MacJoseph

Q: Heads Up/Warning Mac Defender

Just as a heads up and warning, there hsa been two incidents in the last hour or so where users are being redirected and Mac Defender seems to have downloaded itself claiming a virus has been detected. This is a trojan and should be deleted immediately. If you feel you need protection perhaps installing ClamXav would be an option. Be careful where your surfing in the Interwebs. Any information you can provide if you encounter this problem would be greatly appreciated, info such as the browser you're using and the website that is redirecting you.

 

Regards,

 

Joseph

MacBook Pro, Mac OS X (10.6.7), 2011 MBP 15" 2.0Ghz 4GB RAM

Posted on Apr 30, 2011 10:24 AM

Close

Q: Heads Up/Warning Mac Defender

  • All replies
  • Helpful answers

first Previous Page 8 of 13 last Next
  • by MadMacs0,

    MadMacs0 MadMacs0 May 13, 2011 11:02 PM in response to drbdsgn
    Level 5 (4,801 points)
    May 13, 2011 11:02 PM in response to drbdsgn

    Do you recall the story?

  • by drbdsgn,

    drbdsgn drbdsgn May 13, 2011 11:06 PM in response to MadMacs0
    Level 1 (0 points)
    May 13, 2011 11:06 PM in response to MadMacs0
  • by drbdsgn,

    drbdsgn drbdsgn May 21, 2011 7:16 AM in response to drbdsgn
    Level 1 (0 points)
    May 21, 2011 7:16 AM in response to drbdsgn

    It was a redirected URL.

     

    and possibly: joyawpan (a few seconds before)

     

    <Links Edited by Host>

  • by MadMacs0,

    MadMacs0 MadMacs0 May 21, 2011 7:15 AM in response to drbdsgn
    Level 5 (4,801 points)
    May 21, 2011 7:15 AM in response to drbdsgn

    Confirmed both sites and the download as the third version of MacDefender.

     

    Please edit your last message to remove the url's as somebody could mistakenly go there.

     

    What caused you to go to the last URL, was it an image, a video or something else.

  • by drbdsgn,

    drbdsgn drbdsgn May 13, 2011 11:46 PM in response to MadMacs0
    Level 1 (0 points)
    May 13, 2011 11:46 PM in response to MadMacs0

    how do I edit my last message? I'm not finding an option to edit it.

     

    Apparently, I cannot edit my previous post (after 15 minutes since posting it). A moderator needs to delete it. Not sure if you are a moderator or can help me flag one to delete the post with the URLs. Thanks.

  • by drbdsgn,

    drbdsgn drbdsgn May 13, 2011 11:35 PM in response to MadMacs0
    Level 1 (0 points)
    May 13, 2011 11:35 PM in response to MadMacs0

    Also, I wasn't clicking on anything. I was reading the story (about 30 seconds into it and the page redirected).

  • by MadMacs0,

    MadMacs0 MadMacs0 May 13, 2011 11:50 PM in response to drbdsgn
    Level 5 (4,801 points)
    May 13, 2011 11:50 PM in response to drbdsgn

    drbdsgn wrote:

     

    how do I edit my last message? I'm not finding an option to edit it.

    There should be an edit button at the bottom to the left of "Like" but I see that mine has now disappeared, too. Not at all certain how that happens.  Perhaps somebody with "editing powers" can help us out.

    drbdsgn wrote:

     

    Also, I wasn't clicking on anything. I was reading the story (about 30 seconds into it and the page redirected).

     

    I asked because I've been sitting on that page for several minutes without anything happening.  Maybe a Safari extension that's preventing it, but I don't know what it could be.  It did not interfere with going directly to the page and executing the download script.

  • by drbdsgn,

    drbdsgn drbdsgn May 13, 2011 11:57 PM in response to MadMacs0
    Level 1 (0 points)
    May 13, 2011 11:57 PM in response to MadMacs0

    I was using Firefox 4.0. Not sure what else caused it. I just know this was the series of events and I had not clicked on anything. I was about 2-3 paragraphs reading into that story when my browser redirected and the window showed a green installation bar. I quickly closed out of my window before it could finish (and it only takes a few seconds to reach the end, so I closed it before reading anything—just a good reaction) then went to my browser history and the two URLs were what followed the URL for the story.

     

    Hope this helps.

  • by MadMacs0,

    MadMacs0 MadMacs0 May 14, 2011 12:14 AM in response to drbdsgn
    Level 5 (4,801 points)
    May 14, 2011 12:14 AM in response to drbdsgn

    I have captured the source for the page and I don't see any obvious links to joyawpan.com, but plenty of javascripts that could be redirecting.

     

    I also dropped a note to msnbc.com and told them what you found.  I doubt that it will get to the right person before late next week, but doesn't hurt to try.

     

    I'm also trying it with Opera which doesn't have any extensions to see if that will do anything, but at this point I think we've done all we can.  They will undoubtedly have moved on to someplace else shortly.  Time to call it a night, I think.

  • by R C-R,

    R C-R R C-R May 14, 2011 1:21 AM in response to MadMacs0
    Level 6 (17,690 points)
    May 14, 2011 1:21 AM in response to MadMacs0

    MadMacs0 wrote:

    There should be an edit button at the bottom to the left of "Like" but I see that mine has now disappeared, too. Not at all certain how that happens.  Perhaps somebody with "editing powers" can help us out.

