Skip navigation

is apple security center safe?

30716 Views 158 Replies Latest reply: May 30, 2011 7:32 PM by babowa RSS Branched to a new discussion.
1 2 3 ... 11 Previous Next
Keith Jones5 Calculating status...
Currently Being Moderated
May 9, 2011 5:07 PM

We are getting a screen indicating that there are 71 items that need attention as part of an Apple Security Alert. The screen indicates that it is part of Apple Security Center. It asks to click ok to remove the offending objects (virus, malware). Is this legitimate apple software or will it introduce a virus?

iMac, Mac OS X (10.6.7)
  • Csound1 Level 7 Level 7 (32,250 points)
    Currently Being Moderated
    May 9, 2011 5:09 PM (in response to Keith Jones5)

    STOP!

     

    Post a screenshot please

  • Kappy Level 10 Level 10 (220,950 points)
    Currently Being Moderated
    May 9, 2011 5:18 PM (in response to Keith Jones5)

    There is no such animal as the "Apple Security Center."  If this is from a website link then ignore it.

  • ds store Level 7 Level 7 (30,305 points)
    Currently Being Moderated
    May 9, 2011 5:23 PM (in response to Keith Jones5)

    You got trojaned, don't install, run or give your credit card to anything.

     

    It's a variant of the MacDefender, MacSecurity malware floating around different parts of the Internet.

     

     

    You can download the free ClamXav to remove it. If it's new, a update will be out shortly.

     

    http://www.clamxav.com/

     

     

    If you have a link to it, please email it to and explain how it did it (clicked a link?)

     

    macdefendertrojan@mailinator.net

     

     

    This email is for this express purpose, it's for Linc Davis who will send it off to the ClamXav people too.

  • Kappy Level 10 Level 10 (220,950 points)
    Currently Being Moderated
    May 9, 2011 5:31 PM (in response to Kappy)

    If a trojan as ds store suggests then see:

     

    Trojan War

     

    If you discover a trojan program is running on your computer then look to the following information for assistance:

     

    1. A recent discussion on the Apple Support Communities: MacDefender Trojan.

    2. An excellent site devoted to Mac Malware: Macintosh Virus Guide

    3. Another site for removing MacDefende, et.al.: MAC Defender Rogue Anti-Virus analysis and Removal

     

    Removing strange software can be a task.  The following outlines various ways of uninstalling software:

     

    Uninstalling Software: The Basics

     

    Most OS X applications are completely self-contained "packages" that can be uninstalled by simply dragging the application to the Trash.  Applications may create preference files that are stored in the /Home/Library/Preferences/ folder.  Although they do nothing once you delete the associated application, they do take up some disk space.  If you want you can look for them in the above location and delete them, too.

     

    Some applications may install an uninstaller program that can be used to remove the application.  In some cases the uninstaller may be part of the application's installer, and is invoked by clicking on a Customize button that will appear during the install process.

     

    Some applications may install components in the /Home/Library/Applications Support/ folder.  You can also check there to see if the application has created a folder.  You can also delete the folder that's in the Applications Support folder.  Again, they don't do anything but take up disk space once the application is trashed.

     

    Some applications may install a Startup item or a Log In item.  Startup items are usually installed in the /Library/StartupItems/ folder and less often in the /Home/Library/StartupItems/ folder.  Log In Items are set in the Accounts preferences.  Open System Preferences, click on the Accounts icon, then click on the LogIn Items tab.  Locate the item in the list for the application you want to remove and click on the Delete [-] button to delete it from the list.

     

    Some software use startup daemons or agents that are a new feature of the OS.  Look for them in /Library/LaunchAgents/ and /Library/LaunchDaemons/ or in /Home/Library/LaunchAgents/.

     

    If an application installs any other files the best way to track them down is to do a Finder search using the application name or the developer name as the search term.  Unfortunately Spotlight will not look in certain folders by default.  You can modify Spotlight's behavior or use a third-party search utility, Easy Find, instead.  Download Easy Find at VersionTracker or MacUpdate.

     

    Some applications install a receipt in the /Library/Receipts/ folder.  Usually with the same name as the program or the developer.  The item generally has a ".pkg" extension.  Be sure you also delete this item as some programs use it to determine if it's already installed.

     

    There are many utilities that can uninstall applications.  Note that you must have this software installed before you install software you may need to uninstall.  Uninstallers won't work if you install them after the fact.  Here is a selection:

     

    AppZapper

    Automaton

    Hazel

    CleanApp

    Yank

    SuperPop

    Uninstaller

    Spring Cleaning

     

    Look for them and others at VersionTracker or MacUpdate.

