Looks like no one’s replied in a while. To start the conversation again, simply ask a new question.

Safari taken over by "suspicious error message"

I am writing this message on my wife's macbook pro since my model mac has "non removable error message" on my safari page. Quitting safari or restarting my mac and then reopening my safari app does not get rid of message. The message has an official safari logo on page and gives the appearance of an "apple endorsed" fix-it site. The message heading has an address " http://www.mac-issues-online.com" body of message is : Safari- alert, suspicious activity might have been detected. Major security issue. To fix it please call Support for Apple 1 800-680-4131 [oll free immediately.


I would appreciate any info on this problem.

Thanks.

MacBook Pro, OS X Mavericks (10.9.5), 2.66 Ghz,4 GB 1067 mhz

Posted on Nov 30, 2014 9:55 AM

Reply
Question marked as Best reply

Posted on Nov 30, 2014 9:57 AM

Helpful Links Regarding Malware Problems


If you are having an immediate problem with ads popping up see The Safe Mac » Adware Removal Guide, AdwareMedic, or Remove unwanted adware that displays pop-up ads and graphics on your Mac - Apple Support.


Open Safari, select Preferences from the Safari menu. Click on Extensions icon in the toolbar. Disable all Extensions. If this stops your problem, then re-enable them one by one until the problem returns. Now remove that extension as it is causing the problem.


The following comes from user stevejobsfan0123. I have made minor changes to adapt to this presentation.


Fix Some Browser Pop-ups That Take Over Safari.


Common pop-ups include a message saying the government has seized your computer and you must pay to have it released (often called "Moneypak"), or a phony message saying that your computer has been infected, and you need to call a tech support number (sometimes claiming to be Apple) to get it resolved. First, understand that these pop-ups are not caused by a virus and your computer has not been affected. This "hijack" is limited to your web browser. Also understand that these messages are scams, so do not pay any money, call the listed number, or provide any personal information. This article will outline the solution to dismiss the pop-up.


Quit Safari


Usually, these pop-ups will not go away by either clicking "OK" or "Cancel." Furthermore, several menus in the menu bar may become disabled and show in gray, including the option to quit Safari. You will likely have to force quit Safari. To do this, press Command + option + esc, select Safari, and press Force Quit.


Relaunch Safari


If you relaunch Safari, the page will reopen. To prevent this from happening, hold down the 'Shift' key while opening Safari. This will prevent windows from the last time Safari was running from reopening.


This will not work in all cases. The shift key must be held at the right time, and in some cases, even if done correctly, the window reappears. In these circumstances, after force quitting Safari, turn off Wi-Fi or disconnect Ethernet, depending on how you connect to the Internet. Then relaunch Safari normally. It will try to reload the malicious webpage, but without a connection, it won't be able to. Navigate away from that page by entering a different URL, i.e. www.apple.com, and trying to load it. Now you can reconnect to the Internet, and the page you entered will appear rather than the malicious one.


An excellent link to read is Tom Reed's Mac Malware Guide.

Also, visit The XLab FAQs and read Detecting and avoiding malware and spyware.

See these Apple articles:


Mac OS X Snow Leopard and malware detection

OS X Lion- Protect your Mac from malware

OS X Mountain Lion- Protect your Mac from malware

OS X Mavericks- Protect your Mac from malware

About file quarantine in OS X


If you require anti-virus protection Thomas Reed recommends using ClamXAV. (Thank you to Thomas Reed for this recommendation.)

20 replies
Question marked as Best reply

Nov 30, 2014 9:57 AM in response to pauliez

Helpful Links Regarding Malware Problems


If you are having an immediate problem with ads popping up see The Safe Mac » Adware Removal Guide, AdwareMedic, or Remove unwanted adware that displays pop-up ads and graphics on your Mac - Apple Support.


Open Safari, select Preferences from the Safari menu. Click on Extensions icon in the toolbar. Disable all Extensions. If this stops your problem, then re-enable them one by one until the problem returns. Now remove that extension as it is causing the problem.


The following comes from user stevejobsfan0123. I have made minor changes to adapt to this presentation.


Fix Some Browser Pop-ups That Take Over Safari.


Common pop-ups include a message saying the government has seized your computer and you must pay to have it released (often called "Moneypak"), or a phony message saying that your computer has been infected, and you need to call a tech support number (sometimes claiming to be Apple) to get it resolved. First, understand that these pop-ups are not caused by a virus and your computer has not been affected. This "hijack" is limited to your web browser. Also understand that these messages are scams, so do not pay any money, call the listed number, or provide any personal information. This article will outline the solution to dismiss the pop-up.


Quit Safari


Usually, these pop-ups will not go away by either clicking "OK" or "Cancel." Furthermore, several menus in the menu bar may become disabled and show in gray, including the option to quit Safari. You will likely have to force quit Safari. To do this, press Command + option + esc, select Safari, and press Force Quit.


Relaunch Safari


If you relaunch Safari, the page will reopen. To prevent this from happening, hold down the 'Shift' key while opening Safari. This will prevent windows from the last time Safari was running from reopening.


This will not work in all cases. The shift key must be held at the right time, and in some cases, even if done correctly, the window reappears. In these circumstances, after force quitting Safari, turn off Wi-Fi or disconnect Ethernet, depending on how you connect to the Internet. Then relaunch Safari normally. It will try to reload the malicious webpage, but without a connection, it won't be able to. Navigate away from that page by entering a different URL, i.e. www.apple.com, and trying to load it. Now you can reconnect to the Internet, and the page you entered will appear rather than the malicious one.


An excellent link to read is Tom Reed's Mac Malware Guide.

Also, visit The XLab FAQs and read Detecting and avoiding malware and spyware.

