E.tre456_worm_osx Trojan Virus POP-UP Scam (Mac)
Written by Tomas Meskauskas on (updated)
What is e.tre456_worm_osx Trojan Virus?
"e.tre456_worm_osx Trojan Virus" is a fake error message similar to Website You Visited Infected Your Mac With A Virus, Apologies For Interruption!, and many others. It is displayed by various deceptive websites.
Most users visit theses sites inadvertently - they are redirected by potentially unwanted applications (PUAs) that infiltrate systems without permission or intrusive ads generated by other dubious sites. Research shows that, in addition to redirects, potentially unwanted applications record sensitive data and deliver intrusive advertisements.
After visiting this website, users are presented with pop-up messages stating that their computers are infected. The sites then perform a fake system scan and display "more detailed" information regarding the infection. It is stated that the malware must be eliminated immediately.
Therefore, users are encouraged to download and install a 'malware removal tool' called Advanced Mac Cleaner. This is a scam. Your computer is probably optimized and virus free. The "e.tre456_worm_osx Trojan Virus" error is used only to trick gullible users into downloading and installing dubious software.
After scanning the system with e.tre456_worm_osx Trojan Virus, users are presented with many existing infections, however, since the 'free version' is not capable of eliminating these threats, users are encouraged to pay for the 'full version' of this rogue software.
Be aware, however, that fake errors often proliferate "anti-virus" suites that generate 'false positives' just to promote in-app purchases. For these reasons, the "e.tre456_worm_osx Trojan Virus" error should be ignored. It can be removed simply by closing the browser, however, some rogue sites employ scripts that disable closing of browsing tabs/windows.
In these cases, terminate the browser via Activity Monitor or simply reboot the system. After re-running the browser, do not restore the previous session, otherwise you will return to the malicious site.
As mentioned above, potentially unwanted applications are known to gather sensitive information. The list of collected data types includes (but is not limited to) queries entered into search engines, pages viewed, website URLs visited, keystrokes, Internet Protocol (IP) addresses, and geo-locations.
Recorded information usually includes personal details that developers share with third parties (potentially, cyber criminals). These people misuse private information to generate revenue. Therefore, having information-tracking apps installed on your computer can lead to serious privacy issues.
Most PUAs also deliver intrusive advertisements, which are very likely to redirect to dubious websites and execute scripts that download/install other potentially unwanted applications or even malware. Therefore, clicking them risks system infection. These advertisements are delivered using tools that enable placement of third party graphical content on any visited website.
Therefore, they often conceal website content. As well as posing threat to your web browsing safety, these ads diminish the browsing experience. You are strongly advised to eliminate all potentially unwanted applications immediately.
| Name | "e.tre456_worm_osx Trojan Virus" virus |
| Threat Type | Mac malware, Mac virus |
| Symptoms | Your Mac became slower than normal, you see unwanted pop-up ads, you get redirected to shady websites. |
| Distribution methods | Deceptive pop-up ads, free software installers (bundling), fake flash player installers, torrent file downloads. |
| Damage | Internet browsing tracking (potential privacy issues), displaying of unwanted ads, redirects to shady websites, loss of private information. |
| Malware Removal (Mac) | To eliminate possible malware infections, scan your Mac with legitimate antivirus software. Our security researchers recommend using Combo Cleaner. |
As mentioned above, there are many fake errors such as "e.tre456_worm_osx Trojan Virus". All claim that the system is infected, missing files or damaged in other ways, however, these claims are merely attempts to extort money from unsuspecting users - the errors advertise paid services (fake tech support, which is not required) or paid applications.
Generally, all PUAs are very similar. By offering "useful features", they attempt to give the impression of legitimacy, however, their only purpose is to generate revenue for the developers. Rather than giving any real value for regular users, potentially unwanted applications cause redirects, gather sensitive information, and deliver intrusive ads.
How did potentially unwanted applications install on my computer?
A small percentage of PUAs have official download/promotion websites. Most, however, infiltrate systems without users' consent, since developers proliferate them using intrusive advertising and "bundling" (stealth installation of third party applications together with regular [typically free] software) methods.
