You can make a difference in the Apple Support Community!

When you sign up with your Apple Account, you can provide valuable feedback to other community members by upvoting helpful replies and User Tips.

Looks like no one’s replied in a while. To start the conversation again, simply ask a new question.

Heads Up/Warning Mac Defender

Just as a heads up and warning, there hsa been two incidents in the last hour or so where users are being redirected and Mac Defender seems to have downloaded itself claiming a virus has been detected. This is a trojan and should be deleted immediately. If you feel you need protection perhaps installing ClamXavwould be an option. Be careful where your surfing in the Interwebs. Any information you can provide if you encounter this problem would be greatly appreciated, info such as the browser you're using and the website that is redirecting you.


Regards,


Joseph

MacBook Pro, Mac OS X (10.6.7), 2011 MBP 15" 2.0Ghz 4GB RAM

Posted on Apr 30, 2011 10:24 AM

Reply
Question marked as Top-ranking reply

Posted on Apr 30, 2011 11:37 AM

This just happened to us too. What is ClamXav?

190 replies

May 1, 2011 8:14 AM in response to MacJoseph

I too had this happen yesterday when searching Google images. I installed MacDefender but didn't purchase it. It ran a scan and I'm worried I'm at risk. I tried going to applications and dragging MacDefender to the trash but I keep getting a message saying I can't because the program is open. Any suggestions on how to remove this installed program? Thanks.

May 1, 2011 9:20 AM in response to melissafromva

Melissa


Go to Activity Monitor and look at the processes and look for MacDefender force quit the process. Then go to your applicaiotns folder and drag MacDefender to the trash. Don't empty the trash yet, go to system preferences, go to accounts, look at the login items, if you see Macfender there click on it then hit the minus sign to remove it. Open finder and search for MacDefender, remove anything related. Do a Spotlight search for the same. then restart your computer then empty the trash. If you're worried about viruses and malware simply download ClamXav. Install it update virus definitions and run a scan. Clam has been around for a long time and is preferd if someone feels they need virus protection. Hope this helps.


Joseph

May 1, 2011 10:00 AM in response to MacJoseph

One of my clients got hit. She was googling plant images. Someone above mentioned pirhana images so appears it's masquerading as images. It seems to be able to install itself bypassing Apple security, without requiring a password. Scary. Hopefully Apple can find and patch this. It kept putting up a translucent window in top right of screen with a warming and large red cleanup button. Like a Growl type dialog - but Growl was not installed. It also put a red Macafee or Windos style security icon on the menu bar. The interface for the app looks very well done. Happily my client called me and did not pay for the app or run it.


It's simple enough to remove, as noted above. I went to login items and deleted it, then restarted. Deleted Mac Defender app, then found the installer package in Downloads and deleted that.


Doug

May 1, 2011 2:25 PM in response to arkling

arkling wrote:


I really wish we could run OS X virtualized


You can do the next best thing for surfing the web. Provided you can spare a core and 1GB of RAM (even 512MB).


1: Download VirtualBox, it's free.


2: Download a ISO of Macbuntu 32bit x86 10.10, it's free.


3: Point VirtualBox to open the Linux ISO and install it. (piece of cake)

Don't let Linux have access to OS X side just to be safe, it can read all file formats, including HFS+.


Have a look around, set the display size and when your updated and tweaked, before going online, save a "snapshot" of that OS in VirtualBox. Go surfing and when your done, revert back to the earlier snapshot in VirtualBox.


MacBuntu looks just like OS X, just it's not as smooth and refined. Firefox works just the same.


I you need to transfer files from Linux, see if copy and paste works or use a external USB key.


What's nice about this is your web browser is sandboxed from OS X, and you can still use OS X for other things.

May 1, 2011 6:01 PM in response to MacJoseph

I was searching flower photos online this evening via Google when I got a warning of virus activity. I agreed to scan. It said it did, but it was too quick and then I had downloaded "BestMacAntivirus2011.mkpg" (per my downloads list), which showed up as MacDefender on my computer and which also requested I install it immediately for the safety of my computer. It looked and acted suspicious, so I did not install and I googled it instead, leading me here. I've now apparently deleted everything with MacDefender on my computer and emptied my trash. I didn't use spotlight search because I don't know how. There are no suspicious charges showing (yet) on my credit card. I downloaded ClamXav and I intend to run it based on the recommendations here. I will search Finder for BestMacAntivirus as well. I have 2 questions: How do I search my computer with Spotlight? and Did I escape effect of the virus by not installing it, even though it showed as a download (though I never agreed to download anything)? I should also note that it appeared the program/virus had been installed at 2 pm today instead of >4 hours later when the actual incident occurred.

May 1, 2011 6:08 PM in response to Deb145

hi. my wife got hit with this too while searching google images for frank lloyd wright. i uninstalled it before i read this thread. deleted all files, installer, went to activity monitor, etc as suggested. but i emptied my trash before restarting my computer. now that i've restarted it, i've searched in finder and spotlight and can find no trace of the macdefender program. did emptying the trash before i restarted the computer compromise it in some way? is there any way i can be sure that it's gone?

May 1, 2011 6:08 PM in response to Deb145

I should leave this for the pros being I know next to NOTHING about computers but one thing I do know is where Spotlight is. On your MACs desk top upper right hand corner is a little magnifying glass looking thing next to the clock. Click on that and you will see the word "Spotlight". Put a search word there and it will search the entire computer. If you put Macdefender in spotlight and come up with ANYTHING that says macdefender, you did NOT get rid of it all. If you did just what Joseph said, it is gone.


Brian

May 1, 2011 6:09 PM in response to MacJoseph

The photo I clicked on in Google Images led me to a webpage with the address TenacityWorks.net Now that I risked my computer to click it in history browser, please let me know if I need to be concerned about that. According to my history tab, it failed to open page just now when I peeked again and shut it right away.

Heads Up/Warning Mac Defender

Welcome to Apple Support Community
A forum where Apple customers help each other with their products. Get started with your Apple Account.