“YOUR APPLE DEVICE HAS A VIRUS” virus. How to remove? (Uninstall guide)
“Your Apple Device Has a Virus” scam targets the “invincible” Mac OS
“Your Apple Device Has a Virus” virus spreads as a tech support scam targeting Mac and iOS community. This browser-based scam frightens users with Pegasus spyware. In order to save the data from theft, the message urges users to call +1-8333-370-777. Here is an extract from the message:
*YOUR APPLE DEVICE HAS A VIRUS*
Apple iOS Alert!!
PEGASUS (SPYWARE) ACTIVATED
System might be infected due to unexpected error!
Please Contact Apple Care +1-8333-370-777 Immediately!
for assistance regarding how to remove it.
According to the message, the following data is under risk:
- credit card details and banking credentials
- email account passwords
- Facebook, Skype, AIM, ICQ and other social network accounts
- private photos
“Your Apple Device Has a Virus” tech support scam: fake or genuine?
The scam developers indeed did a good job. They tied in legitimate information which might persuade Apple and iPhone users that indeed their computers might have been corrupted. They mention two things: Pegasus spyware and Apple Care, which is the genuine Apple support center.
But first things first, let us assure that this notification is fake. Whether you see such notification on Windows or Mac, note that such alerts do not pop up in random pages. Secondly, genuine notifications do not include a phone number.
Thus, what you have to do is exit the page or force shut down via Activity Monitor. However, it is recommended to remove “Your Apple Device Has a Virus” scam elements by clearing the browsing data or scanning the system with the Mac version of Plumbytes Anti-MalwareMalwarebytes Malwarebytes.
Click 'Start -> Control Panel -> Programs and Features' (if you are 'Windows XP' user, click on 'Add/Remove Programs').
If you are 'Windows 10 / Windows 8' user, then right-click in the lower left corner of the screen. Once 'Quick Access Menu' shows up, select 'Control Panel' and 'Uninstall a Program'.
Right click on each of suspicious entries and select 'Uninstall'
Right click on browsers' icon and select 'Properties'
Select 'Shortcut' tab and delete 'http://isearch.babylon.com...' or other suspicious URL
Cick 'Go' and select 'Applications'
Click on every malicious entry and select 'Move to Trash'
Click on menu icon and select 'Manage add-ons'
Right click on each of malicious entries and select 'Disable'
Delete malicious URL, enter your desired domain name and click 'Apply' to save changes
Go to 'Advanced' tab and click on 'Reset' button. Now select 'Delete personal settings' and click on 'Reset' button again
Go to Settings and select 'Choose what to clear'
Select 'Clear' button
Open the start menu and select 'Task Manager'
Right-click 'Microsoft Edge' and select 'Go to details'
Select 'More details' if 'Go to details' option fails to show up
Find Microsoft Edge entries and select 'End Task'
Go to Microsoft Edge folder on your computer, right-click every entry and click 'Delete'
Find Windows PowerShell, right-click it and select 'Run as administrator'
Copy and paste a required command and press 'Enter'
Click on menu icon and select 'Add-ons'
Select 'Extensions' and look for malicious entries. Click 'Remove' to get rid of each of them
When in 'General' tab, delete malicious URL from 'Home Page' section or click on 'Restore to Default' button. Click 'OK' to save changes
Click on menu icon and then on '?'. Select 'Troubleshooting Information'
Click on 'Reset Firefox' button for a couple of times
Click on menu icon. Select 'Tools' and 'Extensions'
Look for malicious entries and delete each of them by clicking on the Trash bin icon
After clicking on menu and 'Settings', select 'Set pages'
Click 'X' to remove malicious URLs
When in 'Settings', select 'Manage search engines...'
Click 'X' to remove malicious URLs
When in 'Settings', scroll down to 'Reset browser settings' button and click on it
Click on 'Reset' button to complete your removal
Click on 'Safari' and select 'Preferences'
Go to 'Extensions' and uninstall malicious add-ons
When in 'General', delete malicious URL and enter your desired domain name
Click on 'Safari' and select 'Reset Safari...'
Select all options and click on 'Reset' button
What is this Pegasus spyware?
If you have been familiar with Pegasus spyware, you might indeed get paranoid about the security of your Apple device.
As a matter of fact, Pegasus malware, which feeds on three zero-day vulnerabilities, was devised specifically for MacOS and iOS, though it has its Android counterpart as well[1].
In 2016, United Arab Emirates citizen Ahmed Mansoor discovered an exquisite malware campaign targeting iOS. He got a couple of SMS messages with shady links.[2] They were the harbingers of the main malware payload.
