Apple Intelligence now features Image Playground, Genmoji, Writing Tools enhancements, seamless support for ChatGPT, and visual intelligence.

Apple Intelligence has also begun language expansion with localized English support for Australia, Canada, Ireland, New Zealand, South Africa, and the U.K. Learn more >

You can make a difference in the Apple Support Community!

When you sign up with your Apple Account, you can provide valuable feedback to other community members by upvoting helpful replies and User Tips.

Looks like no one’s replied in a while. To start the conversation again, simply ask a new question.

"Your system is infected with 3 viruses!"

User uploaded fileUser uploaded file

Hello,


My name is Blue and I need your help.


I have a Macbook Pro with OS X El Capitan Version 10.11.6. It's a 13.3-inch display with an Intel Iris Graphics and a 251 GB storage capacity.


A pop-up appeared from:


apple.com-supportcenter.pro/401/virusfound.php?_jsess=cc2189bf...


Page states: "Your system is infected with 3 viruses!"


Continuing: "Your Mac is infected with 3 viruses. Our security check found traces of 2 malware and 1 phishing/spyware. System damage: 28.1% - Immediate removal require!"


It appears to be a malware but there's a logo that says, "AppleCare Protection Plan." It seemed legit. I exited the page immediately but was left unsure...


I attached two screenshots to this post. What do you think?


Thank you for your time.

MacBook Pro with Retina display, OS X El Capitan (10.11.6)

Posted on Feb 12, 2017 4:36 PM

Reply
Question marked as Top-ranking reply

Posted on Jan 27, 2018 11:56 PM

Hi Kurt Lang,


thanks.

I clicked the "scan now" as well but didn't download anything from there.

I have just some concern how to check is my Mac really infected or anyway further ensure my Mac is not infected.

31 replies

Oct 22, 2017 1:19 PM in response to rifath khan

what kind of a lame answer is that?

Lame? I pointed out exactly the reason you're seeing these scam pages, and you even confirmed it.


Again, the web site you're visiting is causing the popup to appear. No amount of name calling can change the fact that every time you go to this site, you will be subjected to this popup.


There is no way to block a page the site itself is producing, in any browser, under any OS.


The operators of the site are crooks, and every person who goes there is a potential mark. That's the entire reason the site exists. Not so people can watch illegal copies of copyrighted material, but to see how many visitors they can get to fall for the scam.

Dec 3, 2017 8:39 PM in response to dascamp71

What it's infected with is adware, which you installed sometime recently. The highly unethical company that markets MacKeeper invests very heavily in ads pushed through adware. It, of course, claims to find all kinds of problems when it has been proven over and over that the app flat out lies.


Removing MacKeeper itself should be as simple was quitting the app and dragging it to the trash. It should then ask if you want to uninstall. Say yes.


What you then really need to get rid of is the adware that inticed you download MacKeeper in the first place. Download and run MalwareBytes for Mac.

Jan 26, 2018 7:43 AM in response to BlueHat1371

The entire point of the loud beep is to scare the user into thinking something tragic has happened to their computer.


Nothing has happened!


Nothing other than a fake site is trying to convince you it has. Despite being created to mimic Apple's site, there is no such thing as "AppleCare Protection Plan".


In the newer versions of Safari, all you should have to do is click the back button. Maybe twice. Safari will pop up a message asking if you really want to leave the page. Confirm that you do.


You don't need to do anything else other than avoid the site that sent you to the scam page in the first place.

Jan 28, 2018 8:14 AM in response to Naught Jack

Not to worry. Whatever the scan button was supposed to do, didn't happen. It could only have done one of three things.


1) Prompt a download through a normal web action.


2) Redirect you to another site.


Since nothing appeared to have happened, the only other possible action would be this one.


3) If you had Java installed and active for your browser, it could have run a Java applet. What that would do depends on how it was written.


Since even that didn't happen (like most folks, I presume you don't even have Oracle's Java 8 installed), it couldn't do anything.

Oct 22, 2017 11:58 AM in response to rifath khan

The only thing there may be to block is your own browsing habits.


Assuming they're not being generated by adware you've inadvertently installed, such popups are generated by the web site you visited, or another site you are automatically directed to by one you did visit. In other words, you will get the popup every time you visit that site, since that's where it's coming from in the first place. Stop going there.


Adware can introduce these same scam pages, in the attempt to get you to purchase worthless AV software, or whatever else they're trying to push.

Dec 1, 2017 10:28 AM in response to bluebookmark

Lol bro.your mac IS infected, but from ADs.Thats just an adware/scareware popup.Does it beep 2 times?My brother had that problem.Download bitdefender from app store thats how we fixed it.Your bitdefender will find 10 viruses one will be called "rek" if u have the same issue.we just fixed it.just scan go to its folder delete.Its just one malicious file *.unix format.they are always infected because someone went to hack u from linux/unix kali because Thats the only way to hack.has this solved ur problem

again: download bitdefender on app store scan full and erase these files.Do not download another antivirus because ur mac will go crazy. thanks

Dec 5, 2017 8:57 AM in response to GiantSkeleton098

He deleted the download without running the installer. It did nothing.


All AV software on the App Store are worthless. They can't possibly do what they say since anything in the App Store has severe restrictions on what areas of the drive they can access. The most they can do is very simple things you can do yourself. Such as removing all browser extensions.

Feb 18, 2018 9:18 AM in response to mia.miriam

So I'm a little doubtful as to this being a problem on one specific web site only.

Of course not. They're all over the place. The Internet is awash in ads almost no matter where you go. There are also thousands of scam sites that try to convince the gullible their computers are infected.


Stopping them is nearly impossible. To get around ISPs canceling scammers' accounts, they run their own servers. Then they hack as many legitimate web sites as they can to redirect users to their scam pages. When those URLs get reported and blacklisted, they just setup a new domain (and there are trillions of possible letter combinations to use). It's a never ending game of Whack-A-Mole.


Worse, there are countries outside the U.S. whose authorities do little to nothing to arrest these crooks, even when their exact location is known and are told where to find them.

"Your system is infected with 3 viruses!"

Welcome to Apple Support Community
A forum where Apple customers help each other with their products. Get started with your Apple Account.