    You only have 15 minutes after you post a message to edit it. After that the 'edit' link disappears. This prevents the confusion that would result if users edited posts long after they had been replied to & some kinds of "hit & run" abuse of the terms of use.

     

    Once you reach what used to be level 2 status (& probably still is), you get a "Report abuse" link below each reply. Clicking that takes you to a page where you can submit a message to the forum hosts describing what you think needs to be done about it. If they agree, they will make the edit or remove the post from public view as needed. This is the primary method by which questionable content is brought to the hosts attention -- without the help of the user community the hosts would never have time to screen all the posts.

     

    If you do not have level 2 status, you can post a message in Using Apple Support Communities (preferably with the "Feedback about Discussions" category box checked) with any concerns you might have about a post.

     

    FWIW, the hosts have not removed or obscured the links to the malicious web pages in all the reported posts. This is probably because by the time they are reported, the link is no longer active, but that is just a guess on my part.

  • by drStrangeP0rk,

    drStrangeP0rk drStrangeP0rk May 20, 2011 6:28 PM in response to jayv.
    Level 1 (0 points)
    May 20, 2011 6:28 PM in response to jayv.

    Check out my site, I have plenty of research I am doing about it. http://goo.gl/2RaMJ Draft report, class diagrams.

     

    Just make sure to give credit, thanks.

  • by drStrangeP0rk,

    drStrangeP0rk drStrangeP0rk May 20, 2011 6:28 PM in response to R C-R
    Level 1 (0 points)
    May 20, 2011 6:28 PM in response to R C-R

    Also, I have a script on the site that will remove it, so I hope this helps...

     

     

  • by Smooshie,

    Smooshie Smooshie May 21, 2011 11:14 AM in response to MadMacs0
    Level 1 (0 points)
    May 21, 2011 11:14 AM in response to MadMacs0

    I am freaking out.  I just got this on my computer.  I put 2 of my credit cards in twice because it kept saying that there was a problem with my card.  I have had to cancel my cards and get new ones.

    I was on travelocity!  Now I have gay **** popping up!!!! Help!!!!!!!!!!

    How do I get it off my computer????

  • by suzie.h.kwfl,

    suzie.h.kwfl suzie.h.kwfl May 21, 2011 12:37 PM in response to Smooshie
    Level 1 (0 points)
    May 21, 2011 12:37 PM in response to Smooshie

    Smooshie,

    I also was duped.  I FIRST cancelled my credit card and I called the 800 number requesting my money back.  I don't know if it was because I realized my stupid mistake so quick or because I called, but the charge that was listed as pending on my previous bank account did not process on my new account.  Either way, cancel your cards.

    Sorry it happened to you also.  Here are the directions I followed.

    Suzie

     

    REMOVE MacProtector, MacSecurity, MacDefendor

     

    So finally someone has created Malware that effects the Wonderful Apple Computers.

    Here is what happens....

    you get a pop-up that says "Apple Security Alert : Mac Protector>...your computer has been infected with viruses, download our anti-virus software to clean your harddrive"

     

    when you download their "software" you then start getting all sorts of **** pop-ups and ALERTS that wont go away....

     

    Well this problem has a relativly easy solution.... Here it is.... Straight From Apple Tech Support

     

    ******************************************************************************** ************************************************

     

    1. Open Activity Monitor through Spotlight

     

    2. Locate MacProtector, MacSecurity or MacDefendor

     

    3. Quit Process> Force Quit Process

     

    4. Close Acitvity Moniter

     

    5. Open System Preferences/Accounts

     

    6. Unlock Padlock in bottom left corner

     

    7. Click Login Items

     

    8. Select MacProtector, MacSecurity or MacDefendor

     

    9. Click the " - " button

     

    10. Close System Preferences

     

    11.  Open Finder (File > New Finder Window)

     

    12. Follow path : Macintosh HD/Applications/MacProtector, MacSecurity or MacDefendor

     

    13. Drag the MacProtector application to the Trash

     

    14. Follow Path: Macintosh HD/Users/Home User/Downloads/ MacProtector, MacSecurity or MacDefendor

     

    15. Drag the MacProtector downloads (there should be four) to the Trash

     

    16. Empty Trash

     

    17. Reset Safari

     

    18. Restart Computer

     

     

    ******************************************************************************** ***************************************************

    So I hope that this will help many of you very intelligent customers out there.... although Apple does want to get a detailed record of how wide spread this "Virus" is.

  • by Joun,

    Joun Joun May 23, 2011 1:55 AM in response to suzie.h.kwfl
    Level 1 (4 points)
    Safari
    May 23, 2011 1:55 AM in response to suzie.h.kwfl

    Hi

     

    A zip file was downloaded automatically in chrome. I didn't install anything. I scanned it with clamx and it was the Macdefender trojan. I deleted and I am currently scanning all my volume.

     

    In my activity monitor i don't see a macdefender. I see some activities that i don't recognise:

    TISitcher, SIMBL Agent, VDCAssisant, pboard.

    Are these ok?

     

    My firewall was disable by my mistake few days ago.

     

    Has any password been compromised? My keychain and 1password were logged in.

first Previous Page 8 of 13 last Next