Attention Mac users.

Attention Mac users
Just been zapped by a money scam on my Mac.

Fortunately I never coughed up any ££'s having a few Scots in my past!!

Whilst browsing, (a clean site I may add), a warning came up stating I had a virus by a site that went by something like Mac Defender, at this stage I wasn't paying too much attention. It looks very Kosher, it recommended I down load an App called ' Mac Defender'. I did, it ran a scan of my system and advised me I had several virus'. (I didn't). To remove the virus' I had to register the App and pay!!! That was the bit I stopped at.

I disconnected Time Machine hard drive and external HDD. I found the App in my applications folder and attempted to remove it to trash. Nope - wouldn't go. Telling me the programme was running and I couldn't trash it. You cannot close the programme as you would a normal programme. It has a small red icon in the top bar of the computer.

To close the programme you have to open 'Activity Monitor', stop 'Mac Defender' then delete 'Mac Defender'. Also check it hasn't attached itself to your 'Account' in System Preferences'. THEN!! Run a search in Spotlight. Then once all that is done securely delete trash.

Download a programme called ClamXav, it's free, ( http://www.clamxav.com/download.php ) a kosher mac AV programme and run it through your computer.

For confirmation, Google 'Mac Defender' for further info.

Hope this helps someone from parting with their hard earned.

This is not Mac specific, there are several of them around for many Operating Systems.

The best thing to do when you get one of these popups is to bring up your task manager and kill your browser app that way. Yes, you will lose whatever you're browsing, but it's your best chance to keep the attack from loading any malicious software on your system.

For PCs I recommend a free software called "malwarebytes." It seems to do a better job than most getting rid of some malicious software.

I read about this scam on a Mac forum. Good call on using Activity Monitor to stop it from running so you can remove it.
Thanks.

You can also start from your OS CD pressing the key "C" and then delete the app from your local drive.

as the booting drive is the CD, you can change permissions and overwrite files in your HDD without restrictions.

Or... (only if you have the knowledge) use the SUDO from the Darwin terminal.

DuggleBogey wrote:

This is not Mac specific, there are several of them around for many Operating Systems.

The best thing to do when you get one of these popups is to bring up your task manager and kill your browser app that way. Yes, you will lose whatever you're browsing, but it's your best chance to keep the attack from loading any malicious software on your system.

For PCs I recommend a free software called "malwarebytes." It seems to do a better job than most getting rid of some malicious software.

I appreciate it's not Mac specific, but it is a new attack on the Mac. It had previously manifested itself on the Windows OS.
My intention is to make Mac owners aware there is a malicious piece of software currently in circulation.

The trouble with this one, reading the various Mac forums. it has caught a few folk out, they panicked when they thought there previous 'impervious to virus' Mac was infected. They then got there credit cards out and made some creep richer by actually paying to infect their machines further.

You can only add Mac Defender by allowing the down load yourself. Once the small programme is installed in your machine it can only be removed the way I described.

alejom wrote:

You can also start from your OS CD pressing the key "C" and then delete the app from your local drive.

as the booting drive is the CD, you can change permissions and overwrite files in your HDD without restrictions.

Or... (only if you have the knowledge) use the SUDO from the Darwin terminal.

Way above my pay grade.

By the way, that thing called MacDefender is junk; it is a windows program running under emulation in the MacOS. Even if it was any good, it would just use your resources unnecessarily.

Waspie wrote:

alejom wrote:

You can also start from your OS CD pressing the key "C" and then delete the app from your local drive.

as the booting drive is the CD, you can change permissions and overwrite files in your HDD without restrictions.

Or... (only if you have the knowledge) use the SUDO from the Darwin terminal.

Way above my pay grade.

The OS disk loads a "simple finder" with disk utilities and access to your local disks. It is the simplest way to verify and repair your master drive as the system is running from the CD.

alejom wrote:

Or... (only if you have the knowledge) use the SUDO from the Darwin terminal.

Terminal scares me more than a dirty Tennessee bathroom.

alejom wrote:

By the way, that thing called MacDefender is junk; it is a windows program running under emulation in the MacOS. Even if it was any good, it would just use your resources unnecessarily.

Agree, it looks like it has been used to scam money from folk.

Took a look at 'Terminal' app and SUDO, way too technical for me. Definitely not for the faint hearted.

The best thing you can do is find a good anti-virus anti-malware program you like, even if you have to pay for it (which isn't a bad thing...anti-virus makers gotta eat too). Then you will never be worried about such things and never be tempted to download something out of fear.

This advice goes for PC and Mac.

Dan

I didn't mean to crap on your thread by bringing up the Windows stuff, I just wanted to make sure that people know there is no obvious way of clearing the message without installing their malicious software. Clicking no or clicking the x in the corner are no good, just kill the browser before clicking on anything.