What is mac defender?

Is is a virus? How do I protect my mac from it?

if you installed it follow this
The Sourcefire Vulnerability Research Team (VRT) has a great blog on MacDefender, the rogue antimalware trojan currently spreading on Mac systems. This malware is known by a variety of names, including "Mac Defender", "MacProtector", "Mac Security", "Apple Security", and "Apple Security Center". The blog is filled with excellent technical details and images, and it also has clear and easy procedures for removing it, which I will repeat here:
In Safari under "Preferences", at the bottom of the "General" tab (the first tab), uncheck "Open safe files". This will prevent Safari from starting threats like MacDefender automatically after downloading them.
Open up "Activity Monitor" (this is in your Utilities folder within Applications)
Find "MacDefender" (or whatever the malware is being called, MacProtector, Mac Security, etc)
Highlight it then click "Quit Process" which looks like a big red stop sign at the top right of the Activity Monitor screen.
Next, open System Preferences, and go to "Accounts". When it appears click on the "Login Items" button, select the program, and then click the "minus" button to remove it from Login Items.
Next, navigate to your Applications folder, find the program, drag it to the trashcan, and then empty the trashcan. Yes. It's really that simple to remove
hope this helps
-mvimp

Similar Messages

  • Mac Defender Malware?

    What is Mac Defender Malware? what does it really do? I Never heard of Mac Defender Malware & I Wanted to ask about it? cause i see the little yellow link about it & i'm ready to click it, i been seeing it for weeks now or something like it or whatever whatever? can i click the link to read about it? is it safe? sorry this is a stupid question

    Recently discovered malicious software dubbed "MACDefender" (also goes under the name of MacProtector, MacGaurd, MacSecurity or MacShield) takes aim at users of the Mac OS X operating system by automatically downloading a file through JavaScript. But users must also agree to install the software, leaving the potential threat limited.
    The new MACDefender malware was first noted on April 30, 2011 by users of the Apple Support Communities, and was highlighted on May 2 by antivirus company Intego. If the right settings are enabled in Apple's Safari browser, MACDefender can be downloaded to a system after a user clicks a link while searching the Internet.
    "When a user clicks a link after performing a search on a search engine such as Google, this takes them to a web site whose page contains JavaScript that automatically downloads a file," Intego said. "In this case, the file downloaded is a compressed ZIP archive, which, if a specific option in a web browser is checked (Open 'safe' files after downloading in Safari, for example), will open."
    More details here:
    http://www.reedcorner.net/news.php/?p=138#more-138
    However, users must still agree to install the malware after it downloads. After the ZIP file is extracted, users are presented with the "MACDefender Setup Installer," at which point they must agree to continue and provide an administrator password.
    Because of the fact that users must agree to install the software and provide a password, Intego categorized the threat with MACDefender as "low."
    Users on Apple's support forums advise killing active processes from the application using the Mac OS X Activity Monitor. MACDefender can then be deleted from the Applications folder by dragging it into the trash. There is also a 'MacDefenderKiller' uninstaller available here:
    http://www.macupdate.com/app/mac/38520/macdefenderkiller
    On May 24 Apple issued this Knowledge Base Article on how to avoid or remove the MacDefender malware (which has been updated several times):
    http://support.apple.com/kb/HT4650
    But that does not mean it is over. On May 25, MacGuard is launched:
    http://www.zdnet.com/blog/bott/mac-malware-authors-release-a-new-more-dangerous- version/3385?tag=nl.e589
    Further information here:
    http://www.macworld.co.uk/news/index.cfm?olo=email&NewsID=3282245
    Apple  released Security Update 2011-003 on May 31, 2011, which adds malware detection and removal for the "MAC Defender" scam and delivers a daily update mechanism for updating subsequent malware definitions. This is for Snow Leopard only.
    The security update for Mac OS X 10.6.7 is available from Software Update or the company's Downloads page. Installing the update does not require a system reboot.
    http://support.apple.com/kb/DL1387
    (The malware is not to be confused with MacDefender, the maker of geocaching software including GCStatistic and DTmatrix. The company noted on its site it is not affiliated with the malware.)
    Trojans and other malware spreads through search engines like Google via a method known as "SEO poisoning." The sites are designed to game search engine algorithms and show up when users search for certain topics.
    Now also available on Facebook!
    http://www.macworld.co.uk/news/index.cfm?olo=email&NewsID=3283550
    Apple are now fighting a running battle with the scareware makers:
    http://www.macworld.co.uk/news/index.cfm?olo=email&NewsID=3284106

  • I just got mac defender attacked..help...what do i do??

    i just got mac defender attacked. i entered my password but did not register...what do i do. and once i am able to get rid of it how do i make sure my computer is completely safe? what anti malware product should i get (purchase or for free)??
    thanks!!

