Possible malware in Safari

Similar Messages

• I opened an email that I later identified on hoaxbusters as depositing malware.  I have malwarebytes on my laptop, but nothing similar on my iphone4  what app should I buy?  If I run it, will it find or fix the possible malware?

  I opened an email on my phone that I later identified on hoaxbusters as depositing malware.  I have malwarebytes on my laptop, but nothing similar on my iphone4.  What app should I buy?  If I run it, will it find or fix the possible malware?

  The creeps that generate this code figured that the iPhone since is is selling so well would be a great market for them even if iOS makes it impossible for their code to do anything practical unless it is jail broken first.
  For additional information on jailbreaking, read http://en.wikipedia.org/wiki/IOS_jailbreaking

• Is it possible to use Safari to connect to a WebUI via bluetooth?

  I have a device that uses a WebUI for configuration.  The device is also bluetooth capable.  I can get my iPad 2 to pair with it.  Is it then possible to use Safari to access that WebUI through the bluetooth connection, and if so, how?
  Thanks.

  Bluetooth on the iPad is intentionally restricted to peripherals such as speakers, headphones, keyboards, car audio, etc.  Not sure if you can do what you want, but past experience suggests it is highly unlikely.

• Safari has pop up possible malware (critical system error)

  Any help would be appreciated I do have mac-keeper but that hasn't removed?

  Read "Ransomware" web pages and How to install adware.

• Possible Malware or Virus on IMac?

  Today one of my family members visited the site Neopets, as she does almost everyday. What is strange is that every link she clicks on the site, be it for playing a game, checking contact information at the bottom of the site, starting a game etc,would cause a pop up to appear saying that we do not have the updated player. By pressing ok, it redirects us to a site called updateplayer.us. It is almost identical to the adobe/flash site which makes me believe that its some type of phishing scam. Furthermore, it will again redirect us to other sites, all similar but with different names (i.e. bamplay.net, and fatplay.net). These sites were identical to one another (bamplay and fatplay). So my question is, do we have a virus or malware on or mac? We have the lion OS. Everything is up to date, (flash player is 13.0.0.214) and our system updates are all up to date. We only download updates through system preferences/ software update. Other than pictures that we have recieved from friends and family, and the occasional pdf we download for school/taxes, the only downloading/installing we have done is from the system/flash updates. We don't visit any malicious websites and are fairly cautious internet users. This just started happening today for the first time ever, and it only appears to be happening on Neopets. Do we have a virus or malicious software installed? Everything else seems to be running fine. Safari still seems to be fast. Or is this something on Neopets end? I'm not very skilled with computers so any help would be appreciated!
  Thanks!
  P.S.
  Has anyone else who visits the site been experiencing this?

  If Neopets requires Adobe Flash Player, always navigate on your own to Adobe's website and download the installer from them, and never from within someone else's website including this one. Fortunately, thousands of Apple Support Communities participants are here to rapidly respond to anyone's malicious intent.
  Adobe's website is as follows, which you will be able to see for yourself exactly as it appears, in your browser's URL field:
  https://get.adobe.com/flashplayer/
  Ignore unexpected popups or solicitations to update Flash Player; they can direct you to fraudulent sites that will attempt to convince you to install malicious software, or to reveal personal information such as your Apple ID credentials.
  Or is this something on Neopets end?
  That is another possibility, as are other potential causes, but the malicious router hacking I described is a serious concern and must be ruled out at your earliest opportunity.

• Is it possible to recover safari browsing history after history has been cleared?

  I have a 2012 iMac running Mavericks OSX 10.9.4 with a Seagate Backup Plus connected with Time Machine. I would like to restore safari browsing history to view some web pages from about two weeks ago. Safari history has been cleared. I think I need the history cache and or the history.plist but I'm not sure. I have 2 data recovery apps. One is Stellar Phoenix Mac data recovery and the other is Seagate file recovery for Mac. I just don't know if those are the correct files and if they may still be somewhere that they can be found in a still usable form.
  I have searched this question on the web and found several answers that had step by step instructions on how to accomplish the task but none of the methods actually worked. The claims were all talking about older operating systems however.
  Can anyone help? Is it possible?

