How do I get rid of the phony Flash Update malware on my Mac?

http://blog.qisupport.com/remove-adobe-flashplayer-us-virus-fake-adobe-pop-ups-r emoval-guide/

more

https://www.google.dk/search?q=fake+update+flash+browser+hijack&oq=fake+update+f lash+browser+hijack&aqs=chrome..69i57.10566j0j7&sourceid=chrome&es_sm=93&ie=UTF- 8#q=osx+fake+update+flash+browser+hijacker&spell=1

Check your DNS server settings in System Preferences - Network - Advanced - DNS.

If they're as expected, check that they haven't been altered in your router & if so, look into changing security on it, or replacing it with a different model.

Yes. The first one...

If it's the same as ...Advanced - TCP/IP - Router Address, then check your router settings.

If it's not, and it doesn't belong to your ISP, or Opendns (it would be 208.67... etc)

then remove it & test.

It is ok to post the numbers, but if you prefer not to, you'll need to search yourself to find out if they belong to your ISP or could be responsible for this.

They're evidently not from your router, or they would match that in ...Advanced - TCP/IP - Router.

If you select that entry in DNS servers, copy it, then remove & click Apply, you can always test without it then revert later.

8.8.8.8 belongs to Google Public DNS. and presumably was added manually at some point.

If the number in DNS servers matched the Router number : that could be normal.

Since it doesn't, the number may be for some rogue DNS that is causing this; or it could be a legitimate one from your own, or some other, ISP.

You can either post the number here, or search yourself, to see who it might belong to.

My advice is to select it, then click the + button to remove it. You might need to authenticate before doing that, by clicking the padlock at bottom left of the main Network preference window.

The update alerts are fake, and are intended to mislead you into installing malware and/or to steal your identity.

You might get the alerts when visiting a website that has been hacked. Don't visit the site again. If applicable, notify the site administrator of the problem, but don't send email to an unknown party.

If you get the alerts when visiting well-known websites such as Google, YouTube, or Facebook, then they're the result of an attack on your router that has caused you to get false results from looking up the addresses of Internet servers. Requests sent to those sites are redirected to a server controlled by the attacker.

The router's documentation should tell you how to reset it to the factory default state. Usually there's a pinhole switch somewhere in the back. It may be labeled "RESET." Insert a paper clip and press the button inside for perhaps 15 seconds, or as long as the instructions specify.

Then go through the initial setup procedure. I can't be specific, because it's different for every model. The key points are these:

1. Don't allow the router to be administered from the WAN (Internet) port, if it has that option.

2. Set a strong password to protect the router's settings: at least ten random upper- and lower-case letters and digits. Don't use the default password or any other that could be guessed.

3. If the router is wireless, or if you have a wireless access point on the network, use "WPA 2 Personal" security and set another strong password to protect the network. If the router or access point doesn't support WPA 2, it's obsolete and must be replaced.

During the time the router was compromised, you were redirected to bogus websites. If you ever connected to a secure site and got a warning from your browser that the identity of the server could not be verified, and you dismissed that warning in order to log in, assume that your credentials for the site have been stolen and that the attacker has control of the account. This warning also applies to all websites on which you saw the fake update alerts.

If you downloaded and installed what you thought was a software update, ask for instructions.