Pop up Virus Alert won't go away in Safari

Please disable all Safari extensions and test. If the problem is resolved, re-enable the extensions one or a few at a time until you find the culprit.

Download and run MalwareBytes, and see if any adware is found: http://malwarebytes.org/antimalware/mac.

It sounds like you might have adware or malware installed on your computer. You have two options available to remove it.

• Download Malwarebytes' Anti-Malware for Mac. It was developed by a trusted and respected contributor here. It's a simple, non-intrusive program that deletes known malware/adware from your hard drive. That's all it does. It doesn't add anything and it doesn't take away anything else. Unlike anti-virus programs, it doesn't run in the background of your computer, using up resources, and also unlike anti-virus programs (which are unnecessary on Macs), it doesn't actively prevent malware or adware infections. Its sole purpose is removing them.
• Restart your computer. As of April 26, 2016, changes made to the support article here --> https://support.apple.com/en-us/HT203987 state that El Capitan removes adware at login, but only at login. So, if you don't want to use Malwarebytes, this is another option for you.

Next, go to Safari Preferences --> Extensions and delete any you don't remember installing or that you don't need. Then, go to Safari Preferences --> Search and change your preferred search engine back to Google. Lastly, go to Safari Preferences --> General and make sure your homepage has not been changed, and if it has, change it back to what it was before. In the future, only download applications/plugins/extensions/drivers from either the Mac App Store/Safari Extensions Gallery or the developer's own website.

Never use any kind of "anti-virus" or "anti-malware" software on a Mac. That's how you cause problems, not how you solve them.

Follow the other instructions you were already given.

You may have installed ad-injection malware ("adware").

Back up all data first.

If you're not already running the latest version of OS X, updating or upgrading in the App Store may cause the adware to be removed automatically. If you are already running the latest version, please log out or restart the computer. Again, some kinds of malware will be removed—not all. There is no such thing as automatic removal of all possible malware, either by OS X or by third-party software. That's why you can't rely on software to protect you.

If the malware is removed in your case, you'll still need to make changes to the way you use the computer to protect yourself from further attacks. Ask if you need guidance.

If the malware is not removed automatically, see below.

This easy procedure will detect any kind of adware that I know of. Deactivating it is a separate, and even easier, procedure.

Some legitimate software is ad-supported and may display ads in its own windows or in a web browser while it's running. That's not malware and it may not show up. Also, some websites carry intrusive popup ads that may be mistaken for adware.

If none of your web browsers is working well enough to carry out these instructions, restart the computer in safe mode. The malware will be disabled temporarily.

Step 1

Please triple-click the line below on this page to select it, then copy the text to the Clipboard by pressing the key combination command-C:

~/Library/LaunchAgents

In the Finder, select

Go ▹ Go to Folder...

from the menu bar and paste into the box that opens by pressing command-V. Press return. Either a folder named "LaunchAgents" will open, or you'll get a notice that the folder can't be found. If the folder isn't found, go to the next step.

If the folder does open, press the key combination command-2 to select list view, if it's not already selected. Please don't skip this step.

There should be a column in the Finder window headed Date Modified. Click that heading twice to sort the contents by date with the newest at the top. If necessary, enlarge the window so that all of the contents are showing.

Follow the instructions in this support article under the heading "Take a screenshot of a window." An image file with a name beginning in "Screen Shot" should be saved to the Desktop. Open the screenshot and make sure it's readable. If not, capture a smaller part of the screen showing only what needs to be shown.

Start a reply to this message. Drag the image file into the editing window to upload it. You can also include text in the reply.

Leave the folder open for now.

Step 2

Do as in Step 1 with this line:

/Library/LaunchAgents

The folder that may open will have the same name, but is not the same, as the one in Step 1. As in that step, the folder may not exist.

Step 3

Repeat with this line:

/Library/LaunchDaemons

This time the folder will be named "LaunchDaemons."

Step 4

Open the Safari preferences window and select the Extensions tab. If any extensions are listed, post a screenshot. If there are no extensions, or if you can't launch Safari, skip this step.

Step 5

If you use the Firefox or Chrome browser, open its extension list and do as in Step 4.

There is no malware.

From the menu bar, please select

 ▹ System Preferences... ▹ Network ▹ Advanced... ▹ DNS

Under DNS Servers you should have one or more numerical addresses, such as “192.168.1.1” or “10.0.0.1”. What are those addresses?

Are you revisiting the same website where you originally saw the popups? Is the search engine still being changed to Yahoo?

I have the same problem, constantly being redirected with xb11766.com. On my root directory hard drive a file named "file" keeps appearing. I delete this, it requires me to type my password to put it into trash. I run Malware bytes and delete files that keep appearing. I've gone through all your other steps many times, but no such files exist.

My DNS Servers:

209.18.47.62

209.18.47.61

Search Domains:

socal.rr.com