  Triple-click anywhere in the line below on this page to select it, then copy it to the Clipboard by pressing the key combination command-C:
  ~/Library/Safari
  Quit Safari.
  Select
            Go ▹ Go to Folder
  from the Finder menu bar. Paste into the text box that opens by pressing command-V, then press return.
  A folder window should open. Restore the file named "History.plist" in that folder from a snapshot taken on the day in question, or the first available day afterwards.

• My Macbook Pro is running slow, possible malware

  Hi there,
  I know this is an annoying redundant question but I am an idiot and I did it.  A couple months ago, I made the mistake of downloading Trojan.  I tried deleting the application but the pop ads (Mackeeper) continued.  I looked further into the problem, I deleted all the extensions on safari and chrome, that didn't work. Also,  I checked my memory  421. GB free of 498 GB yet I still find my Macbook running slow when opening different applications.   I am scared that I may have malware.  What should I do?

  There is no need to download anything to solve this problem. You may have installed a variant of the "VSearch" ad-injection malware.
  Malware is always changing to get around the defenses against it. These instructions are valid as of today, as far as I know. They won't necessarily be valid in the future. Anyone finding this comment a few days or more after it was posted should look for a more recent discussion, or start a new one.
  The VSearch malware tries to hide itself by varying the names of the files it installs. To remove it, you must first identify the naming pattern.
  Triple-click the line below on this page to select it, then copy the text to the Clipboard by pressing the key combination  command-C:
  /Library/LaunchDaemons
  In the Finder, select
            Go ▹ Go to Folder...
  from the menu bar and paste into the box that opens by pressing command-V. You won't see what you pasted because a line break is included. Press return.
  A folder named "LaunchDaemons" may open. Look inside it for two files with names of the form
            com.something.daemon.plist
  and
             com.something.helper.plist
  Here something is a variable word, which can be different in each case. So far it has always been a string of letters without punctuation, such as "cloud," "dot," "highway," "submarine," or "trusteddownloads." Sometimes the word is "apple," and then you must be especially careful not to delete the wrong files, because many built-in OS X files have similar names.
  If you find these files, leave the LaunchDaemons folder open, and open the following folder in the same way:
  /Library/LaunchAgents
  In this folder, there may be a file named
            com.something.agent.plist
  where the word something is the same as before.
  If you feel confident that you've identified the above files, back up all data, then drag just those three files—nothing else—to the Trash. You may be prompted for your administrator login password. Close the Finder windows and restart the computer.
  Don't delete the "LaunchAgents" or "LaunchDaemons" folder or anything else inside either one.
  The malware is now permanently inactivated, as long as you never reinstall it. You can stop here if you like, or you can remove two remaining components for the sake of completeness.
  Open this folder:
  /Library/Application Support
  If it has a subfolder named just
             something
  where something is the same word you saw before, drag that subfolder to the Trash and close the window.
  Don't delete the "Application Support" folder or anything else inside it.
  Finally, in this folder:
  /System/Library/Frameworks
  there may an item named exactly
              v.framework
  It's actually a folder, though it has a different icon than usual. This item always has the above name. Drag it to the Trash and close the window.
  Don't delete the "Frameworks" folder or anything else inside it.
  If you didn't find the files or you're not sure about the identification, post what you found.
  If in doubt, or if you have no backups, change nothing at all.
  The trouble may have started when you downloaded and ran an application called "MPlayerX." That's the name of a legitimate free movie player, but the name is also used fraudulently to distribute VSearch. If there is an item with that name in the Applications folder, delete it, and if you wish, replace it with the genuine article from mplayerx.org.
  This trojan is often found on illegal websites that traffic in pirated content such as movies. If you, or anyone else who uses the computer, visit such sites and follow prompts to install software, you can expect more of the same, and worse, to follow. Never install any software that you downloaded from a bittorrent, or that was downloaded by someone else from an unknown source.
  In the Security & Privacy pane of System Preferences, select the General tab. The radio button marked Anywhere  should not be selected. If it is, click the lock icon to unlock the settings, then select one of the other buttons. After that, don't ignore a warning that you are about to run or install an application from an unknown developer.
  Then, still in System Preferences, open the App Store or Software Update pane and check the box marked
            Install system data files and security updates (OS X 10.10 or later)
  or
            Download updates automatically (OS X 10.9 or earlier)
  if it's not already checked.