    5/24/11, finally: http://support.apple.com/kb/HT4650,
    How to avoid or remove Mac Defender malware

  • Don't know what to make of Mac Defender?

    Is Mac Defender a good product?  It showed up on my computer and asked me to register, though it seems impossible as it asks for a serial number of the product which I don't have

    All the news sites have the details on new malware.
    New 'MACDefender' Malware Threat for Mac OS X - Mac Rumors
    MacInTouch
    MacFixit
    AppleInsider
    Discussions over on Snow Leopard community.
    Mac OS X v10.6 Snow Leopard

  • I just got the Mac defender virus, has anyone had this problem? What is the best software to get rid of this virus?

    I have a MacBook pro and just got infected with the Mac Defender. WhT is the best software to get ride of this and protect from a future virus? I have looked at intego, norton, and panda.

    Trojan War
    If you discover a trojan program is running on your computer then look to the following information for assistance:
    1. A recent discussion on the Apple Support Communities: MacDefender Trojan.
    2. An excellent site devoted to Mac Malware: Macintosh Virus Guide
    3. Another site for removing MacDefende, et.al.: MAC Defender Rogue Anti-Virus analysis and Removal
    4. A new removal utility - MacDefenderKiller
    Removing strange software can be a task.  The following outlines various ways of uninstalling software:
    Uninstalling Software: The Basics
    Most OS X applications are completely self-contained "packages" that can be uninstalled by simply dragging the application to the Trash.  Applications may create preference files that are stored in the /Home/Library/Preferences/ folder.  Although they do nothing once you delete the associated application, they do take up some disk space.  If you want you can look for them in the above location and delete them, too.
    Some applications may install an uninstaller program that can be used to remove the application.  In some cases the uninstaller may be part of the application's installer, and is invoked by clicking on a Customize button that will appear during the install process.
    Some applications may install components in the /Home/Library/Applications Support/ folder.  You can also check there to see if the application has created a folder.  You can also delete the folder that's in the Applications Support folder.  Again, they don't do anything but take up disk space once the application is trashed.
    Some applications may install a Startup item or a Log In item.  Startup items are usually installed in the /Library/StartupItems/ folder and less often in the /Home/Library/StartupItems/ folder.  Log In Items are set in the Accounts preferences.  Open System Preferences, click on the Accounts icon, then click on the LogIn Items tab.  Locate the item in the list for the application you want to remove and click on the Delete [-] button to delete it from the list.
    Some software use startup daemons or agents that are a new feature of the OS.  Look for them in /Library/LaunchAgents/ and /Library/LaunchDaemons/ or in /Home/Library/LaunchAgents/.
    If an application installs any other files the best way to track them down is to do a Finder search using the application name or the developer name as the search term.  Unfortunately Spotlight will not look in certain folders by default.  You can modify Spotlight's behavior or use a third-party search utility, Easy Find, instead.  Download Easy Find at VersionTracker or MacUpdate.
    Some applications install a receipt in the /Library/Receipts/ folder.  Usually with the same name as the program or the developer.  The item generally has a ".pkg" extension.  Be sure you also delete this item as some programs use it to determine if it's already installed.
    There are many utilities that can uninstall applications.  Note that you must have this software installed before you install software you may need to uninstall.  Uninstallers won't work if you install them after the fact.  Here is a selection:
    AppZapper
    Automaton
    Hazel
    CleanApp
    Yank
    SuperPop
    Uninstaller
    Spring Cleaning
    Look for them and others at VersionTracker or MacUpdate.
    For more information visit The XLab FAQs and read the FAQs on removing software and dealing with spyware and malware.
    After removing all the components of the software you may have to restart the computer to fully disable the software.  This will be the case when removing software that has installed a daemon.  After the daemon has been removed you need to restart the computer to stop the daemon.  Alternatively, you can kill the daemon process using the Terminal application or Activity Monitor.

