i have the virus"macsecurity"

Helpful Links Regarding Malware Problems

If you are having an immediate problem with ads popping up see The Safe Mac » Adware Removal Guide and AdwareMedic.

Open Safari, select Preferences from the Safari menu. Click on Extensions icon in the toolbar. Disable all Extensions. If this stops your problem, then re-enable them one by one until the problem returns. Now remove that extension as it is causing the problem.

The following comes from user stevejobsfan0123. I have made minor changes to adapt to this presentation.

Fix Some Browser Pop-ups That Take Over Safari.

Common pop-ups include a message saying the government has seized your computer and you must pay to have it released (often called "Moneypak"), or a phony message saying that your computer has been infected, and you need to call a tech support number (sometimes claiming to be Apple) to get it resolved. First, understand that these pop-ups are not caused by a virus and your computer has not been affected. This "hijack" is limited to your web browser. Also understand that these messages are scams, so do not pay any money, call the listed number, or provide any personal information. This article will outline the solution to dismiss the pop-up.

Quit Safari

Usually, these pop-ups will not go away by either clicking "OK" or "Cancel." Furthermore, several menus in the menu bar may become disabled and show in gray, including the option to quit Safari. You will likely have to force quit Safari. To do this, press Command + option + esc, select Safari, and press Force Quit.

Relaunch Safari

If you relaunch Safari, the page will reopen. To prevent this from happening, hold down the 'Shift' key while opening Safari. This will prevent windows from the last time Safari was running from reopening.

This will not work in all cases. The shift key must be held at the right time, and in some cases, even if done correctly, the window reappears. In these circumstances, after force quitting Safari, turn off Wi-Fi or disconnect Ethernet, depending on how you connect to the Internet. Then relaunch Safari normally. It will try to reload the malicious webpage, but without a connection, it won't be able to. Navigate away from that page by entering a different URL, i.e. www.apple.com, and trying to load it. Now you can reconnect to the Internet, and the page you entered will appear rather than the malicious one.

It's probably not malware, but a Web scam that only affects your browser, and only temporarily. There are several ways to recover.

1. Some of those scam pages can be dismissed very easily. Press the key combination command-W to close the tab or window. A huge box will pop up. Press the return key and both the box and the page will close. If that doesn't happen, continue.

2. Press and hold command-W. You may hear repeating alert sounds. While holding the keys, click the OK button in the popup. A different popup may appear, which you can cancel out of as usual.

3. From the Safari menu bar, select

Safari ▹ Preferences... ▹ Security

and uncheck the box marked Enable JavaScript. Leave the preferences dialog open.

Close the malicious window or tab.

Re-enable JavaScript and close the preferences dialog.

4. If the Preferences menu item is grayed out, quit Safari. Force quit if necessary. Relaunch it by holding down the shift key and clicking its icon in the Dock. None of the windows and tabs will reopen.

After closing the malicious page, from the menu bar, select

Safari ▹ Preferences... ▹ Privacy ▹ Remove All Website Data

to get rid of any cookies or other data left by the server. Open your Downloads folder and delete anything you don't recognize.

I am hoping Mr. Link Davis will see and respond to this because I have questions about his recommendations to Bumble3T.

This is my first time on here, so if I don't do things "right", please forgive me.

I too had the macsecurityalert.com popup on my Mac 10.7.5, telling me that a website I had visited had infected me with a virus and click now to check or do something. I clicked and it told me I was infected with some snake virus, I don't remember the first word. It said Risk was

High, and to get rid of the virus I needed to do a download. That's when I became concerned this could be a scam, so I did not

do the download. I went online looking for information about it.

I first came to another website talking about other Mac problems, one being advertisement pop-ups. That website said everybody should UNinstall Java and they wouldn't have these problems. Of course I had no idea how to do that.

But when I found this website and Mr. Davis' instructions for fixing this macsecurityalert problem, he said to go to Security and uninstall JavaScript.

Well I saw Java was also there and I went ahead and uninstalled it, too. Mr. Davis said to reinstall JavaScript. But if it is part of another problem, I

would rather NOT reinstall it if it is something I don't need. Can anyone tell me what I might use it for? What is it in other words and can I leave

it UNinstalled?

