How To Spot Malware (And Remove It) If You’re Infected With MacDefender [How-To]

How To Spot Malware (And Remove It) If You’re Infected With MacDefender [How-To]

At this point, you probably know all about the Mac Defender thats doing the rounds. According to AppleCare Support reps, it’s exploding on Macs all across the country… but if you call Apple, they won’t lift a finger to help you remove it.

So how can you tell if you’re infected by MacDefender? Luckily, it’s pretty easy to spot it on your system… and even easier to remove it, if you know how.

Here’s how to spot and remove MacDefender from your Mac.

1. If you’re infected by MacDefender, you’ll probably know it, as an obnoxious scan window claiming that your Mac is infected by viruses will pop up and float above all your other windows. Close or minimize this window.

2. Now, go to Applications > Utilities and launch Activity Monitor. Look for a process with the name MacDefender, MacSecurity or MacProtector. Highlight any that show up and click “Quit Process.”

3. Another warning will pop up, asking if you’re sure you want to quit the process. Click “Quit.”

4. Once the process has been quit, find the MacDefender icon in your Applications folder. It will have the same name as the process you just quit, so if you don’t see it, look for MacSecurity or MacProtector. Drag that icon to the trash, then empty trash.

5. Open Applications > System Preferences > Accounts. Click your account on the left, then select “Login Items” if it isn’t already selected. Highlight MacDefender (or MacSecurity or MacProtector) and click the minus button to remove it from startup.

Voila! MacDefender has now been deleted from your system, no expensive antivirus or malware purchase required.

But what if you want to protect yourself from being reinfected? Again, it’s pretty easy to at least make sure that MacDefender won’t automatically reinstall itself if you’re directed to a host site on Safari.

1. Launch Safari.

2. Go to Preferences > General from within Safari’s menu.

3. Under General, untick the “Open ‘safe’ files after downloading box.”

You’re all set. Now, MacDefender can only reinstall itself if you’re stupid enough to directly download it and install it.

Finally, if you have been unlucky enough to be infected with MacDefender, it goes without saying, but don’t give it your credit card, If you already have given it your credit card number, though, call your bank or credit card provider immediately and cancel the card. Don’t wait to be a victim!

[This guide owes much to Steven Sande's excellent overview on removing MacDefender from your system over at TUAW]

Related
  • Gordon_Keenan

     You’re all set. Now, MacDefender can only reinstall itself if you’re stupid enough to directly download it and install it.

    Well that in itself is the major problem, the vast majority of people probably are stupid enough to do that!

  • Jon Grumm

    Enough people criticize John for his lame articles, and clickbait. This article is helpful and topical! 

  • Chris

     lol…they don’t even install a kernel extension ^^just the simple application removal procedure. not even any preference files?

  • Maria Benedict

    Thank you !!!! The only place where I found a concrete and useful response on how to remove this awful virus.
    Great article! Congratulations!

  • prof_peabody

    In case you haven’t noticed, *all* the articles on CultofMac are clickbait, (as are most on most tech blogs), it’s just a matter of style and whether you enjoy the content.  

    Nicole Martinelli for instance always writes stories about controversial topics like gay rights etc., and often the “article” is only two sentences long. But she’s cute and the articles are fun so no one complains.  

    AFAICS John and Nicole are the best writers on here for that reason … “fun.”  Even when they are making mistakes I get the impression that they are nice folks underneath it all.  Leander is a hopelessly mean curmudgeon most of the time and the other guys are uniformly dull and uninteresting.  

    That’s my 2 cents anyway.  

  • fernando

     macdefender…. what ? i dont belive theres people stupid enough to install something like this.

  • Hampus

    So you completely missed this then? “According to AppleCare Support reps, it’s exploding on Macs all across the country…”

    It’s the most common way malware get’s on computers no matter the type of computer, what OS it runs…

  • Rigogibson

    Uh… look.  It’s 2011, if you’ve been on the internet more than say, oh, I don’t know, a week, you have to have some idea about what is ok to install, and what isn’t.  The app that you searched for and found at a well known site, it’s ok… the one that came in a pop up as you were watching a streaming movie on zmovie.tv, NOT SO MUCH. No OS is idiot proof, but up until about 5 years ago, Mac OS almost was because their wasn’t a ton of idiots using it. 

    I don’t blame apple for not telling people how to remove this thing one bit.  I’d tell them to goto the black apple at the top right hand side of their screen, click on shutdown, put the mac back in the box it came in, now drive to Best Buy, hand the Mac over to them, buy a PC… and end of problem for all of us that actually have a damned head on our shoulders.

  • Rigogibson

    I mean lefthand side of the screen… into the box my Mac goes. :’-(

  • Ca_ammad_khi

     What is Mac Keeper? is it a virus too????

  • cheesy11

    a mate got macdefender downloaded, just explained to him how to get rid of it only thing is, he has managed to somehow shut his mac down instead of uninstalling it!

  • Mac suck

    LOL… The person bought the Mac because he was too stupid to save some money and buy a PC to begin with.

  • Fathie

     THANKYOU!!!

  • Anonymous

    To paraphrase a certain advert: “PCs don’t get MAC malware”. 

  • Ken

    Here’s the thing – since Mac users have been told over and over and over that it’s the Mac that makes the security better and not the end user, the virus writers don’t have to go through the trouble of doing all the trickery that they need to on a Windows machine yet.  Consider this one just a proof of concept.  Once one cracker demonstrates that 5% of the market is viable (and untapped) you’ll get more writers enticed by the allure of easy pickings.  Before you know it you’ll have people building wonderful virus code bases that any script kiddy can modify.  The awful thing will be that they may have a higher success rate chasing that 5% of the market because you have a user base that is trained to trust the computer for their security and not rely on their behavior.  I hear this over and over again from people when they ask about Mac’s vs PCs – they always say “Macs don’t get viruses right?” and I have to correct them and say, like Windows it depends on what whether you agree to install something, and on a Windows machine the virus scanner is your last line of defense.  On both systems the brain is the first defense against viruses, but Mac users are trained otherwise.  You can throw up all the “Are you sure you want to install this? / Enter your password:” nag boxes you want, but you can bet that when an end user wants to install something, they will, and what’s the harm on hitting I agree, and entering your root password on a Mac?  You can’t get viruses…

    That said, some of the Macs don’t get viruses mantra may be true.  Right now any Adobe product or Java install that isn’t the latest version on Windows seems to be an invite for viruses by just visiting a website.  It seems there are daily updates for at least one of these programs that patches some security hole.  The virus writers are now using all of these exploits on PCs like never before.  5 years ago it was only high risk that users would get viruses, now it’s retired people visiting WW2 veterans sites or looking at vintage car sites that are getting root kits.  It would be nice if Mac remains a platform that Adobe and Sun can’t open up to security holes!

    (sent from my MacBook Pro :)

  • Aa

     MacKeeper is real.

  • chacalcdn

    I believe I just registered.
    Your site is very helpful for a former W to Mac.
    Thanks

About the author

John BrownleeJohn Brownlee is a Contributing Editor. He has also written for Wired, Playboy, Boing Boing, Popular Mechanics, VentureBeat, and Gizmodo. He lives in Boston with his girlfriend and two parakeets. You can follow him here on Twitter.

(sorry, you need Javascript to see this e-mail address)| Read more posts by .

Posted in How-To, News, Top stories | Tagged: , , , , , |