is apple security center safe?

I am in the same position. I have no reason to keep IP ranges open that I don't, and will never, have any need for. If a need arises, I can unblock it. But there's no reason for me to keep open Russian and Chinese etc. hosting companies that house unremedied malicious websites.

Charles,

If you think the bogus web sites that host this malware are only located in those countries, I suggest you do your own whois search on some of the other IP address ranges known to have hosted it, especially those in the 69.xx.xx.xx range where it first appeared.

Any legitimate web hosting company anywhere on the planet could be used for these 'hit & run' tactics. The companies can't pre-screen the content & by the time someone complains to them about it, the threat has already moved elsewhere.

Oh, I know that, but it does cut down on some of them, and it gets rid of a _lot_ of spam.

Hi It is malware go in and delete everything that you see with the name mac protector,mac defender,look in your documents,downloads ,type it in finder and move anything with those names to the trash!!

Randy,

Thanks for stopping by, but this question was answered about a week ago.

Charles Dyer wrote:

And stuff like this is why I've blacklisted the entire IP range for the following countries: Russia and all the other ex-Soviet countries, China, Bulgaria, Romania,

Exactly how did you do that please Charles?

I'll add my name to the list...... can this be done in Firefox?

You don't do that kind of thing in a web browser. To find the range you want to block, look up the assigned IPs. http://www.countryipblocks.net/ can help. You then need to play with the command line. For example, to block access to a web server, you need to modify .htaccess. if you don't know what .htaccess is or where to find it or how to change it, you shouldn't be modifying it. You can also add blocks to your hosts file, but doing things that way is tedious. Again, if you don't know where or what the hosts file is, you might want to reconsider changing it.

It might be worth mentioning that the according to the Country IP Blocks web site among the countries originating the most spam the U.S. is high on the list, edging out both China & the Russian Federation for top honors in the first quarter of this year. Great Britain, Germany, Japan, & Canada were also among the top ten.

oh, yeah. But it's extra annoying to get spam in Cyrillic or Chinese characters.

Not sure if this is a new development or not...but this thing has hijacked my Chrome browser and I can't get rid of it! I didn't click on anything...It didn't download the files onto my system or install them. But the window trying to get me to do the download is running in my Chrome and no matter what I do I can't close and get rid of it.

I was on the MSNBC website when it hijacked my tab, btw. It's the 178. IP address still.

When I click the "close" button for that window, I get a pop-up in the window asking me if I really want to do that. I'm not dumb enough to not realize that whichever option I click, it will activate a download. The force quit function isn't working for that session. I can make Chrome quit by using the system wide force quit function, but it saves the open tabs and when I re-open Chrome...the malware window comes right back.

Help...any idea how to get my browser back? A re-install?

Open Activity Monitor>Active Processes in Utilities. Find whatever this thing is named, if it's there, and force quit it. In Chrome Preferences -- I don't have or know Chrome, but is there a setting that will quit all open tabs on re-opening?

Full removal: You have nothng to worry about if you didn't give your password to install it. These are the full instructions for those who have. But it can't hurt to check these locations, anyway.

First, restart in Safe Boot by holding the Shift key down at the chime. Or, alternatively, open Activity Monitor in Utilities, set to Active Processes, find the program and force quit it. This will keep it from running, but only temporarily, so you can remove it.

1. Drag the MacSecurity program -- or whatever it's called; it keeps using different names -- MAC Defender, MacProtector, MacKeeper 911, Apple Security Center, Apple Web Security -- it's not hard to imagine the new names it will be using in the coming days -- (installed in the Applications folder by default) to the Trash. Empty the Trash.

2. Remove item of same name from the Login Items for your Account in the OS X System Preferences (if it exists).

3. Go to your Home folder Library>Preferences and, if you find it, delete com.alppe.spav.plist. Look also in Application Support (may not be anything there, but check just in case) and search for any files with one of the above names and trash them. Empty the trash.

4. If you use Safari, go to Preferences>General and UNCHECK "Open "safe" files after downloading. Keep that unchecked.

If you paid for it, they have your credit card #. Call your credit card and dispute the charges. Also, cancel the card ASAP.

As a precaution, change your password.

I _think_ that if you hold the shift key down (or maybe the option key, or maybe both...) Chrome will clear the previous settings and start up with a new window. Other than that you'd need to delete the Chrome pref files in /Library/Prefrences.

You can disconnect your Mac from the Internet, then launch Chrome. It will attempt to open all pages from the last session, but without an Internet connection, it won't be able to load the JavaScript that prevents you from easily closing the window for the infected page. At this point you can close that window and quit Chrome, which will save the session without that window open. Then you can reconnect to the Internet and the next time you launch Chrome, it will not attempt to open that page.

@ScrapNancy

MANY websites, (usually pop-ups and spam, even if they aren't dangerous or malicious) will use a pop-up window to ask you if you really want to close the window. Clicking the right button (I think it's the "OK" button) will close the window.

From my understanding, the "Are you sure..." pop-up is part of the operating system/browser. It is meant for preventing accidental closing of windows with un-saved information on it. (Such as filling out a form, or writing a message.)

Unless it is part of the website, made to look like the OS, then it will not download anything. (At least in Safari.) And you shouldn't worry about simply having a file download to you computer. You should only worry if you actually install said file.