Your Apple ID Has Been Disabled! POP-UP Scam

Also Known As: "Your apple id has been disabled!" virus
Type: Mac Virus
Distribution: Moderate
Damage level: Medium

How to remove "Your apple id has been disabled!" from Mac?

What is "Your apple id has been disabled!"?

"Your apple id has been disabled!" is the name of a tech-support scam that is used to steal people's Apple ID accounts. Scammers promote it through a deceptive, unofficial website that is disguised as a legitimate page created by Apple company. Typically, its visitors do not open it willingly. Most of the times they are forced to visit it by some installed potentially unwanted application (PUA). Such apps often feed their users with intrusive ads and collect browsing-related details.

Your apple id has been disabled! scam

As we mentioned in our introduction, scammers who designed "Your apple id has been disabled!" scam use it to steal Apple ID accounts. The deceptive website says that its visitors iPhone is blocked because it detected some illegal activity. It also says that user's Apple ID is disabled too. To unblock it, people are urged to contact "Apple Support" (scammers) via the "+1(844)-357-0777" number. If contacted, they will ask to provide Apple ID account's details such as user's email address and password. Stolen accounts can be used to buy music, applications and access the iCloud email. In other words, scammers might cause their victims financial loss and privacy issues. For these reasons we recommend not to trust unofficial websites and more importantly, not to provide scammers any personal details. If a browser opened this or any other similar scam, it should be ignored and closed. If for some reason it cannot be closed in a normal way, then we recommend to terminate the whole browser's process using the Activity Monitor. Note, closed browsing session should not be restored the next time a browser is opened, this will reopen the same scam website again.

Installed PUAs usually open various shady websites, not only pages that are related to various scams. Another issue with them is that they often collect various information about their users too. For example, URLs of websites that they visit, their IP addresses, geolocations, entered search queries and so on. However, it is possible that some installed PUA might be recording personal details too. One way or another, people who develop these apps share all gathered data with third parties who usually misuse it to generate revenue. Furthermore, if there is an app of this type installed, then it might be displaying various intrusive advertisements like coupons, pop-up ads, banners, surveys and other unwanted ads. When clicked, these apps either download/install potentially malicious apps or they simply open other untrustworthy websites, including various pages that promote tech-support scams.

Threat Summary:
Name "Your apple id has been disabled!" virus
Threat Type Mac malware, Mac virus
Fake Claim Crooks pretend to be certified technicians from Apple company and claim that user's device has been blocked. They also encourage to immediately contact them via provided telephone number.
Tech Support Scammer Phone Number +1(844)-357-0777
Related Domain(s) iosm.s3-website.ca-central-1.amazonaws[.]com
Serving IP Address (iosm.s3-website.ca-central-1.amazonaws[.]com) 52.95.147.3
Symptoms Your Mac became slower than normal, you see unwanted pop-up ads, you get redirected to shady websites.
Distribution methods Deceptive pop-up ads, free software installers (bundling), fake flash player installers, torrent file downloads.
Damage Internet browsing tracking (potential privacy issues), displaying of unwanted ads, redirects to shady websites, loss of private information.
Removal

To eliminate Your apple id has been disabled! virus our malware researchers recommend scanning your computer with Combo Cleaner.
▼ Download Combo Cleaner
Free scanner checks if your computer is infected. To remove malware, you have to purchase the full version of Combo Cleaner.

There are many tech-support (or other) scam/scam websites, here are some examples: apple.com-mac-booster[.]live, apple.com-fast[.]live and macos-online-security-check[.]com. Typically, they are used to trick people into contacting scammers who try to extract personal details or encourage to pay for their offered services or software, or to simply trick them into downloading them unwanted software. One way or another, these scam websites use deceptive methods, they are designed to display fake virus, error alerts, inform their visitors about blocked accounts/computers and so on. Nor these websites or the aforementioned PUAs should be trusted. Apps of this type usually are presented as legitimate, however, they often lead to unwanted downloads, redirects and cause problems related to browsing safety, privacy etc.