     

    For more information visit The XLab FAQs and read the FAQs on removing software and dealing with spyware and malware.

     

    After removing all the components of the software you may have to restart the computer to fully disable the software.  This will be the case when removing software that has installed a daemon.  After the daemon has been removed you need to restart the computer to stop the daemon.  Alternatively, you can kill the daemon process using the Terminal application or Activity Monitor.

  • ajcharlesmd Calculating status...
    Currently Being Moderated
    May 9, 2011 6:40 PM (in response to Keith Jones5)

    here is the address of the link that connected to me, telling me i had 71 infected files, asking me to click the mac installer to clean them. i threw it in the trash! do i need to do anything else?

     

    :

    < Edited by Host >

  • Kappy Level 10 Level 10 (220,950 points)
    Currently Being Moderated
    May 9, 2011 6:39 PM (in response to ajcharlesmd)

    Ds store asked that you email the link to him, not post it here.  He gave you an email address just above your post.

     

    Please re-read the Terms of User presented to you when you joined.  Specifically, you should never post links to websites, especially suspicious ones.

  • ajcharlesmd Level 1 Level 1 (0 points)
    Currently Being Moderated
    May 9, 2011 6:48 PM (in response to Kappy)

    sorry bout that. way too tired. won't do that again.

  • Kappy Level 10 Level 10 (220,950 points)
    Currently Being Moderated
    May 9, 2011 6:52 PM (in response to ajcharlesmd)

    Been taken care of already.

  • ds store Level 7 Level 7 (30,305 points)
    Currently Being Moderated
    May 9, 2011 6:58 PM (in response to Kappy)

    Just email it to Linc Davis at the email address above, "attention malware" 

  • rorita Calculating status...
    Currently Being Moderated
    May 9, 2011 7:09 PM (in response to Keith Jones5)

    I have this thing popping up too, grrrrr.

  • Linc Davis Level 10 Level 10 (107,400 points)
    Currently Being Moderated
    May 9, 2011 7:48 PM (in response to Keith Jones5)

    I received a link to the trojan. It's the same dude, still operating out of 69.50.201.198. Here's his latest screen:

     

    trojan.jpg

    The archive name is "anti-malware.zip" and it expands to "MacProtector.mpkg." The current version of clamav recognizes both files, as well as the installed trojan. I don't use ClamXav myself, but presumably it will recognize them too. Use it to delete.

     

    He's processing payments through the domain "mac-defence.com." Network admins, please firewall. I've already gotten him booted from one anonymous registrar in Australia; now he's using another one. Others may wish to pick up the torch on that issue.

     

    By the way, the Mailinator mailbox is accessible to anyone who knows how to use that site. No password needed. Anyone with appropriate experience, feel free to use it.

  • rorita Level 1 Level 1 (0 points)
    Currently Being Moderated
    May 9, 2011 9:26 PM (in response to Linc Davis)

    I had that apple security center thing pop up twice today.  I downloaded ClamXav and ran it (took about an hour and a half to scan the whole computer) and it didn't find anything.  Should I just leave it at that or dig further?  I never clicked on any of the links on the "apple security center" page.

  • Linc Davis Level 10 Level 10 (107,400 points)
    Currently Being Moderated
    May 9, 2011 9:30 PM (in response to rorita)

    Merely visiting the rogue site doesn't compromise your Mac. As long as you don't install anything, you're fine.

  • mim_aus Calculating status...
    Currently Being Moderated
    May 9, 2011 10:22 PM (in response to Keith Jones5)

    hi, i have inadvertantly installed this earlier today, thought i was doing my parents a fav by finishing a partly completed download, ooops. i foollowed the advice on another one of these forums for deleting it from the 3 or 4 other places on the computer. i can not see it running at the moment. how do i know its really gone? i havent had any more of those pesky **** sites pop up but i do internet banking on this and just want to be sure. the apple care lady said it probably got in from a picture dad had downloaded off the google but we have intego virus barrier x6 so why didnt it get picked up? also i have an iphone and an ipad2, is ther the risk i will have that on them when i surf the web and how will i know.

     

    im not that clued up on computers.

     

    appreciate any help

    thanks

     

    mac os x 10.6.7

1 2 3 ... 11 Previous Next

Actions

More Like This

  • Retrieving data ...

Bookmarked By (2)

Legend

  • This solved my question - 10 points
  • This helped me - 5 points
This site contains user submitted content, comments and opinions and is for informational purposes only. Apple disclaims any and all liability for the acts, omissions and conduct of any third parties in connection with or related to your use of the site. All postings and use of the content on this site are subject to the Apple Support Communities Terms of Use.