Mac Locked - Now what??

[krs]

I tried to look at a website this afternoon that shows on-line sales flyers.
First it was all OK, then clicking on a flyer of a local drugstore. I got the screen I attached and the Mac essentially locked up.

Does anyone know if this is legit ftom Apple or some other actor trying to get personal info.
I figured this was easy to get rid off by turning off the Mac (via the power button) and rebooting, but no - that message came right back.

I eventually booted into my admin account which worked.
Went to the application folder and moved the FireFox application to the trash and booted normally - that worked (and that's the way I'm posting)
I then ran malwarebytes and also VirusBarrier, but they both came up clean.

But all my bookmarks and passwords are saved on FF, so I downloaded a new copy of FF from the web, installed it, expecting that to "fix" this issue - but no - it's right back again.

Has anybody come across this before?

PS: I'm on a 2012 MacMini running macOS 10.14 with the latest issue of FF for that OS

 

[MacInWin]

You got hijacked. The message refers to "PC." Apple NEVER calls their machines "PC."

Just to be clear, the message is there when FF is running, but not just when the machine boots? What probably happened, and which may be hard to fix, is that the hijack replaced your default URL with theirs. Or you don't have a default, and it opens the last site opened, which is theirs.

It may be cleanable using something like Onyx to clean out the history and cache, but that may also scrub your bookmarks and passwords. I don't know where FF stores that information, but if you can find it, you may be able to restore from a Time Machine backup from before you got hijacked.

 

[MacInWin]

This might help: Profiles - Where Firefox stores your bookmarks, passwords and other user data | Firefox Help

 

[krs]

You got hijacked. The message refers to "PC." Apple NEVER calls their machines "PC."

Yeah, the other thing was "Call me"

Just to be clear, the message is there when FF is running, but not just when the machine boots? What probably happened, and which may be hard to fix, is that the hijack replaced your default URL with theirs. Or you don't have a default, and it opens the last site opened, which is theirs.

It may be cleanable using something like Onyx to clean out the history and cache, but that may also scrub your bookmarks and passwords. I don't know where FF stores that information, but if you can find it, you may be able to restore from a Time Machine backup from before you got hijacked.

Thanks,
I'm trying to remember when that message comes up on a reboot.
I think it came up right away with 'Finder', but then after I deleted FF in applications and booted up normally everything is fine.
So far I checked my email - all good and chrome OK as well,
I do have backups but no Time Machine.

 

[krs]

I'm in FF profile in the Library folder.
If anything was changed there, wouldn't the "Date Modified" have changed?
The latest one is Sept 2021.

PS: Found a profile that was modified today at 6:13pm Eastern.
That could well be the issue.

 

[krs]

These are the items in the FF provile that were modified recently.
I moved that whole profile to the trash expecting FF to use an older profile but that didn't work.
Just got a message the profile is missing.
Any suggestions what I need to change in the profile.

 

[MacInWin]

Sorry, I don't use FF myself. You might do some exploring at the link I gave, that's the support page for FF.

 

[Rod]

If you can first Open a new Tab or new page then get to FF Settings, go to Privacy and Security and click Clear Data.
If that doesn't work scroll down a little to History, click Clear History, then in the following window set the Time Line to Everything and select all items and Clear Now.
This presupposes you can access the Settings menu but it should work if you can.

 

[Rod]

This is why I don't save anything into my browsers that isn't saved elsewhere but what I described above will not remove your Bookmarks or Passwords. Once done, reconnect your WiFi or router and all should be well.

 

[krs]

Once done, reconnect your WiFi or router and all should be well.

Thanks guys for the help.
I missed the "disconnect WiFi/router" initially even though that should have been my first logical step.
So what I ended up doing following the comments in the posts here:
Disconnect WiFi
Selected a new tab in Firefox
Clear Data in Firefox > Preferences > Privacy & Security
Clear Firefox History completely
Reconnect WiFi
--------------
I had previously trashed the FF application and downloaded a new copy from the FF website, but that wasn't necessary.
Looks like everything is back the way it should be.

PS: I really appreciate the very prompt help, many thanks.

PPS: I'm tempted to call that number posted on the hijack message to see where that takes me.

 

[Rod]

I wouldn't recommend it.

 

[krs]

I wouldn't recommend it.

I thought I could give them my bank account info so they can transfer some money to me for ruining my pleasant afternoon and me having to waste a few hours of my time.

 

[Jimmysb]

I did get something similar on my iPad, running FF on a hotel wifi. The screen locked, and the only clickable box was in the pop-up. I switched off the iPad and re-booted, and all seemed fine, however I did a re-instal, just to ensure nothing was on the iPad. This was last year, and all seems well since.