I think I may have downloaded a virus and I need help removing it.

Ignore it. It's a phishing scam. If you think you have adware, then:

Helpful Links Regarding Malware Problems

If you are having an immediate problem with ads popping up see The Safe Mac » Adware Removal Guide and AdwareMedic.

Open Safari, select Preferences from the Safari menu. Click on Extensions icon in the toolbar. Disable all Extensions. If this stops your problem, then re-enable them one by one until the problem returns. Now remove that extension as it is causing the problem.

The following comes from user stevejobsfan0123. I have made minor changes to adapt to this presentation.

Fix Some Browser Pop-ups That Take Over Safari.

Common pop-ups include a message saying the government has seized your computer and you must pay to have it released (often called "Moneypak"), or a phony message saying that your computer has been infected, and you need to call a tech support number (sometimes claiming to be Apple) to get it resolved. First, understand that these pop-ups are not caused by a virus and your computer has not been affected. This "hijack" is limited to your web browser. Also understand that these messages are scams, so do not pay any money, call the listed number, or provide any personal information. This article will outline the solution to dismiss the pop-up.

Quit Safari

Usually, these pop-ups will not go away by either clicking "OK" or "Cancel." Furthermore, several menus in the menu bar may become disabled and show in gray, including the option to quit Safari. You will likely have to force quit Safari. To do this, press Command + option + esc, select Safari, and press Force Quit.

Relaunch Safari

If you relaunch Safari, the page will reopen. To prevent this from happening, hold down the 'Shift' key while opening Safari. This will prevent windows from the last time Safari was running from reopening.

This will not work in all cases. The shift key must be held at the right time, and in some cases, even if done correctly, the window reappears. In these circumstances, after force quitting Safari, turn off Wi-Fi or disconnect Ethernet, depending on how you connect to the Internet. Then relaunch Safari normally. It will try to reload the malicious webpage, but without a connection, it won't be able to. Navigate away from that page by entering a different URL, i.e. www.apple.com, and trying to load it. Now you can reconnect to the Internet, and the page you entered will appear rather than the malicious one.

An excellent link to read is Tom Reed's Mac Malware Guide.

Also, visit The XLab FAQs and read Detecting and avoiding malware and spyware.

See these Apple articles:

Mac OS X Snow Leopard and malware detection

OS X Lion- Protect your Mac from malware

OS X Mountain Lion- Protect your Mac from malware

OS X Mavericks- Protect your Mac from malware

About file quarantine in OS X

If you require anti-virus protection Thomas Reed recommends using ClamXAV. (Thank you to Thomas Reed for this recommendation.)

From user Joe Bailey comes this equally useful advice:

The facts are:

1. There is no anti-malware software that can detect 100% of the malware out there.

2. There is no anti-malware that can detect everything targeting the Mac.

3. The very best way to prevent the most attacks is for you as the user to be aware that

the most successful malware attacks rely on very sophisticated social engineering

techniques preying on human avarice, ****, and fear.

4. Internet popups saying the FBI, NSA, Microsoft, your ISP has detected malware on

your computer is intended to entice you to install their malware thinking it is a

protection against malware.

5. Some of the anti-malware products on the market are worse than the malware

from which they purport to protect you.

6. Be cautious where you go on the internet.

7. Only download anything from sites you know are safe.

8. Avoid links you receive in email, always be suspicious even if you get something

you think is from a friend, but you were not expecting.

9. If there is any question in your mind, then assume it is malware.

Kappy,

Thanks so much for this thorough and clear treatment of this problem. I will be using it shortly, and keeping my fingers crossed!

Regards, Rick

You did install malware.

Probably it's the "VSearch" trojan, perhaps under a different name. Remove it as follows.

Malware is constantly changing to get around the defenses against it. The instructions in this comment are valid as of now, as far as I know. They won't necessarily be valid in the future. Anyone finding this comment a few days or more after it was posted should look for more recent discussions or start a new one.

Back up all data before proceeding.

Step 1

From the Safari menu bar, select

Safari ▹ Preferences... ▹ Extensions

Uninstall any extensions you don't know you need, including any that have the word "Spigot," "Trovi," or "Conduit" in the description. If in doubt, uninstall all extensions. Do the equivalent for the Firefox and Chrome browsers, if you use either of those.

Reset the home page and default search engine in all the browsers, if it was changed.

Step 2

Triple-click anywhere in the line below on this page to select it:

/Library/LaunchAgents/com.vsearch.agent.plist

Right-click or control-click the line and select

Services ▹ Reveal in Finder (or just Reveal)

from the contextual menu.* A folder should open with an item named "com.vsearch.agent.plist" selected. Drag the selected item to the Trash. You may be prompted for your administrator login password.

Repeat with each of these lines:

/Library/LaunchDaemons/com.vsearch.daemon.plist
/Library/LaunchDaemons/com.vsearch.helper.plist
/Library/LaunchDaemons/Jack.plist

Restart the computer and empty the Trash. Then delete the following items in the same way:

/Library/Application Support/VSearch
/Library/PrivilegedHelperTools/Jack
/System/Library/Frameworks/VSearch.framework
~/Library/Internet Plug-Ins/ConduitNPAPIPlugin.plugin

Some of these items may be absent, in which case you'll get a message that the file can't be found. Skip that item and go on to the next one.

Also delete the fake "MPlayerX" application that you downloaded.

This trojan is distributed on illegal websites that traffic in pirated content. If you, or anyone else who uses the computer, visit such sites and follow prompts to install software, you can expect much worse to happen in the future.

You may be wondering why you didn't get a warning from Gatekeeper about installing software from an unknown developer, as you should have. The reason is that this Internet criminal has a codesigning certificate issued by Apple, which causes Gatekeeper to give the installer a pass. Apple could revoke the certificate, but as of this writing, has not done so, even though it's aware of the problem. This failure of oversight has compromised both Gatekeeper and the Developer ID program. You can't rely on Gatekeeper alone to protect you from harmful software.

*If you don't see the contextual menu item, copy the selected text to the Clipboard by pressing the key combination command-C. In the Finder, select

Go ▹ Go to Folder...

from the menu bar and paste into the box that opens by pressing command-V. You won't see what you pasted because a line break is included. Press return.

Since Mac's are now in the bad guys crosshairs, adopting good security strategies (adopted from years of malware infestations in tens of millions of PC users) must now be employed by Mac's: and that means concentrating efforts on PREVENTION. Not removal.

Poisoned JavaScript is delivered to the browser, (none are immune by the way), and this powerful language then manipulates a computer and installs these "rogue" items.

Firefox, with "NoScript" controls what automatically deploys from the browser, and is the #1 defense against several vectors of malware.

Also, the default configuration for Safari has "Open "safe" files after downloading" checked (by default). This setting is under "Preferences" in Safari and is at the bottom of the "General" tab (the first tab).

It must now be disabled (unchecked) at all times.

And, do not rely on "signature" based antivirus. Criminals update their rubbish daily (just like the good guys) and change names and other aspects (like a fingerprint) in order to get around detection.

Prevention: not removal.

Source(s):

https://answers.yahoo.com/question/index?qid=20131229085716AAhdCXq