Dear Safari User, You Are Today's Lucky Visitor POP-UP Scam (Mac)
Written by Tomas Meskauskas on
(updated)
How to remove Dear Safari User, You Are Today's Lucky Visitor from Mac?
What is Dear Safari User, You Are Today's Lucky Visitor?
"Dear Safari User, You Are Today's Lucky Visitor" is another scam message delivered by deceptive websites. Most visitors arrive at these sites inadvertently - they are redirected by intrusive ads or potentially unwanted applications (PUAs). Research shows that potentially unwanted applications typically infiltrate systems without permission. As well as causing redirects, they deliver intrusive advertisements and gather sensitive information.
The message states that the visitor is "today's lucky user" and, thus, has the chance to win a valuable prize ($1000 equivalent gift card, iPhone X, or other). The user must simply complete a 4-question survey. This is a scam. Cyber criminals use these messages to generate revenue. Users who click buttons on the deceptive website encounter additional redirects to other dubious sites, which can result in high-risk computer infections. Furthermore, the site records various information (geo-location, IP address, etc.) and is likely to ask users to to enter personal details (e.g., name/surname, email address, and so on). Therefore, you are advised to leave websites that display the "Dear Safari User, You Are Today's Lucky Visitor" message immediately. Note that some rogue sites use scripts that disable closing of browsing tabs/windows. In these case, you should terminate the browser using Activity Monitor or reboot the system. After restarting it, do not restore the previous session, otherwise you will end up returning to the malicious sites.
Potentially unwanted applications deliver coupon, banner, pop-up, and other similar advertisements using tools that enable placement of third party graphical content on any visited website. Therefore, intrusive ads often conceal underlying content, thereby diminishing the browsing experience. In addition, they can redirect to malicious websites and run scripts that download/install malware. Thus, clicking them is risky and can result in high-risk computer infections. Another significant downside is data tracking. Research shows that potentially unwanted applications often record information relating to browsing habits. In most cases, the list of collected data types includes (but is not limited to) IP addresses, search queries, keystrokes, websites/URLs visited, and geo-locations. This information often includes personal details that are often misused to generate revenue. The presence of information-tracking apps might lead to serious privacy issues or even identity theft. We strongly recommend that you eliminate all potentially unwanted applications immediately.
| Name | "Dear Safari user, You are today's lucky visitor" virus |
| Threat Type | Mac malware, Mac virus |
| Symptoms | Your Mac became slower than normal, you see unwanted pop-up ads, you get redirected to shady websites. |
| Distribution methods | Deceptive pop-up ads, free software installers (bundling), fake flash player installers, torrent file downloads. |
| Damage | Internet browsing tracking (potential privacy issues), displaying of unwanted ads, redirects to shady websites, loss of private information. |
| Removal |
To eliminate malware infections our security researchers recommend scanning your Mac with Combo Cleaner. |
There are hundreds of rogue websites that deliver deceptive messages. In most cases, however, these pop-ups claim that the system is damaged (infected, missing files, or similar) and encourages users to purchase system fixing tools or to call and pay for 'tech support'. Unwanted apps are usually very similar, mostly offering "useful features", but are designed only to generate revenue for the developers. Rather than enabling the features promised, they pose a significant threat to your privacy and web browsing safety.
How did potentially unwanted applications install on my computer?
Some rogue apps have official download/promotion websites. In most cases, however, they infiltrate systems without permission, since developers proliferate them using intrusive advertising and the "bundling" method (stealth installation of third party applications together with regular software). Developers do not disclose "bundled" programs' installation properly - they hide these apps within "Custom/Advanced" settings (or other sections) of the download/installation processes. Furthermore, many users often rush these procedures and skip steps. In addition, they click various advertisements without understanding the possible consequences. This behavior can lead to inadvertent installation of potentially unwanted applications - users expose their systems to risk of infections and compromise their privacy.
How to avoid installation of potentially unwanted applications?
To prevent this situation, be very cautious when browsing the Internet and downloading/installing software. Carefully analyze each download/installation step using the "Custom" or "Advanced" settings. During the process, opt-out of additionally-included programs and decline offers to download/install them. You are strongly advised to download applications from official sources only (via direct download links) and avoid using third party downloaders/installers, since these tools often include rogue apps. The main reasons for computer infections are poor knowledge and careless behavior - the key to safety is caution. If your computer is already infected with PUAs, we recommend running a scan with Combo Cleaner Antivirus for macOS to automatically eliminate them.
Text presented in "Dear Safari User, You Are Today's Lucky Visitor" scam:
Dear Safari user,
You are today's lucky visitor for: September 7, 2018 (Seattle)
You've been personally selected to take part in our 2018 Annual Visitor Survey! Tell us what you think of Safari and to say "Thank You" you'll receive a chance to get an $1,000 Gift Card, IPhone X and other amazing deals!
All you need to do is to answer the folowing 4 questions to begin. Good luck!
Appearance of "Dear Safari User, You Are Today's Lucky Visitor" scam (GIF):
Another variant of "Dear Safari User, You Are Today's Lucky Visitor" pop-up scam:
Instant automatic Mac malware removal:
Manual threat removal might be a lengthy and complicated process that requires advanced computer skills. Combo Cleaner is a professional automatic malware removal tool that is recommended to get rid of Mac malware. Download it by clicking the button below:
▼ DOWNLOAD Combo Cleaner for Mac
By downloading any software listed on this website you agree to our Privacy Policy and Terms of Use. Free scanner checks if your computer is infected. To remove malware, you have to purchase the full version of Combo Cleaner.
