How To Spot Malware (And Remove It) If You're Infected With MacDefender [How-To] | Cult of Mac

How To Spot Malware (And Remove It) If You’re Infected With MacDefender [How-To]



At this point, you probably know all about the Mac Defender thats doing the rounds. According to AppleCare Support reps, it’s exploding on Macs all across the country… but if you call Apple, they won’t lift a finger to help you remove it.

So how can you tell if you’re infected by MacDefender? Luckily, it’s pretty easy to spot it on your system… and even easier to remove it, if you know how.

Here’s how to spot and remove MacDefender from your Mac.

1. If you’re infected by MacDefender, you’ll probably know it, as an obnoxious scan window claiming that your Mac is infected by viruses will pop up and float above all your other windows. Close or minimize this window.

2. Now, go to Applications > Utilities and launch Activity Monitor. Look for a process with the name MacDefender, MacSecurity or MacProtector. Highlight any that show up and click “Quit Process.”

3. Another warning will pop up, asking if you’re sure you want to quit the process. Click “Quit.”

4. Once the process has been quit, find the MacDefender icon in your Applications folder. It will have the same name as the process you just quit, so if you don’t see it, look for MacSecurity or MacProtector. Drag that icon to the trash, then empty trash.

5. Open Applications > System Preferences > Accounts. Click your account on the left, then select “Login Items” if it isn’t already selected. Highlight MacDefender (or MacSecurity or MacProtector) and click the minus button to remove it from startup.

Voila! MacDefender has now been deleted from your system, no expensive antivirus or malware purchase required.

But what if you want to protect yourself from being reinfected? Again, it’s pretty easy to at least make sure that MacDefender won’t automatically reinstall itself if you’re directed to a host site on Safari.

1. Launch Safari.

2. Go to Preferences > General from within Safari’s menu.

3. Under General, untick the “Open ‘safe’ files after downloading box.”

You’re all set. Now, MacDefender can only reinstall itself if you’re stupid enough to directly download it and install it.

Finally, if you have been unlucky enough to be infected with MacDefender, it goes without saying, but don’t give it your credit card, If you already have given it your credit card number, though, call your bank or credit card provider immediately and cancel the card. Don’t wait to be a victim!

[This guide owes much to Steven Sande’s excellent overview on removing MacDefender from your system over at TUAW]