How to remove Mac defender

Do you personally know the users of these Macs?

I've communicated with several of them in these forums. They were all at the lowest level of computer literacy -- they weren't stupid, but they didn't understand computing. The reason why they were vulnerable to the "MacDefender" scam is that they were fearful of non-existent viruses, thanks to misinformation of the sort that you're spreading in this thread. Sophos, even if they had know about it or been capable of installing it, would NOT have saved them from being fleeced and possibly having their identity stolen. It will NOT save others like them from the same thing, when the next trojan emerges.

That's my last word on the subject.

Nargg, I ran Sophos AV on someone's computer late last week and it removed it.

Linc, it is not misinformation, I am a technician and have been for MANY years. This is the first time I have seen anything of this magnitude on Apple computers. It is real and Sophos will catch it if the antivirus definitions are up to date. Welcome to the world of Mac trojans and malware!

Nargg: It's called social engineering, and YOU can fall victim to it just as easily as anyone. A/V is real on the Mac, but like on Windows it won't help against social engineering attacks. These attacks are zero hour attacks and since A/V is a blacklist, it won't know enough about your attack to help you.

I know what it is, that is why I said this:

" If you click ok, allow and install then dish out your credit card information, well then you need to uncheck the stupid setting in your control panel to fix that. 😝"

This program is a phishing program not a virus. My statement that you don't need anti-virus on a Mac still stands Nargg.

Philip, you need to wake up and smell the coffee. Macs were never invulnerable to viruses (trojans) or malware. That is a common misconception about Macs. The reason why there haven't been many viruses or malware on Macs is because Apple's market share was so small. Windows computers dominated the market and hence why the majority of viruses/malware targeted Windows computers. Since Apple has gained market share and user base, there is more reason for virus/malware creators to create them for the Mac. Viruses and malware are a REAL threat on Macs now. I am a technician and have seen both Mac Defender and Mac Protector and while these are pretty easy to remove, they will only get more complex. Here is a great article stating to "ignore the dinosaurs" who say you don't need virus protection.

Year after year, OSX gets a larger installed user base, yet the viruses aren't there. As the percentage of users on OSX increases, the percentage of viruses does not increase. Why? Is it because no one wants to hack the data from a Mac user? Is it because botnet handlers do not want to add more machines to their botnets or create hordes of Mac bot nets?

There is money to be made, information to be stolen and botnets to create and use to make money if you can hack Macs and infest them with viruses and remote access all of the other virus/malware that you find on Windows machines. So why doesn't it happen? Why has no one loaded up the wagons and headed to the gold rush of Macs that are out there and can be exploited for gain? Its because you CANT do it. Macs are based on Unix which, unlike Windows, was designed with security in mind. This foundation of the OS is why today, even with large growth in the installed OSX user base, we don't see a proportional increase in viruses affecting OSX computers. There have been vulnerabilities in older Mac OS versions but we are not seeing an increase in viruses on the OSX platform even though the market share has been increasing.

Another reason to target Macs and write viruses would be the fact that few Mac users have any sort of AV on their computers. What a ripe target for hackers and virus writers, but even still, there aren't viruses. This ideology that Macs don't have viruses because they don't have market share was a lame excuse made by Windows dinosaurs of the past who have always thumbed their noses at us Mac users, but its turning out that we were right all along. Macs are simply more secure.

Who's the dinosaur now?

Liar. Because Sophos stated as of only a couple days ago they clean it, not last week.

I don't know why people call it a virus - it's not really a virus. Its just abusing the fact that people are not educated enough about this. It's not a virus at all. People just need to be more careful when downloading software. Personally I wouldn't see a need for anti-virus for Mac - the security model works in a way that you have to give the program permission to do anything. It can't just install like on windows with your local account.

Only install legit applications on your mac which come from a legit source. If you are not sure ask around and see how people rate something before you just try something out.

Love the way people are say whoohoo macs can get viruses.... Anything can get a virus if people allow a random program access too - that will happen to any operating system. This is more of 'preying on the vulnerable' than it is a virus. People need to wake up and not just load anything on a computer. If you don't know - find out first!

I don't believe in the 'social engineering' excuse at all - if you are careful you won't have any problems on your pc, be it mac or any os. The problem is being careful takes effort. If you are not going to make effort then you WILL suffer in some way.

From Thomas Reed:

Also, you should consider removing Norton and using either ClamXav or Sophos Anti-Virus for Mac Home Edition, both of which can recognize all current MacDefender variants and will not cause the kinds of problems Norton is known for.

http://www.reedcorner.com/news.php/?p=138

I know he's been using Sophos for months with no "ill side effects" to his system.

Symmantics on the definition of "is" once again.

AntiVirus sw will not fix this issue because it is not a virus. It is an installed program that was given permission to run by the user.

it is easy to remove, but there are several steps:

-have user quit all apps

-have user force quit safari

-have user open activity monitor and force quit mac defender/Security/Protector

-quit activity monitor

-have user delete mac defender/Security/Protector from downloads & applications folder

-have user do a Spotlight search for 'MacDefender/Security/Protector'/'Mac Defender/Security/Protector' and move any Mac defender/Security/Protector files to the trash

-have user go to system prefs>accounts>login items> and delete mac defender/Security/Protector from start up list

-have user restart

-have user empty trash

Wow, someone actually knows what they are talking about. 😉

ronfromkingston is clueless. You, Linc, and ftonjes are actually correct.

Sure it's "possible" for a Mac to get a virus, but in reality you have a better chance of getting struck by lightning. There is no OS on this planet that can protect you if you are foolish enough to type in your password and allow a program you did not intentionally download to install on your computer. the ONLY protection against Malware is educating the computer user. End of story.

Correct!

However, the following step:

"-have user do a Spotlight search for 'MacDefender/Security/Protector'/'Mac Defender/Security/Protector' and move any Mac defender/Security/Protector files to the trash"

is really unneccesary. If you skip this step you will still keep the program from running, which is really all most people care about. Granted that extra step is a cleaner, more complete removal and wont hurt anything, it's just not really necessary. 😉

Apple recently published an article - How to avoid or remove Mac Defender malware:

http://support.apple.com/kb/HT4650

-mvimp

Apple have announced a Software Update will be released in a day or two to overcome the MACDefender etc problem.

http://osxdaily.com/2011/05/24/mac-os-x-to-get-anti-malware-update/

I used this script by Lawrence Abrams and it got rid of everything in 9 seconds--MacDefender, MacGuard, etc, etc.. This was on one of the work Macs and the virii installed itself by going to Drudge Report home page for a news update by the user before leaving work.

http://www.bleepingcomputer.com/forums/topic399803.html

It is tiny, installs in seconds, flushes in seconds, end of tale.

Hail, Mac-Rogue-Remover!

Here it is from the script and its comments after removal:

"Mac Rogue Remover by Lawrence Abrams

http://www.bleepingcomputer.com/

Copyright 2008-2011 BleepingComputer.com

MacGuard process was found and terminated!"

Hope this is helpful.

Thank you,

Robert A.M. Stephens

Scaled Dynamics

NASA Visual Exploration

Pan America

USA

---------------------------------------------

Have Jeep, Have Heart, Will Travel

THANK YOU, THANK YOU! for saying. this. I've serviced and supported Macs for almost 9 years and it enrages me when I hear people say Macs can't get viruses, malware, trojans or whatever. Not true. I can tell you within past several months I have seen more and more Macs experience these types of malicious attacks. Nothing too serious but it can happen. With Macs becoming more and more common, I expect OS X to be more susceptible these attacks. Just yesterday, I found 185 malware files on customer's computer.