Nice computer; shame if anything should happen to it...
There seem to be a lot of panicked people on here so I sacrificed one of my spare Macs to do a walkthrough to show you
1) where you are going wrong and how you are actually installing this thing in the first place
2) How you get rid of it.
I should point out that I am not a computer boffin, coder or malware specialist, just an ordinary user with some common sense, 54 years old and I didn't even have a computer until ten years ago, so this is not something I would expect to faze
anyone of any age.
It starts when you google for something like some hot babe, in this case Claire Goose
the image outlined in red is the offending one. Even WOT (the little green icon in the corner) says it's safe.
As soon as you click on it the url redirects to another host which opens a fake finder window using Java. You can tell it's fake because the layout of the sidebar won't necessarily match that of your genuine finder. My HDD is called "iMac", but here it is called Macintosh HD, which is the default. Inexperienced users rarely bother to change this (highlight the name in Finder then draw the pointer and you can type in a new name for you hard drive. You could call it Fido or £$%^ if you wanted to) so are easily fooled. THe site immediately downloads a package installer in a zip file, opens it and starts the installer. No risk so far, but it's annoying that Safari allows unsolicited downloads from hostile URLs. Clicking continue is the first of three mistakes you will make.
Here is where things go wrong. The installer starts and looks legitimate. The inexperienced Mac user, panicked into believing that the the much vaunted Mac immunity to viruses is a myth, and convinced by the genuine looking "Apple Security Centre" blazon doesn't give a thought to continuing the installation.
Clicking install is your second mistake
your third mistake will be to enter your password into the authentication dialog box. If at any time you had thought "hang on, let me Google MacProtector and see where it comes from and whether it does what it says" and stopped the installation progress our computer would never be infected with MacProtector, but no, you enter your password without thinking and pass the point of no return. Malicious code will now be installed on your computer.
As soon as the installer has triumphantly announced that it has finished, MacProtector will attempt to connect to the following URL 95.64.55.5. God only knows what information it will be sending back. Fortunately my network filter Little Snitch has stopped it and is asking me whether I want it to connect. You don't have Little Snitch? Why not…?
Of course you will unthinkingly click "allow" instead of deny anyway, because you have no concept of basic web security, and why should you? you have just switched to Mac from PC and have been raised to believe that computing security is an arcane doctrine, the province of the brainiacs and have always trusted uncle Norton and Daddy MacAfee to look after this for you so you would never have to think for yourself…
Now you are a Mac User it's time to start living in the real world where computers are really rather easy; much easier than driving a car, for example.
Now Mac Protector starts its shenanigans. It looks like its scanning your computer for viruses and finding loads, but it's OK because it can clean your system for you so stop worrying , Mac Protector is here to take care of things for you, but wait; you have to register and pay for it first because, sorry, nothing's for free in this world..
What you don't realise is that the apparent busy activity is all fake. It's a Java program running in your browser…
The clue is here; there is no program called MacProtector shown running in the dock, nor does it appear in the ForceQuit menu. That's because it's running inside your browser. Force quitting your browser will kill it
It's anyone's guess what happens if you click "remove all". I chose not to, but I suspect if you do it will run some malicious code.
OK, so now you have completely bolloxed up your computer by breaking all the rules of common sense and actually installing a malicious application with so much as a thought to the consequences. And now you can't get rid of it…
Yes, you can, it's a Mac, and you have control of it.
to be continued...