You can make a difference in the Apple Support Community!

When you sign up with your Apple Account, you can provide valuable feedback to other community members by upvoting helpful replies and User Tips.

Looks like no one’s replied in a while. To start the conversation again, simply ask a new question.

Heads Up/Warning Mac Defender

Just as a heads up and warning, there hsa been two incidents in the last hour or so where users are being redirected and Mac Defender seems to have downloaded itself claiming a virus has been detected. This is a trojan and should be deleted immediately. If you feel you need protection perhaps installing ClamXavwould be an option. Be careful where your surfing in the Interwebs. Any information you can provide if you encounter this problem would be greatly appreciated, info such as the browser you're using and the website that is redirecting you.


Regards,


Joseph

MacBook Pro, Mac OS X (10.6.7), 2011 MBP 15" 2.0Ghz 4GB RAM

Posted on Apr 30, 2011 10:24 AM

Reply
Question marked as Top-ranking reply

Posted on Apr 30, 2011 11:37 AM

This just happened to us too. What is ClamXav?

190 replies

Jun 2, 2011 5:50 PM in response to MadMacs0

It appears the word's out as all my recorded links to this one warn it's dodgy (Camino).

The Google search that got it via an image search is also warning when the image is selected (unless, of course, one ignores the warning) so, hopefully, another 'one' at least is found.

It's a shame to see the Media, even some of the Apple one's, are creating 'Mal-Info,' when (IMO) this thing appears aimed at those new to Mac.

In some ways it's a clever idea but how do Win users fall for it when transferring to Mac?

Nearly every url one goes to on PC has some form of 'Your PC is infected! Let me scan it.'

I suppose the underlying, 'cleverness,' is predicting new users will subconsciously feel, 'safer,' and see the 'Apple Security Centre,' click, and download!!

Even then, to use a CC to pay for it??


The worry now is that this form of invasion could escalate to far greater problems if the payload is even more malevolent!

Jun 2, 2011 9:07 PM in response to Tony Curtis

Tony Curtis wrote:


File uploaded to Clam was called 'Trojan.zip' and contained the MacProtector.mpkg.zip, the url and a WHOIS search both as textClipping.

One more questions after reading this over and giving it some more thought. Are you saying that the original file downloaded the computer was "MacProtector.mpkg.zip" and you zipped it again with additional info before you uploaded it as Trojan.zip? I think that may explain why VirusTotal didn't catch it as I don't think it can handle a double zip. I'll have to experiment a bit and see. It's important to send files just as they were originally received in order to establish a signature that will catch it as it's being delivered, for best protection. That sometimes helps with identification within the sample database where hundreds of files get added every day.


If you find a need to upload to clamav again, please include "macosx" in the remarks (I learned today) in order to get it routed to the right individual quicker.

Jun 5, 2011 12:08 PM in response to Skip P

I am a very novice computer owner, and bought a Mac as I had heard they were much more secure than ''windows''. One evening I was on Google Images, and ''Apple security center'' with safari logo came up saying it had scanned my computer and foundI had been infected with more viruses than it was possible for me to have ''caught'' during the few days I had owned my computer..plus it said I had got infections via ''file sharing''-well, as a novice, I have never shared a file, so thought it sounded suspicious, and all the jiggly jumpy ''shouty'' style did not look ''apple like'', but the page would not close, and I clicked on something that looked like a software update, and was then able to close the page-this was May 2nd.


When the hoo hah broke about these scams, I looked in my downloads and sure enough the nasty little ''macdefender''was there, looking like an ''apple'' device I had seen earlier ,the cardboard box with yellow boxes inside.

I phoned the store, and was going to get them to reset my computer, and luckily it was found that I had downloaded the horrid thing, but had not installed it, so it was removed by someone who knew what they were doing, luckily.

However, yesterday, June 3rd, I was on the web, and up came a warning saying ''unsafe programmes running on your computer, and I noticed similar ''safari'' type logo used, this time I force quit safari, and as I had ''unchecked'' the ''safe'' downloads button, nothing nasty appears to be on my computer.

As an older user, I was not bought up with computers, and it IS alarming to have this stuff thrown up at you, what is odd is that my family have used Macs since they came out years ago, and have not been bothered by these scam sites, whereas me, as a new user has had them three times!

[every two weeks since may 2nd]

It does make me very wary of using the internet, but I will keep up with software updates, and carry on with the ''One to One lessons'' for new users.