• Suspicious metadata suggests possible malware...

  I have this really weird problem that just came up, and I don't know what to think except "malware?".
  I run an old program called Business Sense using Classic. I have several copies of the application on my machine, and I recently noticed some strange behavior: if I open a Business Sense file (not the application directly), it opens the program (no problems). But if I try to open the application itself, the computer instead tries to open it as a file in Script Editor. Get Info reveals that the kind is listed as "application" instead of "Application (Classic)". The "Open With" panel shows up, and the Memory panel does not. Two copies of the program have this problem, and the other 5 or so do not. Other Classic apps do not have this problem as far as I can see. Sometimes the Business Sense icon changes to a weird "color glitch" square (sort of like TV noise but with color). If I use SetFileInfo (from the developer tools) to turn off the custom icon flag, the weird icon goes away.
  Here's the really weird part. I used an Automator workflow that I cobbled together from macosxhints.com to view all of the metadata for the file (it uses the mdls command in the command line). The funky copies of Business Sense show this metadata:
  */Documents/BS Data/B $‚Ñ¢ 2.3 -------------*
  *kMDItemAttributeChangeDate = 2007-11-25 19:33:02 -0800*
  *kMDItemContentCreationDate = 1993-12-22 09:00:00 -0800*
  *kMDItemContentModificationDate = 2007-11-25 19:33:01 -0800*
  *kMDItemContentType = "com.prospa.manpage"*
  *kMDItemContentTypeTree = ("com.prospa.manpage", "public.data", "public.item")*
  *kMDItemDisplayName = "B $‚Ñ¢ 2.3"*
  *kMDItemFSContentChangeDate = 2007-11-25 19:33:01 -0800*
  *kMDItemFSCreationDate = 1993-12-22 09:00:00 -0800*
  *kMDItemFSCreatorCode = 1112755795*
  *kMDItemFSFinderFlags = 9472*
  *kMDItemFSInvisible = 0*
  *kMDItemFSIsExtensionHidden = 0*
  *kMDItemFSLabel = 0*
  *kMDItemFSName = "B $‚Ñ¢ 2.3"*
  *kMDItemFSNodeCount = 0*
  *kMDItemFSOwnerGroupID = 80*
  *kMDItemFSOwnerUserID = 501*
  *kMDItemFSSize = 411634*
  *kMDItemFSTypeCode = 1095782476*
  *kMDItemID = 208135*
  *kMDItemKind = "application"*
  *kMDItemLastUsedDate = 2004-12-11 16:34:45 -0800*
  *kMDItemUsedDates = (2004-12-11 16:34:45 -0800)*
  Don't mind the funky file name (it's named "B $™ 2.3" in the Finder). The weird part is what are in the ContentType and ContentTypeTree fields. For comparison, here's the metadata from one of the normal Business Sense applications:
  */Documents/BS Data/Empty DDS/B $‚Ñ¢ 2.3 -------------*
  *kMDItemAttributeChangeDate = 2007-06-25 20:10:46 -0700*
  *kMDItemContentCreationDate = 1993-12-22 09:00:00 -0800*
  *kMDItemContentModificationDate = 2002-07-13 16:52:09 -0700*
  *kMDItemContentType = "com.apple.application-file"*
  *kMDItemContentTypeTree = (*
  "com.apple.application-file",
  "com.apple.application",
  "public.executable",
  "public.data",
  "public.item"
  *kMDItemDisplayName = "B $‚Ñ¢ 2.3"*
  *kMDItemFSContentChangeDate = 2002-07-13 16:52:09 -0700*
  *kMDItemFSCreationDate = 1993-12-22 09:00:00 -0800*
  *kMDItemFSCreatorCode = 1112755795*
  *kMDItemFSFinderFlags = 8448*
  *kMDItemFSInvisible = 0*
  *kMDItemFSIsExtensionHidden = 0*
  *kMDItemFSLabel = 0*
  *kMDItemFSName = "B $‚Ñ¢ 2.3"*
  *kMDItemFSNodeCount = 0*
  *kMDItemFSOwnerGroupID = 80*
  *kMDItemFSOwnerUserID = 501*
  *kMDItemFSSize = 408262*
  *kMDItemFSTypeCode = 1095782476*
  *kMDItemID = 208691*
  *kMDItemKind = "Classic Application"*
  *kMDItemLastUsedDate = 2002-07-13 16:52:09 -0700*