Clicking on the link would download Pegasus malware which would, later on, download remaining necessary files which would allow the malware to fully monitor’s users private messages. Keylogging features enable the malware to read encrypted content as well.
Another problem is that Pegasus enables to hide its tracks professionally. It is able to self-destruct if it is deprived of connection to Command and Control server within 60 days. Interestingly, the malware only targets specific users as it was designed by an Israeli company to belong to NSO group.
If you are wondering whether you have been infected with Pegasus via “Your Apple Device Has a Virus” scam, let us assure that there is no relation between these two. As discussed below, only selected users have been affected by the original malware.
Tech support scams wander on the cyber space
“Your Apple Device Has a Virus” hijack is carried with the assistance of web scripts. In other words, if you have been browsing movie streaming sites or torrent sharing domains, you were likely to encounter “Your Apple Device Has a Virus” alerts. On the other hand, legitimate apps might also divert you to such fake sites.[3]
You only need to cancel the window to exit the web page. If you cannot do so, close the browser via the Activity Monitor. Let us move on “Your Apple Device Has a Virus” scam removal methods.
Delete “Your Apple Device Has a Virus” tech support scam scripts
If you noticed these alerts on iPhone, all you can do is exit the page, as IOS does not support security applications.
Though Apple products are hostile towards security utilities, in fact, you can install certain malware elimination tools on MacOS. Above-mentioned sample functions on the Mac as well. Thus, it will help you remove “Your Apple Device Has a Virus” web scripts.
Alternatively, below you will find guidelines which instruct how to eliminate the scripts on major browsers. If you use other than Safari browser, you will find them useful. Resetting the browser contributes to “Your Apple Device Has a Virus” removal as well.
On the final note, a widely-spread opinion that MacOS is fully immune to malware might turn out to be perilous as felons find ways to penetrate even most unbreakable systems. Other than English, Russian, French, Turkish[3] users should be vigilant of the scam.
You can remove virus damage automatically with a help of one of these programs: Reimage, Malwarebytes MalwarebytesCombo Cleaner, Plumbytes Anti-MalwareMalwarebytes Malwarebytes. We recommend these applications because they detect potentially unwanted programs and viruses with all their files and registry entries that are related to them.
To remove “YOUR APPLE DEVICE HAS A VIRUS” virus, follow these steps:
Remove “YOUR APPLE DEVICE HAS A VIRUS” from Mac OS X system
Do not get alarmed by “Your Apple Device Has a Virus” alerts. Close the web page. If you have security tool, scan the browser.
-
If you are using OS X, click Go button at the top left of the screen and select Applications.
-
Wait until you see Applications folder and look for “YOUR APPLE DEVICE HAS A VIRUS” or any other suspicious programs on it. Now right click on every of such entries and select Move to Trash.
Uninstall “YOUR APPLE DEVICE HAS A VIRUS” from Internet Explorer (IE)
-
Remove dangerous add-ons
Open Internet Explorer, click on the Gear icon (IE menu) on the top right corner of the browser and choose Manage Add-ons. -
You will see a Manage Add-ons window. Here, look for “YOUR APPLE DEVICE HAS A VIRUS” and other suspicious plugins. Disable these entries by clicking Disable:
-
Change your homepage if it was altered by virus:
Click on the gear icon (menu) on the top right corner of the browser and select Internet Options. Stay in General tab. -
Here, remove malicious URL and enter preferable domain name. Click Apply to save changes.
-
Reset Internet Explorer
Click on the gear icon (menu) again and select Internet options. Go to Advanced tab. - Here, select Reset.
-
When in the new window, check Delete personal settings and select Reset again to complete “YOUR APPLE DEVICE HAS A VIRUS” removal.
Eliminate “YOUR APPLE DEVICE HAS A VIRUS” virus from Microsoft Edge
Reset Microsoft Edge settings (Method 1):
- Launch Microsoft Edge app and click More (three dots at the top right corner of the screen).
- Click Settings to open more options.
-
Once Settings window shows up, click Choose what to clear button under Clear browsing data option.
-
Here, select all what you want to remove and click Clear.
-
Now you should right-click on the Start button (Windows logo). Here, select Task Manager.
- When in Processes tab, search for Microsoft Edge.
-
Right-click on it and choose Go to details option. If can’t see Go to details option, click More details and repeat previous steps.
-
When Details tab shows up, find every entry with Microsoft Edge name in it. Right click on each of them and select End Task to end these entries.