How did potentially unwanted applications install on my computer?

Most of them get installed together with some free software or through clicked intrusive advertisements. In the first case they get installed when people take a quickest way to download or install some program which has some unwanted app bundled into its setup. Bundling is a deceptive marketing method that developers use to trick people into downloading/installing PUAs. They hide information about them being included (bundled) in "Custom", "Advanced" and other similar settings of other software's setups. People cause unwanted downloads and installations when they leave all these settings unchanged. They often cause it by clicking intrusive ads too, there are ads that, once clicked, run scripts designed to start download/installation processes of various unwanted apps.

How to avoid installation of potentially unwanted applications?

Users should always download and install various software with care. Always check every checkbox and "Custom" or "Advanced" setting any download/installation setup and make sure to deselect offers to download or install unwanted apps. Avoid downloading apps using third party downloaders, Peer-to-Peer networks, unofficial websites and so on. The bet way to achieve it is using official websites. Note that intrusive ads (especially when displayed on shady websites) redirect users to untrustworthy or even malicious websites. If redirects to dubious websites happen regularly (or intrusive ads appear on every opened page), them heck if there are no suspicious/unwanted extensions, plug-ins or add-ons on a web browser or programs installed on the operating system. If there are any, they should be Removed/uninstalled as soon as possible. If your computer is already infected with PUAs, we recommend running a scan with Combo Cleaner Antivirus for macOS to automatically eliminate them.

Text presented in the "Your apple id has been disabled!" tech-support scam:

Contact Support
Your iPhone has been locked due to detected illegal activity. Your apple id has been disabled! Immediately call Apple Support +1(844)-357-0777 to unlock it!

Appearance of "Your apple id has been disabled!" scam (GIF):

Appearance of Your apple id has been disabled! scam (GIF)

Instant automatic removal of Your apple id has been disabled! virus: Manual threat removal might be a lengthy and complicated process that requires advanced computer skills. Combo Cleaner is a professional automatic malware removal tool that is recommended to get rid of Your apple id has been disabled! virus. Download it by clicking the button below:
▼ DOWNLOAD Combo Cleaner for Mac By downloading any software listed on this website you agree to our Privacy Policy and Terms of Use. Free scanner checks if your computer is infected. To remove malware, you have to purchase the full version of Combo Cleaner.

Quick menu:

Video showing how to remove adware and browser hijackers from a Mac computer:

Potentially unwanted applications removal:

Remove potentially unwanted applications from your "Applications" folder:

mac browser hijacker removal from applications folder

Click the Finder icon. In the Finder window, select "Applications". In the applications folder, look for "MPlayerX", "NicePlayer", or other suspicious applications and drag them to the Trash. After removing the potentially unwanted application(s) that cause online ads, scan your Mac for any remaining unwanted components.

Remove "your apple id has been disabled!" virus related files and folders:

Finder go to folder command

Click the Finder icon, from the menu bar. Choose Go, and click Go to Folder...

step1Check for adware-generated files in the /Library/LaunchAgents folder:

removing adware from launch agents folder step 1

In the Go to Folder... bar, type: /Library/LaunchAgents

removing adware from launch agents folder step 2
In the “LaunchAgents” folder, look for any recently-added suspicious files and move them to the Trash. Examples of files generated by adware - “installmac.AppRemoval.plist”, “myppes.download.plist”, “mykotlerino.ltvbit.plist”, “kuklorest.update.plist”, etc. Adware commonly installs several files with the same string.

step2Check for adware generated files in the /Library/Application Support folder:

removing adware from application support folder step 1

In the Go to Folder... bar, type: /Library/Application Support

removing adware from application support folder step 2
In the “Application Support” folder, look for any recently-added suspicious folders. For example, “MplayerX” or “NicePlayer”, and move these folders to the Trash.

