I really wish we could run OS X virtualized, I'm trying to determine if this Mac defender program installs any extra daemons/background-services. I'm worried that even with the Mac defender app removed, that perhaps they still have a key-logger installed or some other nastiness.
Could someone post any contact information they have for this company? phone, web, email, etc? and for those that got a refund, maybe any information about the transaction?
For those who did purchase it, be sure to tell you financial institution that this was a fraudulent company, might not hurt to tell visa/MC/AMEX/etc.
if anyone still has the app installed, could you post a list of all your running processes?
If you had the app but removed the app could you do the same?
I want to compare them together and with a "clean" machine.
I too had this happen yesterday when searching Google images. I installed MacDefender but didn't purchase it. It ran a scan and I'm worried I'm at risk. I tried going to applications and dragging MacDefender to the trash but I keep getting a message saying I can't because the program is open. Any suggestions on how to remove this installed program? Thanks.
Go to Activity Monitor and look at the processes and look for MacDefender force quit the process. Then go to your applicaiotns folder and drag MacDefender to the trash. Don't empty the trash yet, go to system preferences, go to accounts, look at the login items, if you see Macfender there click on it then hit the minus sign to remove it. Open finder and search for MacDefender, remove anything related. Do a Spotlight search for the same. then restart your computer then empty the trash. If you're worried about viruses and malware simply download ClamXav. Install it update virus definitions and run a scan. Clam has been around for a long time and is preferd if someone feels they need virus protection. Hope this helps.
One of my clients got hit. She was googling plant images. Someone above mentioned pirhana images so appears it's masquerading as images. It seems to be able to install itself bypassing Apple security, without requiring a password. Scary. Hopefully Apple can find and patch this. It kept putting up a translucent window in top right of screen with a warming and large red cleanup button. Like a Growl type dialog - but Growl was not installed. It also put a red Macafee or Windos style security icon on the menu bar. The interface for the app looks very well done. Happily my client called me and did not pay for the app or run it.
It's simple enough to remove, as noted above. I went to login items and deleted it, then restarted. Deleted Mac Defender app, then found the installer package in Downloads and deleted that.
I really wish we could run OS X virtualized
You can do the next best thing for surfing the web. Provided you can spare a core and 1GB of RAM (even 512MB).
1: Download VirtualBox, it's free.
2: Download a ISO of Macbuntu 32bit x86 10.10, it's free.
3: Point VirtualBox to open the Linux ISO and install it. (piece of cake)
Don't let Linux have access to OS X side just to be safe, it can read all file formats, including HFS+.
Have a look around, set the display size and when your updated and tweaked, before going online, save a "snapshot" of that OS in VirtualBox. Go surfing and when your done, revert back to the earlier snapshot in VirtualBox.
MacBuntu looks just like OS X, just it's not as smooth and refined. Firefox works just the same.
I you need to transfer files from Linux, see if copy and paste works or use a external USB key.
What's nice about this is your web browser is sandboxed from OS X, and you can still use OS X for other things.
I just google'd that phone number ... seems like this scam has been around for more than a month ...
I was searching flower photos online this evening via Google when I got a warning of virus activity. I agreed to scan. It said it did, but it was too quick and then I had downloaded "BestMacAntivirus2011.mkpg" (per my downloads list), which showed up as MacDefender on my computer and which also requested I install it immediately for the safety of my computer. It looked and acted suspicious, so I did not install and I googled it instead, leading me here. I've now apparently deleted everything with MacDefender on my computer and emptied my trash. I didn't use spotlight search because I don't know how. There are no suspicious charges showing (yet) on my credit card. I downloaded ClamXav and I intend to run it based on the recommendations here. I will search Finder for BestMacAntivirus as well. I have 2 questions: How do I search my computer with Spotlight? and Did I escape effect of the virus by not installing it, even though it showed as a download (though I never agreed to download anything)? I should also note that it appeared the program/virus had been installed at 2 pm today instead of >4 hours later when the actual incident occurred.
hi. my wife got hit with this too while searching google images for frank lloyd wright. i uninstalled it before i read this thread. deleted all files, installer, went to activity monitor, etc as suggested. but i emptied my trash before restarting my computer. now that i've restarted it, i've searched in finder and spotlight and can find no trace of the macdefender program. did emptying the trash before i restarted the computer compromise it in some way? is there any way i can be sure that it's gone?
I should leave this for the pros being I know next to NOTHING about computers but one thing I do know is where Spotlight is. On your MACs desk top upper right hand corner is a little magnifying glass looking thing next to the clock. Click on that and you will see the word "Spotlight". Put a search word there and it will search the entire computer. If you put Macdefender in spotlight and come up with ANYTHING that says macdefender, you did NOT get rid of it all. If you did just what Joseph said, it is gone.
The photo I clicked on in Google Images led me to a webpage with the address TenacityWorks.net Now that I risked my computer to click it in history browser, please let me know if I need to be concerned about that. According to my history tab, it failed to open page just now when I peeked again and shut it right away.