Developers do not disclose "bundled" PUAs' installations properly - they hide them within "Custom/Advanced" settings (or other sections) of the download/installation processes. Furthermore, many users often click advertisements and skip most download/installation steps. In doing so, they expose their systems to risk of various infections and compromise their privacy.
How to avoid installation of potentially unwanted applications?
To prevent this situation, be very cautious when browsing the Internet and downloading/installing software. Carefully analyze each window of the download/installation dialogs and opt-out additionally-included programs. We recommend that you download programs from official sources only, using direct download links.
Third party downloaders/installers often promote rogue apps, and thus these tools should never be used. Remember that developers invest many resources into intrusive ad design, thereby making them seem legitimate, but most redirect to dubious websites (pornography, adult dating, survey, and so on).
If you encounter these redirects, check the list of installed applications/browser plug-ins and eliminate any suspicious entries. The key to computer safety is caution. If your computer is already infected with PUAs, we recommend running a scan with Combo Cleaner Antivirus for macOS to automatically eliminate them.
Appearance of "e.tre456_worm_osx Trojan Virus" scam (GIF):
Text presented in this fake error:
We have detected a trojan virus (e.tre456_worm_osx) on your Mac. Press OK to begin the repair process.
Your system is infected with 3 viruses!
Your Mac is infected with 3 viruses. Our security check found traces of 2 malware and 1 phishing/spyware. System damage: 28.1% - Immediate removal required!
The immediate removal of the viruses is required to prevent further system damage, loss of Apps, Photos or other files.
Traces of 1 phishing/spyware were found on your Mac with OSX.
Personal and banking information are at risk.
To avoid more damage click on 'Scan Now' immediately. Our deep scan will provide help immediately!
0 minute and 0 seconds remaining before damage is permanent.
Deceptive website displaying fake scan results:
Text presented in this page:
Your Mac is heavily damaged! (33.2%)
Please download the Advanced MacCleaner application to remove 3 Viruses from Mac.
VIRUS INFORMATION
Virus Name: Tapsnake, CronDNS, Dubfishicv
Risk: High
Infected Files: /os/apps/hidden/os-component/X/snace.icv;/local/conf/keyboard/retype.icv...
Update 17 December, 2018 - Crooks have released an updated version of websites that display "e.tre456_worm_osx Trojan Virus" pop-up:
Screenshot of the pop-up:
Screenshot of the website:
Text presented in the pop-up and website:
IMMEDIATE ACTION REQUIRED
We have detected a trojan virus (e.tre456_worm_osx) on your Mac.
Press OK to begin the repair process.
-------------------------
Your MacOS 10.14 Mojave
is infected with 3 viruses!
Monday December 17, 2018 12:57 PMYour Mac is infected with 3 viruses. Our security check found traces of 2 malware and 1 phishing/spyware. System damage: 28.1% - Immediate removal required!
The immediate removal of the viruses is required to prevent further system damage, loss of Apps, Photos or other files. Traces of 1 phishing/spyware were found on your Mac with OSX.
To avoid more damage click on 'Scan Now' immediately. Our deep scan will provide help immediately!
4 minute and 29 seconds remaining before damage is permanent.
Screenshot of website displaying fake scan results (at the time of research the site was promoting Mac Cleanup Pro unwanted application):
Text presented within this site:
DOWNLOAD REQUIRED
Your Mac is heavily damaged! (33.2%)
Please download the Advanced Mac Cleaner application to remove 3 Viruses from your Mac.
VIRUS INFORMATION
Virus Name: Tapsnake; CronDNS; Dubfishicv
Risk: HIGH
Infected Files: /os/apps/hidden/os-component/X/snake.icv; /os/local/conf/keyboard/retype.icv...
REMOVE VIRUSES NOW
VIRUS REMOVAL
Application: Advanced Mac Cleaner
Rating: 9.9/10
Price: Free
Appearance of the new variant of "e.tre456_worm_osx Trojan Virus" pop-up scam (GIF):
Another variant of e.tre456_worm_osx pop-up scam:
Text presented within the pop-up:
IMMEDIATE ACTION REQUIRED
We have detected a trojan virus (e.tre456_worm_osx) on your Mac.
