Answers...

to commonly asked questions.

viruses

This is a SCAM! DO NOT CALL THESE PEOPLE!!!

Sorry to bother but I did not order this do you think scam or should I call?

Screenshot 2024-01-31 at 5.17.10 PM
___________


Garbage. It’s bait to get you to call them so they can scam you. DO NOT call that number. Better thing to do is to monitor your bank transactions carefully (ALWAYS) and if you did see anything unexplainable, contact the bank to have them cancel or refund any payments you did not authorize.

That is unlikely what is happening in this example however. This particular example is designed to scare you into thinking you’ve paid something so that you’d be more likely to call them. Once they have you on the phone, you are as good as gone. They are extremely convincing by lying.

Should I call this number?

Do I have a virus? It says I should call this number. My computer is talking to me.


Screenshot 2024-01-30 at 2.30.32 PM
________

Total scam. Quit Safari, hold down the shift key and restart. That’s just an add trying to trick you into thinking you have a virus. It’s garbage.

Is someone spying on me through my phone?

My friend believe her phone has spy ware and needs assistance. She doesn’t feel comfortable using her phone.
___________


Has she considered just going over to either Apple store and have them take a look real quick. All you’re really looking for is what’s called a “profile”. If the phone has no profile installed, it’s clean. A profile is a file that can be installed on a phone that gives industries like banking, medical, etc… the ability to monitor and control the phone over the internet. For example, a person works for Wells Fargo and that bank decides to send a new app out to all the employees that have been issued phones. A profile that lives on the phone will give that ability. A profile can, however be used for malicious purposes as well. To check to see if there is a profile installed on any iPhone, go to Settings/General/VPN and Device Management. If there is a profile installed, it would be listed there. If it is her personal phone that she paid for, there should not be a profile installed.

That’s basically it.

Other than a profile, there is no way for any malicious app to be installed on an iPhone. ALL apps go through the Apple App Store and are checked and verified by Apple. An Android device is different. It can install apps randomly from random places. Apple’s apps on iPhones are regulated.

The more likely way someone can spy on another is if they have access to their appleID. If I have your appleID and password and I am logged in on a device that was previously authorized, then I can see everything in your life. Pictures, texts, location, email, etc…That’s way more common than the phone having malicious software installed.

No idea what your friends situation is, but the AppleID scenario I just described is very common among ex spouses, partners, etc… I run into that scenario all the time.

To check what devices have access to your AppleID, on your phone go to Settings then click on your name at the top. Scroll to the bottom of that screen to see ALL devices that are currently authorized. You can remove any you are unfamiliar with.

Legacy System Extension outdated

Do I have a virus?

IMG_3631
___________

No. That is not a virus. That is a message telling you that there are some old pieces of software that will become obsolete when you update your computer in the near future. This can range from printer software to add-ons for web browsers. Usually they are unnecessary any way so I wouldn’t worry too much about it. If the company that made the software originally was still in business, they usually allow it to be updated automatically. So often these messages are just warning you about some old software that was no longer supported any way.

Do I need LifeLock?

I am worried about the crazy people who can hack our computers , iPhones, etc. Do you have any suggestions to protect our devices? Norton Life Lock?
___________


This is a very large question and I do suggest you look through my answers section dedicated to the topic of scams and viruses located here:

scams | Answers | Sells Consulting
viruses | Answers | Sells Consulting

Now that that's out of the way, Norton Life Lock…no. Not a fan. Several reasons:

1. It's yet another subscription. Don't we have enough subscriptions these days?
2. Running a piece of software doesn't protect us from falling for the tricks that are out there where we are asked to type our admin passwords. I've yet to find a legitimate save that I could attribute to Norton.
3. You can pull your own credit every year and even lock it until you need to use it without subscribing to Norton.
4. As long as you are extremely hesitant to not type your password in when presented with the option to do so, unless you fully understand why you are being asked for it, you're ok.
5. Most of us get scammed because we tend to believe what other humans are telling us, not because something installed on our computers without us knowing.

Your iPhone and iPad are not going to allow malicious software. The only way that something can land on your iOS device is if you install it through the Mac App Store. Apple vets every app they allow into the App Store so that's a level of safety we can count on. Above all else, don't join wifi networks that don't require a password. That's the best advice I can give anyone when it comes to security.

Is this malware?

I assume it is malware and “quit” Safari.

afcrp
___________

Yes. This is garbage. You did the right thing in this case. Here's a great explanation on the Apple forums about this exact topic.

Don't fall for the Adobe update scam PLEASE!

Just ran across a particularly bad piece of malware this week. Catalina now warns that you may have bad software on your machine but doesn't do anything to help you remove it. You may have seen the "xsoftware" will damage your computer and should be removed". Then you're presented with the choice to show in finder or cancel. Problem is, when you choose to show in finder, nothing happens.

Publicadvisesearchdaemon and Techfunctionsearchdaemon are two very evil pieces of malware that go beyond the usual folders. Normally, you can find the malware in login items, LauchAgents, and LaunchDaemons as well as within the Frameworks and Application support folders of both the main library and the hidden user's library. You clean those out and you're good to go. These two devils however went much further than I normally see.

Screen Shot 2020-05-11 at 8.01.57 PM

This bad guy adjusted the network settings, set a proxy for outgoing traffic, enabled root, then placed files inside root. This was a masterpiece of malware. I have to give them credit. All they needed to do was trick the user into typing their password.

DO NOT fall the for the Adobe flash player update scam. In fact, never type in your admin password if you don't really know why you're typing it. Computers are secure. Humans are not. Lots of damage can be done to your life if you grant permission for it to happen. Typing in your computer's password allows anything to happen on your computer. You don't really need virus protection. You just need to stop typing your computer's password in.

It's dangerous to go alone...

