Skip navigation

Mac Defender

51180 Views 176 Replies Latest reply: Jun 8, 2011 4:37 AM by casperfromdubai RSS Branched to a new discussion.
  • Jason Botts Level 1 Level 1 (65 points)
    Currently Being Moderated
    Apr 30, 2011 7:34 PM (in response to anne e)

    I've just removed this from a clients computer. I'd be happy to help others as needed (contact me offline).

    However, I'd like to know how this "appeared' on these computers. Surely someone downloaded something. If not, this could be a first.

  • MacJoseph Level 3 Level 3 (595 points)
    Currently Being Moderated
    Apr 30, 2011 8:17 PM (in response to Jason Botts)

    This Mac Defender thing has been going on since this morning. There is a lot about in the MBP forum as well. I posted a warning thread early today.

     

    Joseph

  • MacJoseph Level 3 Level 3 (595 points)
    Currently Being Moderated
    Apr 30, 2011 8:18 PM (in response to Jason Botts)

    Jason

     

    It seems it's been a redirect. Some people were searching various sites for photos. A pop up shows up saying their computers are infected.

     

    Joseph

  • WZZZ Level 6 Level 6 (11,880 points)
    Currently Being Moderated
    Apr 30, 2011 8:23 PM (in response to MacJoseph)

    If you get this kind of scareware pop-up, don't even try closing the window or some fake close (x) button. That may prompt a download. Just quit the browser immediately and empty the cache and cookies.

  • MacJoseph Level 3 Level 3 (595 points)
    Currently Being Moderated
    Apr 30, 2011 8:26 PM (in response to WZZZ)

    wz

     

    I'll relate that in the MBP forum. Thanks!

     

    Joseph

  • LTScodras Calculating status...
    Currently Being Moderated
    Apr 30, 2011 8:28 PM (in response to Jason Botts)

    Hi.  I'm a brand new Mac user and got caught with this today when I tried to download a pdf file from google images.  Since I'm so new to Mac I barely understand how to do anything.  I've tried to follow all the treads but they are pretty complicated for a novice.  I went into "Finder" and tried to trash the application, but can't because it's running.  I went into "Utilities" but see a lot of things none with name "MacDeefender".  Not sure what I should do now.  Any thoughts?  Thanks!

  • MacJoseph Level 3 Level 3 (595 points)
    Currently Being Moderated
    Apr 30, 2011 8:32 PM (in response to LTScodras)

    LTS

     

    Open activity monitor and look for MacDefender, double click on it and force quit. Then go to your application folder and drag Mac Defender to the trash. Also go to system preferences and go to accounts look at the login items to see if there is anything related to MacDefender, if there is click on it then click on the minus sign to remove it. Open finder and do a search for Mac Defender and delete any related files. Hope this helps!

     

    Joseph

  • LTScodras Level 1 Level 1 (0 points)
    Currently Being Moderated
    Apr 30, 2011 8:43 PM (in response to MacJoseph)

    Thank you!  I followed your directions and it worked.

    There was in fact something in the login items that needed to be deleted.

    And when I did a search in Finder I found two more files using a search for "Macdefender"

    Anyway, thanks again.

    I thought this was the type of stuff I wouldn't have to worry about when I switched from a PC to a MAC but I guess nothing is safe.

  • WZZZ Level 6 Level 6 (11,880 points)
    Currently Being Moderated
    Apr 30, 2011 9:05 PM (in response to LTScodras)

    Also look in /Library/StartupItems and, same place, LaunchAgents and LaunchDaemons.

     

    That's your Hard Drive Library (not your Home Folder or System Library.) You may be asked for your password to delete.

     

    And see what's in your Home Folder Library>Preferences and Application Support.

  • MacJoseph Level 3 Level 3 (595 points)
    Currently Being Moderated
    Apr 30, 2011 8:57 PM (in response to LTScodras)

    LTS

     

    Glad you got it resolved. This kind of thing is malicious. It seems a lot of people today have had this happen. It is a type of malware that pops up and say's your computer is infected when it's not infected. May I ask what you were doing when the MacDefender popped up? Were you searching for images/photos? Seems a lot of people were searching for photos when it happened. Glad you got rid of it. The thing about this type of malware is if you even click to try and close the window it can trigger the download. The best thing to do if that kind of thing pops up is close your browser and empty the browser cache and remove cookies.

     

    Joseph

  • Dolphbucs Level 1 Level 1 (55 points)
    Currently Being Moderated
    Apr 30, 2011 10:57 PM (in response to anne e)

    I've posted something similar to this in some of the other threads also. I'll bet that all the people who got caught by this had Safari set to "automatically open safe files after download" and also were running as admin. I saw this fake pop-up earlier but since I run as a normal user and have the above option unchecked in Safari prefs, it did not install. You see, if you run as a normal user, you get prompted to enter your admin password when installing any app. The good news is that this app seems not to do any more damage than try to get you to pay them and use up system resources.

     

    IMO, everyone should always run in a Standard acct .... have only one Admin acct and only use that acct when absolutely necessary ( some apps like Onyx need an admin acct to run ).  It's one of the best protections you have on ANY OS.

  • ThomasBoss Calculating status...
    Currently Being Moderated
    May 1, 2011 12:27 AM (in response to Dolphbucs)

    Sorry if my reply is off topic, but thank you for posting this! I have updated Sophos and will be cautious when on unfamiliar webpages

  • WZZZ Level 6 Level 6 (11,880 points)
    Currently Being Moderated
    May 1, 2011 5:09 AM (in response to ThomasBoss)

    Has anyone been prompted to enter a password from this thing, before it installs?

     

    I don't use Safari, but when I did, "automatically open safe files after download" was the first thing I unchecked. It's incredible to me that Apple still has this set as the default option.

  • Jason Botts Level 1 Level 1 (65 points)
    Currently Being Moderated
    May 1, 2011 4:59 AM (in response to MacJoseph)

    Ok. Good to know there it is coming in through a user download.

    It isn't hard to remove, but I can see how the unsuspecting could click click click and end up with something they didn't intend.

  • tewfiks Calculating status...
    Currently Being Moderated
    May 1, 2011 6:24 AM (in response to WZZZ)

    It did ask for my password...

1 2 3 4 ... 12 Previous Next

Actions

More Like This

  • Retrieving data ...

Bookmarked By (4)

Legend

  • This solved my question - 10 points
  • This helped me - 5 points
This site contains user submitted content, comments and opinions and is for informational purposes only. Apple disclaims any and all liability for the acts, omissions and conduct of any third parties in connection with or related to your use of the site. All postings and use of the content on this site are subject to the Apple Support Communities Terms of Use.