Mac Defender has appeared in my iMac (OS X 10.6.7)
I tried to remove it by dragging the program to the trash from the applications folder, but I cant because the program is open.
The program is pretending to be an antivirus program send $$, obviously a scam.
I re-started but I cat stop it from loading.
There is very little info on this program out there (MacDefender.app)
Any ideas?
iMac, Mac OS X (10.6.7)
This Mac Defender thing has been going on since this morning. There is a lot about in the MBP forum as well. I posted a warning thread early today.
Joseph
Jason
It seems it's been a redirect. Some people were searching various sites for photos. A pop up shows up saying their computers are infected.
Joseph
If you get this kind of scareware pop-up, don't even try closing the window or some fake close (x) button. That may prompt a download. Just quit the browser immediately and empty the cache and cookies.
wz
I'll relate that in the MBP forum. Thanks!
Joseph
Hi. I'm a brand new Mac user and got caught with this today when I tried to download a pdf file from google images. Since I'm so new to Mac I barely understand how to do anything. I've tried to follow all the treads but they are pretty complicated for a novice. I went into "Finder" and tried to trash the application, but can't because it's running. I went into "Utilities" but see a lot of things none with name "MacDeefender". Not sure what I should do now. Any thoughts? Thanks!
LTS
Open activity monitor and look for MacDefender, double click on it and force quit. Then go to your application folder and drag Mac Defender to the trash. Also go to system preferences and go to accounts look at the login items to see if there is anything related to MacDefender, if there is click on it then click on the minus sign to remove it. Open finder and do a search for Mac Defender and delete any related files. Hope this helps!
Joseph
Thank you! I followed your directions and it worked.
There was in fact something in the login items that needed to be deleted.
And when I did a search in Finder I found two more files using a search for "Macdefender"
Anyway, thanks again.
I thought this was the type of stuff I wouldn't have to worry about when I switched from a PC to a MAC but I guess nothing is safe.
Also look in /Library/StartupItems and, same place, LaunchAgents and LaunchDaemons.
That's your Hard Drive Library (not your Home Folder or System Library.) You may be asked for your password to delete.
And see what's in your Home Folder Library>Preferences and Application Support.
LTS
Glad you got it resolved. This kind of thing is malicious. It seems a lot of people today have had this happen. It is a type of malware that pops up and say's your computer is infected when it's not infected. May I ask what you were doing when the MacDefender popped up? Were you searching for images/photos? Seems a lot of people were searching for photos when it happened. Glad you got rid of it. The thing about this type of malware is if you even click to try and close the window it can trigger the download. The best thing to do if that kind of thing pops up is close your browser and empty the browser cache and remove cookies.
Joseph
I've posted something similar to this in some of the other threads also. I'll bet that all the people who got caught by this had Safari set to "automatically open safe files after download" and also were running as admin. I saw this fake pop-up earlier but since I run as a normal user and have the above option unchecked in Safari prefs, it did not install. You see, if you run as a normal user, you get prompted to enter your admin password when installing any app. The good news is that this app seems not to do any more damage than try to get you to pay them and use up system resources.
IMO, everyone should always run in a Standard acct .... have only one Admin acct and only use that acct when absolutely necessary ( some apps like Onyx need an admin acct to run ). It's one of the best protections you have on ANY OS.
Sorry if my reply is off topic, but thank you for posting this! I have updated Sophos and will be cautious when on unfamiliar webpages 🙂
Has anyone been prompted to enter a password from this thing, before it installs?
I don't use Safari, but when I did, "automatically open safe files after download" was the first thing I unchecked. It's incredible to me that Apple still has this set as the default option.
Ok. Good to know there it is coming in through a user download.
It isn't hard to remove, but I can see how the unsuspecting could click click click and end up with something they didn't intend.
It did ask for my password...
Boot to safe boot (hold Shift on startup)
remove from login items and start up items
removed from downloads
remove from Applications folder
Restart computer.
-Easiest way to remove mac defender
Mac Defender