Press OK to begin the repair process.
Instant automatic Mac malware removal:
Manual threat removal might be a lengthy and complicated process that requires advanced IT skills. Combo Cleaner is a professional automatic malware removal tool that is recommended to get rid of Mac malware. Download it by clicking the button below:
▼ DOWNLOAD Combo Cleaner for Mac
By downloading any software listed on this website you agree to our Privacy Policy and Terms of Use. To use full-featured product, you have to purchase a license for Combo Cleaner. Limited seven days free trial available. Combo Cleaner is owned and operated by Rcs Lt, the parent company of PCRisk.com read more.
Quick menu:
- What is "e.tre456_worm_osx Trojan Virus" virus?
- How to identify a pop-up scam?
- How do pop-up scams work?
- How to remove fake pop-ups?
- How to prevent fake pop-ups?
- What to do if you fell for a pop-up scam?
How to identify a pop-up scam?
Pop-up windows with various fake messages are a common type of lures cybercriminals use. They collect sensitive personal data, trick Internet users into calling fake tech support numbers, subscribe to useless online services, invest in shady cryptocurrency schemes, etc.
While in the majority of cases these pop-ups don't infect users' devices with malware, they can cause direct monetary loss or could result in identity theft.
Cybercriminals strive to create their rogue pop-up windows to look trustworthy, however, scams typically have the following characteristics:
- Spelling mistakes and non-professional images - Closely inspect the information displayed in a pop-up. Spelling mistakes and unprofessional images could be a sign of a scam.
- Sense of urgency - Countdown timer with a couple of minutes on it, asking you to enter your personal information or subscribe to some online service.
- Statements that you won something - If you haven't participated in a lottery, online competition, etc., and you see a pop-up window stating that you won.
- Computer or mobile device scan - A pop-up window that scans your device and informs of detected issues - is undoubtedly a scam; webpages cannot perform such actions.
- Exclusivity - Pop-up windows stating that only you are given secret access to a financial scheme that can quickly make you rich.
Example of a pop-up scam:
How do pop-up scams work?
Cybercriminals and deceptive marketers usually use various advertising networks, search engine poisoning techniques, and shady websites to generate traffic to their pop-ups. Users land on their online lures after clicking on fake download buttons, using a torrent website, or simply clicking on an Internet search engine result.
Based on users' location and device information, they are presented with a scam pop-up. Lures presented in such pop-ups range from get-rich-quick schemes to fake virus scans.
How to remove fake pop-ups?
In most cases, pop-up scams do not infect users' devices with malware. If you encountered a scam pop-up, simply closing it should be enough. In some cases scam, pop-ups may be hard to close; in such cases - close your Internet browser and restart it.
In extremely rare cases, you might need to reset your Internet browser. For this, use our instructions explaining how to reset Internet browser settings.
How to prevent fake pop-ups?
To prevent seeing pop-up scams, you should visit only reputable websites. Torrent, Crack, free online movie streaming, YouTube video download, and other websites of similar reputation commonly redirect Internet users to pop-up scams.
To minimize the risk of encountering pop-up scams, you should keep your Internet browsers up-to-date and use reputable anti-malware application. For this purpose, we recommend Combo Cleaner Antivirus for macOS.
What to do if you fell for a pop-up scam?
This depends on the type of scam that you fell for. Most commonly, pop-up scams try to trick users into sending money, giving away personal information, or giving access to one's device.
- If you sent money to scammers: You should contact your financial institution and explain that you were scammed. If informed promptly, there's a chance to get your money back.
- If you gave away your personal information: You should change your passwords and enable two-factor authentication in all online services that you use. Visit Federal Trade Commission to report identity theft and get personalized recovery steps.
- If you let scammers connect to your device: You should scan your computer with reputable anti-malware (we recommend Combo Cleaner Antivirus for macOS) - cyber criminals could have planted trojans, keyloggers, and other malware, don't use your computer until removing possible threats.
- Help other Internet users: report Internet scams to Federal Trade Commission.
Outstanding!
▼ Show Discussion