Apple Event: May 7th at 7 am PT

Learn more

Add to your calendar 

Looks like no one’s replied in a while. To start the conversation again, simply ask a new question.

User profile for user: kriscena
kriscena Author
User level: Level 1
5 points

Ransomeware.Locky virus

I have recently upgraded OS to Sierra 10.12. A couple of days later my Internet Service Provider - Orange blocked my Internet connection with a message (via Safari) that my computer "might be endangered with a Ransomeware.Locky virus". The message from Orange asked me to scan my system for viruses, what I did with an Apple AppStore program Bitdefender Virus Scanner (best reviews for Ransomeware.Locky). Nothing was found so I called (official number I used before) the national Orange technical service for further advice. They told me that they can remotely turn the internet back on. I could do it also myself by clicking via the Safari posted message from Orange but preferred not to send (at that time) anything myself via the computer.


Next day, I did a full scan with Bitdefender then upgraded it and rescanned a couple of days later.


Two weeks later (i.e. last night), the message from Orange appeared again. I checked/scanned the sytem and unblocked the system myself. The Bitdefender scans showed nothing suspicious.


My Security Preferences are Firewall ON (with stealth mode enabled.

How to interpret the message "might be endangered with a Ransomeware.Locky virus" ?

VIN, iMac (27-inch Mid 2010), Other OS, OS Sierra 10.12, 24 GB, 1 TB SSD

Posted on Oct 28, 2016 6:52 AM

Reply
Question marked as Best reply
User profile for user: Eric Root
Eric Root
User level: Level 10
684,045 points

Posted on Oct 28, 2016 8:23 AM

Try running this program in your normal account , then copy and paste the output in a reply. The program was created by Etresoft, a frequent contributor. Please use copy and paste as screen shots can be hard to read. On the screen with Options, please open Options and check the bottom 2 boxes before running. Click “Share Report” button in the toolbar, select “Copy to Clipboard” and then paste into a reply. This will show what is running on your computer. No personal information is shown.

Etrecheck – System Information


You have adware installed. Run the report again and where you see the red Adware, click Remove. Once complete, run the report again and post a copy into a new reply.


Or download this program which was written by Thomas Reed, a long time poster. The program will do the work for you which makes it easy.


Malwarebytes Anti-Malware for Mac 10.8 and later


What should I do if Malwarebytes Anti-Malware for Mac didn't solve my problem?

View in context
8 replies
Question marked as Best reply
User profile for user: Eric Root
Eric Root
User level: Level 10
684,045 points

Oct 28, 2016 8:23 AM in response to kriscena

Try running this program in your normal account , then copy and paste the output in a reply. The program was created by Etresoft, a frequent contributor. Please use copy and paste as screen shots can be hard to read. On the screen with Options, please open Options and check the bottom 2 boxes before running. Click “Share Report” button in the toolbar, select “Copy to Clipboard” and then paste into a reply. This will show what is running on your computer. No personal information is shown.

Etrecheck – System Information


You have adware installed. Run the report again and where you see the red Adware, click Remove. Once complete, run the report again and post a copy into a new reply.


Or download this program which was written by Thomas Reed, a long time poster. The program will do the work for you which makes it easy.


Malwarebytes Anti-Malware for Mac 10.8 and later


What should I do if Malwarebytes Anti-Malware for Mac didn't solve my problem?

Reply
User profile for user: thomas_r.
thomas_r.
User level: Level 7
31,989 points

Oct 28, 2016 8:47 AM in response to kriscena

Locky is Windows ransomware. Your Mac cannot be infected with Locky. In fact, currently, your Mac cannot be infected with any ransomware at all. The only Mac ransomware that ever existed is extinct at this point.


So, there are two possibilities. One is that there is an infected Windows machine on your network. If you have any Windows machines on your network, check them for an infection ASAP. If you don't, someone may be using your wireless network without permission. If you don't have a password on your wireless network, change that immediately. Use WPA2 encryption (not WEP, which is no longer secure) and a strong password. That will lock out anyone nearby who shouldn't be using your network, and may solve the problem.


The other is that this is a false positive. That happens sometimes, especially with ISPs who would prefer not to admit that Macs exist, and those ISPs are usually reluctant to accept the possibility that the error is on their end. If this turns out to be the case - which will happen if you eliminate all Windows computers from your network - you'll probably have to escalate your case through many levels of support before getting someone who is capable of understanding this.

Reply
User profile for user: kriscena
kriscena Author
User level: Level 1
5 points

Oct 28, 2016 9:07 AM in response to Eric Root

Eric,


Many thanks. I run both.

1. Etrecheck provided the report but the Share Report -> Copy to Clipboard did not work. Two Etrecheck reports are therefore here: https://www.dropbox.com/s/aawmfe5d1ycxba6/KrisCena_EtreCheck_28Oct2016.pdf?dl=0

and here: https://www.dropbox.com/s/idzgrqq04xgajnw/KrisCenaEtreCheck_28Oct2016AFTERMalwar ebytes.pdf?dl=0

The second report was obtained after the Malwarebytes (mentioned below) scan and after the two threats were removed.

2. I run the Malwarebytes programme and received 2 positives: "Adware.AwesomeScreenshot" and "Adware.PhotoZoom" with advice to remove both, what I did. The .jpg screenshot is enclosed.


In summary, there are two Etrecheck reports - "before" and "after" the Malwarebytes program was run and the threats found have been removed.

Warm regards and more thanks -

Kris

User uploaded file

Reply
User profile for user: kriscena
kriscena Author
User level: Level 1
5 points

Oct 28, 2016 9:27 AM in response to thomas_r.

Thomas,


Many thanks for good advice. I do not have (and do not want 😉) any Windows machines but I do have a rather powerful WiFi Apple router (upstairs) with a repeater downstairs and can myself connect with an Apple portable in the garden from about 70-80 metres easily. The Orange provider's own router (installed upstairs) is moderately strong. Both WiFi systems have "guest network" addresses. We live "in the country" but have two neighbours within a reaching distance (I see their network names). There are 5 teenagers altogether with 5+ devices, all Windows.

Following your excellent advice, I have removed all our "guest networks" and improved the passwords.

Best regards -

Kris

Reply
User profile for user: kriscena
kriscena Author
User level: Level 1
5 points

Oct 28, 2016 10:12 AM in response to thomas_r.

Thomas,


🙂 Let us hope that the "guest networks" were the cause of this quite unpleasant problem. The chances for this are quite strong as another family uphill (too far for stray signals) do have an iMac (and a Windows PC as well) and they did not experience any of ours misadventures.

The giant provider Orange when talking on the phone obviously was hopeless as one talks to someone in a call centre somewhere in the air.

I will report back if there are any new signs or developments of the issue.


KInd wishes,

Kris

Reply

Ransomeware.Locky virus

Welcome to Apple Support Community
A forum where Apple customers help each other with their products. Get started with your Apple ID.
Learn more Sign up