Suspicious Activity Detected - Pop Up Window

It's not malware. It's a JavaScript scam that only affects your web browser, and only temporarily.

1. Some of those scam pages can be dismissed very easily. Press command-W to close the tab or window. A huge box will pop up. Press the return key and both the box and the page will close. If that doesn't happen, continue.

2. From the Safari menu bar, select

Safari ▹ Preferences... ▹ Security

and uncheck the box marked Enable JavaScript. Leave the preferences dialog open.

Close the malicious window or tab.

Re-enable JavaScript and close the preferences dialog.

3. If the Preferences menu item is grayed out, quit Safari. Force quit if necessary. Relaunch it by holding down the shift key and clicking its icon in the Dock. From the menu bar, select

Safari ▹ Preferences... ▹ Privacy ▹ Remove All Website Data

to get rid of any cookies or other data left by the server. Open your Downloads folder and delete anything you don't recognize.

The following comes from user stevejobsfan0123.

Occasionally, a browser window may pop up with a scam message. Common pop-ups include a message saying the government has seized your computer and you must pay to have it released (often called "Moneypak"), or a phony message saying that your computer has been infected, and you need to call a tech support number (sometimes claiming to be Apple) to get it resolved. First, understand that these pop-ups are not caused by a virus, and your computer has not been affected. This "hijack" is limited to your web browser. Also understand that these messages are scams, so do not pay any money, call the listed number, or provide any personal information. Most of these scammers, if you actually call the number, will ask you to install software giving them remote control over your computer. Do not do this either. This article will outline the solution to dismiss the pop-up.

Quit Safari

Though you will probably have to quit Safari, you can first try closing the tab by pressing Command + W. Sometimes, however, these pop-ups will not go away by attempting to close the tab, nor by clicking "OK" or "Cancel." Furthermore, several menus in the menu bar may become disabled and show in gray, including the option to quit Safari. You will likely have to force quit Safari. To do this, press Command + option + esc, select Safari, and press Force Quit.

Relaunch Safari

If you relaunch Safari, the page will reopen. To prevent this from happening, hold down the 'Shift' key while opening Safari. This will prevent windows from the last time Safari was running from reopening.

This will not work in all cases. The shift key must be held at the right time, and in some cases, even if done correctly, the window reappears. In these circumstances, after force quitting Safari, turn off Wi-Fi or disconnect Ethernet, depending on how you connect to the Internet. Then relaunch Safari normally. It will try to reload the malicious webpage, but without a connection, it won't be able to. Navigate away from that page by entering a different URL, i.e. www.apple.com, and trying to load it. Now you can reconnect to the Internet, and the page you entered will appear rather than the malicious one.

None of this Worked!

If pressing Command + W does not work, and force quitting Safari and restarting the application with the Shift key held down does not get rid of the pop-up you will have to reset Safari. Normally, this can be done by launching Safari, then in the menu bar, going to Safari > Reset Safari. However, most pop-ups of this variety will block access to many of the drop-down menus in the menu bar. You will need to locate a file on the computer and move it to the trash. Make sure you quit Safari first (force quit if necessary).

To start, open Finder. The press Command + Shift + G, or in the menu bar, select Go > Go to Folder. Type the following file path:

~/Library/Preferences

Look for a file named com.apple.Safari.plist, and drag it to the trash. Then restart your Mac. After it reboots, try launching Safari. A new preferences file should have been automatically created, so no more action is required on your part, and the pop-up should now be gone.

The Source of the Scam

In addition to the FBI scam, there are a few webpages with bogus technical support pop-ups or "security alerts," claiming you have a virus as described earlier. These webpages include but are not limited to:

• macsecurityissue.com
• helpmetek.com
• applesecurityalert.com
• websternal.net
• newsalert.report-o.com
• mac-system-alerts.com
• geek-techies.com
• system-connect.com
• instants-pc-fix.com
• flasherrordetector.websiteviruscleaner.com
• safaricontact-help.com
• system-logs.info
• customer-help.in

Do not call the number, it's a hoax.

Just in case, check for malware ...

