-
All replies
-
Helpful answers
-
Apr 30, 2011 7:34 PM in response to anne eby Jason Botts,I've just removed this from a clients computer. I'd be happy to help others as needed (contact me offline).
However, I'd like to know how this "appeared' on these computers. Surely someone downloaded something. If not, this could be a first.
-
Apr 30, 2011 8:17 PM in response to Jason Bottsby MacJoseph,This Mac Defender thing has been going on since this morning. There is a lot about in the MBP forum as well. I posted a warning thread early today.
Joseph
-
Apr 30, 2011 8:18 PM in response to Jason Bottsby MacJoseph,Jason
It seems it's been a redirect. Some people were searching various sites for photos. A pop up shows up saying their computers are infected.
Joseph
-
Apr 30, 2011 8:23 PM in response to MacJosephby WZZZ,If you get this kind of scareware pop-up, don't even try closing the window or some fake close (x) button. That may prompt a download. Just quit the browser immediately and empty the cache and cookies.
-
Apr 30, 2011 8:26 PM in response to WZZZby MacJoseph,wz
I'll relate that in the MBP forum. Thanks!
Joseph
-
Apr 30, 2011 8:28 PM in response to Jason Bottsby LTScodras,Hi. I'm a brand new Mac user and got caught with this today when I tried to download a pdf file from google images. Since I'm so new to Mac I barely understand how to do anything. I've tried to follow all the treads but they are pretty complicated for a novice. I went into "Finder" and tried to trash the application, but can't because it's running. I went into "Utilities" but see a lot of things none with name "MacDeefender". Not sure what I should do now. Any thoughts? Thanks!
-
Apr 30, 2011 8:32 PM in response to LTScodrasby MacJoseph,LTS
Open activity monitor and look for MacDefender, double click on it and force quit. Then go to your application folder and drag Mac Defender to the trash. Also go to system preferences and go to accounts look at the login items to see if there is anything related to MacDefender, if there is click on it then click on the minus sign to remove it. Open finder and do a search for Mac Defender and delete any related files. Hope this helps!
Joseph
-
Apr 30, 2011 8:43 PM in response to MacJosephby LTScodras,Thank you! I followed your directions and it worked.
There was in fact something in the login items that needed to be deleted.
And when I did a search in Finder I found two more files using a search for "Macdefender"
Anyway, thanks again.
I thought this was the type of stuff I wouldn't have to worry about when I switched from a PC to a MAC but I guess nothing is safe.
-
Apr 30, 2011 9:05 PM in response to LTScodrasby WZZZ,Also look in /Library/StartupItems and, same place, LaunchAgents and LaunchDaemons.
That's your Hard Drive Library (not your Home Folder or System Library.) You may be asked for your password to delete.
And see what's in your Home Folder Library>Preferences and Application Support.
-
Apr 30, 2011 8:57 PM in response to LTScodrasby MacJoseph,LTS
Glad you got it resolved. This kind of thing is malicious. It seems a lot of people today have had this happen. It is a type of malware that pops up and say's your computer is infected when it's not infected. May I ask what you were doing when the MacDefender popped up? Were you searching for images/photos? Seems a lot of people were searching for photos when it happened. Glad you got rid of it. The thing about this type of malware is if you even click to try and close the window it can trigger the download. The best thing to do if that kind of thing pops up is close your browser and empty the browser cache and remove cookies.
Joseph
-
Apr 30, 2011 10:57 PM in response to anne eby Dolphbucs,I've posted something similar to this in some of the other threads also. I'll bet that all the people who got caught by this had Safari set to "automatically open safe files after download" and also were running as admin. I saw this fake pop-up earlier but since I run as a normal user and have the above option unchecked in Safari prefs, it did not install. You see, if you run as a normal user, you get prompted to enter your admin password when installing any app. The good news is that this app seems not to do any more damage than try to get you to pay them and use up system resources.
IMO, everyone should always run in a Standard acct .... have only one Admin acct and only use that acct when absolutely necessary ( some apps like Onyx need an admin acct to run ). It's one of the best protections you have on ANY OS.
-
May 1, 2011 12:27 AM in response to Dolphbucsby ThomasBoss,Sorry if my reply is off topic, but thank you for posting this! I have updated Sophos and will be cautious when on unfamiliar webpages
-
May 1, 2011 5:09 AM in response to ThomasBossby WZZZ,Has anyone been prompted to enter a password from this thing, before it installs?
I don't use Safari, but when I did, "automatically open safe files after download" was the first thing I unchecked. It's incredible to me that Apple still has this set as the default option.
-
May 1, 2011 4:59 AM in response to MacJosephby Jason Botts,Ok. Good to know there it is coming in through a user download.
It isn't hard to remove, but I can see how the unsuspecting could click click click and end up with something they didn't intend.
-