Learn how to get rid of annoying “Your Mac is infected with 3 viruses” browser alerts and get best practice tips on dealing with tech support scams like that.
Update: January 2019
Cybercrime and social engineering go hand in hand these days. Targeting computer software alone tends to be much more difficult than exploiting human weaknesses, so to speak. Rather than focus on a single attack vector, though, some threat actors prefer combining the two. This is how tech support scams work. The fraudulent campaign to be analyzed herein revolves around bogus browser alerts saying, “Your Mac is infected with 3 viruses” or “Your system is infected with 3 viruses”. The message sure sounds scary, doesn’t it? Having stumbled upon it, some Mac users will end up following the malicious prompts provided on the page, and that’s a slippery slope.
Let’s delve into the technical nature of this online fraud. Obviously, Mac users do not go to the spoof web page in question because they want to. These forcible hits are facilitated by perpetrating scripts on hacked sites, or by malicious code previously deposited on the Mac. Some of the domains reportedly involved in this shady activity include apple.com-protect-systems-live, apple.com-supportcenter.pro, apple.com-traffic-cleaner.systems, and som008.site. The redirect begins with a popup warning that provides the following information, “Immediate action required. We have detected a Trojan virus (e.tre456_worm_osx) on your Mac. Press OK to begin the repair process.” The wording may vary, but the idea is to catch the user’s eye and persuade them to proceed. No matter what option is selected on the popup, the incursion moves on and the victim ends up on the main page that goes,
“Your system is infected with 3 viruses!
Your Mac is infected with 3 viruses. Our security check found traces of 2 malware and 1 phishing/spyware. System damage: 28.1% - Immediate removal required!
The immediate removal of the viruses is required to prevent further system damage, loss of Apps, Photos or other files. Traces of 1 phishing /spyware were found on your Mac. Personal and banking information are at risk.
To avoid more damage click on ‘Scan Now’ immediately. Our deep scan will provide help immediately.”
The whole message is a complete fake. However, it is designed quite competently, includes the official logo of AppleCare Protection Plan, and generally looks trustworthy. The ‘Scan Now’ button in the bottom part of the page will download and install MacKeeper, a malware cleanup tool with controversial reputation. It gained notoriety for malvertising activity and false positives used to persuade Mac users to purchase its license. One of the most disconcerting things about the alerts in question is that the browser redirects may be triggered by a hijacker application that changes Internet surfing defaults on a compromised machine.
So, the main takeaway is to refrain from following the recommendations provided by “Your Mac is infected with 3 viruses” scam alerts. Another one is to check the system for browser redirect malware and remove it if detected.
“Your Mac is infected with 3 viruses” redirect manual removal for Mac
The steps listed below will walk you through the removal of this malicious application. Be sure to follow the instructions in the order specified.
• Open up the Utilities folder as shown below
• Locate the Activity Monitor icon on the screen and double-click on it
• Under Activity Monitor, look for suspicious entries that you do not remember installing. If such a culprit is found, select it and click Quit Process
• A dialog should pop up, asking if you are sure you would like to quit the troublemaking process. Select the Force Quit option
• Click the Go button again, but this time select Applications on the list. Find the entry for potential malware on the interface, right-click on it and select Move to Trash. If user password is required, go ahead and enter it
• Now go to Apple Menu and pick the System Preferences option
• Select Accounts and click the Login Items button. The system will come up with the list of the items that launch when the computer is started up. Locate the likely malware there and click on the “-“ button
Get rid of “Your Mac is infected with 3 viruses” popups in web browser
To begin with, settings for the web browser that got hit by this virus should be restored to their default values. The overview of steps for this procedure is as follows:
1. Reset Safari
• Open the browser and go to Safari menu. Select Reset Safari in the drop-down list
• Make sure all the boxes are ticked on the interface and hit Reset
2. Reset Google Chrome
• Open Chrome and click the Customize and Control Google Chrome menu icon
• Select Options for a new window to appear
• Select Under the Hood tab, then click Reset to defaults button
3. Reset Mozilla Firefox
• Open Firefox and select Help – Troubleshooting Information
• On the page that opened, click the Reset Firefox button
Get rid of “Your Mac is infected with 3 viruses” redirects using Freshmac removal tool
When confronted with malicious code like “Your Mac is infected with 3 viruses” hijacker on Mac, you can neutralize its toxic impact by leveraging a specially crafted system utility. The Freshmac application (read review) is a perfect match for this purpose as it delivers essential security features along with must-have modules for Mac optimization.
This tool cleans unneeded applications and persistent malware in one click. It also protects your privacy by eliminating tracking cookies, frees up disk space, and manages startup apps to decrease boot time. On top of that, it boasts 24/7 tech support. The following steps will walk you through automatic removal of the infection.
1. Download Freshmac installer onto your machine. Double-click the Freshmac.pkg file to trigger the installer window, select the destination disk and click Continue. The system will display a dialog asking for your password to authorize the setup. Type the password and click Install Software.
2. Once the installation has been completed, Freshmac will automatically start a scan consisting of 5 steps. It scans cache, logs, unused languages, trash, and checks the Mac for privacy issues.
3. The scan report will then display your current system health status and the number of issues detected for each of the above categories. Click the Fix Safely button to remove junk files and address privacy issues spotted during the scan.
4. Check whether the browser redirect problem has been fixed. If it perseveres, go to the Uninstaller option on Freshmac GUI. Locate an entry that appears suspicious, select it and click Fix Safely button to force-uninstall the unwanted application.
5. Go to Temp and Startup Apps panes on the interface and have all redundant or suspicious items eliminated as well. The malware triggering “Your Mac is infected with 3 viruses” scam popups shouldn’t be causing any further trouble.