Phony “tech support” / “ransomware” popups and web pages removal – Mac / iOS

Problem:

 An unexpected popup or unsolicited webpage (examples below; click to enlarge) appears alleging the detection of “viruses” or the existence of some unsafe condition that needs to be addressed with great urgency:

 

These scams can appear on any web browser running on any Mac, PC, or iOS device. They appear to be authentic, because they might include details such as your IP address and an icon of the browser you’re using. Some of them include voiceovers or annoying alert sounds. You can’t find a way to dismiss the popups, and you can’t find a way to quit Safari. Even if you were to completely shut down and restart your Mac or iPhone, the annoying popups might just keep reappearing.

  • The above four screenshots are mere examples. There are thousands of variations of this scam whose exact appearance and wording can take any form. There are also millions of permutations of the “toll-free” phone numbers they provide, and they can easily be on the other side of the globe. These scams are easily created, simple to distribute, and new examples appear every day.

 A variant of the same scam will cause a webpage to appear accusing you of engaging in some sordid or illegal Internet activity. The page might bear official-looking government or law enforcement seals, say your Mac is infected with some ick, and / or employ technobabble intended either to intimidate you or create an impression of authenticity.  

  • Needless to say whatever text they contain should be utterly disregarded, because it’s all false: Your Mac is not infected with anything and you did nothing wrong. What you’re experiencing is a lame and 100% fraudulent attempt to extort money from you. No matter how legitimate the message appears to be, it did not originate with Apple, the FBI, RCMP, Bundespolizei or any legitimate organization. This is a very common and easily perpetrated scam that can affect any computer or Web browser. Don’t fall for it!
  • If you closely examine the page you might find a “disclaimer” written in very tiny text, containing what may be the only accurate information on it. The exact text extracted verbatim from one of the above scam examples follows: “The webpage and pop-up is only for advertisement use. In no way claiming to be Microsoft and claiming a definite error has occurred. The webpage does not take any personal or critical information. The webpage owners are not held liable for any actions taken on your system by third parties. Call at your own free will.” Who could object to that? That’s about as sincere as it gets.

 

When you can’t find a way around this problem — when you can’t close the page or even quit the web browser you’re using — it might seem that you’re stuck and there is no way out. If that describes your situation, read on.  

  • Whatever you do, never call any phone numbers that appear. They will just want payment, usually in multiple hundreds of US dollars. Worse yet, they may attempt to deceive you into granting them remote control of your Mac, conceivably enabling them to install a “backdoor” granting criminals unfettered ability to harvest any or all the information contained on your Mac, to be used for any conceivable purpose. That’s a road you do not want to travel. Never allow anyone to remotely log in to and use a Mac that you own and control.

There are different solutions for Safari on the Mac and Safari on an iPhone or iPad device. Follow the applicable one below. Although the instructions specifically address Safari, they are easily adapted to other web browsers.

Solution (Mac):

 Some of these scam popup messages are very easy to dismiss: 

  1. If a checkbox appears with the text “Don’t show more alerts from this webpage”, select it, then click the Leave Page or OK button.
  2. If that option does not appear, try repeatedly and quickly clicking the Leave Page or OK button while also pressing the key combination W.
    • If the Leave Page or OK button is not visible because the dialog box extends beyond your display’s lower limit, the Return or Enter key should perform the equivalent action.

Either option may result in interrupting the script preventing you from closing the page normally. If it does, you’re finished. If not, or you grow tired of that method, continue below. 

1.Quit Safari. If necessary, force Safari to close by following these instructions: Force an app to close on your Mac – Apple Support.

    • choose (Apple menu) > Force Quit…

no-menu1

  • Or, using three fingers press the three-key chord (the Command key, next to the space bar) Option (the key next to it) Escape (the key at the upper left of your keyboard).
  • A dialog box with the title Force Quit Applications will open.
  • Choose Safari, click the Force Quit button, and confirm the dialog with Force Quit again.
  • Close the dialog box.Press and hold a Shift key and keep it depressed while launching Safari again.

 

2. Press and hold a Shift key and keep it depressed while launching Safari again.

  • When Safari opens, release the Shift key.
  • This action prevents Safari’s previously loaded pages from loading again upon launch. 

If that does not immediately fix the problem:

 

  1. Force Safari to quit again.
  2. Disconnect from the Internet by selecting Wi-Fi “off” in the Mac’s menu bar, or disconnecting its Ethernet cable if you’re not using wireless. See pictures below.
off
Turn Wi-Fi “off”
iBack
Disconnect Ethernet cable (MacBook Pro)
pro
Disconnect Ethernet cable (iMac)

3. Launch Safari again by pressing and holding a Shift key while launching Safari.

  • No pages will be able to load since you’re not connected to the Internet.

4. Select the Safari menu > Preferences > General, and review your home page selection.

5. Select the Privacy pane > Remove All Website Data… > Remove Now.

  • After you reconnect to the Internet, you will need to sign in again with all websites that require authentication (such as this one).

6. Close the Preferences window.

7. (optional) Select the History menu > Clear History…

  • Choose an appropriate period to clear from the dropdown menu. That action will ensure you don’t inadvertently navigate back to the same problematic web page.

8. Turn Wi-Fi back on again or reconnect your Ethernet cable.

You’ll be back in business.

In an abundance of caution, consider the following additional actions. They are not required to eliminate the scam webpage but you should review them to determine certain Safari settings have not been unexpectedly altered.

 

  1. Open Safari’s Preferences… again and select Extensions. Uninstall any Extensions that you are not certain you require by clicking the Uninstall button.
  • If you are not sure what to uninstall, uninstall all of them. None are required for normal operation.

2. Select the Privacy pane. Verify “Cookies and website data” is configured the way you expect. If you are not certain what choice is appropriate, choose “Allow from websites I visit”.

  • For OS X versions prior to Yosemite the equivalent preference is “Block cookies and other website data” > From third parties and advertisers.

 

 Solution (iOS):

 Force Safari to quit by quickly double-clicking the Home button. On that screen, swipe left or right until you find Safari with a preview of the problematic web page. Swipe that image up and away to terminate it:

 

The unresponsive Safari page will be gone, but if you were to launch Safari again it might just reappear. To prevent that from occurring, go to Settings and scroll down a bit until you see Safari. Tap Safari, then tap Clear History and Website Data. Confirm the dialog that appears next, and you’ll be back in business. The effect of clearing website data will require you to “sign in” again to websites that require authentication (such as this one).

Source: Apple

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

Up ↑

%d bloggers like this: