my macbook pro has FBI moneypack virus, how to remove

iheartapple1970 wrote:

you are incorrect there is a version of this virus that can infect a mac. there is plenty of supporting documentation for this online!

That simply isn't true. There are sites that have been poisoned with a javascript that fakes being the Windows malware, but it's easy to back out of it. Every posting I have read says this. If you can find something different, please share a link to such documentation so that we can track down the infection.

you are incorrect there is a version of this virus that can infect a mac. there is plenty of supporting documentation for this online!

As MadMacs0 has already pointed out, this definitely is not a virus, or any other kind of malware. Nothing is actually installed on the victim's computer. It's just a web page using some JavaScript tricks to keep you from closing the window, and trying to scare you into divulging your credit card number. As such, there's no need to worry about removal of any malware after encountering this scam.

More information can be found here:

FBI ransomware “virus” rampant

Hi nowbert,

Thomas A Reed wrote:

Then, start your browser again while holding the shift key. This will prevent the browser from trying to re-load the pages that were open when you forced it to quit.

To add to Tom's advice, you might like to also do this:

System Preferences > General

And from the Apple Menu (for Shut Down or Restart)...

Untick Reopen windows when logging back in.

Those settings will give you a clean start after you put your computer to beddy-byes.

Regards,

Ian,

it's not a virus, i mispoke on that point. it's considered "ransomware" and it can lock up safari web browsers if steps aren't taken. following are links that talk about it:

http://www.fbi.gov/scams-safety/e-scams (this is the official fbi website addressing the issue on mac computers)

http://malwaretips.com/blogs/fbi-mac-os-x-virus

i have had several friends who use macs get this "ransomware" and it did in fact lock up the safari browser until we took some troubleshooting steps to resolve it. it kept taking her the fbi moneypak site regardless of what site she tried to go to.

<Link Edited By Host>

iheartapple1970 wrote:

it's not a virus, i mispoke on that point. it's considered "ransomware"

Correct and note that the FBI site specifically says that "The newest version of ransomware targets OS X Mac users. This new version is not malware..."

it can lock up safari web browsers if steps aren't taken.

Actually, it doesn't lock up safari at all, it simply presents a dialog that must be dismissed 150 times to regain control of that particular page. Everything else in the browser and on the computer are fully functional. The real FBI Moneypack encrypts your hard drive and totally disables a Windows computer.

As you said, your first link officially tells the whole story. Your second link is blacklisted by Bitdefender Trafficlight so I didn't visit it. The third link is OK and points out that Safari isn't the only browser that's affected. That's probably where you got the idea that the browser is "locked up" and a "virus". Resetting everything in Safari is overkill so you may want to be more selective in what you reset (e.g. there's no reason to delete all the passwords and autofill information).

Next time one of your friends runs into this, tell him to do it the easy way:

1. Disable Javascript in Safari Preferences->Security
2. Hit the back arrow in Safari.
3. Re-enable Javascript.
4. Reset History and Top Sites as a precaution.

WOW - you guys are fantastic. A lot of good info and education. My only observation is geeks (and I mean that as a compliment) tend to be very literal and while those of us not as educated may use "virus" or "java" instead of "ransomeware" and "javascript" and speak in generalities out of ignorance, you guys are real precise over terminoligy. Not a bad thing - it's how we all learn :-). Thanks for all your help.

Big difference between a mosquito in your face (scareware / java script) .....and being in jail (virus)

For fun see what happens when you ask SIRI on your Iphone "Ok, glass"

see what she says. Ask several times

😁

Yes you can remove this virus by just resetting the safari browser,

Follow these steps-

1. At the top left of safari window click on "safari"

2. Now click on Reset Safari..

3. Select all the checkbox

4. Click on reset.

🙂

If you want to know more about how to remove this virus completely follow below link.

http://bit.ly/18tgtz1

sandy018

Yes you can remove this virus by just resetting the safari browser,

Its not a virus. Correction. 😐

sandy018 wrote:

Yes you can remove this virus by just resetting the safari browser,

I'm sure nowbert has figured out how to fix his/her problem of three weeks ago already, but I still prefer my solution over yours which unnecessarily deletes a bunch of extra things (such as passwords). History and Top Sites are the only things that could possibly cause anybody to have the issue recur after backing out of it.

And most A-V vendors don't even consider it to be malware.

you just have to reset safari. and ill go away

lpalomeque wrote:

you just have to reset safari. and ill go away

Seven people have already told him that and he's had two months to do it, so I'm not sure why you are posting this now.

If browser is locked and frozen press ing command+option+escape buttong to force quit safari.. thenJust reset safari browser through safari preference... safari will be fine..

manucoorg wrote:

If browser is locked and frozen press ing command+option+escape buttong to force quit safari.. thenJust reset safari browser through safari preference... safari will be fine..

Do you really think the OP waited four months for you to tell him that?

Beside which is easier to just use the back button, disable JavaScript for the moment, reset Safari (optional) and re-enable JavaScript.

I couldn't figure this out so I chose to manually shut down my computer.. I guess that was a bad idea since it will not restart now. It gets part way through start-up and then just shuts down.
Any suggesstions?