Next, Mr. Davis said to go through downloads and delete anything I don't recognize. I know there are numerous items in that I don't know what they are, (I don't recognize what the are, in other words) but that doesn't mean they aren't legitimately mine. But I am afraid to click on them and open them to see what they are because I don't know if that would compromise my computer if they WERE put there maliciously. Is it ok to open them and see what they are? I do know that I have clicked on some of the things in downloads in the past and didn't know what they were, but that didn't necessarily mean they weren't there legitimately. I just left them there figuring they were there for some purpose. So I hesitate to just delete them in case they might be serving a purpose. If you are starting to think I know VERY little about computers, you are correct.

But there are a few things in Downloads that I don't necessarily remember seeing when I last looked through Downloads, which was quite a while back.. There are two blue circles with a white cross in the middle like the American Red Cross symbol, and they say Support-......InRescue and Support-...Rescue-1. Can I click on them to see what they are? Should I delete them? There is an open white box with a blue circle coming out of it with a white arrow on the blue circle. It says Citrix On....Launcher. There's a brown open box with a yellow cube in it that says "MacKeep....10.3pkg.

There's a solid row of 9 icons for HP stuff but I guess that's all having to do with the new HP printer I recently bought. There's something that looks like the

HP ones, hardware I guess it is, but it says OOo-3.3...US.dmg. Should I open these to see what they are or would that compromise my computer if they were put there maliciously? And if I just delete them, isn't it possible I would be deleting something I need and use? Thank you in advance for any help you can give me.

First, the only reason to disable (not uninstall) JavaScript was to get rid of a popup window. Once the window is gone, JavaScript should be re-enabled, because it's needed for the normal operation of many legitimate websites, including this one.

All the files in the Downloads folder were downloaded from the Internet. None is needed for normal operation. If you don't know what they are, they can't possibly be useful to you and it's safe to delete them, as long as you have backups. Don't open the files if they are applications or installer packages (with a name ending in ".pkg".) Just drag them to the Trash and empty.

I have had the same thing happen with a few sites. It's a session hijack, probably injected through cross-site scripting at the target website. It is definitely not a virus but hugely annoying. The domain macsecurity-alert.com belongs to an Indian guy in Delhi. The page you are directed to prompts you to dial 647-360-4442 for "tech support". Once you call you get to an Indian guy, after a long wait. I am fairly certain it is the registrant itself or an agent of his. Please make sure to report this to abuse@godaddy.com or call 480-624-2505. I would also recommend reporting this to FBI or local law enforcement. There is little they can do besides forcing godaddy to shut the domain down, in which case Pradeep or whatever his name is will open an identical scam site. But at least this way it goes into the FBI and DHS databases so they can build a case file. And the more people that report this to the registrar, in this case godaddy, the better they will hopefully police this kind of abuse.

If you do a whois of the website it point you to, you will find the owner/registrar of macsecurity-alert.com. I tried to post but for some reason the forum doesn't allow me to post this information, so please run whois or go to whois.net for information.

whois macsecurity-alert.com

I received the following alert while on safari today.

What should I do?

Is my information compromised?

Thank you for any help you can give me.

It is a scam. Do not call and do not allow them access to your computer.

Force quit Safari from the  menu and reopen with the shift key held down. If that doesn’t work, disconnect from the Internet, open Safari, and then reconnect to the Internet. See link for other suggestions.

Safari -Tech support scam pop-ups

Quitting Safari and restarting holding the shift key work for my issue involving the Safari being locked up with the Security Scam.

When I opened Safari holding down the shift key, I went to my history and noticed that the website that caused the issue was still present. I cleared my history for the day I was opened the site and it was cleared without issue.

Thank you very much for your contribution to this forum Kappy!

One more thing.

I was able to get to this Apple Support Forum by having a copy of Google's Chrome web browser installed on my computer.

Safari was locked up, so I used chrome. Good idea to have multiple browsers installed on your computer.

You can also use a mobile device such as an Iphone or Ipad to get to Apple Support Forums.

FYI: I used the recommendations of Kappy and Linc Davis and got everything restored with no continuing evidence of the malware. Thanks to all.