While surfing just now on Safari my screen clicked to an official looking FBI website and locked up. Here is the disturbing message:
Typed in all Red
Attention! Your browser has been blocked up for safety reasons listed below. All the actions on this PC are fixed. All your files are encrypted. CONDUCTED AUDIO AND VIDEO
Then this is typed in black beneath that
You are accused of viewing/storage and/or dissemination of banned pornography (child pornography/zoophilia/rape etc.) You have violated world declaration on non-proliferation of child pornography. You are accused of committing the crime envisaged by Article 161 of United States of America criminal law. Article 161 of United States of American criminal law provides for the punishment of deprivation of liberty for terms from 5 to 11 years.
Then there is a section where I can use some kind of moneypal to send them payment of 300.00 to unlock my computer.
It is all very official looking except for the somewhat stunted English, and luckily for me I also have Firefox on my browser. This is my computer alone and I have never watched any porn on it but I suppose if I had I might be nervous? Not sure what to do now. Is my computer still safe to use.
I was referred to you all for help by Ravencajun, hope you can guide me through this. Thanks!
Hi, sleeperblues. Welcome to LandzDown Forum. Ravencajun indeed said you were on the way. You'll see her at LzD as R-C. There are a number of other GW friends at this forum as well.
Because I'm dealing with some real-life issues right now, I've contacted other members of the team to help you. You'll be in great hands!
Hello,
Is that true you're able to use Firefox with no issues resulting at all and the computer acts normally and the only time you see the ransom page is in the Safari browser?
Joe
That was my question too Joe. I am hopeful that means it did not get into the system? Hopefully a few scans can tell us what is going on.
Sleeperblues glad you made it here!
What operating system are you using?
Anyone have the link to the GW thread handy?
I don't see a post on GW, It's a mac computer. The issue I believe is limited to the Safari browser, where just a ransom page shows up.
Hi Everyone, Thanks for the warm welcome. Yes, it's true I can use Firefox but not Safari so I was hoping the whole computer is not infected. It is a mac computer and I am not really tech savvy so please refresh my memory. How do I find the operating system I am using?
Googled it, and it's OS 10.6.8
@Winchester73, here's the GW thread: http://ths.gardenweb.com/forums/load/kitchentable/msg051751441548.html?4
For future reference, sleeperblues, you can get detailed information here: OS X: Finding your OS version and build information (http://support.apple.com/kb/HT1633)
http://ths.gardenweb.com/forums/load/kitchentable/msg051751441548.html?4
You actually caught a break, with Mac OS X the virus can be removed by restoring browser settings or quitting the browser. On Windows computers, the virus must be removed using more complicated tools.
That's why I wanted to confirm your OS. Safari is typically an Apple thing, but some Windows users have it installed as a browser.
I'm not a Mac guy, but here's what I would do, reset Safari to its default settings ...
1. Click on "Safari" in the menu bar at the top of your infected Safari session, and then choose Reset Safari. A small window containing all of Safari's reset options will display.
2. In the new window "are you sure you want to reset Safari", make sure all items are ticked and click on the Reset button.
The FBI MoneyPak virus should then be removed from Safari, and no longer affect your computer.
Quote from: Corrine on May 21, 2014, 02:12:43 AM
@Winchester73, here's the GW thread: http://ths.gardenweb.com/forums/load/kitchentable/msg051751441548.html?4
For future reference, sleeperblues, you can get detailed information here: OS X: Finding your OS version and build information (http://support.apple.com/kb/HT1633)
Something about great minds and thinking alike pops into my head :D
If no joy with resetting the default, you might try this next ...
1. Press Command + Option + Escape simultaneously. This will open the Force Quit Applications window.
2. Select Safari (and any other browser in which you are seeing the FBI ransomware notification).
3. Click the button that says Force Quit. This will forcefully end your browser program, thus removing the pest.
Should you be unable to switch from an unresponsive app, press Command + Option + Shift + Esc for three seconds to force it to quit. This key combination tells OS X to force quit the frontmost app.
I tried to quit safari, and now I cannot get it to open up and the virus message is not on the screen anymore. The Safari icon is still on the bottom of my computer but when I click on it nothing happens. I'm hoping this means the computer is safe to use?
OK, got it fixed. Thanks for all your help. Safari is up and running now, but I'm not going to use it. Another question. What would be a good anti-virus software for Mac? apparently, according to my husband, we don't have it because macs don't need it. Obviously, not so. Thanks in advance for your help!
We're all mostly Windows folks, but perhaps someone with more knowledge of the Mac OS will comment ...
The FBI ransomware threat alert for Mac was sounded last summer, as cybercriminals were starting to take advantage of the fact that most Mac users feel safe and secure browsing the Web without running into a virus.
You might wish to post something in the Apple Support Forum and see if there are some a/v recommendations: https://discussions.apple.com/index.jspa
I asked a buddy of mine who is an Apple guy, and he likes the free versions from Sophos and ClamXav. I'm hesitant to recommend anything I haven't tried myself.
Yes, glad you got it fixed for now. But now that you got Safari to quit I would strongly suggest the following:
Make sure setting in Safari Preferences, General tab, under Remove download list items: untick the box for Open Safe files after downloading "Safe" files including movies, pictures, sounds PDF and text documents, and archives.
Use a temp file remover CCleaner (http://www.piriform.com/ccleaner), MainMenu (http://mainmenuapp.com/), etc.
Note: because of the threats in the browser, I also use a Mac and use ESET Cyber Security (http://www.eset.com/us/home/products/cyber-security/) and have it set to also prevent PUPs. It has saved my bacon a few times in the browser on my Mac by preventing malware URLs from loading anything.
Also, as Corrine has noted elsewhere:
Most of the vendors now have A/V for Mac's -- ESET, Kaspersky, Sophos. . .
These are free options:
avast! Free Antivirus for Mac | Security Software for Apple OS X (http://www.avast.com/free-antivirus-mac)
Free Antivirus for Mac - Download the best Mac antivirus (http://www.avira.com/en/free-antivirus-mac)
ClamXav (http://www.clamxav.com/)
AntiVirus for Mac | Free Virus & Spyware protection | AVG (http://www.avg.com/us-en/avg-antivirus-for-mac)
If you would prefer free Mac App Store items:
ClamXav (https://itunes.apple.com/us/app/clamxav/id430207028?mt=12)
Bitdefender Virus Scanner (https://itunes.apple.com/us/app/bitdefender-virus-scanner/id500154009?mt=12)
Dr. Web Lite (https://itunes.apple.com/us/app/bitdefender-virus-scanner/id500154009?mt=12)
ClamXav has the best Mac App Store rating.
I personally would still go for ESET regardless because it has a firewall built in and prevents malware URLs, unless I wanted a totally free solution.
Thank you so much for all of the advice. going to definitely install some AV protection now. Hopefully I won't need your services again, but glad it was an easy fix:)
Welcome and glad we could help in some small way, sleeper blues.