Heads Up/Warning Mac Defender

Question

Level 3

598 points

Heads Up/Warning Mac Defender

Just as a heads up and warning, there hsa been two incidents in the last hour or so where users are being redirected and Mac Defender seems to have downloaded itself claiming a virus has been detected. This is a trojan and should be deleted immediately. If you feel you need protection perhaps installing ClamXavwould be an option. Be careful where your surfing in the Interwebs. Any information you can provide if you encounter this problem would be greatly appreciated, info such as the browser you're using and the website that is redirecting you.

Regards,

Joseph

MacBook Pro, Mac OS X (10.6.7), 2011 MBP 15" 2.0Ghz 4GB RAM

Posted on Apr 30, 2011 10:24 AM

Reply

Answer 1

Best reply

aatyler

Level 1

5 points

Apr 30, 2011 11:37 AM in response to MacJoseph

This just happened to us too. What is ClamXav?

Reply

Answer 2

MacJoseph Author

Level 3

598 points

Apr 30, 2011 11:47 AM in response to aatyler

Tyler

ClamXav is an open source anti-virus program recommended for Mac users who feel thay need some protection from malware/viruses. It is free to use. Can you tell us perhaps what site redirected you to download Mac Defender? and the browser you're using. This issue is said to be a Trojan and should be deleted immediately. Ceck in your application folder for Mac Defender and move it to the trash. You may also want to search in spotlight or in finder for associated files. Also look in sys preferences. accounts, login items and remove anything associated wiht Mac Defender by highlighting and hitting the minus sign.

Joseph

Reply

Answer 3

Apr 30, 2011 12:16 PM in response to MacJoseph

Hi joseph,

I just installed Macdefender after it said my macbook is infected with a bunch of virus and I even paid for it ($99)! I saw all the warnings and got panicky about it and just used my credit card to pay for it!

What is MacDefender anyways?! I suppose now it's too late to get my money back?! Should i uninstall it?

Does that mean i should never install anti-virus program on my macbook?!

Thanks!

Carol

Reply

Answer 4

Apr 30, 2011 12:17 PM in response to MacJoseph

P.s. I was googling Piranha images when it happened.

Reply

Answer 5

MacJoseph Author

Level 3

598 points

Apr 30, 2011 12:44 PM in response to caroltoronto

Carol

MacDefender is security software. You don't need it. If you want, and it will give you peace of mind you can get ClamXav. It is free to use and has been around a long time. I would unistall it, and if you feel you need some virus protection use ClanXav. Some people will tell you you don't need AV programs for Macs because there are no viruses for Macs. But you have the option. About getting your money back, is there any contact info? Did you get a receipt emailed to you. Because it was malicious the way you were panicked into purchasing the software. I would contact them. You can also open a thread here in the MBP forum and relate what you told me and someone with more experience than me will advise you. Another member of the forums ds store is looking into this. Does MacDefender have an uniinstall utility? If it does run it. If not open Activity Monitor and look for the MacDefender process and kill it, then go to your applications fold and drag MacDefender to the trash. Don't delete your trash until you've restarted your computer. I would also go to sysem preferences and go to accounts and check your login items and remove anything related to MacDefender. You may want to do a search in Spotlight and in the finder for MacDefender in case there are related files. Hope this helps.

Regards,

Joseph

Reply

Answer 6

arkling

Level 1

25 points

Apr 30, 2011 5:23 PM in response to MacJoseph

I just spent a fair amount of time cleaning up and locking down my mothers computer after she got maliciously tricked into installing Mac Defender. I find their practice deceptive, dishonest and I'd be happy if Apple released a security release that uninstalled the Mac Defender app. Even if Mac Defender is a legit app, and was the best protection against viruses/malware I'd still wish for them to be shut down just based on their interest in using deception to push their product out.

Reply

Answer 7

MacJoseph Author

Level 3

598 points

Apr 30, 2011 6:19 PM in response to arkling

Arkling

I agree with you 100% it was so strange all the people who got hit with this today. I'm glad some came to the forums with it, and I'm concerned about those that perhaps did not. I'm hoping one of the forum members with much more experience and knowledge about these kinds of malicious attacks can maybe bring it to Apple's attention. I will try to make Apple aware. Perhaps others like yourself can do the same. I'm sorry your mother's computer was one of those that got hit with this. I spend a lot of time looking at Mac software and I've never heard of MacDefender until today. I know this application has nothing to do with Apple, nor would Apple ever endorse it, or the practice of the malicous intrusion caused by such applications.