  • Post Mac Defender Issues!

    I have just deleted Mac Defender from my desktop... But now my volume is not working  in itunes or otherwise. What should I do?

    See:
    Trojan War
    If you discover a trojan program is running on your computer then look to the following information for assistance:
    1. A recent discussion on the Apple Support Communities: MacDefender Trojan.
    2. An excellent site devoted to Mac Malware: Macintosh Virus Guide
    3. Another site for removing MacDefende, et.al.: MAC Defender Rogue Anti-Virus analysis and Removal
    Removing strange software can be a task.  The following outlines various ways of uninstalling software:
    Uninstalling Software: The Basics
    Most OS X applications are completely self-contained "packages" that can be uninstalled by simply dragging the application to the Trash.  Applications may create preference files that are stored in the /Home/Library/Preferences/ folder.  Although they do nothing once you delete the associated application, they do take up some disk space.  If you want you can look for them in the above location and delete them, too.
    Some applications may install an uninstaller program that can be used to remove the application.  In some cases the uninstaller may be part of the application's installer, and is invoked by clicking on a Customize button that will appear during the install process.
    Some applications may install components in the /Home/Library/Applications Support/ folder.  You can also check there to see if the application has created a folder.  You can also delete the folder that's in the Applications Support folder.  Again, they don't do anything but take up disk space once the application is trashed.
    Some applications may install a Startup item or a Log In item.  Startup items are usually installed in the /Library/StartupItems/ folder and less often in the /Home/Library/StartupItems/ folder.  Log In Items are set in the Accounts preferences.  Open System Preferences, click on the Accounts icon, then click on the LogIn Items tab.  Locate the item in the list for the application you want to remove and click on the Delete [-] button to delete it from the list.
    Some software use startup daemons or agents that are a new feature of the OS.  Look for them in /Library/LaunchAgents/ and /Library/LaunchDaemons/ or in /Home/Library/LaunchAgents/.
    If an application installs any other files the best way to track them down is to do a Finder search using the application name or the developer name as the search term.  Unfortunately Spotlight will not look in certain folders by default.  You can modify Spotlight's behavior or use a third-party search utility, Easy Find, instead.  Download Easy Find at VersionTracker or MacUpdate.
    Some applications install a receipt in the /Library/Receipts/ folder.  Usually with the same name as the program or the developer.  The item generally has a ".pkg" extension.  Be sure you also delete this item as some programs use it to determine if it's already installed.
    There are many utilities that can uninstall applications.  Note that you must have this software installed before you install software you may need to uninstall.  Uninstallers won't work if you install them after the fact.  Here is a selection:
    AppZapper
    Automaton
    Hazel
    CleanApp
    Yank
    SuperPop
    Uninstaller
    Spring Cleaning
    Look for them and others at VersionTracker or MacUpdate.
    For more information visit The XLab FAQs and read the FAQs on removing software and dealing with spyware and malware.
    After removing all the components of the software you may have to restart the computer to fully disable the software.  This will be the case when removing software that has installed a daemon.  After the daemon has been removed you need to restart the computer to stop the daemon.  Alternatively, you can kill the daemon process using the Terminal application or Activity Monitor.
    Be sure you have removed it properly.  As for the other issues you mentioned you will need to provide further explanation.  "Not working in itunes or otherwise" is not very useful information.  If these problems are unrelated to your post, then post them in a new topic.
    Search the forums for this trojan as there have been thousands of posts already.

  • Mac Defender virus?

    I got a virus on my computer and it downloaded something called mac defender. Now I can't get it off. It makes sexually explicit pictures and websites pop up on my computer. Anyone know how to get rid of this virus? Any help would be greatly appreciated.