  *kMDItemUsedDates = (2002-07-13 16:52:09 -0700)*
  Whereas the normal one has metadata values one would expect ("com.apple.application-file", "com.apple.application", "public.executable", etc.), the funky one has a value that doesn't make any sense: "com.prospa.manpage"
  Where the heck did that come from? I tried going to that website (prospa.com) and it's just a placeholder for a domain squatter. Interestingly, manpage.prospa.com does exist, and redirects to prospa.com. On that website, a contact address is listed: [email protected], but the words "contact us" to the right of that send the user to http://paty-poker.net/ which looks almost exactly the same as the first site.
  A whois inquiry of prospa.com is shown below. It reveals that the owner is in South Korea, and lists a different contact email address ([email protected])
  *Tue Dec 04 08:00 PM*
  *cybertoothdog $ whois prospa.com*
  *Whois Server Version 2.0*
  *Domain names in the .com and .net domains can now be registered*
  *with many different competing registrars. Go to http://www.internic.net*
  *for detailed information.*
  *Domain Name: PROSPA.COM*
  *Registrar: CYDENTITY, INC. D/B/A CYPACK.COM*
  *Whois Server: whois.cypack.com*
  *Referral URL: http://www.cypack.com*
  *Name Server: NS1.HOSTNAME.NET*
  *Name Server: NS2.HOSTNAME.NET*
  *Status: clientDeleteProhibited*
  *Status: clientTransferProhibited*
  *Status: clientUpdateProhibited*
  *Updated Date: 12-jul-2007*
  *Creation Date: 14-jun-2001*
  *Expiration Date: 14-jun-2008*
  *>>> Last update of whois database: Wed, 05 Dec 2007 04:00:42 UTC <<<*
  *The Registry database contains ONLY .COM, .NET, .EDU domains and*
  Registrars.
  *Welcome to CyDentity, Inc. dba CyPack.com's WHOIS Service*
  *Domain Name: PROSPA.COM*
  *Domain Status: LOCK*
  *Registrar: CyDentity, Inc. dba CyPack.com*
  *Referral URL: <a class="jive-link-external-small" href="http://">http://www.CyPack.com*
  *Domain Registration Date....: 2001-06-14 GMT.*
  *Domain Expiration Date......: 2008-06-14 GMT.*
  Registrant:
  kimtaeho
  *17-211, Maewol-dong, Seo-gu*
  *Gwangju, Gwangju 502153*
  KR
  *Administrative, Technical, Billing Contact:*
  *kimtaeho [email protected]*
  *17-211, Maewol-dong, Seo-gu*
  *Gwangju, Gwangju 502153*
  KR
  *(PHONE) +82-11-226-2899 (FAX) +82-62-603-0969*
  *Domain Name Servers in listed order:*
  NS1.HOSTNAME.NET
  NS2.HOSTNAME.NET
  I don't know Korean. I don't go to Korean websites. Where in the heck did my computer get the information to put "com.prospa.manpage" into the metadata of a random Classic application on my computer? I can't think of any reason that makes any sense other than malware. I looked up "com.prospa.manpage" and "prospa.com" on Google, Yahoo, and Altavista; nothing comes up for the first one, and nothing that seems relevant comes up for the second one. I also tried searching for "prospa.com", "com.prospa" and "prospa" in Spotlight - not a single result listed. Not even the funky Business Sense application.
  Does anyone have any idea what this could be? I hate bringing up the idea of "malware", but that's the only thing that makes any sense to me. What else would it be?
  So far, the only thing I could think of to do was to email the [email protected] address using a junk email account saying that I was "interested" in the prospa.com website. I just did that this evening, so I don't expect to hear anything back for a while - although I don't know what good it's going to do. Does anyone know how to report this to Apple directly?
  Any help or suggestions greatly appreciated!

