Apple Event: May 7th at 7 am PT
I was looking of image files for a project. I clicked on an image and MacDefender program started to scan the computer. I tried to get out of the program but can't without force quitting Safari. I think I deleted all the files it downloaded but every time I go to an image file and click on it -- the program relaunches. How do I get rid of MacDefender from my computer?
iMac, Mac OS X (10.6.7)
ds store ....This worked for me. THANKS !!!!! We all aren't Mac Geniuses, so from time to time, we do something really stupid. Cut us a break Moof. I did delete everything MACDefender before I went to the Actiity Monitor. Then I force quit it and tossed the application in the trash !!!
help! I can't seem to get rid of this no matter what I try! I am now getting **** websites popping up on my mac, as well as small pop up boxes indicating my system is infected and that I should clean up. I've tried the safe start mode, & removed everything that says mac defender; yet this is still happening.
Open your Activity Monitor in your Utilities folder and find a process called MacDefender and Force Quit it.
Then go do a Finder search for MacDefender and delete it.
If you paid for this malware, call your credit card company and stop payment.
You Have to get it to quit running before you can totally delete it. Fortunately it doesn't seem to be any more
than a huge irritation and embarrasment, the pop up websites.
I have tried to go into utilities and force quit, but it doesn't give me that option. I cannot get rid of it, and it is really annoying. Any suggestions.
That should work, but try a Safe Boot instead.
First, restart in Safe Boot by holding the Shift key down at the chime. Or, alternatively, open Activity Monitor in Utilities, set to Active Processes, find the program and force quit it. This will keep it from running, but only temporarily, so you can remove it.
1. Drag the MacSecurity program -- or whatever it's called; it keeps using different names -- MAC Defender, MacProtector, MacKeeper 911, Apple Security Center, Apple Web Security -- it's not hard to imagine the new names it will be using in the coming days -- (installed in the Applications folder by default) to the Trash. Empty the Trash.
2. Remove item of same name from the Login Items for your Account in the OS X System Preferences (if it exists).
3. Go to your Home folder Library>Preferences and, if you find it, delete com.alppe.spav.plist. Look also in Application Support (may not be anything there, but check just in case) and search for any files with one of the above names and trash them. Empty the trash.
4. If you use Safari, go to Preferences>General and UNCHECK "Open "safe" files after downloading. Keep that unchecked.
If you paid for it, they have your credit card #. Call your credit card and dispute the charges. Also, cancel the card ASAP.
As a precaution, change your password.
5/24/11, finally: http://support.apple.com/kb/HT4650,
I wonder how much money they ended up making out of this. A lot of work obviously went into that scam software...
What did they say they charged for the fake software.
Times that by reported estimates of about 60000 people. I think it may be more like 25000
Think about the resale value of the cards and information, about 1.25 to 2.00. The good news is that most likely the word got out and people canceled their credit cards so the damage may be limited.
But for really poor cocoa app that can be created in half of day. if we say 50000 people downloaded, installed and gave their credit cards at 19.95 that is about 99750, but again I think it is small but a good payday for a scammer.
New version reported, avSetup.pkg, avRunner may be a script that runs in the installer and the final download is called MacGuard.
Intego says you do not need a password, but I think it is misleading since it will install the app for that user, if you are already the administrator then guess what, it will install.
Activated our response page which has any information I have, once I get two samples I will post the class diagrams and dumps. Also anything else I know all at this location.
Mitigation seems to be the same but if anyone gets a sample please forward to me the location at magmatic.com.
Thanks all..
No, they more wanted $50 or $60 from memory.
There were two prices, one for a year subscription, one for lifetime, I think.
Wow, got macSecurity which is OS/MacDefender.d ksms file however has 3 in it.
keeps turning up again, at AS174.
how to remove macdefender?
