Heads Up/Warning Mac Defender

"Mummified Playmate died from heart disease"

It was a redirected URL.

and possibly: joyawpan (a few seconds before)

<Links Edited by Host>

Confirmed both sites and the download as the third version of MacDefender.

Please edit your last message to remove the url's as somebody could mistakenly go there.

What caused you to go to the last URL, was it an image, a video or something else.

how do I edit my last message? I'm not finding an option to edit it.

Apparently, I cannot edit my previous post (after 15 minutes since posting it). A moderator needs to delete it. Not sure if you are a moderator or can help me flag one to delete the post with the URLs. Thanks.

Also, I wasn't clicking on anything. I was reading the story (about 30 seconds into it and the page redirected).

drbdsgn wrote:

how do I edit my last message? I'm not finding an option to edit it.

There should be an edit button at the bottom to the left of "Like" but I see that mine has now disappeared, too. Not at all certain how that happens. Perhaps somebody with "editing powers" can help us out.

drbdsgn wrote:

Also, I wasn't clicking on anything. I was reading the story (about 30 seconds into it and the page redirected).

I asked because I've been sitting on that page for several minutes without anything happening. Maybe a Safari extension that's preventing it, but I don't know what it could be. It did not interfere with going directly to the page and executing the download script.

I was using Firefox 4.0. Not sure what else caused it. I just know this was the series of events and I had not clicked on anything. I was about 2-3 paragraphs reading into that story when my browser redirected and the window showed a green installation bar. I quickly closed out of my window before it could finish (and it only takes a few seconds to reach the end, so I closed it before reading anything—just a good reaction) then went to my browser history and the two URLs were what followed the URL for the story.

Hope this helps.

I have captured the source for the page and I don't see any obvious links to joyawpan.com, but plenty of javascripts that could be redirecting.

I also dropped a note to msnbc.com and told them what you found. I doubt that it will get to the right person before late next week, but doesn't hurt to try.

I'm also trying it with Opera which doesn't have any extensions to see if that will do anything, but at this point I think we've done all we can. They will undoubtedly have moved on to someplace else shortly. Time to call it a night, I think.

MadMacs0 wrote:

There should be an edit button at the bottom to the left of "Like" but I see that mine has now disappeared, too. Not at all certain how that happens. Perhaps somebody with "editing powers" can help us out.

You only have 15 minutes after you post a message to edit it. After that the 'edit' link disappears. This prevents the confusion that would result if users edited posts long after they had been replied to & some kinds of "hit & run" abuse of the terms of use.

Once you reach what used to be level 2 status (& probably still is), you get a "Report abuse" link below each reply. Clicking that takes you to a page where you can submit a message to the forum hosts describing what you think needs to be done about it. If they agree, they will make the edit or remove the post from public view as needed. This is the primary method by which questionable content is brought to the hosts attention -- without the help of the user community the hosts would never have time to screen all the posts.

If you do not have level 2 status, you can post a message in Using Apple Support Communities (preferably with the "Feedback about Discussions" category box checked) with any concerns you might have about a post.

FWIW, the hosts have not removed or obscured the links to the malicious web pages in all the reported posts. This is probably because by the time they are reported, the link is no longer active, but that is just a guess on my part.

Check out my site, I have plenty of research I am doing about it. http://goo.gl/2RaMJ Draft report, class diagrams.

Just make sure to give credit, thanks.

Also, I have a script on the site that will remove it, so I hope this helps...

🙂

I am freaking out. I just got this on my computer. I put 2 of my credit cards in twice because it kept saying that there was a problem with my card. I have had to cancel my cards and get new ones.

I was on travelocity! Now I have gay **** popping up!!!! Help!!!!!!!!!!

How do I get it off my computer????

Smooshie,

I also was duped. I FIRST cancelled my credit card and I called the 800 number requesting my money back. I don't know if it was because I realized my stupid mistake so quick or because I called, but the charge that was listed as pending on my previous bank account did not process on my new account. Either way, cancel your cards.

Sorry it happened to you also. Here are the directions I followed.

Suzie

REMOVE MacProtector, MacSecurity, MacDefendor

So finally someone has created Malware that effects the Wonderful Apple Computers.

Here is what happens....

you get a pop-up that says "Apple Security Alert : Mac Protector>...your computer has been infected with viruses, download our anti-virus software to clean your harddrive"

when you download their "software" you then start getting all sorts of **** pop-ups and ALERTS that wont go away....

Well this problem has a relativly easy solution.... Here it is.... Straight From Apple Tech Support

******************************************************************************** ************************************************

1. Open Activity Monitor through Spotlight

2. Locate MacProtector, MacSecurity or MacDefendor

3. Quit Process> Force Quit Process

4. Close Acitvity Moniter

5. Open System Preferences/Accounts

6. Unlock Padlock in bottom left corner

7. Click Login Items

8. Select MacProtector, MacSecurity or MacDefendor

9. Click the " - " button

10. Close System Preferences

11. Open Finder (File > New Finder Window)

12. Follow path : Macintosh HD/Applications/MacProtector, MacSecurity or MacDefendor

13. Drag the MacProtector application to the Trash

14. Follow Path: Macintosh HD/Users/Home User/Downloads/ MacProtector, MacSecurity or MacDefendor

15. Drag the MacProtector downloads (there should be four) to the Trash

16. Empty Trash

17. Reset Safari

18. Restart Computer

******************************************************************************** ***************************************************

So I hope that this will help many of you very intelligent customers out there.... although Apple does want to get a detailed record of how wide spread this "Virus" is.

Hi

A zip file was downloaded automatically in chrome. I didn't install anything. I scanned it with clamx and it was the Macdefender trojan. I deleted and I am currently scanning all my volume.

In my activity monitor i don't see a macdefender. I see some activities that i don't recognise:

TISitcher, SIMBL Agent, VDCAssisant, pboard.

Are these ok?

My firewall was disable by my mistake few days ago.

Has any password been compromised? My keychain and 1password were logged in.

If you did not install anything you should be fine.

I've never heard of a "TISitcher" process but there is a TISwitcher process associated with an Apple menu extra (/System/Library/CoreServices/Menu Extras/TextInput.menu/Contents/SharedSupport/TISwitcher.app/)

I'm not sure about what SIMBL Agent is. It appears to be an add on needed by some third party items (see http://www.culater.net/software/SIMBL/SIMBL.php for more about that).

There is an Apple VDCAssistant process associated with the built-in camera.

pboard is the pasteboard server. "Pasteboard" is the developer name for the Apple clipboard.