Sal909
Level 1 (4 points)

Q: S.O.S. Malicious Apple Soft. Intrusion

Hello Everybody, For the las 6 months, somehow, a person or persons - if one can call them that - have been sending to my computer soft./messages that appear to come from Apple, up to now I hope, none of them have hit target as I cancel them since the first time as I found them suspicious; at first I thought that if I ignore them, they would go, but that has not been the case. Every time I start the iMac, they pop out, others also appear in Safari; I have not been able to delete them. Herewith I post some screenshots of these things to sustain my query. I had to cut the screenshots as the photo of the whole screenshot was not aloud by this site. I looked around the communities site and found this as the most appropriate to post my problem. I hope someone here can be able to let me know what to do to solve this matter. Herewith are the screenshots:

 

PS I also have a Macbook Pro and this problem does not appear in it.

 

Thanks for your attention to this problem.

 

Sal909

 

Screen Shot 2016-03-01 at 1.16.20 PM.pngScreen Shot 2016-03-01 at 1.18.50 PM.pngScreen Shot 2016-03-01 at 1.20.03 PM.pngScreen Shot 2016-03-01 at 1.24.30 PM.pngScreen Shot 2016-03-01 at 1.28.15 PM.pngScreen Shot 2016-03-01 at 14.29.31.png

iMac, OS X El Capitan (10.11.3)

Posted on Mar 1, 2016 1:46 PM

Close
Sal909

Q: S.O.S. Malicious Apple Soft. Intrusion

  • All replies
  • Helpful answers

  • by Kappy,Helpful

    Kappy Kappy Mar 24, 2016 3:31 PM in response to Sal909
    Level 10 (271,377 points)
    Desktops
    Mar 24, 2016 3:31 PM in response to Sal909

    Remove Browser Pop-up Problems

     

         Malwarebytes | Free Anti-Malware Detection & Removal Software for

         Apple Macintosh Computers

         Adblock Plus 1.8.9, GlimmerBlocker, or AdBlock

         Remove adware that displays pop-up ads and graphics on your Mac

         How to remove the FlashMall adware from OS X

         Stop pop-up ads and adware in Safari - Apple Support

         DetectX 2.11


    Helpful Links Regarding Malware Problems

     

    Open Safari, select Preferences from the Safari menu. Click on Extensions icon in the toolbar. Disable all Extensions. If this stops your problem, then re-enable them one by one until the problem returns. Now remove that extension as it is causing the problem.

     

    The following comes from user stevejobsfan0123. I have made minor changes to adapt to this presentation.

     

    Fix Some Browser Pop-ups That Take Over Safari.

     

    Common pop-ups include a message saying the government has seized your computer and you must pay to have it released (often called "Moneypak"), or a phony message saying that your computer has been infected, and you need to call a tech support number (sometimes claiming to be Apple) to get it resolved. First, understand that these pop-ups are not caused by a virus and your computer has not been affected. This "hijack" is limited to your web browser. Also understand that these messages are scams, so do not pay any money, call the listed number, or provide any personal information. This article will outline the solution to dismiss the pop-up.

     

    Quit Safari

     

    Usually, these pop-ups will not go away by either clicking "OK" or "Cancel." Furthermore, several menus in the menu bar may become disabled and show in gray, including the option to quit Safari. You will likely have to force quit Safari. To do this, press Command + option + esc, select Safari, and press Force Quit.

     

    Relaunch Safari

     

    If you relaunch Safari, the page will reopen. To prevent this from happening, hold down the 'Shift' key while opening Safari. This will prevent windows from the last time Safari was running from reopening.

     

    This will not work in all cases. The shift key must be held at the right time, and in some cases, even if done correctly, the window reappears. In these circumstances, after force quitting Safari, turn off Wi-Fi or disconnect Ethernet, depending on how you connect to the Internet. Then relaunch Safari normally. It will try to reload the malicious webpage, but without a connection, it won't be able to. Navigate away from that page by entering a different URL, i.e. www.apple.com, and trying to load it. Now you can reconnect to the Internet, and the page you entered will appear rather than the malicious one.