So this just came in to me today. An email suggesting that I update Adobe Flash. It's. Critical update…


Screen Shot 2020-02-14 at 8.08.26 AM

On the surface it looks legit but no no no! Let's take a minute to see ways we can spot this terrible scam.
By hovering over the incoming address and clicking the right corner of the email address, you will see the actual email address. Not just the name associated with it. In this case, there are two s's in the name. Adobe would not send from this address..



Moving on, you see the very inviting download button but by hovering over the link it will reveal the actual link you would be going to. Notice the spelling here. .gq would not be an Adobe URL.



But let's say you even go so far as to click that link. What happens next?

Screen Shot 2020-02-14 at 8.10.17 AM

It takes you to another very convincing site that looks exactly like something you would really see if you were updating Flash by Adobe. But look closer. The URL at the top bar is some garbage link. This is all baiting you in. They've stolen the logos and design from Adobe's site and made their own scam site in hopes that you'll click the next download button. So what if you did click that?



If you're running the latest version of macOS Catalina, you'd see this new window. It's your computer telling you something is about to download. In this case "mysslgo.com" is pure garbage. If you don't know what it is, don't allow it. That's the general rule we should all be following. But what if you do allow it?



You'd then see a file in your downloads with some bogus name like the one above. The good news here is that nothing bad has really happened to you yet. But you're very very close to the Sun right now. If you've fallen this far, there's a good chance you'll just keep going. Eventually you're computer will try to stop you once again by asking you, the boss, to allow this terrible thing by entering your admin password. The bad guys can't install anything on your computer without you granting permission. The whole scam is to convince you that this install really needs to happen. The fact that the bad guys use the word "flash" is beside the point. They are only using that word because they know we've become conditioned over the last several years to updating flash. (Side note: Adobe is no longer supporting actual Flash updates and it will be phased completely out of browsers this year). They could use any word like firewall, security, open port, dark web, or anything else to try to frighten you into interacting with their links. If you are ever in doubt, simply take a screenshot (command+shift+4) then drag over the area you'd like to capture. Send that screenshot to me and I'll give you my thoughts. 9/10 times it's fake.

You are your best defense. Don't type in your admin password unless you have a good reason to do so.

Another email account compromised.

Hey Scottie. We are getting these odd e mails that are not coming from us. They are also being sent to several clients. Can you help us or give advice? Thank you

Thanks for your response.  Employer and I have been in the mountains all day so I am going to try this first thing in the morning.  Also troubling is it is not letting me send out emails from my email, hence this email from my friend's account.  If you have any tips on that let me know.  Do you think the hacker changed my password?
___________


In this case, the new sender has been adding an attachment to your email with a password. I opened it and it contains a few garbage installers pretending to be flash or vlc. Of course you should not open them or install them.


Then leads to…



This is all fake. Do not interact with it. Viewing the header information will help to discover possible clues as to where this email is originating from. Change your email password immediately.

Have I been hacked while in Mexico?

Hi Scotty,
I’m in Mexico and back in Clt Friday night. I was on my iPhone this Monday connected to the hotel Wi-Fi when suddenly everything in my email hotmail inbox disappeared on my iPhone. I checked the iPad I’m using now and same thing-all gone. I checked my computer and everything is still there but the computer was never connected to the Wi-Fi. I’m terrified of connecting it here or when I get back to Charlotte, as I believe everything will disappear on it too. (My devices are all linked.)
Do you have any idea what could be going on? Do you think I could’ve been hacked?
I’m leaving Monday for New York. Do you work on Saturday and if so can I schedule a session? Alternatively we can try a remote session from New York on the 20th/21st.

___________

I am available remotely throughout the weekend if needed. You can schedule via the usual web link below. If your email was compromised and email was deleted then there are a couple things we can try.

1. Using a computer that has not been brought back online yet, turn off wifi, open mail, save all mail. As soon as the email client syncs to the web, that email would disappear.
2. Use time machine to recover your old email.

Regardless, you should look to change your email password ASAP.

You can also check via hotmail.com directly to see if it’s just a weird temporary problem. But given the fact that you are traveling abroad, there’s a very good chance that someone has gained access to your account. I see this all the time unfortunately. Happy to help any way I can.

I don't care for Google Updater software.

I used Chrome for a search and ended up with the notice (“GoogleSoftwareUpdate.bundle is an app downloaded from the Internet. Are you sure you want to open it?”) on my desk top. See screen shot below.
I hit cancel several times, but it just pops back up. I shut down the computer then started up again and it still pops up. Any suggestions? Should I just “open”?
I think I may decide to never use Chrome again… not the first trouble I have had using it.
___________


So the google software updater is a file that is asking permission to be installed. It's main job is to ensure that Chrome is up to date. It was brought in by you either using Chrome or Google Earth. I personally don't want that running on my system because it's more invasive than just that. Remember that first and foremost, Google is an advertising company so any information they can glean from your computer habits have the potential to be monetized. The problem is, once you've allowed it to install, you'd have to know where to look to remove the startup files. Otherwise it will keep coming back. Even when you do clean it out, if you run Chrome in the future, you'll just be presented with the same item again eventually.

DoI have a trojan virus?

My Mac is saying we have a “Trojan” virus !!
Can you help
I cannot use my computer!


.
___________

I’d be happy to assist. Force quit your browser then restart your browser while holding down the shift key. If that does not help You can schedule a session online via my website for further assistance. www.sellsconsulting.com

Okay it worked but what is Trojan
And should I have you come out to put some protective software in??


What you saw was a scam ad that runs via javascript to make it seem like they have control of your computer.  People do accidentally install garbage software onto their computers.  The most important thing is to not give anyone money or call any numbers.  You can schedule me at some time to insure you’ve not installed anything malicious.  You don’t need anti virus. Just never enter your computer’s password without understanding your reason for doing so.

Is this true?

