Looks like no one’s replied in a while. To start the conversation again, simply ask a new question.

Question:

Question: Escape the Pop-Up Ad Trap - Won't Allow User to Close Pop Up Alert, Close or Change Tabs, Greys All Menu Options, Demands You Call 800# to Fix

Just a friendly piece of information I wanted to pass along this semi-escape method since I've been twice caught by this new nefarious little pop-up scam.


User uploaded file



So the basic format is as such:

You go on a website and suddenly are hit with one of these irksome pop-up ads that invariably has copy and language reading something to the effect of: "Malware has been detected and to call an #800 number for further instructions."


We experienced web users ignore these things and simply click the "close" button because we know it's junk, but surprisingly with this variant, there is no close button ... you can only hit "OK". But when you click OK, it immediately refreshes the page and brings you back to the pop-up add.


So you think, "clever trick, guys." .... and believe if you shut off your WIFI the page cannot reload. Nope. The d*mn thing reloads again.

Someone clearly has found an exploit in Safari which will literally highjack your browser and prevent you from doing anything outside of refreshing the same tab or force quitting Safari via Task Manager. All options in the menu bar are greyed out and inaccessible.


The nefarious part is that unlike, say, Firefox where you can reopen your browser in a "Safe Mode" and individually check off which tabs you want to reopen upon start-up, Safari offers no such option. All the tabs reopen when you restart Safari, and as you can imagine the crooked trap tab as well, putting you right back in the same conundrum.


The only solution I have found is to hold down the CMD + W key (this is the manual keyboard short-cut to close a tab), and then quickly and repeatedly hit the "OK" button on the nonsense pop-up add. Eventually your Mac will be able to beat the refreshing pop-up ad to the punch so to speak and will shut down the tab.


Note: You will probably end up shutting down several adjoining tabs as well but that's a minor inconvenience compared to a locked browser. Call it collateral damage.


Neither Ad Block, Click to Plug-in, or Click to Flash prevent this from happening either.

It seems the only way to completely eliminate this from happening is to go into Safari Preferences > Security and disable [enable Java Script], but since most all websites use Java or have Java components, your experience on the net will be severely compromised.

MacBook Pro, OS X Yosemite (10.10)

Posted on

Reply

Page content loaded

Oct 22, 2014 10:46 AM in response to ShadowDancer1000 In response to ShadowDancer1000

Command-W allows Safari to bypass the page, but a cleaner way is to go to Thomas Reed's site http://www.thesafemac.com and then go to his AdwareMedic link and get AdwareMedic...nifty little program that will clean the miscreant out of there. Tom is a regular contributor on here and a very strong security source.

Oct 22, 2014 10:46 AM

Reply Helpful

Oct 22, 2014 11:01 AM in response to apple_user2012 In response to apple_user2012

apple_user2012 wrote:


Thanks for your post, I just had the same problem and used your solution for me. IDK if you know or not, but do you with this annoying pop up scam, are they able to download or get any information from this?

No. Not necessarily. In most instances you would have had to download or install something for them to gather any information or get into your machine.


This type of trap uses a minor exploit to lock your browser's functions in the hopes that someone that is less knowlegable will call the 800# for directions on how to free their browser and "clean off the malware" which invariably will probably lead to a request that they give their credit or debit card information / send MoneyPak as payment for services. At very worse the only information the site captured was what browser you were using, your IP Address, what the referring link was (in my case it was directly through a Google search for a car part in one instance, and the second instance was Sports related).

This doesn't mean though what you ask is an impossibility There are in fact some hackers that have developed websites that can inject malware or virus simply by visiting the site. You don't have to click or do anything - merely visiting begins the malware injection process.

These are extremely rare though.

Glad you were able to get your browser back in order though. Cheers.

Oct 22, 2014 11:01 AM

Reply Helpful

Oct 22, 2014 11:05 AM in response to Ralph Landry1 In response to Ralph Landry1

Ralph Landry1 wrote:


Command-W allows Safari to bypass the page, but a cleaner way is to go to Thomas Reed's site http://www.thesafemac.com and then go to his AdwareMedic link and get AdwareMedic...nifty little program that will clean the miscreant out of there. Tom is a regular contributor on here and a very strong security source.

Was never aware of this site. Did a quick skim and it appears to be a good resource.

Bookmarked.

Thanks.

Oct 22, 2014 11:05 AM

Reply Helpful

Oct 22, 2014 11:34 AM in response to Ralph Landry1 In response to Ralph Landry1

I believe that is the web site that came up on the pop up, but because of the nature of the pop up, i didn't trust and figured it was a way to do damage to my computer. However, since you say it a reliable site along with showdancer1000, i'll check it out. Thanks for the update

Oct 22, 2014 11:34 AM

Reply Helpful

Oct 22, 2014 2:11 PM in response to apple_user2012 In response to apple_user2012

apple_user2012 wrote:


I believe that is the web site that came up on the pop up, but because of the nature of the pop up, i didn't trust and figured it was a way to do damage to my computer.


You should absolutely never get a pop-up for The Safe Mac or the AdwareMedic websites. If you ever do see such a thing on some other site, I'd appreciate you bringing that to my attention. (See the "contact me" link at the bottom of every page on The Safe Mac's website.) I don't use advertising to promote those sites.


If you saw pop-ups on either of those sites, that's a symptom that you have something wrong - probably either adware or hacked network hardware. You should never see pop-up ads, or ads of any kind, on those sites, as I also do not use advertising in any way on either of those sites.