Quick menu:
- What is Dear Safari User, You Are Today's Lucky Visitor?
- STEP 1. Remove PUA related files and folders from OSX.
- STEP 2. Remove rogue extensions from Safari.
- STEP 3. Remove rogue add-ons from Google Chrome.
- STEP 4. Remove potentially unwanted plug-ins from Mozilla Firefox.
Video showing how to remove adware and browser hijackers from a Mac computer:
Potentially unwanted applications removal:
Remove potentially unwanted applications from your "Applications" folder:
Click the Finder icon. In the Finder window, select “Applications”. In the applications folder, look for “MPlayerX”,“NicePlayer”, or other suspicious applications and drag them to the Trash. After removing the potentially unwanted application(s) that cause online ads, scan your Mac for any remaining unwanted components.
Remove "dear safari user, you are today's lucky visitor" virus related files and folders:
Click the Finder icon, from the menu bar. Choose Go, and click Go to Folder...
Check for adware-generated files in the /Library/LaunchAgents folder:
In the Go to Folder... bar, type: /Library/LaunchAgents
In the “LaunchAgents” folder, look for any recently-added suspicious files and move them to the Trash. Examples of files generated by adware - “installmac.AppRemoval.plist”, “myppes.download.plist”, “mykotlerino.ltvbit.plist”, “kuklorest.update.plist”, etc. Adware commonly installs several files with the same string.
Check for adware generated files in the /Library/Application Support folder:
In the Go to Folder... bar, type: /Library/Application Support
In the “Application Support” folder, look for any recently-added suspicious folders. For example, “MplayerX” or “NicePlayer”, and move these folders to the Trash.
Check for adware-generated files in the ~/Library/LaunchAgents folder:
In the Go to Folder bar, type: ~/Library/LaunchAgents
In the “LaunchAgents” folder, look for any recently-added suspicious files and move them to the Trash. Examples of files generated by adware - “installmac.AppRemoval.plist”, “myppes.download.plist”, “mykotlerino.ltvbit.plist”, “kuklorest.update.plist”, etc. Adware commonly installs several files with the same string.
Check for adware-generated files in the /Library/LaunchDaemons folder:
In the Go to Folder... bar, type: /Library/LaunchDaemons
In the “LaunchDaemons” folder, look for recently-added suspicious files. For example “com.aoudad.net-preferences.plist”, “com.myppes.net-preferences.plist”, "com.kuklorest.net-preferences.plist”, “com.avickUpd.plist”, etc., and move them to the Trash.
Scan your Mac with Combo Cleaner:
If you have followed all the steps in the correct order you Mac should be clean of infections. To be sure your system is not infected run a scan with Combo Cleaner Antivirus. Download it HERE. After downloading the file double click combocleaner.dmg installer, in the opened window drag and drop Combo Cleaner icon on top of the Applications icon. Now open your launchpad and click on the Combo Cleaner icon. Wait until Combo Cleaner updates it's virus definition database and click "Start Combo Scan" button.
Combo Cleaner will scan your Mac for malware infections. If the antivirus scan displays "no threats found" - this means that you can continue with the removal guide, otherwise it's recommended to remove any found infections before continuing.
After removing files and folders generated by the adware, continue to remove rogue extensions from your Internet browsers.
"Dear Safari user, You are today's lucky visitor" virus removal from Internet browsers:
Remove malicious extensions from Safari:
Remove "dear safari user, you are today's lucky visitor" virus related Safari extensions:
Open Safari browser, from the menu bar, select "Safari" and click "Preferences...".
In the preferences window, select "Extensions" and look for any recently-installed suspicious extensions. When located, click the "Uninstall" button next to it/them. Note that you can safely uninstall all extensions from your Safari browser - none are crucial for normal browser operation.
- If you continue to have problems with browser redirects and unwanted advertisements - Reset Safari.
Remove malicious plug-ins from Mozilla Firefox:
Remove "dear safari user, you are today's lucky visitor" virus related Mozilla Firefox add-ons:
Open your Mozilla Firefox browser. At the top right corner of the screen, click the "Open Menu" (three horizontal lines) button. From the opened menu, choose "Add-ons".
Choose the "Extensions" tab and look for any recently-installed suspicious add-ons. When located, click the "Remove" button next to it/them. Note that you can safely uninstall all extensions from your Mozilla Firefox browser - none are crucial for normal browser operation.
- If you continue to have problems with browser redirects and unwanted advertisements - Reset Mozilla Firefox.
Remove malicious extensions from Google Chrome:
Remove "dear safari user, you are today's lucky visitor" virus related Google Chrome add-ons:
Open Google Chrome and click the "Chrome menu" (three horizontal lines) button located in the top-right corner of the browser window. From the drop-down menu, choose "More Tools" and select "Extensions".
In the "Extensions" window, look for any recently-installed suspicious add-ons. When located, click the "Trash" button next to it/them. Note that you can safely uninstall all extensions from your Google Chrome browser - none are crucial for normal browser operation.
- If you continue to have problems with browser redirects and unwanted advertisements - Reset Google Chrome.
Outstanding!