  • by Linc Davis,Helpful

    Linc Davis Linc Davis Mar 24, 2016 5:08 PM in response to Sal909
    Level 10 (208,000 points)
    Applications
    Mar 24, 2016 5:08 PM in response to Sal909

    If you've just changed your login password in Recovery mode, please follow these instructions. Otherwise, see below.

    At some point, you may have reset your login keychain in Keychain Access. That action would cause the keychain to be renamed.

    Please back up all data before proceeding.

    In Keychain Access, delete the login keychain from the keychain list. Choose Delete References when prompted, not Delete References & Files.

    Triple-click anywhere in the line below on this page to select it, then copy the text to the Clipboard by pressing the key combination command-C:

    ~/Library/Keychains

    In the Finder, select

              Go ▹ Go to Folder...

    from the menu bar, paste into the box that opens (command-V), and press return. A folder will open. Rename the file "login.keychain" in that folder to something like "login-old.keychain". Rename the file "login_renamed_1.keychain" to "login.keychain". You can then close the folder.

    Back in Keychain Access, select 

              File Add Keychain...

    from the menu bar. Add back the file now named "login.keychain". If any of your needed keychain items are missing from it, also add back the file you named "login-old.keychain". I suggest you transfer any needed items from that keychain to the login keychain, then delete it. The transfers are made by drag-and-drop in Keychain Access. You'll need to enter your password for each item transferred.

  • by Sal909,

    Sal909 Sal909 Mar 24, 2016 4:17 PM in response to Kappy
    Level 1 (4 points)
    Mar 24, 2016 4:17 PM in response to Kappy

    Happy,

    Hello, thank you for your swift reply; although I read it the same day, I was unable to fully go through it in a more thoroughly detail until yesterday; I went step by step and unfortunately, my problem remains and only got worst; I went to the Malwarebytes site as recommended, read it, download the software, run it, and I had quite a few of malware, I proceeded to erase, restart the computer, and after the restart, the problem continued, so, after some time, I proceeded to do another scan, and it was not possible, I tried and tried, and then suddenly, another pop up like the ones I sent on my first email, only this time it was as if the Malwarebytes site was hacked! Herewith I send you the photo.Screen Shot 2016-03-24 at 4.51.40 PM.png

    So I quit the program and shut off the computer. Regarding the other parts of your reply, I tried the Safari extensions issue you recommend, but as I do not have extensions on the Safari browser, there was nothing to do there.

    As within Safari, yes, I had sometimes before these lousy pop ups and proceeded as you state.

    I do not enter unlawful or dangerous sites, don't have anything to hide, and yet I am getting pestered with these things that are a great waste of time. If you have any other point of view as to how to get rid of these problem, please let me know.

     

    Best Wishes,

     

    Sal909

  • by Sal909,

    Sal909 Sal909 Mar 24, 2016 5:25 PM in response to Linc Davis
    Level 1 (4 points)
    Mar 24, 2016 5:25 PM in response to Linc Davis

    Line Davis,

    Hello, thanks for your swift reply; I am sorry I was not able to answer sooner, although I read your reply to my post the same day, it was only until yesterday that I was able to go through it more in detail. I still have the problem and it got worst; the thing is that I have never used, touched, name, renamed or had anything to do with 'keychains' in Macs, I know what they are but never used them, through several macs and several Mac OS's, so I do not know why I have this problem. Several days ago, I got a pop up, besides the same ones I get as soon as I turn on the mac and before entering internet, and this one was with a '!' warning sign stating "that if I reset to defaults, my info would be at risk", so I decided better stay as I am actually now and not mess with the keychains.

    If you happen to have another point of view to solve this problem, please let me know about it.

     

    Best Wishes,

     

    Sal909

  • by thomas_r.,

    thomas_r. thomas_r. Mar 25, 2016 5:50 AM in response to Sal909
    Level 7 (30,924 points)
    Mac OS X
    Mar 25, 2016 5:50 AM in response to Sal909

    Sal909,

     

    These messages are not being caused by malware or by any kind of intrusion. Malwarebytes Anti-Malware for Mac may have removed some threats from your system, but those were not causing this problem. Your keychain is screwed up somehow.

