My dad fell for a pop-up scam granting access to his iMac... What needs to be done now?

First, have the card canceled, and have the bank issue a new one. Change all passwords. Tell him never to do this again.

Identifying fraudulent "phishing" email

Beware of Browser Pop-Up Tech Support, Phishing Scams

Phishing & Other Suspicious Emails

Remove Browser Pop-up Problems

Malwarebytes | Free Anti-Malware Detection & Removal Software for

Apple Macintosh Computers

Adblock Plus 1.8.9, GlimmerBlocker, or AdBlock

Remove adware that displays pop-up ads and graphics on your Mac

How to remove the FlashMall adware from OS X

Stop pop-up ads and adware in Safari - Apple Support

DetectX 2.11

Helpful Links Regarding Malware Problems

Open Safari, select Preferences from the Safari menu. Click on Extensions icon in the toolbar. Disable all Extensions. If this stops your problem, then re-enable them one by one until the problem returns. Now remove that extension as it is causing the problem.

The following comes from user stevejobsfan0123. I have made minor changes to adapt to this presentation.

Fix Some Browser Pop-ups That Take Over Safari.

Common pop-ups include a message saying the government has seized your computer and you must pay to have it released (often called "Moneypak"), or a phony message saying that your computer has been infected, and you need to call a tech support number (sometimes claiming to be Apple) to get it resolved. First, understand that these pop-ups are not caused by a virus and your computer has not been affected. This "hijack" is limited to your web browser. Also understand that these messages are scams, so do not pay any money, call the listed number, or provide any personal information. This article will outline the solution to dismiss the pop-up.

Quit Safari

Usually, these pop-ups will not go away by either clicking "OK" or "Cancel." Furthermore, several menus in the menu bar may become disabled and show in gray, including the option to quit Safari. You will likely have to force quit Safari. To do this, press Command + option + esc, select Safari, and press Force Quit.

Relaunch Safari

If you relaunch Safari, the page will reopen. To prevent this from happening, hold down the 'Shift' key while opening Safari. This will prevent windows from the last time Safari was running from reopening.

This will not work in all cases. The shift key must be held at the right time, and in some cases, even if done correctly, the window reappears. In these circumstances, after force quitting Safari, turn off Wi-Fi or disconnect Ethernet, depending on how you connect to the Internet. Then relaunch Safari normally. It will try to reload the malicious webpage, but without a connection, it won't be able to. Navigate away from that page by entering a different URL, i.e. www.apple.com, and trying to load it. Now you can reconnect to the Internet, and the page you entered will appear rather than the malicious one.

It is unlikely anything was installed because such sites go after Windows systems. The software does not work on Macs.

I pulled something like this a few days ago. Browsing a model railroad site I frequent, a pop up told me I needed to upgrade to the latest Flash player. As I hit the button, I realized that it did not come from an Adobe site! I read some time ago that this was a cam to load a trojan horse. I immediately restarted to find the iMac would not start past the blue screen. Even after numerous tries with startup discs and other repair ware, It always stops in the same place.

What do you suggest to remedy this. It's my main computer, and really need it back!

This is a 2010 iMac I5 27" running on OS 10.6.8.

Any ideas will be greatly appreciated!

Steve Jensen

The pop-up may have been legitimate if you were trying to see or listen to something on the RR site that required Flash. But you should only download Flash from Adobe or other site you know is reliable.

If you are using Snow Leopard you may need to use an older version of Flash rather than the latest one, so using the Adobe site would be the best way to go.

As for getting the computer working again I would try the following:

Reinstall Snow Leopard without erasing the drive

Make sure you have a current backup before proceeding.

1. Repair the Hard Drive and Permissions

Boot from your Snow Leopard Installer disc. After the installer loads select your language and click on the Continue button. When the menu bar appears select Disk Utility from the Utilities menu. After DU loads select your hard drive entry (mfgr.'s ID and drive size) from the the left side list. In the DU status area you will see an entry for the S.M.A.R.T. status of the hard drive. If it does not say "Verified" then the hard drive is failing or failed. (SMART status is not reported on external Firewire or USB drives.) If the drive is "Verified" then select your OS X volume from the list on the left (sub-entry below the drive entry,) click on the First Aid tab, then click on the Repair Disk button. If DU reports any errors that have been fixed, then re-run Repair Disk until no errors are reported. If no errors are reported click on the Repair Permissions button. Wait until the operation completes, then quit DU and return to the installer.