step3Check for adware-generated files in the ~/Library/LaunchAgents folder:

removing adware from ~launch agents folder step 1


In the Go to Folder bar, type: ~/Library/LaunchAgents

removing adware from ~launch agents folder step 2

In the “LaunchAgents” folder, look for any recently-added suspicious files and move them to the Trash. Examples of files generated by adware - “installmac.AppRemoval.plist”, “myppes.download.plist”, “mykotlerino.ltvbit.plist”, “kuklorest.update.plist”, etc. Adware commonly installs several files with the same string.

step4Check for adware-generated files in the /Library/LaunchDaemons folder:

removing adware from launch daemons folder step 1
In the Go to Folder... bar, type: /Library/LaunchDaemons

removing adware from launch daemons folder step 2
In the “LaunchDaemons” folder, look for recently-added suspicious files. For example “com.aoudad.net-preferences.plist”, “com.myppes.net-preferences.plist”, "com.kuklorest.net-preferences.plist”, “com.avickUpd.plist”, etc., and move them to the Trash.

step 5 Scan your Mac with Combo Cleaner:

If you have followed all the steps in the correct order you Mac should be clean of infections. To be sure your system is not infected run a scan with Combo Cleaner Antivirus. Download it HERE. After downloading the file double click combocleaner.dmg installer, in the opened window drag and drop Combo Cleaner icon on top of the Applications icon. Now open your launchpad and click on the Combo Cleaner icon. Wait until Combo Cleaner updates it's virus definition database and click "Start Combo Scan" button.

scan-with-combo-cleaner-1

Combo Cleaner will scan your Mac for malware infections. If the antivirus scan displays "no threats found" - this means that you can continue with the removal guide, otherwise it's recommended to remove any found infections before continuing.

scan-with-combo-cleaner-2

After removing files and folders generated by the adware, continue to remove rogue extensions from your Internet browsers.

"Your apple id has been disabled!" virus removal from Internet browsers:

safari browser iconRemove malicious extensions from Safari:

Remove "your apple id has been disabled!" virus related Safari extensions:

safari browser preferences

Open Safari browser, from the menu bar, select "Safari" and click "Preferences...".

safari extensions window

In the preferences window, select "Extensions" and look for any recently-installed suspicious extensions. When located, click the "Uninstall" button next to it/them. Note that you can safely uninstall all extensions from your Safari browser - none are crucial for normal browser operation.

  • If you continue to have problems with browser redirects and unwanted advertisements - Reset Safari.

firefox browser iconRemove malicious plug-ins from Mozilla Firefox:

Remove "your apple id has been disabled!" virus related Mozilla Firefox add-ons:

accessing mozilla firefox add-ons

Open your Mozilla Firefox browser. At the top right corner of the screen, click the "Open Menu" (three horizontal lines) button. From the opened menu, choose "Add-ons".

removing malicious add-ons from mozilla firefox

Choose the "Extensions" tab and look for any recently-installed suspicious add-ons. When located, click the "Remove" button next to it/them. Note that you can safely uninstall all extensions from your Mozilla Firefox browser - none are crucial for normal browser operation.

  • If you continue to have problems with browser redirects and unwanted advertisements - Reset Mozilla Firefox.

chrome-browser-iconRemove malicious extensions from Google Chrome:

Remove "your apple id has been disabled!" virus related Google Chrome add-ons:

removing malicious google chrome extensions step 1

Open Google Chrome and click the "Chrome menu" (three horizontal lines) button located in the top-right corner of the browser window. From the drop-down menu, choose "More Tools" and select "Extensions".

removing malicious Google Chrome extensions step 2

In the "Extensions" window, look for any recently-installed suspicious add-ons. When located, click the "Trash" button next to it/them. Note that you can safely uninstall all extensions from your Google Chrome browser - none are crucial for normal browser operation.

  • If you continue to have problems with browser redirects and unwanted advertisements - Reset Google Chrome.