
Providing that you have not attempted to jailbreak your device - or have bypassed protections by side-loading third-Apps (if you don’t know what this is, then don’t worry about it), then it is highly unlikely that your device will actually have been infected with a virus or other malware.
However, there is one potential source of immediate issues with your iPad that you may need to check - this being for a vulnerability that is often exploited that gives the appearance of a malware infection. This involves your iPad/iPhone Calendar - the symptom being your Calendar appearing to have been populated with regular events that warn of malware infection.
Calendar Infection
Whilst not a malware infection in the traditional sense, if this exploit is observed on your device, it is highly probable that you were manipulated (via a simple click on a website link) into “subscribing” an additional (unwanted) Calendar to your device - and this unexpected Calendar is exposing unwanted calendar events and sending you unexpected “adverts” or other warnings.
If you see this issue, you’ll need to check for what’s out of place...
iOS/iPadOS13 and earlier: Settings > Passwords and Accounts
iOS/iPadOS14-17: Settings > Calendar > Accounts
iOS/iPadOS18Settings > Apps > Calendar > Calendar Accounts
Look for an “account” that shouldn’t be in the list of accounts - as this will likely include the Calendar that contains all the unwanted events. When/if you find the suspect account, tap - then select Delete Account. This should resolve this specific problem in its entirety.
Threat & Vulnerability
Providing your iPad has been kept up-to-date with system software updates, you should not be unduly concerned for your iPad being directly compromised by malware. Due to the system architecture of iOS/iPadOS, unless jailbroken, your iPad is not susceptible to traditional malware infection per-se. However, as with all computer systems, there are still vulnerabilities and exploits to which you remain vulnerable.
For older devices, no longer benefiting from security updates, the risk of an unpatched vulnerability being exploited increases. Regardless of the installed version of iPadOS, there are useful mitigations that can be used to significantly reduce your exposure to risk.
Mitigation
The majority of threats to which you will be exposed surface via web pages or embedded links within email or messaging platforms. Browser-based attacks can be largely mitigated by installing a good Content/Ad-blocking product. One of the most respected within the Apple App Store - designed for Apple devices - is 1Blocker for Safari.
https://apps.apple.com/gb/app/1blocker-for-safari/id1365531024
1Blocker is highly configurable - and crucially does not rely upon an external proxy-service of dubious provenance, often utilised by so-called AntiVirus products intended for iOS/iPadOS. Instead, all processing by 1Blocker takes place on your device - and contrary to expectations, Safari will run faster and more efficiently.
Unwanted content is not simply filtered after download (a technique used by inferior products), but instead undesirable embedded content is blocked. The 1Blocker product creates a ruleset that is actually processed by Safari. 1Blocker has also introduced its new “Firewall” functions - that are explicitly designed to block “trackers” and will augment existing protection built-in to iPadOS. Being implemented at the network-layer, this additional protection works across all Apps. Recent updates to 1Blocker has introduced additional network extensions, extending protection to other Apps.
A further step to improve protection from exploits is to use a security focussed DNS Service in preference to automatic DNS settings. This can either be set on a per-device basis in Settings, or can be set-up on your home Router - and in so doing extends the benefit of this specific protection to other devices on your local network. I suggest using one of the following DNS services - for which IPv4 and IPv6 server addresses are listed:
Quad9 (recommended)
9.9.9.9
149.112.112.112
2620:fe::fe
2620:fe::9
OpenDNS
208.67.222.222
208.67.220.220
2620:119:35::35
2620:119:53::53
Cloudflare
1.1.1.1
1.0.0.1
2606:4700:4700::1111
2606:4700:4700::1001
Security focused DNS providers intentionally "sink hole" known bad or malicious websites and resources - this providing an additional layer of protection beyond that provided by your device and its Operating System. These DNS services will, when used alongside 1Blocker or other reputable Content Blocker, provide defence in depth.
Providing that you have not attempted to jailbreak your device - or have bypassed protections by side-loading third-Apps (if you don’t know what this is, then don’t worry about it), then it is highly unlikely that your device will actually have been infected with a virus or other malware.
However, there is one potential source of immediate issues with your iPad that you may need to check - this being for a vulnerability that is often exploited that gives the appearance of a malware infection. This involves your iPad/iPhone Calendar - the symptom being your Calendar appearing to have been populated with regular events that warn of malware infection.
Calendar Infection
Whilst not a malware infection in the traditional sense, if this exploit is observed on your device, it is highly probable that you were manipulated (via a simple click on a website link) into “subscribing” an additional (unwanted) Calendar to your device - and this unexpected Calendar is exposing unwanted calendar events and sending you unexpected “adverts” or other warnings.
If you see this issue, you’ll need to check for what’s out of place...
iOS/iPadOS13 and earlier: Settings > Passwords and Accounts
iOS/iPadOS14-17: Settings > Calendar > Accounts
iOS/iPadOS18Settings > Apps > Calendar > Calendar Accounts
Look for an “account” that shouldn’t be in the list of accounts - as this will likely include the Calendar that contains all the unwanted events. When/if you find the suspect account, tap - then select Delete Account. This should resolve this specific problem in its entirety.