Jun 5, 2011 1:30 PM in response to oakleaf 700

Very easy to prevent these trojans, I haven't seen one yet. Requires a bit of beefing up your computer, switching browsers and using a few add-ons that might be a little bit more work in your life but you then hardly don't notice it.


1: Switch your main user account to a "Standard User". By creating a new Admin user in your Account Preferences, logging out and into the new Admin User, then turning your first user to a "Standard User" by uncheck "allow this user to administer the machine" Log into the now Standard User and go on like before. All you have to do is check for Software Updates regularly under the Apple Menu. When you access certain folders, you'll need to give your Admin password, it's to protect theses folders from malware.


2: Use the Firefox web browser, it aks you BEFORE a download occurs. Unlike Safari which just goes and downloads anything it wants too.


3: Use the Firefox Add-ons: NoScript, Ad Block Plus and (if you have children) PublicFox.


NoScript turns all scripts off by default as you surf, you enable them with a button you drag to the Toolbar in Firefox Customize Toolbar feature. It's also the best "webcop" software around and it's free. It blocks the dirty stuff that makes trojans appear in your browser.


Ad Block Plus blocks advertising, subscribe to the Easy List presented before you, it auto updates and prevents trojans in advertising.


Public Fox allows you to lock down the web browser, placing a password on the downloads for instance.


No password, no download. 🙂


4: Check the condition of your web browser plug-ins at this site regularly and disable in your Firefox > Plug-ins if there is no update.


https://www.mozilla.com/en-US/plugincheck/


As you can see here Firefox is a very HIGHLY customizable browser


I have the font size of Firefox about tripled what it is for OS X's Finder, I can scale the whole web bage and it will remember it, one click cleans the whole web browser out of everything. Tabs on bottom, change the persona to blue with white type for easy reading kicking back about 4 feet back, one click for full screen and so on. Really the "Cadillac" of web browsers and it's very fast too.


User uploaded file

Jun 5, 2011 2:31 PM in response to ds store

My head is spinning! thanks for the advice, I will ask the ''One to One'' guys for help with it!-Computers are so Alien to me, and as I am not the most ''logical'' person either, it doesn't help. All the jargon,i have to look up practically every other word, like a foreign language.

Alas, I am the sort of person the scamster criminals would love to target, computer illiterate[at present] and easily worried.

I will block the ''nasty'' [I think they are called **** sites?] as you advise. It is odd that my family [and adult son] have not had any of this malware come up, so maybe it is how i have my computer set up. [Until going on this forum, I had no idea about the ''uncheck ''safe'' downloads''-a fast learning curve..for other new users, get as ''educated'' as you can, as I fear it is ''us'' who will fall hardest for these sneaky scams. [p.s, when I say ''I am computer illiterate, I had never even switched any computer ON until this year! yes, that bad-and tried to open my new Mac the ''wrong way''- shocking but true.😊

Jun 5, 2011 3:57 PM in response to oakleaf 700

I think you are selling yourself short. You are not the kind of person the criminals want to target because you had enough common sense not to panic & be tricked into installing this trojan, so it could not do anything malicious.


You really don't need anything besides common sense to browse the Internet safely with your Mac.

Jun 5, 2011 6:00 PM in response to R C-R

Thank you so much for your support, I am plunged into this new world, which is wonderful, and yet alarming when these scams happen-vigilance seems to be the key. Thismorning, when I 'phoned Apple again about a worry, my son said ''goodness, mum, you can't go phoning and running to the shop every time a dodgy ad comes up!'' I feel like an anxious new pet-owner, the sort who rushes her puppy to the vets at every sneeze.

R C-R, you are kind enough to say ''you did not panic'' but I assure you I did, when the fake site said ''your system is about to crash''and gave a countdown in seconds, while I waited to see what would happen-it did not crash, but it was alarming.

Obviously to computer boffins, ''scareware'' is about as ''scary'' as a garden worm, but I definitely experienced a pounding heart when I could not shut down the fake site!


Thanks again for your kindness.

Jun 10, 2011 5:00 PM in response to MacJoseph

I got a refund from "Mac Security" by phoning the 1 800 number (in your email from them) in the USA. They don't quibble, they know they are peddling malware. They should give it to you straightaway.


Next check with your bank that the refund has come to you and then cancel that card and get it reissued. I have just been through all this in the last few days.


Lastly, get a new alias for the Discussion forum (ie not mac_defender)

Heads Up/Warning Mac Defender

Welcome to Apple Support Community
A forum where Apple customers help each other with their products. Get started with your Apple Account.