See these Apple articles:


Mac OS X Snow Leopard and malware detection

OS X Lion- Protect your Mac from malware

OS X Mountain Lion- Protect your Mac from malware

OS X Mavericks- Protect your Mac from malware

About file quarantine in OS X


If you require anti-virus protection Thomas Reed recommends using ClamXAV. (Thank you to Thomas Reed for this recommendation.)

Nov 30, 2014 11:50 AM in response to pauliez

There is no need to download anything to solve this problem.

You may have installed the "Downlite" or "VSearch" ad-injection malware. Follow the instructions on this Apple Support page to remove it.

Back up all data before making any changes.

Besides the files listed in the support article, you may also need to remove this item in the same way:

~/Library/Internet Plug-Ins/ConduitNPAPIPlugin.plugin

One of the steps in the article is to remove malicious Safari extensions. Do the equivalent in the Chrome and Firefox browsers, if you use either of those. If Safari crashes on launch, skip that step and come back to it after you've done everything else.

If you don't find any of the files or extensions listed, or if removing them doesn't stop the ad injection, then you may have one of the other kinds of adware covered by the support article. Follow the rest of the instructions in the article.

The problem may have started when you downloaded and ran an application called "MPlayerX." That's the name of a legitimate free movie player, but the name is also used fraudulently to distribute VSearch. If there is an item with that name in the Applications folder, delete it, and if you wish, replace it with the genuine article from mplayerx.org.

This malware is often found on illegal websites that traffic in pirated content such as movies. If you, or anyone else who uses the computer, visit such sites and follow prompts to install software, you can expect more of the same, and worse, to follow. Never install any software that you downloaded from a bittorrent, or that was downloaded by someone else from an unknown source.

In the Security & Privacy pane of System Preferences, select the General tab. The radio button marked Anywhere should not be selected. If it is, click the lock icon to unlock the settings, then select one of the other buttons. After that, don't ignore a warning that you are about to run or install an application from an unknown developer.

Still in System Preferences, open the App Store or Software Update pane and check the box marked

Install system data files and security updates

if it's not already checked.

Nov 30, 2014 6:19 PM in response to pauliez

pauliez wrote:


Quitting safari or restarting my mac and then reopening my safari app does not get rid of message. The message has an official safari logo on page and gives the appearance of an "apple endorsed" fix-it site. The message heading has an address " http://www.mac-issues-online.com" body of message is : Safari- alert, suspicious activity might have been detected. Major security issue. To fix it please call Support for Apple 1 800-680-4131 [oll free immediately.


Although this could be caused by adware, it probably isn't. You have probably simply stumbled across a scam website that has caused this message to appear. See:


http://www.adwaremedic.com/kb/scampopups.php


(Fair disclosure: I may receive compensation from links to my sites, TheSafeMac.com and AdwareMedic.com, in the form of buttons allowing for donations. Donations are not required to use my site or software.)

Dec 3, 2014 4:33 PM in response to pauliez

I Had the same problem this is what I did to fix it. First force quit safari, next turn off the wifi on your Mac, then open up Safari again(it will try to load that bogus website up again) but because you don't have wifi turned on the page won't open. Lastly just simply delete the website out of the tool bar put any legal website in there(I chose google) then turn your wife back on & boom problem solved

Jul 7, 2015 11:26 AM in response to SanFranciScue

This just happened to me today. I couldn't get the page off my screen. I tried force quitting and cold shutting down my computer twice. It finally worked. I got rid of all cookies (under security) and emptied the cache a few times. I zapped the PRAM and called Apple. Apple stated that this was a scam that utilizes java to circumvent blocked popups and that it is not malware. He said it could possible be adware and suggested the free software "admedic.com"

which I ran. I didn't have any on my system. The apple tech guy said it could have been a compromised website that I visited or an ad on a website that was corrupted. He explained my passwords and so on would be fine. Also, obviously, don't share any info or click any links associated with this type of thing. I didn't have any links on mine. It only gave me a number, which I called from my land line. Nobody was home. Very scary. Hope this helps.

Jul 7, 2015 11:41 AM in response to tmielcarek

tmielcarek wrote:


Apple stated that this was a scam that utilizes java to circumvent blocked popups and that it is not malware. He said it could possible be adware and suggested the free software "admedic.com"


Just a quick comment for those who may be reading... note that admedic.com is an advertising company. The app you're referring to is at adwaremedic.com. 🙂


(Fair disclosure: I may receive compensation from links to my sites, TheSafeMac.com and AdwareMedic.com.)

Mar 15, 2016 10:54 PM in response to ROCKBETHENAME

Another simple solution that not only will fix the issue immediately, but also for the future, is to override the DNS entry for the annoying spam domain. This method prevents you from ever making connections to that domain in the future. And it has the added benefit of not losing all your open windows.


Before you do this make sure you can see the full hostname of the spammers website in your web browser. (It's the bit before the first slash). In my case it was mac-error-messages.org.


Process:

  1. Open a terminal window
  2. type: sudo nano /etc/hosts
  3. enter your password
  4. go to the bottom of the file enter the next line. Note: replace my spammer's hostname with your spammer's hostname:
  5. 127.0.0.1 mac-error-messages.org
  6. hit Ctrl-X then Y to save the file
  7. Type: sudo killall -HUP mDNSResponder
  8. Quit Safari then restart while holding down the shift button.
  9. In the new window, try browsing to the spammers domain. It should fail. If it doesn't re-read the instructions and try again.
  10. Select History -> Reopen all Windows from Last Session

Safari taken over by "suspicious error message"

Welcome to Apple Support Community
A forum where Apple customers help each other with their products. Get started with your Apple ID.