If DU reports errors it cannot fix, then you will need Disk Warrior and/or Tech Tool Pro to repair the drive. If you don't have either of them or if neither of them can fix the drive, then you will need to reformat the drive and reinstall OS X.

2. Reinstall Snow Leopard

If the drive is OK then quit DU and return to the installer. Proceed with reinstalling OS X. Note that the Snow Leopard installer will not erase your drive or disturb your files. After installing a fresh copy of OS X the installer will move your Home folder, third-party applications, support items, and network preferences into the newly installed system.

Download and install Mac OS X 10.6.8 Update Combo v1.1.

If you know or suspect that a hostile intruder has either had physical access or has taken control of it remotely, then there are some steps you should take to make sure that the computer is safe to use.

First, depending on the circumstances, computer tampering may be a crime, a civil wrong, or both. If there's any chance that the matter will be the subject of legal action, then you should do nothing at all without consulting a lawyer or the police. The computer would be the principal evidence in such a case, and you don't want to destroy that evidence.

Running any kind of "anti-virus" or "anti-malware" software is pointless. If I broke into a system and wanted to leave a back door, I could do it in a way that would be undetectable by those means—and I don't pretend to any special skill as a hacker. You have to assume that any intruder can do the same. For example, commercial keylogging software—which has legitimate as well as illegitimate uses—won't be recognized as malware, because it's not malware.

The only way you can be sure that the computer is not compromised is to erase at least the startup volume and restore it to something like the state it was in before the attack. The easiest approach is to recover the entire system from a backup that predates the attack. Obviously, that's only practical if you know when the attack took place, and it was recent, and you have such a backup. You will lose all changes to data, such as email, that were made after the time of the snapshot. Some of those changes can be restored from a later backup.

If you don't know when the attack happened, or if it was too long ago for a complete rollback to be practical, then you should erase and install OS X. If you don't already have at least two complete, independent backups of all data, then you must make them first. One backup is not enough to be safe.

When you restart after the installation, you'll be prompted to go through the initial setup process for a new computer. That’s when you transfer the data from a backup in Setup Assistant.

Select only users in the Setup Assistant dialog—not Applications, Other files and folders, or Computer & Network Settings. Don't transfer the Guest account, if it was enabled.

Reinstall third-party software from original media or fresh downloads—not from a backup, which could be contaminated.

Unless you were the target of an improbably sophisticated attack, this procedure will leave you with a clean system. If you have reason to think that you were the target of a sophisticated attack, then you need expert help.

The above being done, change all Internet passwords and check all financial accounts for unauthorized transactions. Do this after the system has been secured, not before.

Nothing so far is sufficient (Mr. Davis's post not included--it crossed with mine) because they may have installed a back door from which they will always have access to any of your father's data, passwords, banking, the whole lot.

Quoted from a post by Thomas Reed, saved some time ago just for this kind of thing.

This means that the safest thing to do at this point might be to erase the hard drive completely, reinstall the system and any apps from scratch, and then restore your documents (and only documents, no settings files, applications or other such things!) from a backup. That is the only way that you can be 100% sure that there's nothing installed that is still giving these scammers access to your data.

If you are going to be responsible for your family member's computing security, I suggest that you remove administrator privileges from his user account and create a new admin account only for your own use, with a password unknown to him. Then change a setting to allow only Apple updates and software from the App Store to be installed.

Open the Security & Privacy pane in System Preferences and select the General tab. Click the lock icon in the lower left corner and enter your password to unlock the settings. Select the button marked

Mac App Store

and close the preference pane. For information about the effects of this setting, see this support article. You may need to change the setting temporarily to install some third-party software, such as Flash Player. Be especially careful with that, as malware is often distributed in the form of a fake Flash update. Never follow a link to a Flash update on any web page. Instead use the built-in updater in the Flash Player preference pane.

The products in the App Store, while they aren't always very good, can at least be considered safe enough to use.

did your get a refund? i just purchased this product for 300$. they talked to me for an hour to convinced me.but after that i check the apple support right away this not from apple.now i called my bank to tell them this is fraud.i was worried when this apps pop out to my macbook pro screen,affected of virus.can i still refund my money?this is my lesson never forget. .please need help