You can make a difference in the Apple Support Community!

When you sign up with your Apple Account, you can provide valuable feedback to other community members by upvoting helpful replies and User Tips.

Looks like no one’s replied in a while. To start the conversation again, simply ask a new question.

Safari has been infected by virus

Hello. Earlier today while searching for a deleted email, I accidentally opened a different message in my junk folder. Immediately, Safari was compromised. A dialogue box showed up with the address www.webuniversally.com in it. I am told that "Microsoft Windows detected a virus attack on my computer" and I'm told to "contact customer support" at a "toll free" number" I'm given. I actually called the number and immediately felt it was not legit and hung up. Now when I click on Safari, the same process keeps happening. I cannot get online at all, and other functions (such as Reset Safari) are disabled. I've tried shutting down and restarting, and I've used Time Machine to restore the system to a time before I opened the email, but I'm stuck and do not know how to proceed. Can I remove this virus somehow? My system is OS X 10.7.5.

MacBook Pro, Mac OS X (10.7.5)

Posted on Aug 18, 2014 6:40 PM

Reply
Question marked as Top-ranking reply

Posted on Aug 18, 2014 6:48 PM

See if you can do this with Safari .


From the Safari menu bar click Safari > Preferences then select the Extensions tab.


Turn that OFF then quit and relaunch Safari and see if the Reset Safari is still disabled.


If it's not an extension, troubleshoot Safari plug-ins.


Back to Safari > Preferences. This time select the Security tab. Deselect: Allow all other plug-ins. Quit and relaunch Safari to test.


If that made a difference, instructions for troubleshooting plugins here.

5 replies
Question marked as Top-ranking reply

Aug 18, 2014 6:48 PM in response to raurich

See if you can do this with Safari .


From the Safari menu bar click Safari > Preferences then select the Extensions tab.


Turn that OFF then quit and relaunch Safari and see if the Reset Safari is still disabled.


If it's not an extension, troubleshoot Safari plug-ins.


Back to Safari > Preferences. This time select the Security tab. Deselect: Allow all other plug-ins. Quit and relaunch Safari to test.


If that made a difference, instructions for troubleshooting plugins here.

Feb 10, 2015 10:35 AM in response to MadMacs0

This has happened to me. It actually seemed to have started when I started using google chrome for work. Pop-ups starting happening on chrome and then it hit my safari, which is what I normally use. This is what it looks like on my screen. It originally told me I had to download a flash plug in. And....I tried figuring I was missing a plug in.....now my screen is stuck on this and I can only "quit" safari but when I try to get back on this is it.....I will try your suggestions from earlier posts and see what happens.


User uploaded file

Aug 18, 2014 6:45 PM in response to raurich

The Safe Mac » Adware Removal Guide


Open Safari and select Safari's preferences. Click on the Extensions icon in the toolbar. Look for any strange extension and disable it, then uninstall it.

Helpful Links Regarding Malware Protection


An excellent link to read is Tom Reed's Mac Malware Guide.

For adware removal see The Safe Mac » Adware Removal Guide and The Safe Mac » Adware Removal Tool.

Also, visit The XLab FAQs and read Detecting and avoiding malware and spyware.

See these Apple articles:


Mac OS X Snow Leopard and malware detection

OS X Lion- Protect your Mac from malware

OS X Mountain Lion- Protect your Mac from malware

OS X Mavericks- Protect your Mac from malware

About file quarantine in OS X


If you require anti-virus protection Thomas Reed recommends using ClamXAV. (Thank you to Thomas Reed for this recommendation.)


From user Joe Bailey comes this equally useful advice:


The facts are:


1. There is no anti-malware software that can detect 100% of the malware out there.

2. There is no anti-malware that can detect anything targeting the Mac because there

is no Mac malware in the wild, and therefore, no "signatures" to detect.

3. The very best way to prevent the most attacks is for you as the user to be aware that

the most successful malware attacks rely on very sophisticated social engineering

techniques preying on human avarice, ****, and fear.

4. Internet popups saying the FBI, NSA, Microsoft, your ISP has detected malware on

your computer is intended to entice you to install their malware thinking it is a

protection against malware.

5. Some of the anti-malware products on the market are worse than the malware

from which they purport to protect you.

6. Be cautious where you go on the internet.

7. Only download anything from sites you know are safe.

8. Avoid links you receive in email, always be suspicious even if you get something

you think is from a friend, but you were not expecting.

9. If there is any question in your mind, then assume it is malware.

Feb 10, 2015 11:41 AM in response to jenny_and_boys

The ads appeared because something you, or someone else in the household installed had adware attached to it. You can either follow Apple's manual instructions for removing it, or use the free automated tool, AdwareMedic.


That should stop all of the ads. However, there's no way of knowing what you installed with the fake Flash Player plugin. Never, never, EVER install any add on, codec, Flash, Shockwave, or whatever else the site insists you install that comes directly from that site. It will be adware or malware of some sort every time.


The fake Flash software you installed could have simply been more adware, but also could have been something much worse, such as a keylogger. Always, only install Flash or updates for Flash from Adobe's site. Ignore any other site that tells you to install it.


As far as the image you posted, note that it states "Windows Security Essentials". This is Microsoft's built in malware protection for Windows. It of course doesn't exist for OS X or have anything to do with the Mac. They used that phrase for the simple fact that it will catch the highest number of computer users off guard in the hopes that you'll believe a message from http: // alwyncp*.*** has anything even remotely to do with Microsoft. The number is a scam where they will fleece you out of as much money as you're willing to cough up to do nothing.


If the page is stuck (which is what all of these are designed to do), you can get rid of it a couple of ways. Open Safari's preferences and turn off JavaScript. Then other back out of the page, or close its tab. Turn JavaScript back on. Newer versions of these web browser tricks stop you from even getting at the preferences. In that case, press Command+Option+Esc. Highlight Safari and click Force Quit. Then, hold down the Shift key and relaunch Safari. That tells it not to load any web pages that were previously open.


Your only concern then is exactly what that fake Flash player installed. A keylogger would be very bad. Such software sends everything you type to whoever wrote the software. They can then duplicate every single thing you did on your Mac. Like logging into your bank account.


Can you recall exactly what site told you to download and install the software?

Safari has been infected by virus

Welcome to Apple Support Community
A forum where Apple customers help each other with their products. Get started with your Apple Account.