Most Mac users feel they are impervious to malware or infections with OS X. Although it is rare, there is targeted malware out there and this post deals with how to remove a specific one as well as some ideas on how to prevent further issues.
A phishing scam has targeted Mac users by redirecting them from legitimate websites to fake websites which then ‘scare’ them into thinking their computer has become infected with a virus. The user is then offered a software product, usually called Mac Defender or Mac Security to resolve the issue. This ‘anti-virus’ software is actually malware and it’s ultimate goal is to get the user’s credit card information.
Here are the steps to remove this malware and to help protect you in the future.
- First off, go into your Downloads folder, or preferred download location and drag any software there that you don’t recognize into the Trash.
- Empty the Trash
- If the malware ‘Scan’ window is open, close it using the red x button in the top left hand corner (you may also need to do a ‘Force Quit’)
- Go to the Utilities folder in the Applications folder and launch ‘Activity Monitor’
- Choose ‘All Processes’ from the pop up menu in the upper right corner of the window
- Under the Process Name column, look for the name of the app – common app names include MacDefender, MacSecurity or MacProtector – and click to select it
- Click the ‘Quit Process’ button in the upper left corder of the window and select ‘Quit’
- Quit the Activity Monitor application
- Open the Applications folder
- Locate the app (MacDefender, MacSecurity or MacProtector) and drag it to Trash
- Empty Trash
- Open System Preferences, select Account and then Login items
- If you see any account with the same name as the app you just removed, select it and the click the ‘minus’ button to remove
- You now need to change a setting in Safari to help stop this from happening again
- Start Safari and then click on the Safari Menu option
- From the Safari drop down menu, select Preferences
- When the screen opens, click on the General Tab if not already.
- REMOVE the check mark in the ‘Open safe files after downloading’ option if there is one
- Now click Extensions and remove (or disable) any extensions that you do not recognize
- You can now exit the Preferences menu and Safari.