     

    If you simply want to reset your keychain to factory defaults and start over, which will erase any passwords and other secure content saved in the keychain, you can follow the directions here:

     

    Resetting your keychain in Mac OS X - Apple Support

     

    Otherwise, if you believe you may have information stored in the keychain that you are unable to access and do not wish to lose, you'd be best to contact Apple directly. Best would be to make an appointment at the Genius Bar at your local Apple Store and take the machine in so a tech can actually put hands on it directly.

  • by Sal909,

    Sal909 Sal909 Jun 3, 2016 9:47 AM in response to thomas_r.
    Level 1 (4 points)
    Jun 3, 2016 9:47 AM in response to thomas_r.

    Thomas,

    Hello, thank you very much for your reply, I apologise  for not answering sooner but it was not possible. Regarding

    your answer, I want to say that something very strange is going on here with my problem: when I first followed the instructions

    from Kappy to use Malwarebytes, I run the program and indeed I had malware that had been pestering me and was removed,

    but my problem continued, then I received your email and although did not solve the problem as I still have it, more questions

    have surfaced, as I told Linc or Kappy, I know what 'keychains' are, but I never have used them in the several Macs I had over

    the years, then, one day several months ago, these apparently 'Apple icons' asking to 'reset to defaults' because keychains

    cannot be found to store very odd '...auth tokens...', as appear on the photos I add to my post to support my problem, so I clicked

    on the '?' sign that usually comes with the Apples icons and after a while, I get an answer 'The selected Topic is currently unavailable',

    so I ask myself, if Apple is sending this software, why I cannot learn what it is?

     

    As you state in your post that something is screwed with my keychain, I somehow agree, but I question how it came up to be, I never,

    I repeat use or installed the keychain, these messages started to pop up suddenly one day, I have the latest OS El Capitan

    and they did not pop immediately after installing a new OS, so?

    I also get a message that states: "Are you sure you want to reset your Keychain? This will delete all your passwords, keys and certificates.

    You cannot undo this operation. You currently have additional keys on your system that will have to be added to your keychain search list. Use

    Keychain access to add them back again."

     

    I agree with you, I will have to call Apple Support directly. I do hope that this reply gets to you in full, with your proper name, Thomas, as I was

    checking the responses to Linc Davis and Kappy, and they appear as I instead had written Line and Happy in my response. The 'ghost in the machine'.

     

    Thanks again and Best Wishes,

     

    Sal909

  • by thomas_r.,

    thomas_r. thomas_r. Jun 3, 2016 10:27 AM in response to Sal909
    Level 7 (30,924 points)
    Mac OS X
    Jun 3, 2016 10:27 AM in response to Sal909

    The keychain is not something you have to install or consciously use... it's simply part of the system, and many things that you probably don't even know exist are stored in there, entirely behind the scenes by OS X. If something happens to that keychain data, it can cause all manner of weird issues like what you describe.

  • by Sal909,

    Sal909 Sal909 Jun 6, 2016 1:48 PM in response to thomas_r.
    Level 1 (4 points)
    Jun 6, 2016 1:48 PM in response to thomas_r.

    Thomas,

    Hello, thanks for your swift reply. I agree with you, keychain comes with OS X and is not an app

    you can just get rid of as any other app considered expendable; I just wonder as to how I get this

    messages, because as stated before, I never used before the keychain, never lock or unlocked it,

    never wandered to see what was there, it was not either something that came by as I upgrade

    to OS El Capitan or the OS X that was before it, just one day they started popping out, as it was

    several weeks since I upgrade the OS X.

    Another possibility I recall to solving this issue besides Apples Support is something I read in the

    Malwarebytes site and is to erase everything as if you were going to sell the computer and then install

    everything all over again; this takes quite a lot of time.

     

    Best Wishes,

    Sal909