Skip navigation

Heads Up/Warning Mac Defender

41674 Views 190 Replies Latest reply: Aug 17, 2012 7:46 AM by chepin RSS Branched to a new discussion.
  • MadMacs0 Level 4 Level 4 (3,320 points)
    Currently Being Moderated
    May 9, 2011 12:28 AM (in response to R C-R)

    R C-R wrote:

     

    OBRA3 wrote:

    Biggest thing I learned- un-click the "open safe files" check box.

    It doesn't matter much if that option is checked in Safari or not. Either way, the malware still ends up in the designated Downloads folder, & until it is installed with an intentional click of Installer.app's "Install" button, it can't do anything more insidious than taking up a tiny amount of HD space.

     

    Personally, I think I might rather have the Installer app launch to let me know right then & there that something I didn't ask for had just been downloaded instead of discovering it later in the Downloads folder & wondering where it came from or maybe confusing it with something I did intentionally download.

    You make a good point as regards this threat, but perhaps the next malware outbreak will involve automatically running something far more harmful under the radar.  Today I agree with your approach, but I may well change my mind when I find out what's behind the next door that opens.

  • ruth gabrieli Calculating status...
    Currently Being Moderated
    May 9, 2011 2:27 AM (in response to MadMacs0)

    MadMacsO Thank you so much!!!

     

    I went through the instalment process by mistake, could not get rid of the MacProtector, just like everybody else. I did manage to trash the "content" folder manually, so it didn't function any more, but still couldn't trash the programme itself, or empty the trash. Once I followed your advice of safe-booting with Shift, it worked out perfectly - trashed and got rid of it.

     

    The downloaded file in my case was anti-malware.zip. I got it from Google images, possibly when I downloaded a programme that allowed me to see 3-d images - it was a museum site, so I foolishly trusted it.

     

    anything else I can do to help?

     

    By the way - I tried to mark your answer as correct, but couldn't find the link for it, which used to be, if I remember at the top of the page. any way I can do that for you?

  • R C-R Level 6 Level 6 (13,780 points)
    Currently Being Moderated
    May 9, 2011 6:22 AM (in response to MadMacs0)

    MadMacs0 wrote:

    You make a good point as regards this threat, but perhaps the next malware outbreak will involve automatically running something far more harmful under the radar.

    It is a lot harder for malware to do anything harmful surreptitiously in OS X than you might think, especially if you are running Snow Leopard. For example, the OS limits what Javascript can do, even if it is enabled & not restricted by browser additions. File quarantine restricts what downloaded executable files can do without authentication by users, even for admin accounts.

     

    Security in OS X is complicated, multilevel, & many of the details of how it works are not obvious to users. If you are interested in studying such things, a good place to start is this developer document, but it is lengthy & just an overview. In addition, some parts of some security API's are "opaque," meaning more or less that they are not documented beyond their initial calling requirements & ending states, & may change internally from one OS revision to the next.

     

    Of course, just because it is extremely difficult for malware to do anything without user action or awareness does not mean users should get careless or complacent about these threats. Security is all about trust, & ultimately the OS must trust user decisions or it could not function beyond a very basic level. If you tell it that it is OK to install malware, it will trust your decision & do exactly that.

  • paladeac Calculating status...
    Currently Being Moderated
    May 9, 2011 8:09 AM (in response to MacJoseph)

    Just got the MacProtector virus this morning. I was immediately suspcious - when they wanted a credit card number that was the final tip off!

     

    Went through the procssses others recommended and everything seems fine now.

  • jayv. Level 4 Level 4 (1,230 points)
    Currently Being Moderated
    May 9, 2011 9:38 AM (in response to paladeac)

    Hi Paladeac,

    Could you tell me where you got it as i am trying to find it to research it.

  • R C-R Level 6 Level 6 (13,780 points)
    Currently Being Moderated
    May 9, 2011 11:41 AM (in response to jayv.)

    Pr0digy V. wrote:

     

    Hi Paladeac,

    Could you tell me where you got it as i am trying to find it to research it.

    Keep in mind that rogue web pages that appear in search results via SEO poisoning attacks are by nature transitory & may be up for only a few hours. If you really want to "catch" this malware, research SEO attacks & devise search queries that would be likely targets for them.