  I figured it out. I feel sort of silly.
  At one point, my son's PowerBook hard drive was connected to the computer. He had a spotlight importer called manimporter.mdimporter installed. Somehow, the file associations for that mdimporter got added to my lsregister database, so any file that ended in .[number] (such as B $™ 2.3) was seen as a man file. I re-indexed the lsregister database using the command found at the bottom of this macosxhints.com hint:
  http://www.macosxhints.com/article.php?story=20071014124330643
  and that fixed the problem (perhaps this information will help someone with a similar problem in the future, like it did for me). I had to modify the search slightly, as just updating the database didn't get rid of the entry for manimporter.mdimporter. Using the following two variants seems to have returned everything to normal:
  ./lsregister -kill -f -domain local -domain system -domain user -domain network -dump
  +This one kills the current database and forces a new update of all possible domains. I also added a+ *> ~/file.txt* +to the end so that the dump command would load all the data into a text file that I could look at later.+
  ./lsregister -f -R /system/library/
  +This one picks up things like .dmg and .zip. I don't know why those weren't indexed in the first command. This one gives a lot of errors as it encounters things like jpeg files, but it seems to be ok.+
  I don't recall whether I had to run these commands as root or not. Anyway, I hope this helps somebody.

• File Sharing Enabling Itself/ Possible Malware Infection?

  Greetings to all,
  I'm posting this out of sheer desperation because no one else seems to have reported such an issue (or so Google would have me believe).
  A bit of background info:
  I'm running 10.8.5 and Firefox 24.0, no frills, no extra customisations apart from one add-on; pretty much everything left to the default settings (homepage, theme, etc.).
  I noticed two weeks ago that my first tab in Firefox kept shivering every time a new tab was opened or an existing one was closed.  The only thing that had been installed was AdBlock Plus and that was running flawlessly for a month.
  I researched the problem on my own and found that previous versions of Firefox had similar shaking issues but none were related to AdBlock.
  I reset my browser and the shaking stopped.  I re-installed AdBlock and the issue returned in ten minutes.  I reported this to AdBlock Plus but have yet to hear back from them.
  Now moving onto the crux of the issue:
  I noticed in the last week that File Sharing has been turning itself on.  I have another Mac on the network but I have only used this feature a handful of times and always make sure to disable it as soon as I'm done.  This is combination with e-mails that I did not send that appear to be sent from my account despite having changed my password several times in the last year.  None of my contacts have reported that they received spam from me.
  I had been mildly suspicious of some such malware due to Netflix/ Hulu magically playing videos on their own well after they had already timed out.
  I checked Activity Monitor and there were no suspicious processes but I figured if a keylogger, for instance, were sophisticated enough, I still might not be able to see it.
  Enter MacScan 2.9.4.  I downloaded it directly from their website and ran a full-system scan which ultimately yielded nothing.
  I re-open Firefox and what do I see?  Yahoo! has been made my new homepage and a bunch of Spigot searchbars have been added, namely that for Amazon and eBay.
  When I Googled the company name, almost all the of articles referred to it as malware.
  I have since reset my browser and I'm starting to freak out more than just a little.
  A well-known and recommended AV hijacks my browser, spam is being sent to me by 'me', File Sharing is enabling itself, and of course, the phantom video playing.
  Has anyone seen this conglomeration of symptoms before and if so, what can I do about it?
  If not, am I going to have to wipe both Macs?
  Please some kind soul out there, help!

