How to remove Kretadi.live pop-up scam (Virus removal guide)

What is Kretadi.live?

Kretadi.live is one of the sites promoting the Your MacBook Is Infected With 5 Viruses! scam. The scam masquerades as a McAfee system scan, displays fake scan results and virus alerts claiming that a computer is infected with five viruses. Scammers use fake virus alerts to trick users into downloading or purchasing software they don’t need.

Usually, users end up on Kretadi.live and similar scams by going to a misspelled URL or, clicking on a fake link from push notifications and spam emails. In addition, they can be redirected to this scam by malicious advertisements (malvertising) and Adware. Adware can be installed unknowingly when visiting malware-infested websites or downloading pirated versions of software.

Kretadi.live McAfee® Total Protection Mac fake scan results

Kretadi.live pop-ups are a scam

Kretadi.live Scam in detail

Typically, scam sites first check the user’s IP address to determine their geolocation. By determining the location of the user, scammers can use various social engineering techniques, change the page language or redirect the user to other malicious and scam sites.

In this particular case, the scam masquerades as McAfee Antivirus interface, performs a fake scan and displays fake scan results. It states that the computer is infected with 5 viruses (security risks).

Kretadi.live McAfee® Total Protection Mac Scam

Kretadi.live runs a fake McAfee scan

The scam instructs users to click the “Proceed..” or “Renew License” button to renew their subscription and protect the computer, as an unprotected computer is vulnerable to viruses and malware. After clicking, users are redirected to a legitimate McAfee website offering to purchase the McAfee license. Scammers behind this scam earn a commission for each purchased McAfee subscription. Of course, McAfee and other antivirus companies do not allow affiliates to promote their products using social engineering tricks, misleading methods, and deceptive advertising. However, despite this ban, scammers continue to advertise McAfee and other antivirus companies’ products.

The scam promotes legitimate software, but is more often similar scams are used to distribute untrustworthy and unreliable programs among which may be fake antivirus software, spyware, trojans, browser hijackers, adware and other malicious software; this is described in more detail in this article.

In addition, Kretadi.live asks visitors to allow it to display browser notifications. If enabled, this site will deliver notifications promoting untrustworthy/dangerous pages, various types of scams, and even malware.

Here are some examples of the scam notifications (fake alerts, messages from fake dating sites):

Threat Summary

Name	Kretadi.live
Type	scam, phishing, fake virus alerts
Fake claims	Your MacBook is infected with 5 viruses, Your McAfee subscription has expired
Symptoms	fake security warnings fake system messages pop-up errors fake Windows Defender (Norton, McAfee) computer scan
Removal	Kretadi.live removal guide

McAfee scam examples

McAfee – Your Personal Information is Exposed, Your McAfee Subscription Has Expired, McAfee SECURITY ALERT, McAfee – Your PC Might Be Vulnerable are other scams designed to trick visitors into installing untrustworthy software or calling fake tech support.

: “Your Norton 360 subscription may have expired” is a SCAM

: Antivirus-here.com pop-ups are a scam

: Jerenga.click pop-ups are is a scam

: “McAfee – Your Personal Information is Exposed” pop-ups are a scam

: “McAfee – Act Now To Keep Your Computer Protected” pop-ups are a scam

Where did Kretadi.live scam pop-ups come from?

The Kretadi.live pop-ups are caused by malicious advertisements on websites you visit, spam push notifications or Adware. Browser (push) notifications are originally developed to alert the user of recently published news. Scammers use push notifications to bypass pop up blockers and display lots of unwanted ads.

Adware is a form of malicious software that displays unwanted advertisements on a personal computer, redirects search queries to scam pages, and collects sensitive information for marketing purposes. Adware may display banner ads, full-screen ads, pop-ups, videos, or other forms of online advertising. You may think that ads or pop-ups are just a small problem. But these intrusive advertisements consume system resources and slow down your PC.

Typically, adware ends up on personal computers bundled with freeware, malicious downloads, fake updates, shared files, and other unsafe software downloaded by users from the Internet. To avoid installing any adware: choose only the option of manual, custom or advanced installation and disable any third-party applications that you are not sure about.