Oct 22, 2014 2:11 PM

Reply Helpful

Oct 22, 2014 6:41 PM in response to thomas_r. In response to thomas_r.

I think I worded that last post wrong. The website that Ralph Landry1 was referring to, thesafemac.com website, that is the website the pop up told me to visit. I had went onto a website (not safe mac or ad ware medic) and I got the pop up that wouldn't go away even after you keep clicking the "ok" button, however on the pop up it did have the web site address for safe mac and I had thought that it was part of the scam or hack that was going on with the pop up.

Oct 22, 2014 6:41 PM

Reply Helpful

Oct 23, 2014 8:41 AM in response to thomas_r. In response to thomas_r.

thomas_r. wrote:


You should absolutely never get a pop-up for The Safe Mac or the AdwareMedic websites.s.


Tom,

After reading through what I presume is your website, which is highly informative and very well written by the way, I come away with the impression that you really have a firm understanding of the dirty things that can go on inside your machine and how they manage to exploit certain vulnerabilities.


With respect to pop-up ads and Safari, I have a question that you may able to answer. Three parts:


(1) How are they managing to get around all reasonable methods to block pop-up ad scripts? One would think that your browser ought not perform automatic script functions (like opening a new page ... or several) without your doing anything.


By example, I'm on several forums and if I am sent a PM a notification pop-up will appear. Since I have Adblock software enabled, clicking OK will not send me directly to my inbox or open a new page as it would normally. In other words the software is actively blocking the re-direct script. Perfect. But if I go to some random website, especially ones that stream out of market Sports telecasts, it turns into a pop-up festival.


(2) Not even blacklisting certain URLs in AdBlock or trying to wildcard a URL in the blacklist stops them. Is there another method or tool you recommend?


(3) What is MacKeeper and why does 2 out of every 5 pop-up ads ask me to try MacKeeper. I swear, I'm surprised someone hasn't tired DDoS attack their website out of frustration from the way they invade your web experience.



Sidenote: Thank you creating AdWareMedic. I installed it this morning and ran a scan. Fortunately the report was clean, but I'll be adding this to my monthly system health check and clean-up.

Oct 23, 2014 8:41 AM

Reply Helpful

Oct 23, 2014 9:38 AM in response to ShadowDancer1000 In response to ShadowDancer1000

(1) How are they managing to get around all reasonable methods to block pop-up ad scripts? One would think that your browser ought not perform automatic script functions (like opening a new page ... or several) without your doing anything.


Pop-up blockers are aimed specifically at preventing pop-ups that originate from the web server. Software running on your computer can open new tabs or windows all it likes, because it's assumed you wanted that to happen... it's coming from something running on your computer, rather than something the website you were viewing was trying to do.


(2) Not even blacklisting certain URLs in AdBlock or trying to wildcard a URL in the blacklist stops them. Is there another method or tool you recommend?


If you've got adware, nothing will help except getting rid of the adware somehow.


As for normal ads, there are all kinds of tricks web developers use these days to get around pop-up blockers, like showing page elements that float over everything else and don't actually involve a new window or tab. There's really no perfect ad removal tool, and honestly, I don't use an ad blocker at all... if the ads on a particular site are too obnoxious, I take that as a good sign that I probably shouldn't be trusting that site, and shouldn't come back there again.


(3) What is MacKeeper and why does 2 out of every 5 pop-up ads ask me to try MacKeeper. I swear, I'm surprised someone hasn't tired DDoS attack their website out of frustration from the way they invade your web experience.


It's junk software that tries to scam people into buying it through a combination of aggressive advertising, false promises and scare tactics. It's actually the subject of two separate class-action lawsuits alleging fraud, although I've seen no new news about this lately, so they may still be ongoing or may not have met with much success.

Oct 23, 2014 9:38 AM

Reply Helpful

Mar 26, 2015 12:25 PM in response to thomas_r. In response to thomas_r.

When I use Safari on my Macbook Air, I am getting two different Pop-ups: http://pc-computer-advice.com "Suspicious Activity Found On Your Computer..." And the second: http//unread-help-msg.email "MSG LEVEL: URGENT USER Your OSX has popup ads ENABLED. Please call ...to disable..." Please help me fix this. I have all the latests OS updates (Yosemite), and Safari updates. I have no idea what to do.

Mar 26, 2015 12:25 PM

Reply Helpful

Mar 27, 2015 2:07 PM in response to dexters_desk In response to dexters_desk

To Thomas_r: I followed each and every step, multiple times. Nothing worked. As a final and last desperate measure, I erased my hard drive and am starting over. So far, so good. I am hoping I can retrieve documents I backed up to my external drive. But that is for another day. Thank you.

Mar 27, 2015 2:07 PM

Reply Helpful

Jul 26, 2015 8:02 AM in response to Ralph Landry1 In response to Ralph Landry1

I've struggled with this popup before, only solution is force close safari (not my preferred solution). Command-W did not work for me. In addition, the popup window seemed to extend beyond the boarders of my laptops visible screen.. so I'm unable to even click the "ok" button to try and close the window.

Does anyone know of an AdwareMedic version for OS 10.6.8?

Jul 26, 2015 8:02 AM

Reply Helpful
User profile for user: ShadowDancer1000

Question: Escape the Pop-Up Ad Trap - Won't Allow User to Close Pop Up Alert, Close or Change Tabs, Greys All Menu Options, Demands You Call 800# to Fix