Page 3 of 4 FirstFirst 1234 LastLast
Results 31 to 45 of 46
  1. #31

    thurstmw's Avatar
    Member Since
    Sep 29, 2010
    Location
    BoCo
    Posts
    295
    Specs:
    13inch 2.3 i5 MBP 64gb SSD 320gb HD 8gb 1333
    Quote Originally Posted by BrianLachoreVPI View Post
    So - my wife just brings over her work MacBook - a slow POS that doesn't have Activity monitor or Terminal
    Just wondering how is this possible? A macbook without terminal or activity monitor?

    Yes that is a grizzlycorn

  2. #32

    BrianLachoreVPI's Avatar
    Member Since
    Feb 24, 2011
    Location
    Maryland
    Posts
    3,733
    Specs:
    March 2011 15" MBP 2.3GHz i7 Quad Core 8GB Ram | Mid 2011 27" iMac 3.4 GHz i7 16 GB RAM 2 TB HDD
    Quote Originally Posted by thurstmw View Post
    Just wondering how is this possible? A macbook without terminal or activity monitor?
    I couldn't tell you. Perhaps the school IT folks thought it shouldn't be there? I don't know.

  3. #33


    Member Since
    May 20, 2011
    Posts
    1
    mac protector
    Thanks for your post!!

    I recently switched from PC to Mac hoping for virus free internet connection but unfortunately I have had a terrible experience with a whole lot of graphic porn bombarding my computer and interestingly at the same time I had Mac Protector pop up and tell me that I need to register so I can clean up the 5 viruses it said I have on my computer.

    I tried to register because I assumed it was legit but it wouldn't accept my credit card details. I then realised that it was probably a scam.

    I have no idea how to remove this program off my computer, or how to stop the porn from flashing onto my screen every 5 mins or so.

    If anyone could offer some help I'd greatly appreciate it!!

  4. #34


    Member Since
    May 21, 2011
    Posts
    6
    It is possible to delete even mission critical apps such as terminal and activity monitor if you enable root user and log in as such, but very stupid to do so. I guess the IT people must have thought that they were protecting the user from damaging their installation by playing with tools they didn't understand.

    All of the problems mentioned here could have been avoided; prevention is better than cure. Even with the "open safe files after downloading" check box ticked, MacProtector (which contains a nasty trojan payload in Archive.pax.gz) cannot install itself; the file opened is a zip which opens into a package installer. You then have to double click on this and authenticate with your password. As far as i am aware this is the only way a virus can ever find its way on to a Mac and despite the bleating of the Windows community that the only reason we aren't suffering as they do is because there aren't as many of us, I suspect it always will be...

    A rogue image hosting site sent me no less than three copies of MacProtector by hiding the download link in a box closure button but it's not on my computer because I didn't install it. Instead I ran Clam XAV to isolate the Trojan and then shredded every copy of it with PGP shredder. Simple precautions.

    My advice to non-tech savvy Mac users is this

    1) Do not panic! At the moment there are no viruses for Macs that install themselves; you have to do it.

    2) Any person or site that tells you you must have their software because your Mac is at risk without it is just trying to sell you something. Don't trust them.

    3) Don't get into the appalling habit of authenticating with your password at the drop of a hat. Authentication should be the second stage in a chain of intent which starts with you wanting to install an application which you have selected and of which know the provenance. Think before you click.

    4) Install Clam XAV ClamXav and run folder sentry on startup. Set it to watch your downloads folder.

    5) Install the Web of Trust plug in on your browser Safe Browsing Tool | WOT (Web of Trust). This will flag suspicious sites with a red icon and known safe sites with a green icon. Be sure to play your part by registering an account and rating dodgy sites yourself if you encounter them.

  5. #35

    Slydude's Avatar
    Member Since
    Nov 15, 2009
    Location
    North Louisiana, USA
    Posts
    10,442
    Specs:
    2.8 GHz MacBook Pro 10.11, 8 GB mem, iPhone 6+
    @Rubi If you are still searching for removal instructions try How to remove MAC Defender malware. Two different removal methods are listed about 75% of the way down the page. The beginning of the article is a description of the problem and some safe browsing tips.