  I'm not following your description well enough to know exactly what happened. What site were you viewing when this happened, and did it happen immediately on clicking a link or did it just happen spontaneously? What is a "corrupted install window"? And what is "the corrupt file" you found in your download folder? Without more information, it's difficult to say, but it doesn't sound like malware to me. Of course, if you wish to set your mind at ease, get a copy of [ClamXav|http://www.clamxav.com> and scan your hard drive. Also, I would point you to my [Mac Virus guide|http://www.reedcorner.net/thomas/guides/macvirus>, but as I've received private communications from you already, I see you've found it!
  Note that files ending in .part are temp files... they are the beginnings of files that your browser started downloading. When you cancel a download, whatever had been downloaded to that point is left in a .part file, I believe to allow for resumption of the download later (if the server in question supports that). Whatever's in there is not complete and could not possibly be opened, so it is not a threat.

• Possible Malware in the latest 11.1.102.63

  hi guys found a possible bug on flash
  thats the screen shot
  can conform this has happened after i installed the latest version of flash
  also happens on google chrome
  http://www.avgthreatlabs.com/webthreats/info/Blackhole%20Exploit%20Kit%20Detection%20%28ty pe%201889%29/
  also happens on chrome and safari and IE

  Hello
  wrong forum used.
  Flash Player 11.1 = http://forums.adobe.com/community/flashplayer
  Report it to AVG and the webmaster of the website you have opened.
  It could be a false alarm.
  You can compare it with some online/offline virus scanners.

• Is it possible to have Safari and Google Chrome simultaneously on my MacBook Pro OS X Yosemite, is it possible to have Safari and Google Chrome simultaneously on my MacBook Pro OS X Yosemite

  Is it possible to have both Safari & Google Chrome on my Macbook Pro OS X Yosemite?

  Yes.

• Unable to remove malware on safari after installing maverick update

  Apple Community:
  Software Installation Steps:
  1. Product: Java Standard Edition v.7.67 (Update Installed 08/16/14)
  2. Product: Safari v.7.0.6 (Update Installed 08.16.14)
  3. Product: CalmXav v.2.6.4 (Software Installed 08/17/14)
  4. Product: OS X Maverick v. 10.9.4. (Update Installed 08.20.14)
  On 08/16/14 I installed the Java Standard Edition to replace the Java Oracle Software. I requested software update for Safari and discovered the Safari Update and installed accordingly. Then, I recognized pop-up windows constantly opening with the advertisement to install MacKeeper. Apparently, my trial period had ended, thus requiring payment to execute a complete clean-up of macbook hard drive. Since then, I have downloaded CalmXav to remove any and all corrupted files, software, etc. Yet, I continually have multiple pop-up windows open when using Safari. I have gone to the Safari Preferences and changed privacy setting to block all cookies and other website data "from third parties" in addition to removing all websites and cleared the cache. However, upon restarting macbook, I find the settings in Safari Privacy reverted  back to "never" block cookies and other website data. Can you please advise how to resolve this issue of what I believe to be "malware pop-up windows from occurring?"

