How to Protect Yourself from the Mac Defender/Mac Protector Malware

About the Virus:

Mac Defender, also known as Mac Protector, is a rogue security application is targeting Mac users. This is a FAKE antivirus. The program developers have tricked search engines to show their links as top results when doing searches. Clicking on the links will bring up a new browser window that contains a fake virus detection. The computer is NOT actually being scanned, it is a web page that pretends to scan your computer.

After the fake scan, an installer is downloaded. It may get automatically opened if the “Open safe files after downloading” is enabled in Safari. This will launch an installer that the user has to agree to install. If you are an ‘admin’ user on the machine, it may or may not ask for an admin password to complete the installation. The application cannot install itself without the user agreeing to the installation, but the warnings are convincing enough that many users agree to the installation.

If installed on the computer, Mac Defender will occasionally display fake alerts and informs users of virus detection. Worst, this malicious application can open a browser window that contains explicit images. The application will then open a browser window, telling the user to purchase a licensed version of the software. Having the licensed version will not remove any threats on the system because it has NOT found any threats! Victims will just pay for an ineffective program that was designed only to scam users and steal money from their credit card accounts.

Fortunately, this program is fairly easy to remove if you have accidentally installed it. We are providing these instructions to our customers free of charge. If you are uncomfortable with these procedures, we are also offering a discounted service rate of $49 to remove this program and to configure your machine more securely so that it is much more difficult for this or other malicious programs to be installed on your machine.

Removal of MacDefender/MacProtector

Step 1 - Open Activity Monitor (from the "Utilities" folder). This folder can be found by selecting "Go" from the Finder Menu.

Step 2 - Make sure the drop-down menu at the top of Activity Monitor is set to "all processes".

Step 3 - Use the search field (top right-hand corner) in Activity Monitor to search for MacDefender (or MacProtector).

Step 4 - Click the MacDefender (or MacProtector) process to select it, and then click the "Quit Process" button (looks like a Stop Sign). Then click "Force Quit" on the window which appears.

Step 5 - Open the "Applications" folder and drag the MacDefender (or MacProtector) application to the Trash. Then EMPTY THE TRASH.

Step 6 - Open System Preferences (in the Apple menu). Click on Accounts. On the right side of the window (near the top), click on "Login Items". Select MacDefender (or MacProtector) and click the minus sign (near the bottom) to remove it from the login items list.

Disallowing “safe” files from opening in Safari:

Step 1 - Open Safari, go to Safari > Preferences.

Step 2 - In the General tab of the Preferences, uncheck the box for opening “safe” files after downloading.

Setting your primary user as a Standard User:

Step 1 - Go to System Preferences, click on Accounts

Step 2 - Click the lock at the bottom to make changes

Step 3 - Click on the plus sign under the list of accounts to add a new user account. Choose Administrator from the pull down menu. Enter the user name (Admin, your full name, etc) and account name. Create a strong password and give yourself a hint that only you will understand. FileVault protection is not recommended. Click Create Account.

Step 4 - Click on the account you currently use. Un-check the box to allow user to administer this computer. You will now have a Standard user account, and any software installs, or major changes to the computer will require an admin name and password, preventing from unintentional application installation.

Crywolf Policies | Apple Policies