    If that link proves helpful give a rep bump to CWA107. I followed his link in an earlier thread to find that method.
    Sylvester Roque Former Contributing Editor About This Particular Macintosh

    "Got Time to breathe. You got time for music." Denver Pyle as Briscoe Darling

  6. #36

    BrianLachoreVPI's Avatar
    Member Since
    Feb 24, 2011
    Location
    Maryland
    Posts
    3,733
    Specs:
    March 2011 15" MBP 2.3GHz i7 Quad Core 8GB Ram | Mid 2011 27" iMac 3.4 GHz i7 16 GB RAM 2 TB HDD
    Quote Originally Posted by Rubi View Post
    Thanks for your post!!

    I recently switched from PC to Mac hoping for virus free internet connection but unfortunately I have had a terrible experience with a whole lot of graphic porn bombarding my computer and interestingly at the same time I had Mac Protector pop up and tell me that I need to register so I can clean up the 5 viruses it said I have on my computer.

    I tried to register because I assumed it was legit but it wouldn't accept my credit card details. I then realised that it was probably a scam.

    I have no idea how to remove this program off my computer, or how to stop the porn from flashing onto my screen every 5 mins or so.

    If anyone could offer some help I'd greatly appreciate it!!
    I would also recommend you cancel that credit card - and get a new one sent in its place - ASAP.

  7. #37


    Member Since
    May 21, 2011
    Posts
    6
    Nice computer; shame if anything should happen to it...
    There seem to be a lot of panicked people on here so I sacrificed one of my spare Macs to do a walkthrough to show you

    1) where you are going wrong and how you are actually installing this thing in the first place

    2) How you get rid of it.

    I should point out that I am not a computer boffin, coder or malware specialist, just an ordinary user with some common sense, 54 years old and I didn't even have a computer until ten years ago, so this is not something I would expect to faze anyone of any age.

    It starts when you google for something like some hot babe, in this case Claire Goose



    the image outlined in red is the offending one. Even WOT (the little green icon in the corner) says it's safe.



    As soon as you click on it the url redirects to another host which opens a fake finder window using Java. You can tell it's fake because the layout of the sidebar won't necessarily match that of your genuine finder. My HDD is called "iMac", but here it is called Macintosh HD, which is the default. Inexperienced users rarely bother to change this (highlight the name in Finder then draw the pointer and you can type in a new name for you hard drive. You could call it Fido or £$%^ if you wanted to) so are easily fooled. THe site immediately downloads a package installer in a zip file, opens it and starts the installer. No risk so far, but it's annoying that Safari allows unsolicited downloads from hostile URLs. Clicking continue is the first of three mistakes you will make.



    Here is where things go wrong. The installer starts and looks legitimate. The inexperienced Mac user, panicked into believing that the the much vaunted Mac immunity to viruses is a myth, and convinced by the genuine looking "Apple Security Centre" blazon doesn't give a thought to continuing the installation.

    Clicking install is your second mistake



    your third mistake will be to enter your password into the authentication dialog box. If at any time you had thought "hang on, let me Google MacProtector and see where it comes from and whether it does what it says" and stopped the installation progress our computer would never be infected with MacProtector, but no, you enter your password without thinking and pass the point of no return. Malicious code will now be installed on your computer.



    As soon as the installer has triumphantly announced that it has finished, MacProtector will attempt to connect to the following URL 95.64.55.5. God only knows what information it will be sending back. Fortunately my network filter Little Snitch has stopped it and is asking me whether I want it to connect. You don't have Little Snitch? Why not…?

    Of course you will unthinkingly click "allow" instead of deny anyway, because you have no concept of basic web security, and why should you? you have just switched to Mac from PC and have been raised to believe that computing security is an arcane doctrine, the province of the brainiacs and have always trusted uncle Norton and Daddy MacAfee to look after this for you so you would never have to think for yourself…

    Now you are a Mac User it's time to start living in the real world where computers are really rather easy; much easier than driving a car, for example.



    Now Mac Protector starts its shenanigans. It looks like its scanning your computer for viruses and finding loads, but it's OK because it can clean your system for you so stop worrying , Mac Protector is here to take care of things for you, but wait; you have to register and pay for it first because, sorry, nothing's for free in this world..