  The Safari update was bogus. You may have installed the "DownLite" trojan, perhaps under a different name. Remove it as follows.
  Malware is constantly changing to get around the defenses against it. The instructions in this comment are valid as of now, as far as I know. They won't necessarily be valid in the future. Anyone finding this comment a few days or more after it was posted should look for more recent discussions or start a new one.
  Back up all data.
  Triple-click anywhere in the line below on this page to select it:
  /Library/LaunchAgents/com.vsearch.agent.plist
  Right-click or control-click the line and select
            Services ▹ Reveal in Finder (or just Reveal)
  from the contextual menu.* A folder should open with an item named "VSearch" selected. Drag the selected item to the Trash. You may be prompted for your administrator login password.
  Repeat with each of these lines:
  /Library/LaunchDaemons/com.vsearch.daemon.plist
  /Library/LaunchDaemons/com.vsearch.helper.plist
  /Library/LaunchDaemons/Jack.plist
  Restart the computer and empty the Trash. Then delete the following items in the same way:
  /Library/Application Support/VSearch
  /Library/PrivilegedHelperTools/Jack
  /System/Library/Frameworks/VSearch.framework
  ~/Library/Internet Plug-Ins/ConduitNPAPIPlugin.plugin
  Some of these items may be absent, in which case you'll get a message that the file can't be found. Skip that item and go on to the next one.
  From the Safari menu bar, select
            Safari ▹ Preferences... ▹ Extensions
  Uninstall any extensions you don't know you need, including any that have the word "Spigot" or "Conduit" in the description. If in doubt, uninstall all extensions. Do the equivalent for the Firefox and Chrome browsers, if you use either of those.
  This trojan is distributed on illegal websites that traffic in pirated movies. If you, or anyone else who uses the computer, visit such sites and follow prompts to install software, you can expect much worse to happen in the future.
  You may be wondering why you didn't get a warning from Gatekeeper about installing software from an unknown developer, as you should have. The reason is that the DownLite developer has a codesigning certificate issued by Apple, which causes Gatekeeper to give the installer a pass. Apple could revoke the certificate, but as of this writing, has not done so, even though it's aware of the problem. This failure of oversight is inexcusable and has compromised both Gatekeeper and the Developer ID program. You can't rely on Gatekeeper alone to protect you from harmful software.
  *If you don't see the contextual menu item, copy the selected text to the Clipboard by pressing the key combination  command-C. In the Finder, select
            Go ▹ Go to Folder...
  from the menu bar and paste into the box that opens by pressing command-V. You won't see what you pasted because a line break is included. Press return.

• Pop up malware on Safari, please help

  I tried to go to yellowpages.com but mispelled it and this big pop up came up that says: notifications manager online scan detected security scan"
  I did not click on the OK button.  I can't get into Preferences or anything under the Safari heading it's all gray except for quit safari.
  Please help
  I'm using Firefox right now.  It's working.

