Do not trust the greacore.com scam website

What is greacore[.]com?

greacore[.]com is a scam website, which makes deceptive claims to promote dubious applications. It states that users' iPhones have been damaged by two viruses and, to remove them, they must download and install a recommended app.

These schemes are commonly used to distribute fake anti-virus tools, adware, browser hijackers and other Potentially Unwanted Applications (PUAs). In some cases, they even promote Trojans, ransomware and other malware. Typically, deceptive/scam sites are accessed through redirects caused by intrusive advertisements or PUAs.

greacore[.]com primarily targets iPhone users, however it might also be accessed (i.e., users are redirected to it) via other Apple products. The scheme states that the device has been heavily damaged by two nonexistent viruses. Supposedly, users' iPhones have already suffered 28.1% damage.

If the fake threats are not removed, they apparently might corrupt the device's SIM card, contact lists, photos, applications and other data. These bogus viruses have allegedly originated from adult-oriented websites that the users have recently visited. To prevent further damage, the scam instructs people to download/install and run the promoted application.

Note that greacore[.]com is simply a scam and must not be trusted. No website can detect threats/issues present on browsers/systems, and any that make such claims are scams. Furthermore, software endorsed by them is usually nonoperational, untrusted and can even be malicious.

PUAs can cause redirects to various untrusted and malicious web pages, however, they can have other capabilities. They can deliver pop-ups, banners, coupons, surveys and other intrusive advertisements. Once these ads are clicked, they redirect to dangerous sites and can execute scripts to stealthily download/install rogue software (e.g. PUAs).

Other types of PUAs can modify browsers to promote fake search engines. Furthermore, most PUAs (regardless of type) can track data. They can monitor browsing habits (browsing and search engine histories) and gather personal information (IP addresses, geolocations and other sensitive details).

The collected data is often shared with third parties seeking to misuse it for profit. In summary, the presence of PUAs on systems can lead to serious infiltration and infections, financial issues, privacy issues and identity theft. To ensure device and user safety, remove all suspicious applications and browser extensions/plug-ins immediately upon detection.

Threat Summary:

Name	greacore.com pop-up
Threat Type	Phishing, Scam, Mac malware, Mac virus.
Fake Claim	Scam claims that visitors' devices are infected.
Serving IP Address	64.227.11.5
Promoted Unwanted Application	Scam promotes various untrustworthy apps.
Symptoms	Your Mac becomes slower than normal, you see unwanted pop-up ads, you are redirected to dubious websites.
Distribution methods	Deceptive pop-up ads, free software installers (bundling), fake Flash Player installers, torrent file downloads.
Damage	Internet browser tracking (potential privacy issues), display of unwanted ads, redirects to dubious websites, loss of private information.
Malware Removal (Mac)	To eliminate possible malware infections, scan your Mac with legitimate antivirus software. Our security researchers recommend using Combo Cleaner. ▼ Download Combo Cleaner for Mac To use full-featured product, you have to purchase a license for Combo Cleaner. Limited seven days free trial available. Combo Cleaner is owned and operated by Rcs Lt, the parent company of PCRisk.com read more.

apple-warning.com, apple-online-guard.com, guardapl.com, and originalsecureus.com are some examples of deceptive websites targeting iPhone users. Online scams employ social engineering and scare tactics to trick users into performing certain actions (e.g. to download/install and purchase untrusted/malicious content).

Popular scam models include (but are not limited to) warnings that the device is infected, alerts that an essential piece of software is outdated, prize giveaways, "amazing" offers/deals, and so on. These schemes have just one purpose: to generate revenue for the scammers/cyber criminals behind them.

There are thousands of websites similar to greacore[.]com on the web. Therefore, exercise caution when browsing.

How did potentially unwanted applications install on my computer?

Some PUAs have "official" download web pages. These apps can also spread via the download/installation set-ups of other software. This deceptive marketing method of packing regular products with unwanted or malicious additions is called "bundling".

Rushing through download/installation processes (e.g. skipping steps and sections, using pre-set options, etc.) increases the risk of unintentionally allowing bundled content onto the system. When clicked, intrusive ads can execute scripts to download/install rogue applications without users' consent.

How to avoid installation of potentially unwanted applications

All products should be researched carefully, prior to download/installation. You are advised to use only official and verified download channels. Unofficial and free file-hosting websites, P2P sharing networks (BitTorrent, eMule, Gnutella, etc.) and other third party downloaders are untrusted and can offer deceptive/bundle content.

Download/Installation processes should be treated with caution. Read the terms, study all possible options, use the "Custom/Advanced" settings and opt-out of supplementary apps, tools, features, etc. Intrusive ads typically seem normal and harmless, however, they can redirect to highly dubious pages (e.g. pornography, gambling, adult-dating and others).

If you encounter these advertisements/redirects, check the system and immediately remove all suspect applications and browser extensions/plug-ins. If your computer is already infected with PUAs, we recommend running a scan with Combo Cleaner Antivirus for macOS to automatically eliminate them.

Text presented by greacore[.]com:

Your system is heavily damaged by Two viruses!

 

We detect that your Apple iPhone is 28.1% DAMAGED because of Two harmful viruses from recent adult sites. Soon it will damage your phone's SIM card and will corrupt your contacts, photos, data, applications , etc.

 

If you do not remove the virus now , it will cause severe damage to your phone . Here's what you NEED to do (step by step ) :

 

Step 1: Tap the button and install App for free!

Step 2: Open the App to speed up and fix your browser now!

 

WARNING!