Threat & Vulnerability
Providing your iPad has been kept up-to-date with system software updates, you should not be unduly concerned for your iPad being directly compromised by malware. Due to the system architecture of iOS/iPadOS, unless jailbroken, your iPad is not susceptible to traditional malware infection per-se. However, as with all computer systems, there are still vulnerabilities and exploits to which you remain vulnerable.
For older devices, no longer benefiting from security updates, the risk of an unpatched vulnerability being exploited increases. Regardless of the installed version of iPadOS, there are useful mitigations that can be used to significantly reduce your exposure to risk.
Mitigation
The majority of threats to which you will be exposed surface via web pages or embedded links within email or messaging platforms. Browser-based attacks can be largely mitigated by installing a good Content/Ad-blocking product. One of the most respected within the Apple App Store - designed for Apple devices - is 1Blocker for Safari.
https://apps.apple.com/gb/app/1blocker-for-safari/id1365531024
1Blocker is highly configurable - and crucially does not rely upon an external proxy-service of dubious provenance, often utilised by so-called AntiVirus products intended for iOS/iPadOS. Instead, all processing by 1Blocker takes place on your device - and contrary to expectations, Safari will run faster and more efficiently.
Unwanted content is not simply filtered after download (a technique used by inferior products), but instead undesirable embedded content is blocked. The 1Blocker product creates a ruleset that is actually processed by Safari. 1Blocker has also introduced its new “Firewall” functions - that are explicitly designed to block “trackers” and will augment existing protection built-in to iPadOS. Being implemented at the network-layer, this additional protection works across all Apps. Recent updates to 1Blocker has introduced additional network extensions, extending protection to other Apps.
A further step to improve protection from exploits is to use a security focussed DNS Service in preference to automatic DNS settings. This can either be set on a per-device basis in Settings, or can be set-up on your home Router - and in so doing extends the benefit of this specific protection to other devices on your local network. I suggest using one of the following DNS services - for which IPv4 and IPv6 server addresses are listed:
Quad9 (recommended)
9.9.9.9
149.112.112.112
2620:fe::fe
2620:fe::9
OpenDNS
208.67.222.222
208.67.220.220
2620:119:35::35
2620:119:53::53
Cloudflare
1.1.1.1
1.0.0.1
2606:4700:4700::1111
2606:4700:4700::1001
Security focused DNS providers intentionally "sink hole" known bad or malicious websites and resources - this providing an additional layer of protection beyond that provided by your device and its Operating System. These DNS services will, when used alongside 1Blocker or other reputable Content Blocker, provide defence in depth.
Happy to report that having downloaded and installed the latest iOS security upgrade, coupled with clearing of the data cache from Safari, (this is the third time) and accessing the app a clear page is presented and access to yahoo untroubled.
Thank you for your valuable assistance.
regards Phil
Clear your cached Safari data - as this should remove any persistent website data:
Settings > Apps > Safari > Clear History & Website Data
If you haven't already followed the mitigation advice provided within my initial reply, you would be well advised to at least change your DNS settings to one of the recommended DNS services. From your iPad settings:
Settings > WiFi > [Your WiFi SSID] - tap the “i” icon - then Configure DNS > Manual - finally replace the listed DNS servers.
Here are the DNS Server addresses for Quad9:
9.9.9.9
149.112.112.112
2620:fe::9
2620:fe::fe
Enter each of the DNS server addresses exactly as shown, one per line; the sequence of server addresses is inconsequential.
The aim of this exercise is to eliminate the network and/or DNS as a potential cause of the problem.
Provide a screenshot of what you see.
In most cases on an iPad, it is the website that you are visiting that is paid to give you that fake message. This is most frequent on less than legitimate websites. They can provide you that same ad/alert every time you go there no matter what you do and they are paid each time they present it to you.
filofa wrote:
I was using yahoo for the news on the health service critical incidents when I inadvertently clicked on that site warning of the virus threat
Philip
That has nothing to do with Calendar Spam and is just an ad provided by the website you went to. They were paid to pop that up on your iPad and most likely recommended you download some software. Simply navigating away from that site is all that is needed.
You have not given any indication that you see this in the Calendar app or caused by a spam calendar invitations. Is that where you are seeing it, or is it from a Safari web page?
Have checked the calendar under the accounts can only find, icloud, add account and below that fetch new data option that's all.
in the icloud it says, icloud drive, contacts, calendars, safari and 3 more?
Philip
It would be from a safari web page. I was accessing the news on yahoo and clicked on an item dealing with the health service reporting critical incidents in the UK Hospitals, when I clicked on what I thought was the news item which triggered the virus alert. Repeated attempts to clear the data from safari has failed when I open safari the virus page is still present.
regards Philip
I was using yahoo for the news on the health service critical incidents when I inadvertently clicked on that site warning of the virus threat
Philip
How can I remove persistent Virus Alerts in Safari on iPad?