Download and run the adware removal tool here > The Safe Mac » Adware Removal Guide

Easy, safe, and only takes a minute or two.

Daughter #1 received the pop-up message below just today. Unfortunately, I was not able to respond quickly enough to her txt msg before she called the number shown below and granted them remote control access. I called the toll free number myself. The person answered the phone "something something Apple support". I asked them to confirm that I was speaking with Apple Computer. They repeated "something something Apple support". After several more attempts, I finally asked them to spell their company name which was YODA CARE. So, Yoda Care Apple support. I didn't have the MBP in hand, but I asked them to assist me with "an issue" anyway (daughter had sent me the photo below). They immediately wanted remote access. Of course, I declined.

Now I just need to figure what they did to the MBP while they had remote control... Fun stuff.

It's a scam. You might want to go through the instructions in the articles below from our fellow Community Support member Thomas Reed:

The Safe Mac » Mac Malware Guide

The Safe Mac - ADWARE REMOVAL

The Safe Mac » Adware Removal Tool

Cheers,

GB

Sorry Carolyn and gail, but that doesn't work for these fake javascript alerts. It isn't caused by adware on the computer, but solely by a script imbedded on the website. Linc has the correct solution.

Hi,
I've been experiencing the same problem, I followed all the instructions here but still cant stop the pop ups. In fact, this command box continues to pop up every time I close it. I tried turning off Wifi but it did not affect the pop ups. I cant even access my safari preferences.

please advise?

Hello Friends

I found a solution :

1. Force quit all safari web content from activity monitor followed by force quit safari from activity monitor

2. Force quit the safari again if you see it in activity monitor

3. Reopen safari and choose don't reopen web content

Sujoy

I am having the same problem, nothing works. I have disconnected my internet connections, even with this off I still get the message and no preferences are available in Safari. Any other suggestions

Mad,

What is the procedure I should follow if I allowed the number that popped up to control my computer for a short period of time via Logmein (support.me)?

While I was on the phone with the person, he briefly explained what the firewall/vault was and netstat on my terminal. Then he asked me to pay for some service. This was when I realized something wasn't right, so I told him I would have to call back after discussing it with my wife. I then saw that the connection via logmein was terminated... Did I get hacked? Or is the scam merely to get you to pay for that service?

TropicFreakDog wrote:

What is the procedure I should follow if I allowed the number that popped up to control my computer for a short period of time via Logmein (support.me)?

Restore from backup taken before the scammer logged into your computer.

Did I get hacked? Or is the scam merely to get you to pay for that service?

Impossible for me to say from where I sit. Only a forensically trained Mac technician would be able to tell you and even they might not be able to give you certainty.

I have not seen any reports of verified hacking, so if I had to guess I'd say they probable would be satisfied with your credit card number, but obviously best to assume you were and take the action necessary to make you comfortable with your computer as it is now.

Here's the simplest way to get control without killing all of your browser history. (I have a ton of active research open and didn't want to lose any of that.)

Simply open the Script Editor and enter this:

tell application "Safari"

close last tab of window 1

end tell

Hit the "Play" triangle and watch the annoying window go away. The javascript pop up will persist, but you can wrest control back. I still recommend clearing everything in your browser history when you close out of Safari...

I just got the same thing with the pop up window and # to call. I did and let them get control of my computer, but the session was terminated before they asked me for money. I was suspicious and asked a lot of questions. I want to know if this is the end of any problem. Do I need to do anything else?

There are dozens of these crooks engaged in this activity now, so there is no guarantee that your situation would be the same as anybody else. Once you gave access to your computer, anything is possible. They may have been able to harvest privacy date, install malware, install spyware, etc. The only safe way is to restore your computer back to the way it was before giving access. The only other way to be reasonably certain would be to have a forensic law enforcement officer examine your computer. You can either completely erase your drive and start from scratch, change all you passwords and closely monitor your financial accounts or assume nothing happened and take your chances. Nobody here can decide for you.

I called AppleCare and they had me download the Adware medic software, run it and it identified 4 entries in my system library as ads causing the problem. I removed them using this same software and Voila! Problem solved.

Go to Adwaremedic.com for the download.