Seen this before, Scotty?

Screen Shot 2019-10-02 at 7.05.26 AM

__________

Straight up total garbage. Do not interact with this.

What virus protection to you recommend?

Antivirus/Malware-I have been using the free Malware and free Sophos-what are your recommendations here? And do you recommend the paid versions of these?
___________


I do not recommend any antivirus for the Mac. Bad things happen on your Mac when you allow it to. In other words, in order for your Mac to become "infected with malware" most of the time it requires that you grant permission for it to be installed. I see the issue of people falling for the tricks out there every day. Saw it twice today. Bottom line is that when prompted for your password you should be very cautious and understand why your computer is asking for your password.

I have a dedicated section to this question on my answers site that can be found here.

scams | Answers | Sells Consulting
viruses | Answers | Sells Consulting

For more details on how to avoid the scams that are out there I'd be happy to go over things with you via remote session any time. I work with a variety of people across the US remotely using a piece of software called Zoom.

Did I just install a virus?

Scotty, here is an icon that just jumped up. I forced quit it. Then I went to my applications and I had 3 adobe items at the top: one for adobe acrobat reader (8/1) and two adobe digital editions (both 4/28) and one of these ending 4.5 app. Tried to send the first application (ie, adobe acrobat reader) to trash but my Mac asked for my password to do so and I didn’t know if should use my password. Let me know what I should do including setting up a session? Thanks

IMG_2361

___________

Good looking out. However, from your description it actually sounds like this is legitimately Adobe Reader. Adobe Reader is an application a few people use to view PDF files. It is completely unneeded as Preview is already on your Mac. When you went to delete it from your Applications folder, the Mac asked for the password. In that case, it would be ok to enter it as the Mac considers deleting an application in the Applications folder is something only an Admin should do. You are the admin of your computer.

You can never judge the validity of any application by the icon it uses as there are plenty of malware programs that have just stolen the icons of other popular companies to make themselves look safe. But your description of the Adobe products in your applications folder, yes you can delete them. They are not causing harm. Reader is different than Flash. Flash can be harmful to your computer. Adobe Reader is innocent but unneeded as I said.

Lastly, to Adobe's defense, they do seem to be the most used target by the malware bad guys as they pretend to be their products. Therefore, Adobe has gotten a bit more of a bad name than they deserve. That being said, Adobe's flash is not good software and is blocked by default now days.

CC Cleaner Free legit? No!!!

CC Cleaner free???

Scotty, I just noticed that I have an icon for the software listed above (shows a broom superimposed on a large red C). It indicates that it replaces an earlier version (1.14.something). Any ideas on whether it is legit? In addition, some download called CCMacSetup. These appeared this am when I started up my computer after shutting it down from last night. Thanks



___________


No! "CC Cleaner" is not software you want to have on your system. Things like this usually lead to other problems including false advertising, take over of ads on websites, false alarms that you have some problem and need to call some number. No No No. I can't tell you how many clients I deal with accidentally fall victim to these fake "cleaning" programs.

keystroke loggers and Apple IDs

Greetings from Dallas, TX!

I have 2 questions for you.

My questions are:

1). Can the new bad software which has been written about concerning
Expedia.com and other travel websites where they troll your keystrokes, can that software get into our Mac from my visiting their site and using a credit card on their site? Or are only PC’s vulnerable? I did not give them any passwords, but i did input my credit card # on their site. Then i cancelled my transaction entirely. I have used Expedia before without a problem but Dan just alerted me to this latest problem reported about them.

2). I went to try to install the new Mojave upgrades and it asked me for my pw which i don’t remember doing for other upgrades. So i cancelled out of it. Is is ok to provide Apple with my pw to install Mojave?
___________


In general, the only way keystroke loggers can be installed on your computer is by the software tricking you into actually granting admin permission. In other words, you install it yourself by typing in your admin password. The main thing to look for when transacting on the internet is the small lock in the URL bar at the top. If you are on a site that starts with https:// then your information is encrypted and secure however, if you are on a site that starts with http:// without the "s", then that site is vunerable to malicious activity. Do not ever enter information into a site that is not https://.

More likely than expedia being a vulnerability is the possibility that people are going to a site that is similar in design and spelling in hopes that people will be tricked into entering information. For instance, you'll find great recipes at foodnetwork.com but malware at fodnetwork.com. You'll find the paper of record at nytimes.com but malware at nyytimes.com. You can track your packages at ups.com but never enter any information at upss.com. These are just a few examples of what's lurking out there waiting for us. Whether you're using a mac or a pc is irrelevant. It's our willingness to let our guard down is what's more important.

Second question…It is safe to proved Apple with your pw to install Mojave. To make sure you are talking to the real Apple, you can access the updates by going to the black apple in the top left corner, select App Store. The App Store will open and there you will see updates on the right side of the bar at the top of the application. Apple will ask for your AppleID in order to start the downloads. This is safe.

If you ever need remote assistance you can always schedule online via my site just as if you live in the Charlotte area. I just show up on your computer instead of at your door. Have a good day.

Is Mac Auto Fixer legit?

Scotty, everytime I reboot this app pops up. It looks pretty phony. So what I do is “force quit” since I cannot otherwise close out of it. Is Mac Auto Fixer legit? Ideas? Thanks
___________


No. This is not legit. There are several places this pest could live that would cause it to reopen when you restart.

Remove any items from the following areas other than Dropbox and possibly other products that you do prefer to launch and run in the background. Most of the time that is only Dropbox.

1: Open system preferences: Users and Groups: Login Items (click any item in that list then remove using the minus key in the bottom corner of the window)


2: A little more technical…

Remove all items from the following folders:

Macintosh HD/Library/Startup Items
Macintosh HD?Library/LaunchAgents
Macintosh HD/Library/LaunchDameons

3: Next, you'll need to check the hidden library folder but going into the Menu bar at the top of the screen, Select Go, hold down the option key to see the new choice "Library".
That will give you access to the next place to look. ~/Library/LaunchAgents Remove any items in that folder.

4. Lastly, check your Applications folder and toss out any Application that looks similar to Mac Auto Fixer.

Restart and you should be good to go. Some of these types of crapware can invade your browser as well but in this case, unlikely. Let me know if you need further assistance.

Have I been hacked?

Is it possible my MacBook air is hacked? Two days in a row around the same time (6 a.m) my mouse was “taken over” meaning I couldn’t control it and immediately shut computer down, now I pulled up my mail and before it “straightened itself out” all my mail headers were in kyrillic (russian writing?) Otherwise it’s been operating normally
___________


That does sound like odd behavior. One of the crucial factors here would be if you saw your mouse moving around on the screen and things being clicked as you watched. For a computer to be "taken over" that would insinuate that someone was controlling it remotely using a piece of software such as TeamViewer, AnyDesk, Zoom, or GoToMeeting. You would have also needed to grant permission for either of those in the past by having entered your computer's Admin password at some point then left elements of one of those applications running so someone could log in remotely. While I definitely have seen this behavior (just this week with another client) it is very rare that someone would get that far.

As for the different language appearing, I don't have an explanation for that. One guess could be that there's a problem with the graphics card of the computer as it tries to display characters. (doubtful) Another guess is that there's a problem with the operating system causing the fonts or characters to display incorrectly. (also doubtful)

The most interesting piece of evidence is the fact that it happens consistently at 6am. There are small programs or procedures that run on our computers called chronscripts. These procedures usually run when the computer is left open all night. These are healthy tasks a computer does in the background to keep our computers organized. Think of them as a background cleanup. They don't run during times when you're using your computer. It is possible one of these chronscripts is damaged and causing that behavior.

I've given several explanations to things but to give you piece of mind I would be happy to address the issue remotely or in person. Most of the time, in my experience people feel they've been "hacked" or their privacy violated when often there's a different reason a certain behavior has occurred. However, that's not to say that this doesn't happen. I've seen it plenty for many many reasons. Just this week I worked with a client who was tricked into paying a very large amount of money ($2000) because they through they were talking with Apple support on the phone and the person thought their computer was locked and the only way to unlock it was to pay this person on the phone. It was only an ad on a webpage that got them to that point.

Please let me know if you have any additional questions. You could also take a screenshot of the Russian language and share it with me. command+option+4 then drag a square around what you'd like to share. The screenshot will land on your desktop and you can email it.

Possibly downloaded a virus to my new iMac

I was on my new Mac this morning and went to download an xls spreadsheet to view in numbers. Upon downloading an adobe flash player update popped up. I assumed it was plausible given this is a new computer and may not have the most up to date flash player. All of the downloads and run windows all looked very familiar and legit. When I was done installing my computer made a loud beeping sound and said it has been infected by a virus. It opened a new window called Mac Repair and said I had 197 viruses on my computer that needed repair. It prompted me to hit the repair button in the window but I was highly skeptical at this point.

I went back into my downloads and found the recent adobe file I downloaded. I googled it - adobe flash player-2.dmg. It immediately popped up on blogs as a phishing virus. So I removed it to the trash can then emptied my trash can. I’m sure this is not the proper way to rid of this. Can please call or email to discuss further to clean my computer. Also, all of these virus related things keep coming from being on either Yahoo main page or news. Or thru my email on yahoo. I’ve never had these issues in the past until the recent 6 months or so. Is this common with Yahoo as of late?
___________


This is a very common occurrence unfortunately. Malware often disquises itself as flash, java, "security updates" or other words we are used to seeing. The good news is that just downloading a file doesn't hurt you. Double clicking on that file doesn't hurt you. But once it prompts you to install it, it HAS to ask for your computer's password. Entering your password is then what grants permission to your computer to install the malware. Most of the crapware is simply there to take over the ad space within webpages. They're usually not after personal information. They are just trying to sell ads in places on pages where google already does. If you feel like you may have entered your password and would like me to clean things off the computer, I can do that remotely for you. You/wife can schedule an online session.

What you saw with the loud sound and warning that you were "infected" was just an ad. The next time you land on one of those pages, close Safari, hold down the shift key and restart Safari. That will take you away from that ad site regardless of what background code was running on the page that wouldn't have let you move on to another page.

How can I clean up this virus?

Hey Scotty. You've helped us a number of times. My son tried to download a game on our Mac and it was apparently a virus. We're operating fine but in safari and chrome we keep getting unwanted pop up tabs. One just popped up with a dialogue box that reads "apple-virus-detectionservices.fixingit.solutions...". I reset chrome but no improvement and i'm not sure what else i need to reset or delete.
___________

I’ve seen it many many times unfortunately.  Removing these pests are a little more involved than I can write up in a set of instructions but it can be removed.  Happy to help if you feel the need.  You can schedule an online session if you’d like and I can remove it for you remotely.  There are about 8 methods that these programs tend to install and it’s just easier to go through the steps to check each one.  Feel free to schedule using the link below if needed.  If you’d rather work on the issue yourself, I’ve written about this exact thing several times on my website.  Those responses can be found at http://www.sellsconsulting.com/answers/index_files/category-viruses.php

Get rid of unwanted extensions

How can I remove map frontier and their annoying ads?
___________


There are several possibilities as to why this is happening.

Open Safari and go to preferences. (under Safari in the menu bar)
Go to extensions in preferences and choose to uninstall any that you are not familiar with.
Under General in preferences, check to make sure your homepage is what you'd like it to be.

If this doesn't solve the issue, it may be slightly more complicated. But not too bad. Join me on a Monday night town hall and I'd be happy to finish it if removing the Safari extension doesn't do the trick.

Did I install a virus accidentally?

I received an email from UPS that I now realize was phishing. It had a tracking number listed and I clicked on the tracking number (stupid I know) I saw an icon from the email pop over as if it was a download. Should I be concerned?
___________


This happens to many people. Most likely a file was downloaded to your downloads folder. As long as you didn't double click on that file and install that program 9it would have requested you enter your admin password) then you should be fine. Just go into your downloads folder and throw away the file, then empty the trash.

Do I have a virus?

Am very worried about something I may have inadvertently done today to my Mac.
I was looking for a new font to use on an email and clicked on something like “new fonts download” and before I knew it something called Wow is now my search engine instead of safari.
We left today to go to Cashiers NC until Jan 3rd so I am away from my computer. Is this something I should be concerned about and is there anything I can do from here?
___________

These days it's very easy to be tricked into downloading crapy software pretending to be something it isn't. The majority of these are looking to change your search engine into their own so they can sell advertising through it. Others pretend to be able to "fix" your mac after they have supposedly found 1000's of problems with it after running a scan. These are also frauds. While we should take these things seriously, if you're not using your computer at the moment, there's very little to worry about. We can clean it off when you return. Or we can also work remotely to solve it if you have taken the computer with you. Unfortunately this is very common these days. There will always be more than enough bad guys out there.

You're not being "hacked". You're being outsmarted.

The word "hacking" is being incorrectly used in the news these days. You are far more susceptible to being tricked or fooled, than you are being "hacked". The term hacked makes us think there is some terrible code running that someone installed on our computers. Bad guys don't have to work that hard. You're way over thinking it.

All they really need to do is send you an email like this one and hope you fall for it. Or just get one of these and sit back and wait for you not to notice.

Do not fall for these tricks!

Scotty,
I tried to take a screen shot of a window that has appeared on my computer several times in the past 24 hours; but lost it before I could send it to you.  It’s title is: “personal files are unprotected” and is accompanied elsewhere (and at different times by a small window) by a request to scan files and then clean the junk files.  I see no Apple ID on either of the screens; the first one is “powered by Amazon” and the smaller second one simply has a robot looking (Michelin Man) icon on it.  So far, I have done the scan, and it is now saying that I can clean 2.7 GB of junk files, but I hesitate to go any further until you can confirm that is legit?!  Where would it have come from without any Apple or other ID?  It seemed to have come out of left field???
___________

No No No! These "cleaning" pieces of software are not a good idea to have anything to do with. They are setting you up to try to convince you that you have some terrible problems. They will show you all the files they say are corrupt. Then they will tell you to call a phone number for help. There is nothing wrong. These are completely unnecessary. They will tell you your computer is unprotected. They will say your social security number may have been exposed. They will use words like "firewall", or "open ports" to try to convince you you need their help. They are lying. They will use icons that are very close in design to Apple's own intellectual property to try to subliminally convince you they are the good guys. They are not. Here's an example:

This is Automator. It's a program that comes on every Mac and it is written by Apple. It's a program that allows technical users to write their own set of commands of sorts. Most users will never use it but it lives on every Mac and is completely harmless.
Screen Shot 2016-08-26 at 11.29.57 AM

Here's the logo of one of the terrible pieces of software I mentioned before. Notice the similarity in design.
Unknown


Do not do business with any of these type companies.

When Youtube is not Youtube.

Hey Scotty,  new one on me.  Went to youtube official page and now a popup saying I need to send my name and password to 'cumbby.in:80.  force quit does not help.
___________


Sounds like you've run into an ad. This is a very convincing ad. Usually poses as a different site and force quitting and restarting your browser only takes you right back to the same place. There are bad guys out there that buy domain names very similar to popular ones. For example, if you add an extra y to nytimes.com you will go to a completely bogus site.

Should be a simple fix. Force Quit Safari and before restarting, hold down the shift key. That should get you back on the safe internet again. You will also want to open safari preferences and check extensions. Uninstall all extensiions.

Screen Shot 2016-05-03 at 12.17.09 PM

I think I have a virus

Don't know what is wrong? My computer is telling me I have a virus.
___________

You don't have a virus. It's an ad on your browser. Like Safari or Chrome or Firefox. The ad is trying to scare you into calling the phone number. Don't call the number. Here's what to do:

Quit or Force quit your browser (Safari most likely)
Hold down the shift key and start your browser back up again.

Problem should be gone.

The ad may reappear another day but it's living on a website. You went to a website that that terrible scary ad was hiding. Just don't go back to that site again. If you do, simply follow the instructions above and you'll be back on your way in no time.

No, you don't have a virus, but...

Lots of people report suspected "viruses" lately. While we don't have to worry much about that, we do need to be careful not to fall for the terrible ads that have been appearing lately. These ads use javascript to hijack your browser. So here are a few tips to get yourself out of the tar pit you find yourself in from time to time on the internet these days.

1. Don't fall for the warnings that you don't have a firewall, or that your security is in jeopardy, or that your social security number has been compromised. These ads are designed to scare you.
2. Don't call the number on the screen. Don't give them any credit card, routing number, checking information. This has actually happened with several of my clients.
3. Force quit your browser using the key command "option+command+esc".
4. Restart your browser holding down the shift key.
5. Go to preferences in your browser and turn off extensions. Often these extensions will have an uninstall button.
6. Check to make sure your homepage is what you'd like it to be, not some terrible search page.

Malware comes to the Mac

Hi there!  You helped clean up my mac a few months ago because it was very slow and giving me the rainbow spinning all the time.  It is not happening again.  I was considering upgrading to a new desk top with more space and possibly faster, but didn’t want to do so if I was going to get these same problems.  I think you said some of the problem was things I picked up online?  I guess that would be the case again in a new Mac?  Just don’t want to waste money if the issues will b the same….Otherwise, I might want your advice and set up for a new mac.
___________


Yes. It's become a very common occurrence that people are accidentally installing malware on to their macs. This new malware comes in many forms. IntallMac, TuneMyMac, MacKeeper, MacReviever are all bad pieces of software in my opinion and should be avoided. The good news is that they don't install themselves. I human being that lives in the house has to fall for the marketing trick of "your mac is running slow..click here and your prayers will be answered." Most of these terrible scams advertise on less than moral websites often and that's usually where we pick them up.

With all that being said, a new mac doesn't solve that issue. We have to be conservative when surfing the web, don't fall for advertising scams, and try to avoid the darker seedy parts of the internet.

There are many reasons a mac can start performing slowly. Age is one of them if the user continues to update their computer. Each update asks the hardware to perform tasks it was not originally designed to perform. That's why no one you know is using the original iPhone anymore. Each operating system update slows the phone's performance just a little more than the last one. Computers are the same way. So if your computer is several years old and you're running the latest version of the Operating System, then yes. It may be time to upgrade.

Do I have a virus?

Scotty, I have a question. My computer says "system virus warning action required." It is form Norton. I cannot exit from screen. Even when I turn off computer and restart, I am unable to use Safari. Two things-- the phone number number is not for Norton, and I do not have a Norton account. What do I do?
___________


This is becoming a more and more common occurrence on the mac. There are several possiblilities.

1. You’ve downloaded one of the many scam pieces of software such as “tunemymac”, “mackeeper”, “installmac” which pretend to do wonderful things for your mac, but in fact, they are tricking us into believing we have problems and should call that number where someone is waiting to convince you to give your credit card number away.

2. You could have installed an extension for Safari which is doing the same thing.

3. You may merely be looking at an ad within your browser.

You are probably correct that while it says it’s from Norton, it is not. I still do not recommend people use virus software on their macs. What I do recommend is great common sense. These programs do not install on their own. They pretend to look very much like Apple software but in the end, any program you install must still require your admin password. And only a human being who knows that password can install one of those pieces of software.

Did somesome install bad stuff on my computer?

Scotty, had some folks washing windows in my house and I now have " your browser has been blocked screen". Guess looking at bad stuff? $1000 to get it unblocked? "Policebadult" at bottom of page.. Alleges FBI etc. guess this is a scam. What do I do?
__________


It is highly likely that the coinsedince that you hare having some work done at your home has nothing to do with your computer issue. They are most likely not related. This is totally %100 a scam. It may very well simply be an advertisement or browser window. I would suggest shutting down the computer and restarting. Then when opening your browser go to a page like cnn.com or similar. If you HAVE in fact installed a malicious piece of software accidentally, I would be happy to remove it for you. Macs are not impervious to bad guys but we are a very hard target. And when I hear stories such as this one, it’s almost always because the user of the computer installed the program and granted permission to be installed with their password.

Is this really from Apple?

Is this really from Apple?  The reply address looks fake.
Screen Shot 2014-10-23 at 11.29.45 AM
___________
Yes. Good eye. It’s totally fake. These guys are getting better at hiding their intentions and becoming more convincing. The the rule still stands. Don’t click on links in email you weren’t expecting. In this case, the goal is to get you to click the link so that you’ll go to a website they’ve set up to look like an apple site so that you’ll put your appleID and password into. Clicking the link doesn’t cause the harm. It’s you then being fooled into giving your information up once you get the the webpage. If you ever receive something you are suspicious about, you can hover over the link in your email program and it will reveal the actual URL.

Other clues to watch out for include: grammatical errors, punctuation errors, poorly constructed sentences, etc...

Don't be scammed! There's nothing wrong with your Mac.

Scotty,  been experiencing several problems including not interfacing with my printer.  Called Pixma to get them to reinstall software to fix and they said that that system has been compromised.  They further showed me that I have a virus in the name of Trojan Horse and that my network is corrupted by CSRSS.exe.  They suggested that they install, from their end, 'Network Shield' for $239 + tax for one year.    Can you advise , as they are sure that my personal data and financial info online is at the mercy of Hackers from Nigeria.  To date those have not been disturbed, to my knowledge.  I am wondering if I was talking to scammers. I used an 855 number on Pixma website.
___________


Ok. Where to begin? Pixma is a model of Canon printers so calling any number associated to “Pixma” would possibly result in the scam you’ve happened upon. Do not, repeat DO NOT give your card to any online phone service claiming your computer has been hacked etc... That is 100% a scam. The fact that you may not be able to print to your printer is irrelevant to anything they can see as having been hacked or having a virus etc...

Furthermore, CSRRS.exe would be an executable file that would ONLY run in windows as it is. Any file by that name would not run on your Mac. These type of companies: Tunemymac, Mackeeper, Network shield or whoever the people you spoke with, are all preying on mac users who may not know any better and would fall for any story they tell. It is a hoax. They will say anything to scare you.

You most likely dialed a number advertised on the web as an advertisement claiming to be able to help your mac. I can not stress enough that your printer issues have nothing to do with anything these people you spoke with. I strongly suggest you do not give any personal information out. Instead, you can join me on my weekly town hall on Monday and we may be able to troubleshoot the printer issue remotely. If you’ve never used my free town hall meetings, you can check out what they’re like in the link at the top of this page marked “
previous town halls”. No scams! Just free help.

Trend Microsystems?

Scotty,
Please advise if I need the Trend-Micro Systems software on my computer.  I have had it since 2009.

___________
No. Absolutely not.

Same scam, different day.

Scotty:

These strange emails are coming more and more frequently.  Since 5:00 yesterday I’ve received 20 of them.
_________


It’s not really an attack. More likely your email address has been compromised and is now on a list of emails that spammers use to sell advertising. Feel free to forward any of these suspect emails to me and I could give you a better idea. Just be sure not to follow any of the links provided in the email to a web page then enter your information into those pages. Clicking on the link itself won’t really cause harm, but entering information once you get there can. Overall the mac is a pretty secure operating system but we humans are often fooled by what what we see.

Do not use "rapport".

Can you please tell me how I can quit receiving any e-mail on my laptop.  Somehow all the AOL mail to my "real" computer comes in on that mail site (the stamp logo) on the laptop, and in trying to erase it, I've erased every bit of saved mail I had, plus a bunch of other mail.  I keep getting messages from Roadrunner that my system is 70% full and I think it has something to do w/the laptop.    I don't want to get any e-mail on the laptop, and I've gone into Mail Preference and can't see how to undo it.  I'm read to take a hammer to the whole thing.  Any easy way?

Thanks.
___________


To remove an account in the Stamp program (apple’s email application) first open the program then under the word “mail” in the menu bar, select “preferences”.

Screen Shot 2011-10-12 at 9.21.30 PM
Next, in the newly opened window, select the email account you wish to delete. To do this, click on the accounts picture across the top then select the road runner account. Finally, hit the minus button in the bottom left corner. That email account will no longer appear in the stamp.
Screen Shot 2011-10-12 at 9.23.28 PM

If you want to remove multiple accounts, just select the next account and hit the minus button again.

Windows virus alert scam.

Internet connection in upstairs girls room very very slow! U helped a few yes ago. What should we do?
___________


There are several things to consider. Large homes usually require multiple routers. My general rule of thumb is one router per every 1300 or so square feet. Give or take depending on home construction and layout. So it may be a situation where we need to add an additional router. If your network was strong in that area and is now weak then that is something we may need to address by checking on the current router’s performance. If you need assistance you can schedule a session online.

Help-Trojan attack...not exactly.

Scotty - I need you to help me with something.  We still have our home in Charlotte but I need help w my apple stuff in NYC.  We have a place on the Upper East Side in NYC.  Who is the NYC equivalent of you?  Or do you ever come up here?
____________

Great to hear from you.  No, I don't find myself in NYC very often at all.  Two things:

1st.  I would check the consultants network for NYC and choose a consultant off the list.  Consultants are now reviewed so that should help you choose one.  Try here:  http://consultants-locator.apple.com/index.php?PHPSESSID=f2e691555fa5ea6f32bd9a5782ae0ce6&fuseaction=home.directory&offset=0&rppg=8&q=11210

2nd:  I am online every monday night and often help people from all over the US.  It's free and there are usually about 4 to 5 people in the online meeting.  If it's just a software issue you can always just schedule me to help you individually online as well.  I also do online remote sessions.  It works for some things but physical problems like networks or broken printers won't work trying to fix remotely.  

You don't have a virus.

Scotty,
I still use a second gen iPhone (3G) and have been putting off purchasing a new one.  Apple usually releases new versions of the phone in June, but that may not be the case this year.  Should I go ahead and get the iPhone 4?  
___________


That 3G phone is definately starting to show it’s age I’m sure. You’ve waited long enough but I think you’re right. I don’t really foresee Apple releasing a new phone until after the summer. No one knows for sure however, our best info will come from the WWDC conference to be held the first week in June. Look for Apple to announce details on iphone release roadmap then. They just released the white iPhone so it is not likely they’ll come out and revise them so soon after the white release. But this is all merely speculation. Only apple knows. I would suggest waiting til the first week of June to hear what Apple says then base your decision on that.

Are there viruses yet for the mac?

 I am trying to download pictures through You send it.  It is doing that thing where the icons in my documents are greyed out so they are locked from me.  You did something very simple to correct this.  It was like a setting was clicked that only allowed me to access certain ones...I cant find out where to switch this back.  Thanks
___________


When you go to open the file, choose “all applications as shown below:

Screen shot 2011-04-11 at 12.54.08 PM
Then choose the application you wish to use to open the file. However, if the file has a weird extension at the end of its name, you may still not be able to open in. It’s the last three or so letters that tell the computer what application to use to open a file. For example .pdf opens in preview. .doc opens in word. .jpg can open in iphoto or quicktime. etc...

Yahoo account compromised

I have updated my addresses on my computer and they are not updating on my palm pixi.  Everything synced to normal.  DO I need to sync again or should it autoatically do this.  Also, I do not know how to get my addresses onto my ipad.  Do I need to sync them with a usb? Or should it be doing it automatically.  My ipad doesnt seem to be remotely syncing with my computer/google account?
Thanks for your help the other day.  Just a few kinks to work out.
Thanks
___________


If you have google contacts set to sync within Apple’s Address Book, and a google account on the pixi, then it should work. But nothing’s never easy. First check in Address Book. Go to Preferences for Address Book and

Screen shot 2011-04-01 at 12.20.09 AM

You may want to uncheck then check again and it will ask for password and username. Reenter to assure these are correct. If all else fails, you can sync your contacts directly using Mark Space’s Missing Sync. But you shouldn’t have to pay for something that google offers for free.

Google’s contacts work on an exchange server. Here’s a way to make it happen automatically on the iPad:
Gmail iPhone Sync Review - iPhone Apps, iPad apps & iPod touch App Reviews | AppSafari
A lot of steps but usually works well.

Another method:
Sync & import Google Gmail Contacts on iPad

Viruses for the mac?

Scotty, I wasn't successful bringing up your site on Safari to schedule a time.  I'm having printer problems (HP Officejet J4680 All-in-one).  I changed the cartridge, but ink is inking out most of any printed text.  The printer is a year old and out of warranty.  I need clear printed text for K-1s for my CPA, so this problem needs a fast fix.  Have you encountered this problem and have a solution?  Do you suggest I purchase a new printer?  I'm available this Sunday from noon on.
___________

One thing you may want to try is doing a head cleaning.  In the settings menu there is a tools area most likely that will have a command telling the printer to clean and align the print heads.  The problem is that this process will often take lots of ink on it's own.  If you ARE in the market for a new printer you may want to consider the Photosmart Premium 310 or 410 models from HP.  For less cost the Photosmart Premium All-in-One is also good.   They have a new technology that works well with iPhones and iPad devices.  I know you may not have one of those now but it's good to have just in case one of those comes into your life.  They are also good printers.  Maybe a little fancy but overall easy to use, setup, and manage.  Big touch screens for exactly the reason you dealing with right now.  

Scam pop up

    Okay, I need technical help and I'm hoping you can help me.  I have an iTouch that I barely use, but I would like to connect it to my Promethean Board here at school.  Is there any way I can do that?  I know if I had an iPad I could connect it.  
 
     Also, I tried to get some apps on my iTouch, but it says:  "This application requires the iPhone 3.0 software update."   How do I get this update?
 
     I would greatly, greatly appreciate your help!
 
_________

Now, you need to connect the iPod Touch to iTunes and run the updates.  You'll need to get up to the latest release of the iPod software which is 4.2 I believe at present.  You'll also want to make sure that iTunes itself is up to date.  As far as video out from an iPod Touch, you'll just need the correct cabling.  More info here:  iPhone, iPad, iPod: TV out support
That should do it.

Weird email showing up and won't delete

I've got a simple computer question to run by you.  Child needs a computer for school this year.  I assume it's mostly word processing needs but not totally sure.   Husband’s thinking about cleaning up the hard drive on his Powerbook G4 and letting him use that.  I think that it's about 4 years old??  Do you think that's a good plan?

The new low end macs are about $1,000 - right?

Told you it was simple!  Take good care! Thanks,

___________

That powerbook has really seen its prime and it may be time to move on.  Yes you can get some more miles out of it.  You put office on it (you may already have it on it) and he should be fine.  But your kids are gamers also.  That powerbook can't drive anything modern in terms of graphics.  But that's not a reason to buy him a computer for school of course.  If he's a good kid and has proven he can take care of things then I'd say get him a macbook but if he still has a way to go in showing responsibility then he rides with the powerbook for a while and earns the nicer machine.  

Do I have a virus?

I have Quicktime Version 10.0 (90.3.1)


But is it necessary to download

QuickTime 7.6.6 for Leopard
Or is that going backwards?

Remember this is for my laptop, MacBook Pro


________________

A lot can be said for Quicktime 7. Quicktime 10, overall, has not been well received. Quicktime 7 is still available on your Snow Leopard disc as well as a free download here. Going from 10 to 7 is a step backward in the timeline of software development but I’ve found that 7 is very handy to have for certain things...ex: quick editing of video, not having to wait for load time on certain file types. So it’s totally fine to have both on your system. They will live together and you can just right click on a file to choose “open with” when you’d like to use one over the other.

________________

I was about to get one, went to the Mac store, went to my blog:

http://trippark.blogspot.com/2009/01/at-blue-line-guy.html

and saw I couldn't play this Quicktime file.  What's up with that?  It'd be SO perfect for me to have these kind of files play right on the iPad screen for interviews, etc.

Thoughts?


_________________

Yes, those videos are embedded as flash videos. And as you may have heard, iPhone and iPad do not support flash. Here’s more on the subject from Steve Jobs posted April 29, 2010.

http://www.apple.com/hotnews/thoughts-on-flash/ The only way they are going to play on the iPad is if they are not flash. You may want to consider pushing them to Youtube then embedding the youtube video into your site. The iPad will have not problem as Youtube is H.264 (Apple’s preffered video file type). You’ll see less and less flash around the web in the coming months as Apple has made it a personal crusade against Adobe (the makers of flash) to delete all flash from the web by not supporting it. They’re doing a pretty good job so far as many websites have done a 180 degree turn including CNN.com, NYtimes.com, ESPN.com, Wallstreetjournal.com, ABC.com and Facebook.com just to name a few.

Uninstalling Norton Utilities

When I add a contact from an email. It never gets to address book correctly. It lists the last name under first. Do I have settings set wrong?

_______

There’s an easy fix for this. Simply go to the address book preferences and reselect the order you’d like them to list as. Your iPhone has a similar setting as well.

You don't have a virus

Hi Scotty.......

I have been putting off emailing you  for a few weeks now.   Since you installled the new hard drive on my old G4 w/ OS 10.4  everything has been good except I can't access one of my directories on my old second or storage drive.  When ever I try to open the diretory up I get this message:

"The folder "Deadtrout Art Studio" could not opened because you do not have sufficient access privilages."

Also the little folder icon has a red circle with a diagonal slash through it.  I am able to open the other directories on this hard drive, just not this one.

Any suggestions?

Thanks

--------

This can be fixed by first selecting the folder in question then choosing “get info” from the file menu within the finder. Now you’ll see a window containing many items and among them “permissions”. Change the permissions of the file to your admin name having “read and write” permission. That should do it.



You may have to unlock the window before making changes.

Did I get a Virus? ....uh no.

Dear Scotty,
My 7 mpbs roadrunner seems slower and slower.  Also, my modem seems to go out such that I need to restart the modem and router too often.  I think I probably need a new modem since I think the one I have is at least 12 years old.  Do you have a favorite you would recommend?

____


While I don’t recall what router you have, if it’s an airport extreme or Time Capsule then it’s very unlikely that device is at fault. What is more likely is that the modem is dying. Time Warner is pretty good at replacing old equipment without too much hassle. Meanwhile, to verify your speed here are a couple of sites to provide good indications of up and down speeds.

www.speedtest.net (choose a server other than Greensboro)
http://speedtest.twcnc.com/ (Time Warner’s actual download/upload speed testing site)

This image is a theme.plist hack