This Apple iPhone is infected with viruses and your browser is seriously damaged. You need to remove viruses and make corrections immediately.

It is necessary to remove and fix now.

 

Don't close this window.

OK

Another example of a scam message displayed by greacore[.]com website:

Text presented within:

Your system is heavily damaged by Two viruses!
We detect that your Apple iPhone is 28.1% DAMAGED because of Two harmful viruses from recent adult sites. Soon it will damage your phone's SIM card and will corrupt your contacts, photos, data, applications , etc.

If you do not remove the virus now , it will cause severe damage to your phone . Here's what you NEED to do (step by step ) :

Step 1: Tap the button and install App for free!

Step 2: Open the App to spread up and fix your browser now!

REPAIR FAST NOW

Instant automatic Mac malware removal: Manual threat removal might be a lengthy and complicated process that requires advanced IT skills. Combo Cleaner is a professional automatic malware removal tool that is recommended to get rid of Mac malware. Download it by clicking the button below:
▼ DOWNLOAD Combo Cleaner for Mac By downloading any software listed on this website you agree to our Privacy Policy and Terms of Use. To use full-featured product, you have to purchase a license for Combo Cleaner. Limited seven days free trial available. Combo Cleaner is owned and operated by Rcs Lt, the parent company of PCRisk.com read more.

Quick menu:

• What is "greacore[.]com"?
• STEP 1. Remove PUA related files and folders from OSX.
• STEP 2. Remove rogue extensions from Safari.
• STEP 3. Remove rogue add-ons from Google Chrome.
• STEP 4. Remove potentially unwanted plug-ins from Mozilla Firefox.

Video showing how to remove adware and browser hijackers from a Mac computer:

Potentially unwanted applications removal:

Remove potentially unwanted applications from your "Applications" folder:

Click the Finder icon. In the Finder window, select "Applications". In the applications folder, look for "MPlayerX","NicePlayer", or other suspicious applications and drag them to the Trash. After removing the potentially unwanted application(s) that cause online ads, scan your Mac for any remaining unwanted components.

Remove adware-related files and folders

Click the Finder icon, from the menu bar. Choose Go, and click Go to Folder...

Check for adware generated files in the /Library/LaunchAgents/ folder:

In the Go to Folder... bar, type: /Library/LaunchAgents/

In the "LaunchAgents" folder, look for any recently-added suspicious files and move them to the Trash. Examples of files generated by adware - "installmac.AppRemoval.plist", "myppes.download.plist", "mykotlerino.ltvbit.plist", "kuklorest.update.plist", etc. Adware commonly installs several files with the exact same string.

Check for adware generated files in the ~/Library/Application Support/ folder:

In the Go to Folder... bar, type: ~/Library/Application Support/

In the "Application Support" folder, look for any recently-added suspicious folders. For example, "MplayerX" or "NicePlayer", and move these folders to the Trash.

Check for adware generated files in the ~/Library/LaunchAgents/ folder:

In the Go to Folder... bar, type: ~/Library/LaunchAgents/

In the "LaunchAgents" folder, look for any recently-added suspicious files and move them to the Trash. Examples of files generated by adware - "installmac.AppRemoval.plist", "myppes.download.plist", "mykotlerino.ltvbit.plist", "kuklorest.update.plist", etc. Adware commonly installs several files with the exact same string.

Check for adware generated files in the /Library/LaunchDaemons/ folder:

In the "Go to Folder..." bar, type: /Library/LaunchDaemons/

In the "LaunchDaemons" folder, look for recently-added suspicious files. For example "com.aoudad.net-preferences.plist", "com.myppes.net-preferences.plist", "com.kuklorest.net-preferences.plist", "com.avickUpd.plist", etc., and move them to the Trash.

Scan your Mac with Combo Cleaner:

If you have followed all the steps correctly, your Mac should be clean of infections. To ensure your system is not infected, run a scan with Combo Cleaner Antivirus. Download it HERE. After downloading the file, double click combocleaner.dmg installer. In the opened window, drag and drop the Combo Cleaner icon on top of the Applications icon. Now open your launchpad and click on the Combo Cleaner icon. Wait until Combo Cleaner updates its virus definition database and click the "Start Combo Scan" button.

Combo Cleaner will scan your Mac for malware infections. If the antivirus scan displays "no threats found" - this means that you can continue with the removal guide; otherwise, it's recommended to remove any found infections before continuing.

After removing files and folders generated by the adware, continue to remove rogue extensions from your Internet browsers.

Remove malicious extensions from Internet browsers

Remove malicious Safari extensions:

Open the Safari browser, from the menu bar, select "Safari" and click "Preferences...".

In the preferences window, select "Extensions" and look for any recently-installed suspicious extensions. When located, click the "Uninstall" button next to it/them. Note that you can safely uninstall all extensions from your Safari browser - none are crucial for regular browser operation.

• If you continue to have problems with browser redirects and unwanted advertisements - Reset Safari.

Remove malicious extensions from Google Chrome:

Click the Chrome menu icon (at the top right corner of Google Chrome), select "More Tools" and click "Extensions". Locate all recently-installed suspicious extensions, select these entries and click "Remove".

• If you continue to have problems with browser redirects and unwanted advertisements - Reset Google Chrome.

Remove malicious extensions from Mozilla Firefox:

Click the Firefox menu (at the top right corner of the main window) and select "Add-ons and themes". Click "Extensions", in the opened window locate all recently-installed suspicious extensions, click on the three dots and then click "Remove".

• If you continue to have problems with browser redirects and unwanted advertisements - Reset Mozilla Firefox.

▼ Show Discussion