    EasyOSX wrote:
    My source is Cult of Mac: http://www.cultofmac.com/mac-defender-variant-bypassed-os-x-anti-malware-softwar e-within-hours/97956.  And they got their information from ZDNet: http://www.zdnet.com/blog/bott/new-apple-antivirus-signatures-bypassed-within-ho urs-by-malware-authors-update/3396
    OK, well that was over two weeks ago and it wasn't immune to the defs update that came out that same day shortly after 9pm GMT.  There have been a total of 16 updates since then and as near as I can tell Apple has been able to keep up.  Certainly agree that there are issues for a few folks in getting the updates and the frequency of updates seems to exceed what Apple expected, but as many have said here before, the solution to this one is an educated user.  I'm not against supplementing that with reliable AV (or AM for the purists) software to protect against the next threat, which could be more damaging.

  • Mac Defender malware installed itself without password

    Good afternoon to all, I'm new to these forums and wish I had subscribed sooner, if I had I would have been aware and not caught by surprise when browsing Facebook yesterday the Mac Defender malware window popped up, I foolishly clicked the install tab first and looked up info next, realizing what it was I proceeded to remove it and download 2011-003, I also made sure firewall is on and Safari open safe files off, I changed all my passwords and canceled my credit cards even though I did not see any requests for that info nor the **** sites other Mac users have reported, after doing that to protect my machine from further trouble I still feel uneasy, embarrassed and disappointed at myself about my laziness and complete ignorance about the workings of my computer, I'm ashamed to say this but prior to yesterday I did not know there was a thing called firewall or anything about Safari settings etc. Well in a way I'm glad that this happened because I am now going to educate myself, I love my Mac and will never be caught off guard again, my question is, are there any further steps I should take to get it pristine clean like it was when I purchased it? If this is a dumb question I apologize, thanks in advance for any advice.

    I also made sure firewall is on...
    That's not necessary if you have a router, and it won't protect you from malware at all.
    I changed all my passwords and canceled my credit cards...
    MacDefender doesn't steal passwords or credit card numbers as far as anyone knows. You enter the credit card number voluntarily. If you didn't do that, you didn't need to cancel the cards.
    ...I did not know there was a thing called firewall...
    Again, the firewall wouldn't have helped in any way. It's not a malware filter.
    ...are there any further steps I should take to get it pristine clean like it was when I purchased it?
    If you followed the instructions to remove the trojan, and it's no longer running, then it's gone.

  • Heads Up/Warning Mac Defender

    Just as a heads up and warning, there hsa been two incidents in the last hour or so where users are being redirected and Mac Defender seems to have downloaded itself claiming a virus has been detected. This is a trojan and should be deleted immediately. If you feel you need protection perhaps installing ClamXav would be an option. Be careful where your surfing in the Interwebs. Any information you can provide if you encounter this problem would be greatly appreciated, info such as the browser you're using and the website that is redirecting you.
    Regards,
    Joseph

    Carol
    MacDefender is security software. You don't need it. If you want, and it will give you peace of mind you can get ClamXav. It is free to use and has been around a long time. I would unistall it, and if you feel you need some virus protection use ClanXav. Some people will tell you you don't need AV programs for Macs because there are no viruses for Macs. But you have the option. About getting your money back, is there any contact info? Did you get a receipt emailed to you. Because it was malicious the way you were panicked into purchasing the software. I would contact them. You can also open a thread here in the MBP forum and relate what you told me and someone with more experience than me will advise you. Another member of the forums ds store is looking into this. Does MacDefender have an uniinstall utility? If it does run it. If not open Activity Monitor and look for the MacDefender process and kill it, then go to  your applications fold and drag MacDefender to the trash. Don't delete your trash until you've restarted your computer. I would also go to sysem preferences and go to accounts and check your login items and remove anything related to MacDefender. You may want to do a search in Spotlight and in the finder for MacDefender in case there are related files. Hope this helps.
    Regards,
    Joseph

  • Should i purchases the mac defender software

    I was on a webpage and then I was prompted to protect my computer and consequently downloaded Mac defender. Now I'm being asked to pay for a subscription. Is it worth it? I thought Macs didn't have many problems with viruses.

    No!
    What webpage were you on?
    Please post.  With Warning! Maliciious!
    and post it like this for example:
    malicioussite  DOT  net
    So it's not a link.
    What browser were you using?
    Thanks!