How to protect against Kretadi.live scam

To avoid becoming a victim of scammers, it is important to always keep in mind:

There are no sites that can detect viruses and other security threats.
Never install/purchase software promoted by suspicious sites, as it can be useless, and besides, it can be dangerous for you and your computer.
Close Kretadi.live as soon as it appears on your computer screen. Scammers can prevent you from closing it in various ways. In such cases, close your browser using Task Manager or restart your computer. If the next time you launch the browser, it prompts you to restore the previous session, abandon it, otherwise this scam will reopen on your screen.
Use an ad blocker when browsing the internet. It can block known scam sites and protect you from scammers.

How to remove Kretadi.live pop-ups (Adware removal guide)

If you have consistent pop-ups or unwanted advertisements, slow/freezing computer issues, you are in need of adware removal assistance. The steps below will guide you forward to get the “Kretadi.live” scam removed and will help you get your machine operating at peak capacity again.

Remove unwanted profiles on Mac

Adware can make changes to the Mac system such as malicious changes to browser settings, and the addition of malicious system profiles. You need to check the system preferences, find and remove malicious profiles and ensure your settings are as you expect.

Click the System Preferences icon ( ) in the Dock, or choose Apple menu ( ) > System Preferences.

In System Preferences, click Profiles, then select a profile related to the adware.

Click the minus button ( – ) located at the bottom-left of the Profiles screen to remove the profile.
Note: if you do not see Profiles in the System Preferences, that means there are no profiles installed on your Mac, which is normal.

Check the list of installed programs

One of the first things to attempt for removal of adware is to check your Mac device installed programs screen and look for unwanted and questionable applications. If there are any apps you do not recognize or are no longer using, you should uninstall them. If that doesn’t work, then you may need to run malware removal tool such as MalwareBytes AntiMalware.

Open Finder and click “Applications” as shown in the figure below.

You will see a list of apps installed on your MAC. We recommend to pay maximum attention to the program you installed last. Most likely, it is the adware that causes the “Kretadi.live” po-ups in your web-browser. If you are in doubt, you can always check the program by doing a search for her name in Google, Yahoo or Bing.

After the application which you need to delete is found, simply right click on its name, and choose “Move to Trash”.

Don’t forget, choose Finder, then “Empty Trash”.

Remove adware related files and folders

Now you need to try to find adware related folders and files, and then delete them manually. You need to look for these files in certain directories. To quickly open them, we recommend using the “Go to Folder…” command.

Click on the Finder icon. From the menu bar, select Go and click “Go to Folder…”. As a result, a small window opens that allows you to quickly open a specific directory.

Check for Adware generated files in the /Library/LaunchAgents folder

In the “Go to Folder…” window, type the following text and press Go:
/Library/LaunchAgents

This will open the contents of the “/Library/LaunchAgents” folder. Look carefully at it and pay special attention to recently created files, as well as files that have a suspicious name. Move all suspicious files to the Trash. A few examples of files: installapp.plist, com.machelper.plist, search.plist, macsearch.plist and . Most often, PUPs, adware software and browser hijackers create several files with similar names.

Check for Adware generated files in the /Library/Application Support folder

In the “Go to Folder…” window, type the following text and press Go:
/Library/Application Support

This will open the contents of the “Application Support” folder. Look carefully at its contents, pay special attention to recently added/changed folder. Move all suspicious folders to the Trash.

Check for Adware generated files in the “~/Library/LaunchAgents” folder

In the “Go to Folder…” window, type the following text and press Go:
~/Library/LaunchAgents

Proceed in the same way as with the “/Library/LaunchAgents” and “/Library/Application Support” folders. Look for suspicious and recently added files. Move all suspicious files to the Trash.

Check for Adware generated files in the /Library/LaunchDaemons folder

In the “Go to Folder…” window, type the following text and press Go:
/Library/LaunchDaemons

Carefully browse the entire list of files and pay special attention to recently created files, as well as files that have a suspicious name. Move all suspicious files to the Trash. A few examples of files to be deleted: com.macsearch.plist, com.search.plist, com.installapp.plist and com.machelper.plist. In most cases, browser hijackers, potentially unwanted programs and adware software create several files with similar names.

