Q: Remove MacProtector

Just so you know, Apple's part here is in providing this forum.  The majority of the advice comes from users, just like you.

I was checking my hotmail account and I got the pop up for Apple security. Having been a previous PC user I thought it looked a lot like the virus that made me a Mac user. So, I didn't click on it and I don't seem to have any files present. But, I printed out the instructions just in case. Thanks. Very helpful

As a very experienced user of computers, both PC's and various flavors of Linux and BSD, I had to chuckle when I saw the MacProtector popup thingy while I was viewing some Apple related site.  The Microsoft world is full of these fake anti-malware services that are themselves the malware they claim to defend you against.  Most malware these days comes from flash player exploits or malicious java laden web sites.  Only occasionally do they come from emails, and most of those are the social engineering variety that try to trick you into giving up your financial information.  They do that by trying to convince that you are in some sort of unusual situation with your bank or financial institution, and that you should log into their site with your login information.  Except that the site is not the real one, it's a redirect that only looks a lot like the real site, but it is not.  If you enter your banking or financial login credentials into one of those sites, then you may be in for a world of hurt.

Macs are a lot like BSD or Linux in how they work, so viruses in the traditional sense don't really get anywhere significant to do any real harm.  Malware, though, can do a lot of damage because a computer cannot control people's ability to spot one's susceptibility to social engineering.  The only real defense is vigilance and don't be too ready to install that "cool" looking app.

Cheers!

Message was edited by: MacScrub  typo correction

Thanx Cherokee...  I followed your advice and got rid of macprotector. So how do I inform Apple that it happened to me?

So how do I inform Apple that it happened to me?

You don't. There's no way to do so and no need to do so.

If you have AppleCare you could call it in, but the feedback I'm getting is that they have already been swamped with calls already.  I've also heard there will probably be some security adjustments soon, but that's still being debated.

I'm pretty sure they do some loose monitoring here, just to keep their fingers on the pulse, so to speak.

Just to let everyone know how to prevent this thing from happening again.

This malware depends upon JavaScript, a web browser "script" or code that allows the web page to do more things.

Now in Safari preferences JavaScript can be turned off, but it makes some web pages not function as intended.

Going back into Safari preferences to turn JavaScript on/off can become tiresome.

For a bit more security and a downloads window warning before it occurs, I suggest using the Firefox web browser and the Add-on (from the Tools menu) called NoScript.

https://www.mozilla.com/en-US/firefox/fx/

What NoScript does is acts like a "web cop" combating all the webside trickery involved in making something like this malware to work on your computer.

https://addons.mozilla.org/en-US/firefox/addon/noscript/

Under Firefox's View> Customize ToolBar is a option to drag the NoScript "button" to the toolbar.

As you surf, you run with no scripts or plugins, if you need them (and trust the site) you can then click the NoScript button to turn them on.

If by rare chance you do happen to be on a web site with NoScript turned on and the malware site appears, Firefox will display a download window and a chance for you to opt out/cancel, not just blindly allows the download to occur.

So there is two steps to protect you from being a victim again.

And if you need more protection, like children who click on everything, there is the Add-on called "Public Fox" which you can set a password on the downloads and other things so the browser is locked down.

https://addons.mozilla.org/en-US/firefox/addon/public-fox/

Good luck.

Love this group. You guys are the best, glad I finally found it.  Thanks for all the help.

God bless you! 

Okay, color me stupid since I am the only one that is having trouble with your great directions.  I did okay until #11  I open finder and I do not see file?  Ne Finder Window?  what am I doing wrong? I did NOT give my credit card as the brain kicked in and I reaized this was not right.  And then that dang gay **** site popped up and I about died.  I did delete this mess from System Preferences but I wanted to make sure it is all gone for good.  So please tell me how to proceed from step #11.  Thank you............

Nana Judy P

Oh is my face red!  I don't know what I made that so difficult. Yes I found the 'file' right up there where it belongs. LOL  Now I did not pay for the application so I did not find anything there - is that okay? I just want this dang thing gone.  Will not fall for that again.  And by the way, I had just gotten on Zillow when this happened, I will not be going back to that site again.  I hope it has been removed totally from my computer and if there is something else I should check please let me know.

Thanks again.

NJP

Thank you very much for such clear instructions!

I live in Malaysia, so that's how far the virus has spread.

Yes, I too did not appreciate the pop-ups!

Worked for me too,,,,thanks!

Nana Judy P wrote:

 

Now I did not pay for the application so I did not find anything there - is that okay?

No, if it asked you for your credit card and went to the gay **** sites then it's definitely in your Applications folder. If this just happened then it should be called MacProtector, but last week there it was called MacDefender and MacSecurity for a day or two.

And by the way, I had just gotten on Zillow when this happened, I will not be going back to that site again.

They are probably gone by now and will pop up somewhere else in a few hours. 

I hope it has been removed totally from my computer and if there is something else I should check please let me know.

A couple of things.  First in step 14 those file names are not exactly correct.  One is probably called "anti-malware.zip" and the other one is probably "MacProtector.mpkg".  Trash those along with the Application. Neither will hurt anything unless you double-click on them by accident later on, but best to get rid of them, as well.  I know the instructions say there are four files in the download folder, but I've never seen more than two.

Lastly, don't ever click on a button or enter your admin password without knowing exactly what is going on.  The next one could be a lot worse.

Did not find any more of it and there is nothing that I do not recognize at this point.  Just can't believe how stupid I was for just one minute.........but it did seem to just take over the computer.  I put it in the trash and have deleted that and hope that my typing in my password for it to install I did not goof too badly.  I did find it in my applications and got rid of it as soon as I read how to do that.

Thanks so much for your help, Mac Techs are the best.  I did go to  Safari and uncheck the 'open downloads'  Is that going to cause me problems now with opening attachements from emails? 

May these hackers all rot you know where.