  • Are clean my mac and mackeeper legit? i am nervous as i got caught with mac defender. both of these programs i found on my mac tips and tricks app on dashboard and thought they would be approved. not sure and don't want to go ahead and use the samples etc

    are clean my mac and mac keeper legit? i am nervous as i got caught in the macdefender scheme but these two i found on the mac tips and tricks app on dashboard so downloaded them but haven't used them yet. just don't want or need another mac defender hassle. thanks for any and all info in advance

    once again thanks for more info. what i am still not clear on is if i haven't installed mackeeper can i just drag the icon of the open box [in one case] and the mackeeper icon in my app folder. i somehow downloaded two copies of mackeeper. clicked on one and it was put into my app folder. then i decided to use it and clicked on it and it started asking for email address and stuff. while i put an address in i didn't finish installing or hitting the button that would have probably got it completely installed.
    checked the email address i gave it and no notice from them that i had completed the install or any other info. makes me hope it is still un installed.
    given the givens should i use the apple help writer "how to uninstall mackeeper" on one or both of them or just hope that dragging them to the trash will suffice?
    one of the many great things about apple is this support communities and folks like you and paul. have been rescued from my stupidity by others and you guys. thanks again

  • How do you know what version Mac OSX is on ANOTHER drive?

    How do you know what version Mac OSX is on ANOTHER drive without starting that drive
    and seeing the system profiler? In fact, because the drive wont start up, Now I am wondering if it is pre-intel. ? CMD-I doesn't do it. Thanks

    Why mess with this? Well, I got the HDDs and the enclosure from my previous PPC, so I'd like to make use of it all without $pending again.
    I don't see any problems with using the card and drives on your new Mac. Hardware is too pricey to just leave behind if you can't help it. With the new drivers I suspect you'll be able to use your drives, I just don't think you'll be able to boot from them if the interface card requires drivers. They should still be very fast storage devices, and probably reliable due to the ongoing support the vendor has provided.
    I went through the same type of issue when I bought my Dual G4 1.42 Tower (upgraded from a Quadra 840AV ). Several of my devices were SCSI (I was into SCSI Wide/Fast drive arrays at the time for video capture), and I was able to use an Adaptec card for scanning for several years with Jaguar and Panther. I'd spent quite a bit of cash to ensure high quality and performance and didn't want to loose all of the investment. Eventually the SATA hard drives and other USB and Firewire replacements became so cheap and performance improved enough that loosing SCSI with Tiger was not a big deal. I do think I should get about 5 years of hardware compatibility with most products and I keep older Mac's around for dedicated services as long as they aren't a costly maintenance issue.

  • I don't recall always having to enter admin. name and p/w when doing updates. Is this req't only for certain software. I am a bit paranoid now with the Mac Defender lurking about.

    When completing the software updates I can't remember always having to enter administrator name and password. Maybe it's just been automatic on my part but now I rethink the process when I am asked to enter this info since the Mac Defender malware became an issue with Mac. Just wanted to know if this procedure occurs with all software updates or is it selective based on the type of update? This time is concerned Airport. Thanks for any insight.