  That is a phishing scam. See the following to fix your problem:
  Helpful Links Regarding Malware Problems
  If you are having an immediate problem with ads popping up see The Safe Mac » Adware Removal Guide and AdwareMedic.
  Open Safari, select Preferences from the Safari menu. Click on Extensions icon in the toolbar. Disable all Extensions. If this stops your problem, then re-enable them one by one until the problem returns. Now remove that extension as it is causing the problem.
  The following comes from user stevejobsfan0123. I have made minor changes to adapt to this presentation.
  Fix Some Browser Pop-ups That Take Over Safari.
  Common pop-ups include a message saying the government has seized your computer and you must pay to have it released (often called "Moneypak"), or a phony message saying that your computer has been infected, and you need to call a tech support number (sometimes claiming to be Apple) to get it resolved. First, understand that these pop-ups are not caused by a virus and your computer has not been affected. This "hijack" is limited to your web browser. Also understand that these messages are scams, so do not pay any money, call the listed number, or provide any personal information. This article will outline the solution to dismiss the pop-up.
  Quit Safari
  Usually, these pop-ups will not go away by either clicking "OK" or "Cancel." Furthermore, several menus in the menu bar may become disabled and show in gray, including the option to quit Safari. You will likely have to force quit Safari. To do this, press Command + option + esc, select Safari, and press Force Quit.
  Relaunch Safari
  If you relaunch Safari, the page will reopen. To prevent this from happening, hold down the 'Shift' key while opening Safari. This will prevent windows from the last time Safari was running from reopening.
  This will not work in all cases. The shift key must be held at the right time, and in some cases, even if done correctly, the window reappears. In these circumstances, after force quitting Safari, turn off Wi-Fi or disconnect Ethernet, depending on how you connect to the Internet. Then relaunch Safari normally. It will try to reload the malicious webpage, but without a connection, it won't be able to. Navigate away from that page by entering a different URL, i.e. www.apple.com, and trying to load it. Now you can reconnect to the Internet, and the page you entered will appear rather than the malicious one.
  An excellent link to read is Tom Reed's Mac Malware Guide.
  Also, visit The XLab FAQs and read Detecting and avoiding malware and spyware.
  See these Apple articles:
    Mac OS X Snow Leopard and malware detection
    OS X Lion- Protect your Mac from malware
    OS X Mountain Lion- Protect your Mac from malware
    OS X Mavericks- Protect your Mac from malware
    About file quarantine in OS X
  If you require anti-virus protection Thomas Reed recommends using ClamXAV. (Thank you to Thomas Reed for this recommendation.)
  From user Joe Bailey comes this equally useful advice:
  The facts are:
  1. There is no anti-malware software that can detect 100% of the malware out there.
  2. There is no anti-malware that can detect everything targeting the Mac.
  3. The very best way to prevent the most attacks is for you as the user to be aware that
       the most successful malware attacks rely on very sophisticated social engineering
       techniques preying on human avarice, ****, and fear.
  4. Internet popups saying the FBI, NSA, Microsoft, your ISP has detected malware on
      your computer is intended to entice you to install their malware thinking it is a
      protection against malware.
  5. Some of the anti-malware products on the market are worse than the malware
      from which they purport to protect you.
  6. Be cautious where you go on the internet.
  7. Only download anything from sites you know are safe.
  8. Avoid links you receive in email, always be suspicious even if you get something
      you think is from a friend, but you were not expecting.
  9. If there is any question in your mind, then assume it is malware.

• Possible Malware infection?

  I was surfing a website with firefox, and my download window popped open with the list cleared. I never clear my list. Then a corrupted install window opened asking me to install a dmg that was like a clean file i had downloaded earlier. i didn't install and i shut down the computer. On reopening i found in my download folder the corrupt file and a file with random letters ending in a ".part" file name.
  Any clarification would be helpful?
  Thanks

  I'm not following your description well enough to know exactly what happened. What site were you viewing when this happened, and did it happen immediately on clicking a link or did it just happen spontaneously? What is a "corrupted install window"? And what is "the corrupt file" you found in your download folder? Without more information, it's difficult to say, but it doesn't sound like malware to me. Of course, if you wish to set your mind at ease, get a copy of [ClamXav|http://www.clamxav.com> and scan your hard drive. Also, I would point you to my [Mac Virus guide|http://www.reedcorner.net/thomas/guides/macvirus>, but as I've received private communications from you already, I see you've found it!
  Note that files ending in .part are temp files... they are the beginnings of files that your browser started downloading. When you cancel a download, whatever had been downloaded to that point is left in a .part file, I believe to allow for resumption of the download later (if the server in question supports that). Whatever's in there is not complete and could not possibly be opened, so it is not a threat.

• Possible malware or infection??

  so my iphone was recently booted from my schools wifi network because they say they detected a malware infection on my" computer" . Now my iphone seems to be working fine, no signs of a problem. But they said i cant get access back till i've identified the problem and cleaned it up. is there any way to identify such a problem on my iphone if one existed????

  evilclaw2321,
  Without some verification that the packages you install only do the things they say they will, there is no way to tell what is happening.
  Without some verification and certification of the applications, whether or not a give application does more than what it says, is entirely up to how trustworthy the author and source for getting it is.
  Yes, it is possible you could have malware installed. However, troubleshooting specific applications installed by breaking your iPhone's license agreement is not something that can be done within Apple Discussions.
  Hope this helps,
  Nathan C.