I was looking of image files for a project. I clicked on an image and MacDefender program started to scan the computer. I tried to get out of the program but can't without force quitting Safari. I think I deleted all the files it downloaded but every time I go to an image file and click on it -- the program relaunches. How do I get rid of MacDefender from my computer?
iMac, Mac OS X (10.6.7)
Firstly, see if there's an uninstaller for the application. If not see the following:
Uninstalling Software: The Basics
Most OS X applications are completely self-contained "packages" that can be uninstalled by simply dragging the application to the Trash. Applications may create preference files that are stored in the /Home/Library/Preferences/ folder. Although they do nothing once you delete the associated application, they do take up some disk space. If you want you can look for them in the above location and delete them, too.
Some applications may install an uninstaller program that can be used to remove the application. In some cases the uninstaller may be part of the application's installer, and is invoked by clicking on a Customize button that will appear during the install process.
Some applications may install components in the /Home/Library/Applications Support/ folder. You can also check there to see if the application has created a folder. You can also delete the folder that's in the Applications Support folder. Again, they don't do anything but take up disk space once the application is trashed.
Some applications may install a startupitem or a Log In item. Startupitems are usually installed in the /Library/StartupItems/ folder and less often in the /Home/Library/StartupItems/ folder. Log In Items are set in the Accounts preferences. Open System Preferences, click on the Accounts icon, then click on the LogIn Items tab. Locate the item in the list for the application you want to remove and click on the "-" button to delete it from the list.
Some software use startup daemons or agents that are a new feature of the OS. Look for them in /Library/LaunchAgents/ and /Library/LaunchDaemons/ or in /Home/Library/LaunchAgents/.
If an application installs any other files the best way to track them down is to do a Finder search using the application name or the developer name as the search term. Unfortunately Spotlight will not look in certain folders by default. You can modify Spotlight's behavior or use a third-party search utility, Easy Find, instead. Download Easy Find at VersionTracker or MacUpdate.
Some applications install a receipt in the /Library/Receipts/ folder. Usually with the same name as the program or the developer. The item generally has a ".pkg" extension. Be sure you also delete this item as some programs use it to determine if it's already installed.
There are many utilities that can uninstall applications. Here is a selection:
Look for them at VersionTracker or MacUpdate.
For more information visit The XLab FAQs and read the FAQ on removing software.
Open your Activity Monitor in your Utilities folder and find a process called MacDefender and Force Quit it.
Then go do a Finder search for MacDefender and delete it.
If you paid for this malware, call your credit card company and stop payment.
ds
This thing has been rampant today.
Joseph
I also was looking at an image yesterday and macdefender installed itself. I have tried the above to remove it, but the application keeps telling me it cannot be moved to the trash because it's open. I cannot figure out how to close it to remove it. I didn't pay for anything. This thing is driving me crazy! Any suggestions?
Have a look at this thread.
https://discussions.apple.com/thread/3029144?answerId=15107445022#15107445022
Thanks so much for all your input. I was able to completely remove the "program" by manually removing an application and all associated files"
Since I am not computer savvy - I can't post the link I used so I will type the instructions (Please note - I got this info from MacRumors Forums and it was posted by GGJstudios)
1. Launch Finder and search for the app name (in this case - MacDefender)
2. Narrow the search to specific folders or search the whole Mac
3. Searching "File Name" not just "Contents" will provide a more thorough search.
4. Click the + button below the search term to add criteria
5. Click the search criteria drop-down and select "other", then "system files"
6. Click the "don't include" and change to "include"
7. Sort by name, kind, date, etc., to identify components of the app, such as folders, .plist files, cashes files, etc.
8 Delete all the files and folders related to the app.
9. Do Not empty your trash until you have determined that everything is working OK, in case you need to restore something you deleted by accident. (Side Note -- I made sure that everything I deleted had the DATE I got the stupid MacDefender downloaded and no other date)
10. A reboot might be necessary to completely remove some apps. (I just restarted my computer for good measure.) Once I complete all these steps -- I was able to use the computer and its FINALLY stopped popping up! I hope this works for you!!!
