Currently Being ModeratedMay 13, 2011 4:56 PM (in response to ashleighfromphiladelphia)
It's not a virus; it's Trojan, which works by trying to scare users into giving their password to install it. It can't do anything if you don't give it your password.
First, restart in Safe Boot by holding the Shift key down at the chime. Or, alternatively, open Activity Monitor in Utilities, set to Active Processes, find the program and force quit it. This will keep it from running, but only temporarily, so you can remove it.
1. Drag the MacSecurity program -- or whatever it's called; it keeps using different names -- MAC Defender, MacProtector, MacKeeper 911, Apple Security Center, Apple Web Security -- it's not hard to imagine the new names it will be using in the coming days -- (installed in the Applications folder by default) to the Trash. Empty the Trash.
2. Remove item of same name from the Login Items for your Account in the OS X System Preferences (if it exists).
3. Go to your Home folder Library>Preferences and, if you find it, delete com.alppe.spav.plist. Look also in Application Support (may not be anything there, but check just in case) and search for any files with one of the above names and trash them. Empty the trash.
4. If you use Safari, go to Preferences>General and UNCHECK "Open "safe" files after downloading. Keep that unchecked.
If you paid for it, they have your credit card #. Call your credit card and dispute the charges. Also, cancel the card ASAP.
As a precaution, change your password.
Currently Being ModeratedMay 13, 2011 8:57 PM (in response to WZZZ)
Drag the MacSecurity program -- or whatever it's called; it keeps using different names -- MAC Defender, MacProtector, MacKeeper 911, Apple Security Center, Apple Web Security -- it's not hard to imagine the new names it will be using in the coming days -- (installed in the Applications folder by default) to the Trash. Empty the Trash.
There is legitimate commercial software named MacKeeper which is self described as "like 911 for your Mac", although it does use some questionable advertising tactics. Are you aware of a new version of the application with this name? I did see reference today to a fourth version, but I can't seem to find any details, let alone get a copy. I am aware that Apple Security Center and Apple Web Security are among the labels being used for the pop-up site which then downloads the Trojan installer zip.
Currently Being ModeratedMay 13, 2011 9:11 PM (in response to MadMacs0)
There have been so many posts on this now, I can't remember where I saw this thing appearing with that name. But, I'm fairly certain it was the scam one the poster was talking about. I suppose if you search with site:discussions.apple.com, it'll turn up.
Currently Being ModeratedMay 13, 2011 9:50 PM (in response to WZZZ)
Thanks. Gave me pretty close to the same results as the form search did. About three instances dating back to Apr 30 and would seem to be the popup window click on me button.
Just trying to see if there is any truth to a fourth version.