Resetting Microsoft Edge browser (Method 2):
If Method 1 failed to help you, you need to use an advanced Edge reset method.
- Note: you need to backup your data before using this method.
- Find this folder on your computer:
C:\Users\%username%\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe. -
Select every entry which is saved on it and right click with your mouse. Then Delete option.
- Click the Start button (Windows logo) and type in window power in Search my stuff line.
-
Right-click the Windows PowerShell entry and choose Run as administrator.
- Once Administrator: Windows PowerShell window shows up, paste this command line after PS C:\WINDOWS\system32> and press Enter:
Get-AppXPackage -AllUsers -Name Microsoft.MicrosoftEdge | Foreach {Add-AppxPackage -DisableDevelopmentMode -Register $($_.InstallLocation)\AppXManifest.xml -Verbose}
Once these steps are finished, “YOUR APPLE DEVICE HAS A VIRUS” should be removed from your Microsoft Edge browser.
Mac OS XInternet ExplorerMicrosoft EdgeFirefoxGoogle ChromeSafariDelete “YOUR APPLE DEVICE HAS A VIRUS” from Mozilla Firefox (FF)
-
Remove dangerous extensions
Open Mozilla Firefox, click on the menu icon (top right corner) and select Add-ons → Extensions. -
Here, select “YOUR APPLE DEVICE HAS A VIRUS” and other questionable plugins. Click Remove to delete these entries.
-
Change your homepage if it was altered by virus:
Click on the menu (top right corner), choose Options → General. - Here, delete malicious URL and enter preferable website or click Restore to default.
-
Click OK to save these changes.
-
Reset Mozilla Firefox
Click on the Firefox menu on the top left and click on the question mark. Here, choose Troubleshooting Information. -
Now you will see Reset Firefox to its default state message with Reset Firefox button. Click this button for several times and complete “YOUR APPLE DEVICE HAS A VIRUS” removal.
Get rid of “YOUR APPLE DEVICE HAS A VIRUS” from Google Chrome
-
Delete malicious plugins
Open Google Chrome, click on the menu icon (top right corner) and select Tools → Extensions. -
Here, select “YOUR APPLE DEVICE HAS A VIRUS” and other malicious plugins and select trash icon to delete these entries.
-
Change your homepage and default search engine if it was altered by your virus
Click on menu icon and choose Settings. -
Here, look for the Open a specific page or set of pages under On startup option and click on Set pages.
- Now you should see another window. Here, delete malicious search sites and enter the one that you want to use as your homepage.
-
Click on menu icon again and choose Settings → Manage Search engines under the Search section.
-
When in Search Engines..., remove malicious search sites. You should leave only Google or your preferred domain name.
-
Reset Google Chrome
Click on menu icon on the top right of your Google Chrome and select Settings. -
Scroll down to the end of the page and click on Reset browser settings.
-
Click Reset to confirm this action and complete “YOUR APPLE DEVICE HAS A VIRUS” removal.
Erase “YOUR APPLE DEVICE HAS A VIRUS” from Safari
- Remove dangerous extensions
Open Safari web browser and click on Safari in menu at the top left of the screen. Once you do this, select Preferences. -
Here, select Extensions and look for “YOUR APPLE DEVICE HAS A VIRUS” or other suspicious entries. Click on the Uninstall button to get rid each of them.
-
Change your homepage if it was altered by virus:
Open your Safari web browser and click on Safari in menu section. Here, select Preferences as it was displayed previously and select General. -
Here, look at the Homepage field. If it was altered by “YOUR APPLE DEVICE HAS A VIRUS”, remove unwanted link and enter the one that you want to use for your searches. Remember to include the "http://" before typing in the address of the page.
-
Reset Safari
Open Safari browser and click on Safari in menu section at the top left of the screen. Here, select Reset Safari.... -
Now you will see a detailed dialog window filled with reset options. All of those options are usually checked, but you can specify which of them you want to reset. Click the Reset button to complete “YOUR APPLE DEVICE HAS A VIRUS” removal process.
About the author
If this free removal guide helped you and you are satisfied with our service, please consider making a donation to keep this service alive. Even a smallest amount will be appreciated.
References
- ^ LInas Kiguolis. Google detected a sophisticated Android spyware. 2-spyware. Security and spyware news.
- ^ John Snow. Pegasus: The ultimate spyware for iOS and Android. Kaspersky Lab Blog. Learn how to stay protected from viruses, malware, spyware, hackers, spam and other dangers .
- ^ Eliminate computer threats. Virusler. IT News and Malware Removal Guides in Turkish.