All very good, you also may want to change your Passwords on your mac for all users, delete the history files and of course change the setting for Auto open files in Safari and Chrome. Consider also disabling JavaScript. XProtect will not scan MPKG files.
For more information on removal you can visit http://www.magmatic.com/currents/2011/5/2/macdefender-rouge-anti-malware-program -removal-and-defense.html#entry11328388
Keep in mind if you shared paypal or cc info report your account compromised.
Not easy to disable JavaScript entirely and run like that always, but you can use Firefox with the Add-on NoScript, which will filter JavaScript and protect you against a number of browser based exploits.
Magamtic? yet another useles, BS Mac AV?
No, Magmatic is just a site I have done for a while, no ad's, not selling anything. Free stuff and info I share, tied to my business, clients are very private, but no worries. It is not fake or anything like that but I expect you can check and determine for yourself.
I would however think you would try to protect your assets on your Mac with some kind of Anti Virus whatever that may be. It would think for your ORG losing a 80-120 gig Photoshop file which you retouched ends up getting hosed has a high cost, just think of the man hours. While it is true that the mac as a unix box, has defenses to limit the damage like all systems there are vulnerabilities, flaws and events all that create risk. I am a big fan of Virus Barrier, Sophos. I also like F-secure but they are still in Beta so for production systems I would use caution. There is a really good free one, CalmXav, but I have found for ORGS that have large file sets this APP created a massive bottle neck. (Still very good solution and free/shareware and comes with OSX server and handles the Mail server anti virus. I have had success is that case.) Again, no links but suggestions
I love No Script in Firefox, however here are some things to also do. I also like for Safari Click to Flash extension and No Flash for Chrome. I have moved away from Firefox since I found it took too many cycles for my liking.
So with all that said to help out again....
For Chrome - Select "Clear Auto-Opening" settings in chrome://settings/advanced. (If it is grayed out you never set anything so you are golden. (I would however make sure that Downloads is the default folder, but user choice.)
Also you may be aware of the Crimeware kit is now live which targets Mac OSX and iOS devices. The Weyland-Yutani BOT, named after the evil corporation in the Aliens franchises, targets Firefox and steals form data. What is most interesting is that it can use web injects with little effort from ZeuS and SpyEyE. Users should consider a layered defense and Anti-Virus is part of that layer, like it or not.
So Again, not selling anything. As the platform that I love, as it is clear you do, continues to grow gaining market share so does the risk from events like this. Apple products are on the front burner of criminals no matter what is said.
Also, as you can see Intel is trying to sell Apple more chips so, growth is seen even by legitimate businesses.
-out.
Thank you Thank you Thank you, beautiful peops!!!
How horrible for Mac to get a virus after all these years...
x
PLEASE STOP SAYING VIRUS. This is a Trojan app. It does not attach itself or replicate itself, so it is not a virus.
Let's not all of us make ahundred "Oh, I got it too! What do I do?" postings that will cause thisto get blown all out of proportion. SIMPLY READ THE ARTICLE FROM INTEGOSECURITY and skip all the other tabloid headlines.
http://blog.intego.com/2011/05/02/intego-security-memo-macdefender-fake-antiviru s/ (2011 Mac Trojan makes news)
Ifyou read this article, and you keep posting "What do I do??", it simply shows you didn't carry out the steps outlines in the article. This is asimple login app that can be easily removed. If you hadn't typed youradmin password to allow it to install, you wouldn't have this thing.
Moof
Perhaps the OP are not as knowledgable as you. Scolding them is not the way to go. And if they don't know how to handle it, is it wrong to ask "what do I do?"
Joseph
MacJoseph wrote:
Moof
Perhaps the OP are not as knowledgable as you. Scolding them is not the way to go. And if they don't know how to handle it, is it wrong to ask "what do I do?"
Joseph
I disagree, misinformation spreads like wildfire, it's the the reason there is a iPhone 4"G" model😕 Moof cut to the chase and directed all to the correct solution, regardless of skill level. By the end of the week there will be 100 different posts asking how their Mac got a "virus" by people who will only skim the headlines. Kudos to Moof
how to remove macdefender?
