Suspicious Activity Detected - Pop Up Window

Mad,

What is the procedure I should follow if I allowed the number that popped up to control my computer for a short period of time via Logmein (support.me)?

While I was on the phone with the person, he briefly explained what the firewall/vault was and netstat on my terminal. Then he asked me to pay for some service. This was when I realized something wasn't right, so I told him I would have to call back after discussing it with my wife. I then saw that the connection via logmein was terminated... Did I get hacked? Or is the scam merely to get you to pay for that service?

TropicFreakDog wrote:

What is the procedure I should follow if I allowed the number that popped up to control my computer for a short period of time via Logmein (support.me)?

Restore from backup taken before the scammer logged into your computer.

Did I get hacked? Or is the scam merely to get you to pay for that service?

Impossible for me to say from where I sit. Only a forensically trained Mac technician would be able to tell you and even they might not be able to give you certainty.

I have not seen any reports of verified hacking, so if I had to guess I'd say they probable would be satisfied with your credit card number, but obviously best to assume you were and take the action necessary to make you comfortable with your computer as it is now.

if if you see this windows on Ipad

1)Go in to Settings

2) Select Safari

3) Select clear history and website data

4) Then select clear

It fixed my ipad.🙂

Here's the simplest way to get control without killing all of your browser history. (I have a ton of active research open and didn't want to lose any of that.)

Simply open the Script Editor and enter this:

tell application "Safari"

close last tab of window 1

end tell

Hit the "Play" triangle and watch the annoying window go away. The javascript pop up will persist, but you can wrest control back. I still recommend clearing everything in your browser history when you close out of Safari...

Link's explanation was spot on. My wife's computer was infected with the same thing but details a little different. The fix he described worked perfectly. Seems so simple now.

Thanks, Link

Daughter #1 received the pop-up message below just today. Unfortunately, I was not able to respond quickly enough to her txt msg before she called the number shown below and granted them remote control access. I called the toll free number myself. The person answered the phone "something something Apple support". I asked them to confirm that I was speaking with Apple Computer. They repeated "something something Apple support". After several more attempts, I finally asked them to spell their company name which was YODA CARE. So, Yoda Care Apple support. I didn't have the MBP in hand, but I asked them to assist me with "an issue" anyway (daughter had sent me the photo below). They immediately wanted remote access. Of course, I declined.

Now I just need to figure what they did to the MBP while they had remote control... Fun stuff.

Thanks Linc Davis. Really helpful!🙂

I just got the same thing with the pop up window and # to call. I did and let them get control of my computer, but the session was terminated before they asked me for money. I was suspicious and asked a lot of questions. I want to know if this is the end of any problem. Do I need to do anything else?

There are dozens of these crooks engaged in this activity now, so there is no guarantee that your situation would be the same as anybody else. Once you gave access to your computer, anything is possible. They may have been able to harvest privacy date, install malware, install spyware, etc. The only safe way is to restore your computer back to the way it was before giving access. The only other way to be reasonably certain would be to have a forensic law enforcement officer examine your computer. You can either completely erase your drive and start from scratch, change all you passwords and closely monitor your financial accounts or assume nothing happened and take your chances. Nobody here can decide for you.

I called AppleCare and they had me download the Adware medic software, run it and it identified 4 entries in my system library as ads causing the problem. I removed them using this same software and Voila! Problem solved.

Go to Adwaremedic.com for the download.

sdpark10 wrote:

I called AppleCare and they had me download the Adware medic software, run it and it identified 4 entries in my system library as ads causing the problem.

Yes, that is a recent development and my previous explanation from last year is no longer true. It can be caused by either javascript on the web site or scam adware.

That's a good example of why one should never rely on old postings for the latest word. Rather use something current or start a new discussion.

Carlton

I found your response in a chain about killing a rogue safari window and found it very helpful. I tried it on my macbook and it worked great! But the reason I was trying to solve this problem was for the same problem on my husbands ipad. I am not very familiar with the ipad, but is there a way to do the same thing on an ipad? I hate to delete his whole browser history.

Thank you,

Toni

So I'm pretty sure whatever is on my iMac is still there even after everything I have read in the threads. I have deleted the plist file and the com.apple file. I have to force quit almost everyday on safari and I cannot create a new thread. For some reason my computer is not letting me submit one on apple.com. If I actually have a virus on my iMac, is it a good sign to delete everything and restore to factory default settings?

oshana.rua wrote:

I've been experiencing the same problem, I followed all the instructions here but still cant stop the pop ups.

Try running AdwareMedic to see if you have some sort of persistent adware that is taking you back to that pop-up. It will identify and optionally delete all currently known forms of adware.

This is exactly what happened tonight when I was using my friend's MacBook. Same exact message, and I called the guy & went through steps to "fix the problem" including giving them my friend's name, email & cell number! (she was sitting right next to me). I stopped everything when the guy said there would be a charge of $299 to fix this. What happened with your incident? Did you fix it? Did they do anything with your daughter's info or access into her computer? HELP! 😟