MAAS History
Archives
« Analysis of MacProtector and MacDefender Draft Report | Main | New Flash Preference Pane Still Struggles to Help Protect Privacy of Users »
Wednesday
May182011

Removal of Rouge Mac Anti Virus MacProtector/MacDefender/MacSecurity

Background

  • MacDefender, MacProtector, MacSecurity and MacGuard are all rouge mac Anti Virus products.
  • They are crime-ware designed to steal your Credit Card information.
  • Created by Criminals out of Russia. 

What if I purchased it?

Call your Credit Card company and report the card compromised. Review all charges on all your accounts. Remember they also have you address and phone number so exercise caution to phone solicitations. 

How to remove MacDefender, MacProtector and MacSecurity if I installed it?

1. Open the Activity Monitor in the Applications/Utilities/ directory.

 

When the Activity Monitor opens up find the rouge application based on its name from the process list. Once you find either MacDefender, MacProtector or MacSecurity select it in the list.

2. Quit the Process.

 

 

3.  Trash MacDefender, MacProtector or MacSecurity

Move the application to the

thrash and then select

Finder>Secure Empty Trash.

 

 

4. Remove it Login Items.  

Go into your Apple Menu>System Preferences and open accounts. Select you account and tab to the Login Items Pane.  

 Make sure that once you are done to change your password and all other passwords on the Mac. Close System Preferences and then restart your Mac to ensure removal. 

 

 

 

 

 

5. Check Safari and Chrome consider the following settings.

  • Do not install any program that installer open directly from the Web.
  • Make sure "Open Safe Files" is de-selected in Safari Preferences.
  • Select "Clear Auto-Opening" settings in chrome://settings/advanced.
  • Download files only to the Download folder that is in each users home directory.
  • Set Remove Downloads to "When Safari Quits." Manually clear this folder for other Browsers.
  • Make sure that "Block Pop-Up Windows" is on.
  • Never do Web Surfing as the Administrator, carry out daily task as a user that does not have administrator privileges.
  • Never use Safari on a Mac OSX Server.
  • Make sure "Auto Fill" is de-selected for all.
  • Download and confirm the hash before installing any files on assets in your control. (Recommended for enterprise customers.)

If you still are having problems removing MacDefender, MacSecurity and MacProtector and your computer is within the United States we can help. Go to the Contact Page and put Remove into the Subject and we will contact you to see if we can help. We are only asking for suggested payment of $19.99 + NYS Sales Tax for remote repair service which covers our cost. We only expect you to pay if we remove it and your happy with the results. This about the cost in lost time and transportation of going to the Genius Bar. 

PrintView Printer Friendly Version

EmailEmail Article to Friend

Reader Comments

There are no comments for this journal entry. To create a new comment, use the form below.
Member Account Required
You must have a member account on this website in order to post comments. Log in to your account to enable posting.