Regards,

Joseph

Reply

Answer 8

Apr 30, 2011 6:24 PM in response to MacJoseph

Yeah we got hit this AM, just got the macbook so thought it was a program that came with computer. But looked fishy.

We were looking at Google Images "Mediterreanean Landscape". Caroltoronto was looking at Google Images of Piranha. So maybe Google Images is the link????

Thanks

Reply

Answer 9

MacJoseph Author

Level 3

598 points

Apr 30, 2011 6:31 PM in response to xraytahoe

Tahoe

Thanks for replying, the more people who reply perhaps it will help in making Apple aware. Seems a lot of folks were searching images when this malicious intrusion happened. As I said earlier, I'm hoping someone in the forums wiht more experience, knowledge and authority can perhaps make Apple aware of this, and as Arkling suggested maybe there should be some kind of secuirty update. Thanks again and sorry you had to experience this.

Regards,

Joseph

Reply

Answer 10

ds store

Level 7

30,705 points

Apr 30, 2011 6:50 PM in response to caroltoronto

caroltoronto wrote:

Hi joseph,

I just installed Macdefender after it said my macbook is infected with a bunch of virus and I even paid for it ($99)! I saw all the warnings and got panicky about it and just used my credit card to pay for it!

What is MacDefender anyways?! I suppose now it's too late to get my money back?! Should i uninstall it?

Does that mean i should never install anti-virus program on my macbook?!

Thanks!

Carol

Call your credit card company, a number is on the back of the card, freeze the card and report any tranactions to be traced for criminal investigation. File a police report, get a copy for your records if they give it. It's a time stamp proof.

Reply

Answer 11

Apr 30, 2011 6:58 PM in response to MacJoseph

Hey Joseph,

Thanks for all the info and suggestions. I have uninstall Mac defender just now, and restore the system using my Time Machine backup.

I also called the 'customer service' of Mac Defender to ask for a refund. The lady who answered my call just asked for my email and the purchase number. And then said she'd refund the money in the next few days ... it was strangely smooth and she didn't even ask why i needed the refund. Even more strange, right when I called her, I had my online banking account pulled up on my screen and the same amount was already put back into my account *before* i started talking to her ...

Another thing is i still haven't received any email notification about my purchase from Mac Defender ... which is really strange because I normally receive something for every online transaction ...

I hope having my $$$ back is the end of this whole experience...

Reply

Answer 12

ds store

Level 7

30,705 points

Apr 30, 2011 7:18 PM in response to caroltoronto

caroltoronto wrote:

Hey Joseph,

Thanks for all the info and suggestions

<snip>

I hope having my $$$ back is the end of this whole experience...

Call your credit card company, freeze the card. You can get a new one in a few days, no big deal.

Hold C and boot from your OS X installer disk and Disk Utility Erase with Zero the hard drive, then install OS X fresh and restore from Time Machine.

The Installer disk is write protected. TimeMachine drive isn't. Don't hook up Time Machine to a possibly infected computer.

Reply

Answer 13

MacJoseph Author

Level 3

598 points

Apr 30, 2011 7:27 PM in response to caroltoronto

Carol

Glad to hear you're getting a refund, and things are working out for you. Glad you did a reinstall. Hope everything is running smoothly on your MBP. Hope this will put an end to this whole eperience too. Thank you for updating us.

Joseph

Reply

Answer 14

May 1, 2011 1:54 AM in response to MacJoseph

Hi, just want to let you no that it's not me (MacDefender.org) who released/wrote this app. Heard of it today for the first time a I have lot's of complains and bad mails in my inbox. Not sure if someone used my name just because it's a good name for a possible av tool or to directly hit me. So anyone seeing an app with such a name do now load/install it. If you already have this app please check your Mac with ClamXav and/or MacScan as already written above.

Reply

Answer 15

arkling

Level 1

25 points

May 1, 2011 7:00 AM in response to MacJoseph

I really wish we could run OS X virtualized, I'm trying to determine if this Mac defender program installs any extra daemons/background-services. I'm worried that even with the Mac defender app removed, that perhaps they still have a key-logger installed or some other nastiness.

Could someone post any contact information they have for this company? phone, web, email, etc? and for those that got a refund, maybe any information about the transaction?

For those who did purchase it, be sure to tell you financial institution that this was a fraudulent company, might not hurt to tell visa/MC/AMEX/etc.

if anyone still has the app installed, could you post a list of all your running processes?

If you had the app but removed the app could you do the same?

I want to compare them together and with a "clean" machine.

thanks,

Ark

Reply