  • paladeac Level 1 Level 1 (0 points)
    Currently Being Moderated
    May 9, 2011 12:31 PM (in response to jayv.)

    I have no idea.

     

    I'm not sure I'd even googled anything this morning before it popped up.

  • suzie.h.kwfl Calculating status...
    Currently Being Moderated
    May 9, 2011 1:13 PM (in response to caroltoronto)

    I cancelled my credit card.  I got this viral application off my computer then called the "MacDefender" 800 number to request my money back.  They asked for a transaction number from a confirmation email.  I never received an email.  They used the first 6 and last 4 of the now cancelled credit card to look up my transaction and state my money will be refunded in 3-5 days.  I am doubtful, but wasn't too proud to essentially say, "yes, I'm an idiot but may I have my money back?".

  • R C-R Level 6 Level 6 (13,780 points)
    Currently Being Moderated
    May 9, 2011 2:24 PM (in response to MacJoseph)

    MacJoseph wrote:

    Be wary, I wouldn't have given them any numbers from my credit card. I would have called the bank, cancelled all transactions. Have the bank issue me a new one.

    She said she canceled the card so the partial number is fairly innocuous info to give out; however, this makes me wonder what they said about issuing credit & if they asked for any other personal info, such as a mailing address or anything else, in connection with that.

  • suzie.h.kwfl Level 1 Level 1 (0 points)
    Currently Being Moderated
    May 9, 2011 4:02 PM (in response to MacJoseph)

    Joseph and R C-R,

     

    I did cancel the card first.  It took me about 45 minutes to realize what I had fallen for and that was my first call.

     

    After removing it from my computer and reading about others calling for a refund I decided to call.  I did block my caller ID when I called.  They did not ask for snail mail or email info.  I clearly stated my name, that I had been duped by the scam and am requesting my money back.  There was no argument, no protest - just the request for the transaction number (I still haven't received an email via inbox, junk or spam) or the partial credit card number.  Either it's just an appeasement to avoid phone confrontation or I'll get my money back.  Supposedly another person on the discussion boards got a refund so it couldn't hurt anything but my pride to ask.

     

    My bank still had the charge listed as pending when I called.  I'm hoping it just doesn't go through.  You can't imagine how dumb I feel.  Lessons learned...

     

    Suzie

     

    p.s. I got it when opening a confirmation email from a recent online purchase

     

    Message was edited by: suzie.h.kwfl

  • wei Level 2 Level 2 (225 points)
    Currently Being Moderated
    May 11, 2011 10:14 AM (in response to MacJoseph)

    What's interesting about this whole ordeal, is that the program was very well written and the design (interface) is very attractive with all the new Mac looks and feels such as pop-up alerts and such. What a waste...

  • Jawk Calculating status...
    Currently Being Moderated
    May 11, 2011 4:37 PM (in response to MacJoseph)

    does it automatically install the program? or the user manually accept to install it?

  • MadMacs0 Level 4 Level 4 (3,320 points)
    Currently Being Moderated
    May 11, 2011 5:03 PM (in response to Jawk)

    Jawk wrote:

     

    does it automatically install the program? or the user manually accept to install it?

    If you allow Safari to open "safe" files it will automatically launch the installer, but you must push "Continue" and "Install" before that actual program is installed.

  • drbdsgn Calculating status...
    Currently Being Moderated
    May 13, 2011 10:44 PM (in response to MacJoseph)

    I was just on MSNBC.com and this same 'Macdefender' virus tried to install on my computer. Luckily I was aware of what was going on and stopped it before it could complete.

     

    I was on the home page of msnbc.com, clicked a link to a story on the main 'top stories' area.

    I was on the story page for about 30 seconds reading and my browser redicted and showed an installation bar. I closed the window before it could install, but this was the same thing that happened on Google images a few weeks ago.

1 ... 5 6 7 8 9 ... 13 Previous Next

Actions

More Like This

  • Retrieving data ...

Bookmarked By (2)

Legend

  • This solved my question - 10 points
  • This helped me - 5 points
This site contains user submitted content, comments and opinions and is for informational purposes only. Apple disclaims any and all liability for the acts, omissions and conduct of any third parties in connection with or related to your use of the site. All postings and use of the content on this site are subject to the Apple Support Communities Terms of Use.