anne e

Q: Mac Defender

Mac Defender has appeared in my iMac (OS X 10.6.7)

I tried to remove it by dragging the program to the trash from the applications folder, but I cant because the program is open.

The program is pretending to be an antivirus program send $$, obviously a scam.

I re-started but I cat stop it from loading.

 

There is very little info on this program out there (MacDefender.app)

 

Any ideas?

iMac, Mac OS X (10.6.7)

Posted on Apr 30, 2011 8:41 AM

Close

Q: Mac Defender

  • All replies
  • Helpful answers

first Previous Page 10 of 12 last Next
  • by Mark H. Delfs,

    Mark H. Delfs Mark H. Delfs May 19, 2011 6:53 AM in response to MadMacs0
    Level 2 (265 points)
    May 19, 2011 6:53 AM in response to MadMacs0

    FYI: Here's what "MacDefenderKiller" actually does:

     

    First, it will look for the running process called "MacProtector, MacDefender or MacSecurity" and it will kill it by identifying the process number.

     

    Secondly, it will then look for those same 3 items in your apps folder and remove them.

     

    Third, it will remove any item in your downloads folder with the above names, even the installers or packages.

     

    Lastly, it patches Safari's "Safe File" preference (which you can change back if you desire) so the malware can't come back in again. I would just use Google Chrome or Firefox, but that's a discussion for another day...

     

    It puts all the malware junk in the trash for you to investigate and writes a report for you to see what actually happened.

  • by UK_Mac_User,

    UK_Mac_User UK_Mac_User May 20, 2011 6:18 AM in response to Ziatron
    Level 1 (0 points)
    May 20, 2011 6:18 AM in response to Ziatron

    @ Ziatron

     

    I started out on Macs a year after you - 1985.  Sadly, I can report that there were some Mac virii (viruses) up to and including OS9.  After OS10, as far as I know, none, apart from some proof of concept stuff.

     

    Think about the logic that the bad-guys, in my book the e-vermin, are now applying:

     

    1. Windows has always been vulnerable, but so have Macs, Linux...... BUT

    2. Windows = 85%-90% of the target audience...... SO

    3. Target Windows...... BUT

    4. Windows 7 plugs most vulnerabilities, and patches for other incarnations mean Windows grows ever harder to attack...... HOWEVER

    5. Mac users are complacent..... SO

    6. Target Macs with updated Windows trojans......  REPEAT

     

    The battle has only just begun.  It is time that Apple educates customers about using non-Admin log-ins for day to day work, and to only log-in as Admin for essential upgrades and maintenance.  This is, after all, a key strength of the Unix structure within OS10.

     

    What I would now like to see is an installation procedure that forces the set-up of 2 users, [Admin] and [Name] with entirely different passwords.  This could be implemented within 10.7 final release.

  • by Dolphbucs,

    Dolphbucs Dolphbucs May 20, 2011 3:38 PM in response to UK_Mac_User
    Level 1 (55 points)
    May 20, 2011 3:38 PM in response to UK_Mac_User

    UK_Mac_User wrote:

     

    What I would now like to see is an installation procedure that forces the set-up of 2 users, [Admin] and [Name] with entirely different passwords.  This could be implemented within 10.7 final release.


    If they could add that along with changing the "open safe files" default ( or even eliminate the option entirely ... does anyone really need it ? ) that would be great !

  • by iGary,

    iGary iGary May 20, 2011 4:41 PM in response to UK_Mac_User
    Level 4 (1,577 points)
    Servers Enterprise
    May 20, 2011 4:41 PM in response to UK_Mac_User

    I use Standard accounts as much as possible and try to convince users to do the same.

     

    It is frustrating however when along comes some app that won't run under a non-admin account! Some developers also need to get on board.

  • by R C-R,

    R C-R R C-R May 21, 2011 2:07 AM in response to iGary
    Level 6 (17,690 points)
    May 21, 2011 2:07 AM in response to iGary

    Do note that this trojan requires admin authentication to be installed, even if one is logged into an admin account. Plus, once installed it runs as a user process.

  • by erinfromwadsworth,

    erinfromwadsworth erinfromwadsworth May 21, 2011 10:35 AM in response to anne e
    Level 1 (0 points)
    May 21, 2011 10:35 AM in response to anne e

    Hello all!  I was just lewered by the MAC defender, but it was too late...cc entered.  I think I have cleaned it out.  I checked all the folers and nothing, nothing in apps. activity monitor hd,e tc.  my ?? is what do I do with the acct that i used to purchase?  how dangerous is this virus?  i dont want to have to re do all my accts, because of this jerk...who the company name I got was maritop out of AZ, of course there is no phones asssociated with this business.  I am soo mad I did this!  so should I change my pw?  and/or what else do i need to do! 

