Currently Being ModeratedMay 9, 2011 12:28 AM (in response to R C-R)
R C-R wrote:
Biggest thing I learned- un-click the "open safe files" check box.
It doesn't matter much if that option is checked in Safari or not. Either way, the malware still ends up in the designated Downloads folder, & until it is installed with an intentional click of Installer.app's "Install" button, it can't do anything more insidious than taking up a tiny amount of HD space.
Personally, I think I might rather have the Installer app launch to let me know right then & there that something I didn't ask for had just been downloaded instead of discovering it later in the Downloads folder & wondering where it came from or maybe confusing it with something I did intentionally download.
You make a good point as regards this threat, but perhaps the next malware outbreak will involve automatically running something far more harmful under the radar. Today I agree with your approach, but I may well change my mind when I find out what's behind the next door that opens.
Currently Being ModeratedMay 9, 2011 2:27 AM (in response to MadMacs0)
MadMacsO Thank you so much!!!
I went through the instalment process by mistake, could not get rid of the MacProtector, just like everybody else. I did manage to trash the "content" folder manually, so it didn't function any more, but still couldn't trash the programme itself, or empty the trash. Once I followed your advice of safe-booting with Shift, it worked out perfectly - trashed and got rid of it.
The downloaded file in my case was anti-malware.zip. I got it from Google images, possibly when I downloaded a programme that allowed me to see 3-d images - it was a museum site, so I foolishly trusted it.
anything else I can do to help?
By the way - I tried to mark your answer as correct, but couldn't find the link for it, which used to be, if I remember at the top of the page. any way I can do that for you?
Currently Being ModeratedMay 9, 2011 6:22 AM (in response to MadMacs0)
You make a good point as regards this threat, but perhaps the next malware outbreak will involve automatically running something far more harmful under the radar.
Security in OS X is complicated, multilevel, & many of the details of how it works are not obvious to users. If you are interested in studying such things, a good place to start is this developer document, but it is lengthy & just an overview. In addition, some parts of some security API's are "opaque," meaning more or less that they are not documented beyond their initial calling requirements & ending states, & may change internally from one OS revision to the next.
Of course, just because it is extremely difficult for malware to do anything without user action or awareness does not mean users should get careless or complacent about these threats. Security is all about trust, & ultimately the OS must trust user decisions or it could not function beyond a very basic level. If you tell it that it is OK to install malware, it will trust your decision & do exactly that.
Currently Being ModeratedMay 9, 2011 8:09 AM (in response to MacJoseph)
Just got the MacProtector virus this morning. I was immediately suspcious - when they wanted a credit card number that was the final tip off!
Went through the procssses others recommended and everything seems fine now.
Currently Being ModeratedMay 9, 2011 11:41 AM (in response to jayv.)
Pr0digy V. wrote:
Could you tell me where you got it as i am trying to find it to research it.
Keep in mind that rogue web pages that appear in search results via SEO poisoning attacks are by nature transitory & may be up for only a few hours. If you really want to "catch" this malware, research SEO attacks & devise search queries that would be likely targets for them.
Currently Being ModeratedMay 9, 2011 1:13 PM (in response to caroltoronto)
I cancelled my credit card. I got this viral application off my computer then called the "MacDefender" 800 number to request my money back. They asked for a transaction number from a confirmation email. I never received an email. They used the first 6 and last 4 of the now cancelled credit card to look up my transaction and state my money will be refunded in 3-5 days. I am doubtful, but wasn't too proud to essentially say, "yes, I'm an idiot but may I have my money back?".
Currently Being ModeratedMay 9, 2011 1:50 PM (in response to suzie.h.kwfl)
Did you ask why you hadn't recieved an email confirmation? Be wary, I wouldn't have given them any numbers from my credit card. I would have called the bank, cancelled all transactions. Have the bank issue me a new one.
Currently Being ModeratedMay 9, 2011 2:24 PM (in response to MacJoseph)
Be wary, I wouldn't have given them any numbers from my credit card. I would have called the bank, cancelled all transactions. Have the bank issue me a new one.
She said she canceled the card so the partial number is fairly innocuous info to give out; however, this makes me wonder what they said about issuing credit & if they asked for any other personal info, such as a mailing address or anything else, in connection with that.
Currently Being ModeratedMay 9, 2011 4:02 PM (in response to MacJoseph)
Joseph and R C-R,
I did cancel the card first. It took me about 45 minutes to realize what I had fallen for and that was my first call.
After removing it from my computer and reading about others calling for a refund I decided to call. I did block my caller ID when I called. They did not ask for snail mail or email info. I clearly stated my name, that I had been duped by the scam and am requesting my money back. There was no argument, no protest - just the request for the transaction number (I still haven't received an email via inbox, junk or spam) or the partial credit card number. Either it's just an appeasement to avoid phone confrontation or I'll get my money back. Supposedly another person on the discussion boards got a refund so it couldn't hurt anything but my pride to ask.
My bank still had the charge listed as pending when I called. I'm hoping it just doesn't go through. You can't imagine how dumb I feel. Lessons learned...
p.s. I got it when opening a confirmation email from a recent online purchase
Message was edited by: suzie.h.kwfl
Currently Being ModeratedMay 11, 2011 10:14 AM (in response to MacJoseph)
What's interesting about this whole ordeal, is that the program was very well written and the design (interface) is very attractive with all the new Mac looks and feels such as pop-up alerts and such. What a waste...
Currently Being ModeratedMay 11, 2011 5:03 PM (in response to Jawk)
does it automatically install the program? or the user manually accept to install it?
If you allow Safari to open "safe" files it will automatically launch the installer, but you must push "Continue" and "Install" before that actual program is installed.
Currently Being ModeratedMay 13, 2011 10:44 PM (in response to MacJoseph)
I was just on MSNBC.com and this same 'Macdefender' virus tried to install on my computer. Luckily I was aware of what was going on and stopped it before it could complete.
I was on the home page of msnbc.com, clicked a link to a story on the main 'top stories' area.
I was on the story page for about 30 seconds reading and my browser redicted and showed an installation bar. I closed the window before it could install, but this was the same thing that happened on Google images a few weeks ago.