macosdefender.app

Please download and run Etrecheck It is a diagnostic tool that's very useful to us in finding problems. Also it will give us further specs on your Mac. After it runs post the log file here. It will contain no personal information.

I have just got rid of MacOSDefender, which was making Google searches in the Safari browser redirect to Bing search results. Tried everything that could find, scanned with Sophos and Malwarebytes - the MacOSDefender persisted as did its Google to Bing redirects. I could see that MacOSDefender was running, but couldn't find it in Apps or elsewhere to delete.

Solution was downloading the diagnostic tool recommended already here: EtreCheck on the Mac App Store

Downloaded the EtreCheck app from the App store (free) and ran the software to generate a diagnostic report of what was happening on my computer. One set of results are grouped into Major problems, I looked at that.

Under this Major (or something like that) heading, there were 3 or 4 headings for problems it found. I clicked on Unknown issues and examined the list. At the bottom could see the problem MacOSDefender had been found and id'ed as a potential problem.

EtreCheck was unable to remove the offending file with a click, but did provide easy steps to manually remove it:

1) Restart computer in Safe Mode (hold Shift until your user name appears on restart)

2)Generate a new EtreCheck report

3)Click the Reveal config file button to open a Finder window with the launched config file selected (the one with MacOSDefender)

4)Drag the file to Trash

5) After all desired files have been removed, restart your computer

Good luck..., M

Force Quit Safari ( command + option + esc keys).Then restart Safari holding the Shift key. If you still have problems Empty Caches (Safari menu > Preferences > Privacy > Remove all website data. (This will also remove history if you do not want to remove History open Safari Preferences > Advanced and check mark “Show Develop Menu” then choose “Empty Caches” from Develop Menu ).

Then go to Safari Preferences > Extensions and check there. If there is an extension delete it.

If the problem persists then download and run Malwarebytes. Malwarebytes was developed by one of our own colleagues here in ASC and is about the most proven anti-malware software for Mac.

The application of EtreCheck is indeed successful as described.

However, also clicking the "reveal executable" button reveals files residing in a hidden subfolder ".dir" of the folder "library/application support". It appears to be advisable to delete the complete subfolder ".dir"!

The subfolder ".dir" contains another executable (besides "MacOSdefender"). The accompanying config file is also listed by EtreCheck under "Major issues". It appears to be advisable to delete this config file as well.

Hello!

Had the same problem with the MacOSDefender-malware. Downloaded first the EtreCheck-software as described in this thread but that didn't help. I then called the AppleCare-Helpdesk. They recommended to download the software Malwarebytes (iOS Security - iPhone Call, Text, and Ad Blocker | Malwarebytes)

I did this, ran it, and the MacOSDefender was deleted.

Cheers.

Hartwig

Yes, it seems Malwarebytes is the easiest solution for MacOSDefender. But at times it won't remove software that is legitimate but unwanted. (PUP) and that's where Etrecheck comes in handy, as long as you know how to read the log or post it here help.

These are the only 2 utilities I'd recommend using for Mac OS.

Hi Hartwig, my experience was similar. Etrecheck helped me find and kill the Macosdefender, but it kept coming back. The Malwarebytes found "Mac Mechanic" and its things with similar names. fingers crossed...

I had this problem as well. I got rid of MacOSDefender this way:

In Activity Monitor find the MacOSDefender process. Double-click and get the file location and name of the executable. Open a Terminal window. Navigate to the app location and delete the app file or its complete directory. If I remember correctly, there was even an invisible “.dir” folder.

If you don’t know enough command line, ask a friend who does.

I found also a number of other hidden apps that may have been installed at the same time and removed them this way.

Good luck.

alright just solved this problem now , wasn't easy but was worth it ,

1. first an anti virus won't see the malware so you need to open activity monitor from your application folder in utility

find macosdefender and stay on it

2. now you have to open finder and go to the tab at the top that says "go" , and scroll down to "Go to folder" then imput "/Users/michaelalawaye/Library/Application Support/.dir" and search for Macosdefender folder.

3. force quit the app from activity monitor and immediately put the folder in trash from the .dir location

and empty trash.

solved.

if you can't find .dir because its an hidden folder

go to terminal by searching on spotlight "terminal" and paste this "defaults write com.apple.finder AppleShowAllFiles YES"

you'll be able to find it now.. :-)

Thank you to all the people who replied to the question. All answers were helpful. MalwareBytes was the easy solution. Just a note, though: You cannot obtain this from the App Store if you live in Australia. And I was, naturally, very wary of the various websites claiming to provide it. In the end I went with MalwareBytes.com and all was well.

This is a adware according to https://easyquickremoval.com/2018/09/how-to-remove-macosdefender-app/

Using malwarebytes worked for me. Many thanks. I tried quite a few other things I found on google and none of them seemed to work.

Thx. I haven't decided whether to purchase the premium version yet so interesting to know.

Was having this issue for a few weeks. This did the trick in removing redirect virus from google to bing on Mojave.

Thanks M