  • by Paul_31,

    Paul_31 Paul_31 May 21, 2011 11:03 AM in response to erinfromwadsworth
    Level 6 (13,925 points)
    May 21, 2011 11:03 AM in response to erinfromwadsworth

    HI Erin

     

    First thing is to contact your bank and put a stop on your card and the transaction. They'll issue you a new card and hopefully stop the payment to the thieving *****.

    Don't worry you haven't got a virus, for instructions on how to remove the malware have a look here: http://www.tuaw.com/2011/05/19/macdefender-malware-protection-and-removal-guide/ #continued

    Fortunately the malware won't hurt your Mac, just your bank account (get in touch quick and you'll be fine, I'm sure)

     

    I'd also recommend you change your admin password. Good luck.

  • by erinfromwadsworth,

    erinfromwadsworth erinfromwadsworth May 21, 2011 11:08 AM in response to Paul_31
    Level 1 (0 points)
    May 21, 2011 11:08 AM in response to Paul_31

    thx changed pw!  I also saw at items that open was a macprotector item listed, i dont know what that is so i trashed it.  I also installed sophos as it is free.

  • by Paul_31,

    Paul_31 Paul_31 May 21, 2011 11:24 AM in response to erinfromwadsworth
    Level 6 (13,925 points)
    May 21, 2011 11:24 AM in response to erinfromwadsworth

    Good that you changed the password but rather than just delete the things you can see in startup items and elsewhere you really need to follow the instructions in the link I gave to remove everything otherwise the thing is likely to keep re-appearing. Don't forget to call your bank .

  • by madbutok,

    madbutok madbutok May 21, 2011 11:40 AM in response to anne e
    Level 1 (0 points)
    May 21, 2011 11:40 AM in response to anne e

           To Anne e & others,

     

    If you have gotten a MacDefender Protect & can't get rid of it then go to .

     

    support@zeobit.com & follow along with the email they send you.

     

    Mine is gone from just doing this. Good Luck to you all where ever you are.

     

                                                        madbutok

  • by babowa,

    babowa babowa May 21, 2011 2:50 PM in response to madbutok
    Level 7 (32,222 points)
    iPad
    May 21, 2011 2:50 PM in response to madbutok

    Well, rather than using the link you provided, I just googled 'zeobit' and was met with an "untrusted site" warning. I will not be going there; their offices are in the Ukraine.

     

    Before sending others there, please read this discussion:

     

    https://discussions.apple.com/thread/3018826

     

    You can also do a search here for MacKeeper and find all sorts of recommendations against it.

  • by WZZZ,

    WZZZ WZZZ May 21, 2011 3:09 PM in response to babowa
    Level 6 (13,112 points)
    Mac OS X
    May 21, 2011 3:09 PM in response to babowa

    I would stay away from it too, but

     

    Screen shot 2011-05-21 at 6.01.22 PM.png

     

    Screen shot 2011-05-21 at 6.07.21 PM.png

     

    What gave you the "untrusted site warning?" I'm not getting anything from either Firefox or WOT when I go there.

  • by babowa,

    babowa babowa May 21, 2011 3:22 PM in response to WZZZ
    Level 7 (32,222 points)
    iPad
    May 21, 2011 3:22 PM in response to WZZZ

    Here's a screenshot - looks red to me:

     

    Screen Shot 2011-05-21 at 3.20.25 PM.png

     

    (also Firefox and WOT)

  • by WZZZ,

    WZZZ WZZZ May 21, 2011 3:33 PM in response to babowa
    Level 6 (13,112 points)
    Mac OS X
    May 21, 2011 3:33 PM in response to babowa

    Very weird. No matter how I search for it, I can't get that.Screen shot 2011-05-21 at 6.29.11 PM.png

  • by laverne's mom,

    laverne's mom laverne's mom May 21, 2011 3:37 PM in response to WZZZ
    Level 2 (395 points)
    May 21, 2011 3:37 PM in response to WZZZ

    I don't know how to insert a screen shot, but I've been reading this thread and when I "google" zeobit.com I get some red and some green buttons from WOT on Firefox.  Very confusing.

     

    laverne's mom

first Previous Page 10 of 12 last Next