Firstly, see if there's an uninstaller for the application. If not see the following:
Uninstalling Software: The Basics
Most OS X applications are completely self-contained "packages" that can be uninstalled by simply dragging the application to the Trash. Applications may create preference files that are stored in the /Home/Library/Preferences/ folder. Although they do nothing once you delete the associated application, they do take up some disk space. If you want you can look for them in the above location and delete them, too.
Some applications may install an uninstaller program that can be used to remove the application. In some cases the uninstaller may be part of the application's installer, and is invoked by clicking on a Customize button that will appear during the install process.
Some applications may install components in the /Home/Library/Applications Support/ folder. You can also check there to see if the application has created a folder. You can also delete the folder that's in the Applications Support folder. Again, they don't do anything but take up disk space once the application is trashed.
Some applications may install a startupitem or a Log In item. Startupitems are usually installed in the /Library/StartupItems/ folder and less often in the /Home/Library/StartupItems/ folder. Log In Items are set in the Accounts preferences. Open System Preferences, click on the Accounts icon, then click on the LogIn Items tab. Locate the item in the list for the application you want to remove and click on the "-" button to delete it from the list.
Some software use startup daemons or agents that are a new feature of the OS. Look for them in /Library/LaunchAgents/ and /Library/LaunchDaemons/ or in /Home/Library/LaunchAgents/.
If an application installs any other files the best way to track them down is to do a Finder search using the application name or the developer name as the search term. Unfortunately Spotlight will not look in certain folders by default. You can modify Spotlight's behavior or use a third-party search utility, Easy Find, instead. Download Easy Find at VersionTracker or MacUpdate.
Some applications install a receipt in the /Library/Receipts/ folder. Usually with the same name as the program or the developer. The item generally has a ".pkg" extension. Be sure you also delete this item as some programs use it to determine if it's already installed.
There are many utilities that can uninstall applications. Here is a selection:
- Uninstaller Spring Cleaning
For more information visit The XLab FAQs and read the FAQ on removing software.
I also was looking at an image yesterday and macdefender installed itself. I have tried the above to remove it, but the application keeps telling me it cannot be moved to the trash because it's open. I cannot figure out how to close it to remove it. I didn't pay for anything. This thing is driving me crazy! Any suggestions?
Thanks so much for all your input. I was able to completely remove the "program" by manually removing an application and all associated files"
Since I am not computer savvy - I can't post the link I used so I will type the instructions (Please note - I got this info from MacRumors Forums and it was posted by GGJstudios)
1. Launch Finder and search for the app name (in this case - MacDefender)
2. Narrow the search to specific folders or search the whole Mac
3. Searching "File Name" not just "Contents" will provide a more thorough search.
4. Click the + button below the search term to add criteria
5. Click the search criteria drop-down and select "other", then "system files"
6. Click the "don't include" and change to "include"
7. Sort by name, kind, date, etc., to identify components of the app, such as folders, .plist files, cashes files, etc.
8 Delete all the files and folders related to the app.
9. Do Not empty your trash until you have determined that everything is working OK, in case you need to restore something you deleted by accident. (Side Note -- I made sure that everything I deleted had the DATE I got the stupid MacDefender downloaded and no other date)
10. A reboot might be necessary to completely remove some apps. (I just restarted my computer for good measure.) Once I complete all these steps -- I was able to use the computer and its FINALLY stopped popping up! I hope this works for you!!!
For more information on removal you can visit http://www.magmatic.com/currents/2011/5/2/macdefender-rouge-anti-malware-program -removal-and-defense.html#entry11328388
Keep in mind if you shared paypal or cc info report your account compromised.
Magamtic? yet another useles, BS Mac AV?
No, Magmatic is just a site I have done for a while, no ad's, not selling anything. Free stuff and info I share, tied to my business, clients are very private, but no worries. It is not fake or anything like that but I expect you can check and determine for yourself.
I would however think you would try to protect your assets on your Mac with some kind of Anti Virus whatever that may be. It would think for your ORG losing a 80-120 gig Photoshop file which you retouched ends up getting hosed has a high cost, just think of the man hours. While it is true that the mac as a unix box, has defenses to limit the damage like all systems there are vulnerabilities, flaws and events all that create risk. I am a big fan of Virus Barrier, Sophos. I also like F-secure but they are still in Beta so for production systems I would use caution. There is a really good free one, CalmXav, but I have found for ORGS that have large file sets this APP created a massive bottle neck. (Still very good solution and free/shareware and comes with OSX server and handles the Mail server anti virus. I have had success is that case.) Again, no links but suggestions
I love No Script in Firefox, however here are some things to also do. I also like for Safari Click to Flash extension and No Flash for Chrome. I have moved away from Firefox since I found it took too many cycles for my liking.
So with all that said to help out again....
- Make sure in Safari that "Open Safe Files" IS NOT SELECTED.
- Clear your downloads folder.
- If you download and install the rouge program I would including much of what was suggested in other post, out of caution change your passwords for Admin/Users on the Mac.
- If you purchased it your PayPal or credit card is compromised.
- Clear out your Auto Fill information, select other and clear out other forms. For the most security conscious I would also clear out your passwords since that is usually the targets of criminals.
- For Chrome - Select "Clear Auto-Opening" settings in chrome://settings/advanced. (If it is grayed out you never set anything so you are golden. (I would however make sure that Downloads is the default folder, but user choice.)
Also you may be aware of the Crimeware kit is now live which targets Mac OSX and iOS devices. The Weyland-Yutani BOT, named after the evil corporation in the Aliens franchises, targets Firefox and steals form data. What is most interesting is that it can use web injects with little effort from ZeuS and SpyEyE. Users should consider a layered defense and Anti-Virus is part of that layer, like it or not.
So Again, not selling anything. As the platform that I love, as it is clear you do, continues to grow gaining market share so does the risk from events like this. Apple products are on the front burner of criminals no matter what is said.
PLEASE STOP SAYING VIRUS. This is a Trojan app. It does not attach itself or replicate itself, so it is not a virus.
Let's not all of us make ahundred "Oh, I got it too! What do I do?" postings that will cause thisto get blown all out of proportion. SIMPLY READ THE ARTICLE FROM INTEGOSECURITY and skip all the other tabloid headlines.
http://blog.intego.com/2011/05/02/intego-security-memo-macdefender-fake-antiviru s/ (2011 Mac Trojan makes news)
Ifyou read this article, and you keep posting "What do I do??", it simply shows you didn't carry out the steps outlines in the article. This is asimple login app that can be easily removed. If you hadn't typed youradmin password to allow it to install, you wouldn't have this thing.