1 2 3 4 Previous Next 176 Replies Latest reply: Jun 8, 2011 4:37 AM by casperfromdubai Go to original post Branched to a new discussion.
  • 15. Re: Mac Defender
    Jason Botts Level 1 Level 1 (65 points)

    I've just removed this from a clients computer. I'd be happy to help others as needed (contact me offline).

    However, I'd like to know how this "appeared' on these computers. Surely someone downloaded something. If not, this could be a first.

  • 16. Re: Mac Defender
    MacJoseph Level 3 Level 3 (595 points)

    This Mac Defender thing has been going on since this morning. There is a lot about in the MBP forum as well. I posted a warning thread early today.

     

    Joseph

  • 17. Re: Mac Defender
    MacJoseph Level 3 Level 3 (595 points)

    Jason

     

    It seems it's been a redirect. Some people were searching various sites for photos. A pop up shows up saying their computers are infected.

     

    Joseph

  • 18. Re: Mac Defender
    WZZZ Level 6 Level 6 (12,225 points)

    If you get this kind of scareware pop-up, don't even try closing the window or some fake close (x) button. That may prompt a download. Just quit the browser immediately and empty the cache and cookies.

  • 19. Re: Mac Defender
    MacJoseph Level 3 Level 3 (595 points)

    wz

     

    I'll relate that in the MBP forum. Thanks!

     

    Joseph

  • 20. Re: Mac Defender
    LTScodras Level 1 Level 1 (0 points)

    Hi.  I'm a brand new Mac user and got caught with this today when I tried to download a pdf file from google images.  Since I'm so new to Mac I barely understand how to do anything.  I've tried to follow all the treads but they are pretty complicated for a novice.  I went into "Finder" and tried to trash the application, but can't because it's running.  I went into "Utilities" but see a lot of things none with name "MacDeefender".  Not sure what I should do now.  Any thoughts?  Thanks!

  • 21. Re: Mac Defender
    MacJoseph Level 3 Level 3 (595 points)

    LTS

     

    Open activity monitor and look for MacDefender, double click on it and force quit. Then go to your application folder and drag Mac Defender to the trash. Also go to system preferences and go to accounts look at the login items to see if there is anything related to MacDefender, if there is click on it then click on the minus sign to remove it. Open finder and do a search for Mac Defender and delete any related files. Hope this helps!

     

    Joseph

  • 22. Re: Mac Defender
    LTScodras Level 1 Level 1 (0 points)

    Thank you!  I followed your directions and it worked.

    There was in fact something in the login items that needed to be deleted.

    And when I did a search in Finder I found two more files using a search for "Macdefender"

    Anyway, thanks again.

    I thought this was the type of stuff I wouldn't have to worry about when I switched from a PC to a MAC but I guess nothing is safe.

  • 23. Re: Mac Defender
    WZZZ Level 6 Level 6 (12,225 points)

    Also look in /Library/StartupItems and, same place, LaunchAgents and LaunchDaemons.

     

    That's your Hard Drive Library (not your Home Folder or System Library.) You may be asked for your password to delete.

     

    And see what's in your Home Folder Library>Preferences and Application Support.

  • 24. Re: Mac Defender
    MacJoseph Level 3 Level 3 (595 points)

    LTS

     

    Glad you got it resolved. This kind of thing is malicious. It seems a lot of people today have had this happen. It is a type of malware that pops up and say's your computer is infected when it's not infected. May I ask what you were doing when the MacDefender popped up? Were you searching for images/photos? Seems a lot of people were searching for photos when it happened. Glad you got rid of it. The thing about this type of malware is if you even click to try and close the window it can trigger the download. The best thing to do if that kind of thing pops up is close your browser and empty the browser cache and remove cookies.

     

    Joseph

  • 25. Re: Mac Defender
    Dolphbucs Level 1 Level 1 (55 points)

    I've posted something similar to this in some of the other threads also. I'll bet that all the people who got caught by this had Safari set to "automatically open safe files after download" and also were running as admin. I saw this fake pop-up earlier but since I run as a normal user and have the above option unchecked in Safari prefs, it did not install. You see, if you run as a normal user, you get prompted to enter your admin password when installing any app. The good news is that this app seems not to do any more damage than try to get you to pay them and use up system resources.

     

    IMO, everyone should always run in a Standard acct .... have only one Admin acct and only use that acct when absolutely necessary ( some apps like Onyx need an admin acct to run ).  It's one of the best protections you have on ANY OS.

  • 26. Re: Mac Defender
    ThomasBoss Level 1 Level 1 (80 points)

    Sorry if my reply is off topic, but thank you for posting this! I have updated Sophos and will be cautious when on unfamiliar webpages

  • 27. Re: Mac Defender
    WZZZ Level 6 Level 6 (12,225 points)

    Has anyone been prompted to enter a password from this thing, before it installs?

     

    I don't use Safari, but when I did, "automatically open safe files after download" was the first thing I unchecked. It's incredible to me that Apple still has this set as the default option.

  • 28. Re: Mac Defender
    Jason Botts Level 1 Level 1 (65 points)

    Ok. Good to know there it is coming in through a user download.

    It isn't hard to remove, but I can see how the unsuspecting could click click click and end up with something they didn't intend.

  • 29. Re: Mac Defender
    tewfiks Level 1 Level 1 (0 points)

    It did ask for my password...

1 2 3 4 Previous Next