    What you don't realise is that the apparent busy activity is all fake. It's a Java program running in your browser…



    The clue is here; there is no program called MacProtector shown running in the dock, nor does it appear in the ForceQuit menu. That's because it's running inside your browser. Force quitting your browser will kill it



    It's anyone's guess what happens if you click "remove all". I chose not to, but I suspect if you do it will run some malicious code.



    OK, so now you have completely bolloxed up your computer by breaking all the rules of common sense and actually installing a malicious application with so much as a thought to the consequences. And now you can't get rid of it…

    Yes, you can, it's a Mac, and you have control of it. to be continued...

  8. #38

    BrianLachoreVPI's Avatar
    Member Since
    Feb 24, 2011
    Location
    Maryland
    Posts
    3,733
    Specs:
    March 2011 15" MBP 2.3GHz i7 Quad Core 8GB Ram | Mid 2011 27" iMac 3.4 GHz i7 16 GB RAM 2 TB HDD
    Nice post. From most of the other posts here - I believe that clicking remove takes you to a screen where you are prompted to purchase the removal software - and now they have your cc info.

  9. #39

    dtravis7's Avatar
    Member Since
    Jan 04, 2005
    Location
    Modesto, Ca.
    Posts
    28,962
    Specs:
    iMac 2010 27" QuadI7 OSX10.11, iMac 2008 OSX10.11, MBP Late2011OSX10.11 , iPad Air, iPhone 3GS
    I tried it. I stopped the download that automatically started and quit the tab. I am amazed at some would click allow on something like that when that site clearly downloaded and launched something.

    I tried the url in Firefox. It goes to that address but sits at a white screen and nothing downloads, nothing shows.

    Opera opens it and offers it for for download!

    So Firefox will not even open that fake app or start the download which is a good thing. CWA take note!

  10. #40


    Member Since
    May 21, 2011
    Posts
    6
    Quote Originally Posted by BrianLachoreVPI View Post
    Nice post. From most of the other posts here - I believe that clicking remove takes you to a screen where you are prompted to purchase the removal software - and now they have your cc info.
    Thanks I put a lot of work into it last night. The second half of the walkthrough deals with the removal procedure for which you need a freeware app called TrashMe but I had to split it into two to meet the forum rules on image content and couldn't post the second half last night as I had to wait for mod approval for the first half to appear...

  11. #41


    Member Since
    May 21, 2011
    Posts
    6
    Quote Originally Posted by dtravis7 View Post
    I tried it. I stopped the download that automatically started and quit the tab. I am amazed at some would click allow on something like that when that site clearly downloaded and launched something.

    I tried the url in Firefox. It goes to that address but sits at a white screen and nothing downloads, nothing shows.

    Opera opens it and offers it for for download!

    So Firefox will not even open that fake app or start the download which is a good thing. CWA take note!
    It is amazing isn't it! I do a lot of voluntary work and in this capacity I'm often called upon to help people with problems with their computers and it constantly amazes me how little they bother to learn about even the simplest security procedures or how to set up their computer. I come across even intelligent sensible people like writers and civil servants using laptops without password protection and using it to do their internet banking on, allowing their browsers to save passwords and user ID's for bank and building society accounts...

  12. #42

    BrianLachoreVPI's Avatar
    Member Since
    Feb 24, 2011
    Location
    Maryland
    Posts
    3,733
    Specs:
    March 2011 15" MBP 2.3GHz i7 Quad Core 8GB Ram | Mid 2011 27" iMac 3.4 GHz i7 16 GB RAM 2 TB HDD
    Quote Originally Posted by octavedoctor View Post
    Thanks I put a lot of work into it last night. The second half of the walkthrough deals with the removal procedure for which you need a freeware app called TrashMe but I had to split it into two to meet the forum rules on image content and couldn't post the second half last night as I had to wait for mod approval for the first half to appear...
    I think there are quite a few variants on the same theme with this little bugger. For instance - when doing an image search for something a couple of weeks ago - using Google - I simply clicked on an image from the Google search - to go look at the source - and was immediately treated to that java show. This was before I knew about the Safari checkbox - and I saw it download and launch. Of course, I knew that I could simply close it - and delete the downloaded file - and was none the worse for wear. It's easy to see how many folks would be a little taken in by it though. That actually happened 3 separate times in 5 minutes!

