Skip navigation

I think I have a virus on my mac? How do I get rid of it?

3846 Views 4 Replies Latest reply: May 13, 2011 9:50 PM by MadMacs0 RSS Branched to a new discussion.
ashleighfromphiladelphia Calculating status...
Currently Being Moderated
May 13, 2011 4:35 PM

I think that there is a virus on my mac. There is a red shield in the top bar of the desktop with a exclamation point in it. It clames to be virus software and wants my credit card number. It says system infected and then dirty websites pop up. I found the file in the application folder but it wont let me delete it or put it in the trash because it says it is in use. When I try to force quite, it doesn't show up in the box to be able to quite. Does anyone have a suggestion?

iMac, Mac OS X (10.5.8)
  • WZZZ Level 6 Level 6 (11,875 points)

    http://www.securelist.com/en/blog/6211/Rogueware_campaign_targeting_Mac_users

     

    It's not a virus; it's Trojan, which works by trying to scare users into giving their password to install it. It can't do anything if you don't give it your password.

     

    To remove:

     

    First, restart in Safe Boot by holding the Shift key down at the chime. Or, alternatively, open Activity Monitor in Utilities, set to Active Processes, find the program and force quit it. This will keep it from running, but only temporarily, so you can remove it.

     

        1.    Drag the MacSecurity program -- or whatever it's called; it keeps using different names -- MAC Defender, MacProtector, MacKeeper 911, Apple Security Center, Apple Web Security -- it's not hard to imagine the new names it will be using in the coming days -- (installed in the Applications folder by default) to the Trash. Empty the Trash.

        2.    Remove item of same name from the Login Items for your Account in the OS X System Preferences (if it exists).

        3.    Go to your Home folder Library>Preferences and, if you find it, delete com.alppe.spav.plist. Look also in Application Support (may not be anything there, but check just in case) and search for any files with one of the above names and trash them. Empty the trash.

        4.    If you use Safari, go to Preferences>General and UNCHECK "Open "safe" files after downloading. Keep that unchecked.

     

    If you paid for it, they have your credit card #. Call your credit card and dispute the charges. Also, cancel the card ASAP.

     

    As a precaution, change your password.

  • MadMacs0 Level 4 Level 4 (3,315 points)

    WZZZ wrote:

     

    Drag the MacSecurity program -- or whatever it's called; it keeps using different names -- MAC Defender, MacProtector, MacKeeper 911, Apple Security Center, Apple Web Security -- it's not hard to imagine the new names it will be using in the coming days -- (installed in the Applications folder by default) to the Trash. Empty the Trash.

    There is legitimate commercial software named MacKeeper which is self described as "like 911 for your Mac", although it does use some questionable advertising tactics.  Are you aware of a new version of the application with this name?  I did see reference today to a fourth version, but I can't seem to find any details, let alone get a copy.  I am aware that Apple Security Center and Apple Web Security are among the labels being used for the pop-up site which then downloads the Trojan installer zip.

  • WZZZ Level 6 Level 6 (11,875 points)

    There have been so many posts on this now, I can't remember where I saw this thing appearing with that name. But, I'm fairly certain it was the scam one the poster was talking about. I suppose if you search with site:discussions.apple.com, it'll turn up.

  • MadMacs0 Level 4 Level 4 (3,315 points)

    Thanks.  Gave me pretty close to the same results as the form search did.  About three instances dating back to Apr 30 and would seem to be the popup window click on me button.

     

    Just trying to see if there is any truth to a fourth version.

Actions

More Like This

  • Retrieving data ...

Bookmarked By (0)

Legend

  • This solved my question - 10 points
  • This helped me - 5 points
This site contains user submitted content, comments and opinions and is for informational purposes only. Apple disclaims any and all liability for the acts, omissions and conduct of any third parties in connection with or related to your use of the site. All postings and use of the content on this site are subject to the Apple Support Communities Terms of Use.