“ http://mac-protection-alert.info” Am I at risk?

Yes, it's a scam and you fell for it. Sorry. Not only did you give them a lot of personal info over the phone, but you also allowed them to install an app that they use to rummage around your computer to collect more info.

DIsconnect your computer from the Internet. Notify your financial institutions. Get someone to clean up your computer. You'll need to change all your passwords.

You will have to erase your HDD and reinstall the OSX. If you have Time Machine, you may restore from that using an update made preceding the telephone call to the scammers.

Do follow the other suggestions offered by Rysz.

Ciao.

Hey Ogelthorpe, I'm not sure what Level 8 is supposed to mean but I don't think your answer is anywhere near the correct one. I had the same issue and just went to my Library folder (hold down the Option key while clicking on the Go menu in the finder) and deleted the LastSession.plist file in the Safari folder and an adblocker extension in the Extensions folder (I'm not sure it was necessary to delete it but it was malfunctioning anyways). Then I was able to use Safari again. You may then also want to check which extensions you have installed in your preferences and verify they are all malware free.

Fløw wrote:

I don't think your answer is anywhere near the correct one.

If you are confident that your MBP is now free of malware, that is then is your decision. Since garylarseniii allowed the scammer to install software on his MBP, I am one who believes a total erasure is the proper approach because it eliminates any doubt that there are any offending elements left. It is an extreme measure compared to your suggestion, but I do not share your confidence that your procedures will guarantee the MBP is malware free.

Ciao.

Just to let you know my computer works fine, ie. no related issues occurred, and I doubt any will.

Remember: DONT call that number. Instead, come here and we'll help. For now, to get rid of the virus, go to Library and Downloads or Files, and if you see anything suspicious, drag that into the trash can.

Hello:

I have the same issue as garylarseniii - I followed the steps to delete the Lastsession.plist file in the safari folder but didn't find an extensions folder to delete any adblockers. I am still getting the malware pop up when I relaunch Safari. Is there any other troubleshooting options you would suggest?

You don't need to to any of that. Read Phony "tech support" / "ransomware" popups and web pages.

Fantastic! I needed to resort to holding shift down while launching Safari. No more pop up windows.

Thank you!

For the original poster (garylarseniii) I agree with Ogelthorpeand Rysz: If you have called the number and allowed them to install something, I think you are very much at risk. So wiping the HDD, reinstalling (from scratch or from a backup prior to this instance), calling financial institutions, and changing passwords seems prudent.

If you didn't call, and only clicked the "leave page" button, are you still at risk?

The article linked by John Galt implies not. In which case, Force Quit on Safari, and restarting with the Shift key held down will get rid of the annoying pop-ups as well as losing any other tabs you had open).

But I'm not well versed on Mac security. Can you get infected by clicking a link or button on a rogue web site or pop-up?

pfdon wrote:

...

The article linked by John Galt implies not. In which case, Force Quit on Safari, and restarting with the Shift key held down will get rid of the annoying pop-ups as well as losing any other tabs you had open).

All that is correct, but garylarseniii called the number that appeared (mistake #1) and authorized remote access to his Mac (mistake #2). Granting criminals access to your Mac with privileges equal to your own changes everything.

Can you get infected by clicking a link or button on a rogue web site or pop-up?

No. The usual result is a mildly entertaining animation that alleges to be "scanning" your Mac for problems, which it invariably finds. That's fraud. Once you dismiss the page that causes your browser to become unresponsive, no further action is necessary or justified. Additional actions such as downloading and installing something as a response to those spontaneously appearing fraudulent messages is completely inappropriate, and will result in other, unrelated problems.