    My wife - I don't really know what happened - as she couldn't articulate it that well - but somehow she managed to have 5 of the packages downloaded - and the java show was pretty entertaining. The problem for her was - she clicked scan. Frankly - because she has a antivirus package installed (by the school) - she may have thought it was actually doing something. That was enough to convince her to click scan - before she realized something didn't seem right and called me over to look at it.

    Fortunately - like I said before - it's easy to eliminate - and led to the discovery of that Safari setting.

  13. #43


    Member Since
    May 21, 2011
    Posts
    6
    Yep. I think there is a rollover link or something because i ended up with about six packages without clicking on anything.

    You could also disable Java in prefs; I'm not sure how often that is needed for the most part. Google Docs utilises it I think. I'll have to try it one day. Not javascript though, that's quite different.

    The important thing to remember is that there are no Mac viruses that can install themselves, and nor should there ever be, as long as OSX respects the UNIX security policy. Until then, all attackers have is exploits which make use of users naiveté and fear of the machine to get them to install the nasties themselves. The idea that the only reason Macs aren't inundated with viruses is because there aren't as many of us is complete rubbish. It's important to drum that home to new Mac users because it puts the onus on them to think about their security instead of trusting it to third parties flogging commercial software. AV is now a huge industry and a lot of people are making money out of it. I'm sure Microsoft could address Windows' virus vulnerability if they really wanted to but it would not be politic to undermine that sector of the IT economy. Far better to spread the idea that more secure OSes are equally at risk, then you open up a whole new market for your products. And the Mac market is generally more affluent and less tech savvy, so you can bilk them for a lot more...

  14. #44


    Member Since
    May 21, 2011
    Posts
    6
    Nice computer; shame if anything should happen to it...
    Part two. how to kill the beast.

    First go to System Preferences in the Apple menu, up there in the top left. Look for the Accounts Preferences



    Once you are in your account, select login items from the menu and look for MacProtector.

    Remove it by highlighting the item and clicking on the minus sign down below left.



    Restart your computer. This will kill all active processes, including any code that MacProtector might be running. It won't restart when you start up again. Hopefully...



    See? There it was, gone.



    Some people have suggested using spotlight to track down the files mac protector installs. Sorry, doesn't work. Spotlight only reveals the app and the installer.



    Instead you need to download "Trash Me" a freeware application that acts as a Universal Uninstaller. I use AppZapper which will work as well, but I found that Trash Me detected a file in Home/Library/Caches that App Zapper didn't.



    TrashMe has a simple drag and drop window,



    or you can use the file browser option.



    Click on the "related files" button and you will see all the files that have been installed. The folder com.aple.sv lurks elusively in Users/Home/Library/Caches. you want shot of them all.



    Er, yes...



    Once you have said goodbye to all those files (and the installers, if you haven't already trashed them) your system should be free of MacProtectionRacket.

    Uploaded with ImageShack.us

  15. #45


    Member Since
    Oct 04, 2011
    Posts
    2
    Thumbs up Macprotector Virus
    thank you Lizzybluts, your directions for removing the Macprotector virus worked just as you said they would cheers!

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Similar Threads

  1. A suspicious "Reminder" message
    By D'artagnan in forum OS X - Operating System
    Replies: 3
    Last Post: 12-27-2014, 10:26 AM
  2. Suspicious Email from "Apple"
    By neesywah in forum Security Awareness
    Replies: 7
    Last Post: 02-10-2014, 10:48 AM
  3. Mac OS X opens previous windows after application has been "quit"
    By lee0789 in forum OS X - Operating System
    Replies: 2
    Last Post: 08-24-2011, 08:30 PM
  4. "Delete" key in "Screen Sharing" application
    By Verxion in forum Switcher Hangout
    Replies: 3
    Last Post: 12-18-2009, 08:42 AM
  5. "hello" sharing photo application for mac?
    By ipramono in forum Switcher Hangout
    Replies: 4
    Last Post: 04-06-2007, 06:47 PM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •