1-800-921-4167 Ransomware Scare Help!

Discussion in 'Mac Basics and Help' started by newbie81, Dec 2, 2016.

  1. newbie81 macrumors newbie

    Sep 13, 2010
    Hello all,

    Clicked on the wrong link on a web site and was diverted to a modified "blue screen of death" with a pop-up saying to call 1-800-921-4167 to get rid of the sudden technical difficulties my computer was now experiencing. There was a voiceover that my frantic clicking interrupted. Clicking the "X" for the tab did nothing, control-Q did nothing, I was unwilling to click on anything on the actual web site. I turned off wifi and have been using my iPad to research this. I found this:


    I did the first part to close Chrome (command+option+escape). I used the Force Quit option to close Chrome (before, when I went to the file menu, Force Quit was greyed out with a ($1) next to it). The only application still open was Finder. Previously, Antnotes, Firefox and Mail had also been open. They were all closed by the time I reached the Force Quit screen. I continued with the instructions on the above link. The only thing in Applications that seemed suspicious was a file folder named "iMovie 9.0.7". The copy of iMovie right next to it is 10.1.3, and I haven't used it in years at any rate. When I right click and say "Move to Trash" Finder wants to make changes and wants an admin name and password. I click and drag to Trash It! and am told to enter my admin password when asked, and choose cancel to quit. I did not find any suspicious looking files in the Library. Then it gives instructions for Safari (I was using Chrome) and suggests MacKeeper, of which I've read mixed reviews, hence don't use.

    I also found this: https://discussions.apple.com/docs/DOC-8071

    Apple says there's nothing to worry about and here's what you do with Safari, because they're Apple and only care about their own software. No one uses third party software on a Mac! I read it but didn't do anything. I also read the recent (yesterday) ransomware thread here that was started by the gentleman in the UK asking about a news article. From that I gathered that aside from the Ke-something scare earlier this year there's no ransomware for Macs (and to be vigilant but not concerned my computer's been hijacked).

    But this instance makes me wonder. I've sadly seen similar screens before and rapid "X" clicking/closing Chrome would get rid of the page in question. I may or may not have had to force quit Chrome before, I can't rightly recall. I do not recall seeing the "Force Quit" option greyed out with ($1) next to it before. But I have NEVER had other programs closed because of such a web page. While, upon further thought, my computer asking for admin rights when trashing an application does make sense. I'm still paranoid. Aside from the first link I haven't found instructions for MACs for this particular ransomware, although I will keep looking. See what Chrome has to say.

    I'm looking for concrete suggestions on what to do next, rather than commentary. Why was Chrome frozen, and my other open applications closed? What else can I do besides reset browser settings? What else NEEDS to be done?

    Apologies for the length, and gratitude in advance for the advice. Mods, if there's a different place this ought to be, please move the post and advise.

    MacBook Pro 2011
    OSX El Capitan
    Was using Google Chrome 5.4
  2. xraydoc macrumors demi-god


    Oct 9, 2005
    I would suspect you're just fine. Can't say what that website did to Chrome, but the iMovie business wasn't a result. You simply had an old version and a new version on your machine at the same time. iMove 10 was (is) very different from previous versions, so Apple left the old ones on people's drives in case they still wanted it. Your admin password would be required to delete it, regardless of the website you stumbled upon.

    Under no circumstances should you install or pay for any app suggested by that website. It's a scam.

    Can't say why your other apps quit, but I do not suspect any damage was done.

    Reset Chrome (clear caches, history, etc.), and reinstall, since there's no telling what that website has done to it (without someone who knows what they're doing taking a look) though Chrome should be reasonably secure if you're on an up to date version. Make sure all your apps and OS are fully updated, and carry on.

Share This Page