Mac Defender

And the reason for the failure?

I'm not sure. I didn't look into the Console logs.

It seemed to me that it is a poorly written installer and is not able to gain access to /Applications, even after being supplied admin credentials.

I just did this and it worked to get rid of it. Such an annoying bug. Also called MacProtector. So look out for both.

I seem to remember hearing somewhere ( I believe it was on a Tech Podcast ) that one of the advantages of a Unix based system is that permissions can only be elevated one level ( ie Standard to Admin or Admin to root but NOT Standard to Root ). If this is true, could it not be that the installer is looking for Root permission to install some file ? If that were the case it would explain why someone logged in as standard ( as opposed to Admin )would have the installer not succeed. The above argument was used, I believe, to illustrate the benefit of running as a standard user whenever possible ( a practice that, for some reason, very few seem to want to follow even after hearing about cases such as this )

When the installer runs, it asks for an admin name & password. If a user supplies that then the install runs with admin permissions, elevated to root as needed.

This has nothing directly to do with this malware. Any installer package that uses Apple's Installer.app & is programmed to install anything anywhere that requires admin or greater privileges will do the same thing. The request for admin authentication comes from Installer.app, not the package it is installing.

Then why is it that some apps, like Final Cut Express, need to be installed from within an admin acct ? I thought it uses the installer.app ... maybe I'm wrong ?

Some app packages are programmed to allow installation only from admin accounts, or only over certain versions of the OS, or with other restrictions. This is done with scripts included in the package by the app's developer. Installer.app reads the scripts & executes them, subject to the limits it & the OS place on what the scripts are allowed to do.

It's flexible & secure … as long as the user isn't careless or tricked into doing something ill advised..

Ahhh, thanks for clearing that up. Come to think of it, I believe that podcast was talking about Unix in general .... not OS X specifically and definitely they did NOT mention Installer.app.

WHERE DO I FIND ACTIVITY MONITOR?

I tried removing to trash, but I got a message from finder that I couldn't trash because it was open. I can't shut it down...as there is not a close.

Don't bother with Activity Monitor. Start up the computer in safe mode by rebooting and holding down the Shift key when you hear the chime. Keep holding it until the Apple logo shows on the display. Then you can empty the Trash. Also open the Accounts preference pane and delete any login items you don't recognize. Finally, reboot again as usual (without holding the Shift key.) That will get rid of it.

For your information, you can launch applications by typing the first few letters of their name in the Spotlight text box, under the magnifying glass on the right side of the menu bar. You don't have to hunt for them in the Applications folder.

Ok, I am really new and don't know how to go to my library or activity monitor. HORRIBLE websites are popping up on my computer.

Please! Would someone type out instructions from the beginning. I can't allow my children on here until this is off completely.

Thank you in advance for your time!!!

I don't understand. The scam software requires admin password to install. From what I've seen it can't just install by itself. It downloaded the zip on my Mac but I never installed it so just deleted it.

In response to karelshades:

First, restart in Safe Boot by holding the Shift key down at the chime. Or, alternatively, open Activity Monitor in Utilities, set to Active Processes, find the program and force quit it. This will keep it from running, so you can remove it.

1. Drag the MacSecurity program -- or whatever it's called, MAC Defender, MacProtector (installed in the Applications folder by default) to the Trash. Empty the Trash.

2. Remove item of same name from the Login Items for your Account in the OS X System Preferences (if it exists).

3. Go to your Home folder Library>Preferences and Application Support (may not be one there) and search for any files with one of the above names and trash them. Empty the trash.

4. If you use Safari, go to Preferences>General and UNCHECK "Open "safe" files after downloading. Keep that unchecked.

If you paid for it, they have your credit card #. Call your credit card and dispute the charges. Also, cancel the card ASAP.

As a precaution, change your password.

If you don't feel comfortable with any of that, then one option is to download the free demo of MacScan. Be sure to run any updates.

http://macscan.securemac.com/

http://www.securemac.com/MAC-Defender-Rouge-Anti-Virus-Analysis-Removal.php

ou may a trojan called Mac Defender / Protector / Security

Check you downloads folder and apps folder to see if it is there If you not find it

-If go to safari, preferences, general, deselect - open all safe downloads ( may not be exact wording)

If you find it go to DO NOT SIGN UP or GIVE CREDIT CARD INFO....

Go to acitivity monitor in ultilies - quit the program.

trash it from downloads, app folder, remove for Login Item in accouns (sys. pref)

Boot into safe mode - hold the option key down and when you restart the mac

look at these locations to see if remains.... if found try removing them again

Uncheck the safari pref as above

I advise getting security software or wait for Apple to come up with a security fix