Scan your Mac with MalwareBytes

We recommend using MalwareBytes Anti-Malware to scan your MacBook for adware, browser hijackers, and potentially unwanted apps. This utility is an advanced malware remover developed by (c) Malwarebytes Lab. It uses the world’s most popular anti-malware technology and can help you remove browser hijackers and other security threats from your MacBook for free.

MalwareBytes can be downloaded from the following link. Save it on your Microsoft Windows desktop.

Malwarebytes Anti-malware (Mac)
20841 downloads
Author: Malwarebytes
Category: Security tools
Update: September 10, 2020

When the download is done, close all windows. Further, open the saved file. Follow the prompts.

The MalwareBytes Anti-Malware will automatically start and you can see its main window as shown on the screen below.

Next, click the “Scan Now” button to perform a system scan with this utility for the adware software related to the Kretadi.live pop ups in your browser. A system scan can take anywhere from 5 to 30 minutes, depending on your Apple Mac.

Once the scan is done, it will open the Scan Results. Review the results once the utility has done the system scan. If you think an entry should not be quarantined, then uncheck it. Otherwise, simply press the “Quarantine” button.

MalwareBytes AntiMalware will move the selected threats to the Quarantine.

Remove Kretadi.live from Safari, Chrome, Firefox

If you are still seeing scam pop ups that won’t go away, you might have harmful extensions installed on your internet browser. Check your web-browser for unwanted extensions using the steps below.

Google Chrome	Mozilla Firefox
In the top right hand corner, click on ‘three vertical dots’, and this will open up the main menu on Chrome. In the menu go to ‘More tools’, then ‘Extensions’. Click ‘Remove’ to uninstall an extension. Click ‘Remove’ in the dialog box. You can also try to remove Kretadi.live pop-ups by reset Chrome settings.	Click on ‘menu’ button and select ‘Add-ons’. Go to ‘Extensions’ tab. To uninstall an add-on, click on ‘Remove’ button next to it. If you are still experiencing issues with the scam popups removal, you need to reset Mozilla Firefox browser.
Safari
On the top menu select ‘Safari’, then ‘Preferences’. Select ‘Extensions’ tab. Select an extension you want to delete and click ‘Uninstall’ button next to it.

Google Chrome

Mozilla Firefox

In the top right hand corner, click on ‘three vertical dots’, and this will open up the main menu on Chrome.
In the menu go to ‘More tools’, then ‘Extensions’.
Click ‘Remove’ to uninstall an extension.
Click ‘Remove’ in the dialog box.

You can also try to remove Kretadi.live pop-ups by reset Chrome settings.

Click on ‘menu’ button and select ‘Add-ons’.
Go to ‘Extensions’ tab.
To uninstall an add-on, click on ‘Remove’ button next to it.

If you are still experiencing issues with the scam popups removal, you need to reset Mozilla Firefox browser.

Safari

On the top menu select ‘Safari’, then ‘Preferences’.
Select ‘Extensions’ tab.
Select an extension you want to delete and click ‘Uninstall’ button next to it.

How to stop Kretadi.live pop ups

It is important to run ad-blocker programs such as AdGuard to protect your MAC from harmful and scam pages. Most security experts says that it is okay to stop unwanted advertisements. You should do so just to stay safe! And, of course, the AdGuard can to stop the “Kretadi.live” pop-ups and block other scam web-pages.

Visit the following page to download AdGuard. Save it on your Windows desktop.

Once the downloading process is done, run the downloaded file. The “Setup Wizard” window will show up on the computer screen.

Follow the prompts. AdGuard will then be installed. A window will show up asking you to confirm that you want to see a quick guide. Click “Skip” button to close the window and use the default settings, or click “Get Started” to see an quick tutorial that will allow you get to know AdGuard better.

Each time, when you start your MAC, AdGuard will start automatically and stop unwanted pop-up ads, block the “Kretadi.live” scam, as well as other harmful or misleading web sites.

To sum up

We hope this article helped you learn more about the Kretadi.live Scam and avoid the scammers’ tricks. If you have questions or additional information for our readers, please leave a comment.