    Are you running as an Admin User or non-Admin? ie. have you set your Mac up with multiple user accounts - one as an Admin and one as a Standard user?
    For security, you are better off having an Admin user account that has Admin privileges and a Standard user account that you use from day to day with standard privileges. When you install system updates you will be required to enter an Admin name and password, and any software that needs access to the system will require an Admin name and password, but anything that you install just for your user account that doesn't require total system access will be able to be dragged and dropped into your Application folder as per usual.
    MacDefender runs in a web browser - that should be a huge red flag! If you see a warning when you are running Safari or another web browser close the browser window or Force Quit it. (under the Apple Menu => Force Quit...) In Safari Preferences untick Open "safe" files after downloading. (It will prevent an installer from automatically launching if something nasty is downloaded to your machine.) MacDefender and its variants attempt to trick people into installing stuff that will compromise their system. If something pops up unannounced on your machine that you didn't download, close it and delete it.
    This article goes into depth about the MacDefender Malware:
    http://rixstep.com/2/20110610,00.shtml
    The salient points are summed up in the "Recapitulate" section at the bottom of the article: It's a bit Hipster Geeky.
    "To Recapitulate
    As recounted elsewhere, the Mac Defender attack is a well thought out attack that may have taken months to get together. The first step was to compromise websites of eejits, hack their FTP accounts, and upload dynamited files to their servers.
    Then followed the Google whacks which led to people clicking on links they'd provided at the sites they'd hijacked.
    And then finally they uploaded Mac Defender so people would get hit by it. And the purpose of Mac Defender is to scare you into thinking you're infected so you pull out your credit card.
    Then the hackers run away with your credit card info and buy mink coats and chinchilla coats or whatever they want.
    But staying clear of Mac Defender is really easy and doesn't require any AV software.
    Don't ever open anything you didn't want to download.
    Turn off JavaScript when accessing any Google Images site.
    Make sure you don't have Safari set to automatically open downloads."
    I'd add, keep your software up to date. Especially Adobe's Flash Plug-in as this is no longer supplied in system updates by Apple and could become an attack vector in the future. Always download software from reputable sources - ie. when downloading the Flash plug-in, get it from Adobe directly - don't follow a link from a website that tells you your version of Flash is out of date.
    Enable your Firewall in System Preferences => Security => Firewall. Click on the Advanced button and Enable Stealth Mode too.
    Also under:
    System Preferences => Security => General.
    Disable Automatic Login. Require a password to unlock each System Preferences pane. Use secure virtual memory. Automatically update safe downloads list.
    Educate yourself.

  • Mac Defender - contact info for money back?

    I just installed Macdefender after it said my macbook is infected with a bunch of virus and I even paid for it ($99)! I saw all the warnings and got panicky about it and just used my credit card to pay for it!
    After reading the comments here I now know that I don't need it on my macbook - the way they tricked me into buying it was not right... (it wasn't done in a way like a normal 'scam' ... the graphics/wordings they used were very 'Apple' style and made me think that it was messages coming directly from Apple!)
    Any chance someone here knows how to get in touch with them about this?!
    Thanks!!

    ou may a trojan called  Mac Defender   / Protector / Security
    They are probably located in Eastern Europe and they have thier on fake call centre.
    Contact your bank to cancel your card.
    Check you downloads folder and apps folder to see if it is there If  you not find it
    -If go to safari, preferences, general, deselect  - open all safe downloads ( may not be exact wording)
    If you find it go to  DO NOT SIGN UP or GIVE CREDIT CARD INFO....
    Go to acitivity monitor in ultilies - quit the program.
    trash it from downloads, app folder, remove for Login Item in accouns (sys. pref)
    Boot into safe mode - hold the option key down and when you restart the mac
    look at these locations to see if remains.... if found try removing them again
    Uncheck the safari pref as above
    I advise getting security software or wait for Apple to come up with a security fix

  • What is mac's version of word ?

    what is mac's version of word ?

    If you are looking for the apple word processing/ desktop publishing it's Pages which it typically a part of the iWork suite which includes Keynote (presentation) and Numbers (spreadsheet). They can all export into Office.

Maybe you are looking for

  • Anyone know how i can stop firefox 25.0.1 from crashing several times a day?

    In the last couple of weeks Firefox 25.0.1 has started randomly crashing, Mainly when i try to open a random page upon the BBC website. When it does so it loses all of my open tabs and the restore previous session greys out and becomes unusable. I ha

  • HTTPS with APEX and Orace XE

    I looked into it and I cant really get a clear image on how this works and if it is possible with my current situation. What do I want? I want make HTTPS calls from my pl/sql like: UTL_HTTP.SET_WALLET('location', 'pw'); req := utl_http.begin_request(

  • Blank line in MSCONFIG connected to error 148:3?

    Install any Adobe CS4 product on a Windows OS and the software adds some number of Startup items to MSCONFIG including CS4ServiceManager, AdobeCollabSync and a blank line with no Startup file name or Command Line entry. Until Adobe's products added t

  • ECS- Extended Classic Scenario - Customer expectation

    Hello All What are the customer expectations from Extended classic scenario other than SAP Standard functionality Muthu

  • VIP problem

    I have two windows 2003 server with windows cluster. i need to install Oracle 10g R2 RAC. When i test with CVU then it shows error on suitable set of interfaces for VIPs. Others r all ok. Could you please tell me the problem is where? My Host file on