Skip navigation

Heads Up/Warning Mac Defender

41716 Views 190 Replies Latest reply: Aug 17, 2012 7:46 AM by chepin RSS Branched to a new discussion.
  • arkling Level 1 Level 1 (20 points)
    Currently Being Moderated
    May 1, 2011 7:00 AM (in response to MacJoseph)

    I really wish we could run OS X virtualized, I'm trying to determine if this Mac defender program installs any extra daemons/background-services. I'm worried that even with the Mac defender app removed, that perhaps they still have a key-logger installed or some other nastiness. 


    Could someone post any contact information they have for this company? phone, web, email, etc? and for those that got a refund, maybe any information about the transaction?


    For those who did purchase it, be sure to tell you financial institution that this was a fraudulent company, might not hurt to tell visa/MC/AMEX/etc. 


    if anyone still has the app installed, could you post a list of all your running processes?

    If you had the app but removed the app could you do the same?

    I want to compare them together and with a "clean" machine.




  • caroltoronto Calculating status...
    Currently Being Moderated
    May 1, 2011 7:11 AM (in response to arkling)

    I called this number - 1800 417 5679. supposed to be the 'customer service' hotline ...

  • melissafromva Calculating status...
    Currently Being Moderated
    May 1, 2011 8:14 AM (in response to MacJoseph)

    I too had this happen yesterday when searching Google images.  I installed MacDefender but didn't purchase it.  It ran a scan and I'm worried I'm at risk.  I tried going to applications and dragging MacDefender to the trash but I keep getting a message saying I can't because the program is open.  Any suggestions on how to remove this installed program?  Thanks.

  • mactalent99 Calculating status...
    Currently Being Moderated
    May 1, 2011 10:00 AM (in response to MacJoseph)

    One of my clients got hit. She was googling plant images. Someone above mentioned pirhana images so appears it's masquerading as images. It seems to be able to install itself bypassing Apple security, without requiring a password. Scary. Hopefully Apple can find and patch this.  It kept putting up a translucent window in top right of screen with a warming and large red cleanup button. Like a Growl type dialog - but Growl was not installed. It also put a red Macafee or Windos style security icon on the menu bar. The interface for the app looks very well done. Happily my client called me and did not pay for the app or run it.


    It's simple enough to remove, as noted above. I went to login items and deleted it, then restarted. Deleted Mac Defender app, then found the installer package in Downloads and deleted that.



  • melissafromva Level 1 Level 1 (0 points)
    Currently Being Moderated
    May 1, 2011 2:06 PM (in response to MacJoseph)

    Thanks.  I followed all of these steps and hope it is now gone.

  • ds store Level 7 Level 7 (30,305 points)
    Currently Being Moderated
    May 1, 2011 2:25 PM (in response to arkling)

    arkling wrote:


    I really wish we could run OS X virtualized


    You can do the next best thing for surfing the web. Provided you can spare a core and 1GB of RAM (even 512MB).


    1: Download VirtualBox, it's free.


    2: Download a ISO of Macbuntu 32bit x86 10.10, it's free.


    3: Point VirtualBox to open the Linux ISO and install it. (piece of cake)

            Don't let Linux have access to OS X side just to be safe, it can read all file formats, including HFS+.


    Have a look around, set the display size and when your updated and tweaked, before going online, save a "snapshot" of that OS in VirtualBox. Go surfing and when your done, revert back to the earlier snapshot in VirtualBox.


    MacBuntu looks just like OS X, just it's not as smooth and refined. Firefox works just the same.


    I you need to transfer files from Linux, see if copy and paste works or use a external USB key.


    What's nice about this is your web browser is sandboxed from OS X, and you can still use OS X for other things.

  • paulfromoceanside Calculating status...
    Currently Being Moderated
    May 1, 2011 3:37 PM (in response to MacJoseph)

    Someone on another discussion of the same topic said they called and got a refund.  I don't have the number to call yet.

  • caroltoronto Level 1 Level 1 (15 points)
    Currently Being Moderated
    May 1, 2011 5:01 PM (in response to MacJoseph)

    I just google'd that phone number ... seems like this scam has been around for more than a month ...


  • brianfromfremont Calculating status...
    Currently Being Moderated
    May 1, 2011 5:34 PM (in response to MacJoseph)

    Thank you so much Joseph for explaining a newbe thru the process of getting rid of that **** thing! The same thing happened to me with a photo, down loaded but didn't buy. I was able to dump it all and I thank you for the help.



  • Deb145 Calculating status...
    Currently Being Moderated
    May 1, 2011 6:01 PM (in response to MacJoseph)

    I was searching flower photos online this evening via Google when I got a warning of virus activity.  I agreed to scan.  It said it did, but it was too quick and then I had downloaded "BestMacAntivirus2011.mkpg" (per my downloads list), which showed up as MacDefender on my computer and which also requested I install it immediately for the safety of my computer.  It looked and acted suspicious, so I did not install and I googled it instead, leading me here.  I've now apparently deleted everything with MacDefender on my computer and emptied my trash.  I didn't use spotlight search because I don't know how.  There are no suspicious charges showing (yet) on my credit card.  I downloaded ClamXav and I intend to run it based on the recommendations here.  I will search Finder for BestMacAntivirus as well.  I have 2 questions:  How do I search my computer with Spotlight?  and Did I escape effect of the virus by not installing it, even though it showed as a download (though I never agreed to download anything)?   I should also note that it appeared the program/virus had been installed at 2 pm today instead of >4 hours later when the actual incident occurred.

  • elroyale Calculating status...
    Currently Being Moderated
    May 1, 2011 6:08 PM (in response to Deb145)

    hi. my wife got hit with this too while searching google images for frank lloyd wright. i uninstalled it before i read this thread. deleted all files, installer, went to activity monitor, etc as suggested. but i emptied my trash before restarting my computer. now that i've restarted it, i've searched in finder and spotlight and can find no trace of the macdefender program. did emptying the trash before i restarted the computer compromise it in some way? is there any way i can be sure that it's gone?

  • brianfromfremont Level 1 Level 1 (0 points)
    Currently Being Moderated
    May 1, 2011 6:08 PM (in response to Deb145)

    I should leave this for the pros being I know next to NOTHING about computers but one thing I do know is where Spotlight is. On your MACs desk top upper right hand corner is a little magnifying glass looking thing next to the clock. Click on that and you will see the word "Spotlight". Put a search word there and it will search the entire computer. If you put Macdefender in spotlight and come up with ANYTHING that says macdefender, you did NOT get rid of it all. If you did just what Joseph said, it is gone.



  • Deb145 Level 1 Level 1 (0 points)
    Currently Being Moderated
    May 1, 2011 6:09 PM (in response to MacJoseph)

    The photo I clicked on in Google Images led me to a webpage with the address  Now that I risked my computer to click it in history browser, please let me know if I need to be concerned about that.  According to my history tab, it failed to open page just now when I peeked again and shut it right away.

1 2 3 4 ... 13 Previous Next


More Like This

  • Retrieving data ...

Bookmarked By (2)


  • This solved my question - 10 points
  • This helped me - 5 points
This site contains user submitted content, comments and opinions and is for informational purposes only. Apple disclaims any and all liability for the acts, omissions and conduct of any third parties in connection with or related to your use of the site. All postings and use of the content on this site are subject to the Apple Support Communities Terms of Use.