mac security?!?

Help!! I have just been attacked by mac security...it's icon is sitting up top beside the time machine icon and I cannot trash it becasue it's "open" and I can't open it by any clicking or mousing...whiskey tango foxtrot!!! help me obi wan you're my only help

As far as I can find, there is no app called "Mac Security." You'll need to be a little more specific - what app is open that you can't seem to interact with?

It's this malware thing...

Fake security software takes aim at Mac users - Computerworld

Can you possibly take a Screenshot? I can't find it in Google either. If you do not know how to take a Screen Shot, just ask.

Here you go:

How to remove MAC Defender malware

And next time, if something pops up unexpectedly - particularly if it asks for your password - ask yourself the following questions...

1. Do I know what this program is?
2. Did I get it from a source that I trust?
3. Do I know why I need it?

If any of the answers are "NO", don't put in that password.

No computer, no operating system, and no technology can protect the user from themselves.

Good find CWA. I could find nothing searching for Mac Defender. Will make a note of that one.

Thanks for your input...really all I did was search a google image and as soon as I clicked on it the whole thing went beserk...scanning files with constant updates scrolling files that looked familiar to my me...I NEVER GAVE A PASSWORD TO ANY PROMPT...really I am no noob at this...I will follow the link cwa with thanks. I truly appreciate all the mods input. cheers!
ediddy

YAYYYYY Done and done...thanks again
e

ediddy1967 said:

Thanks for your input...really all I did was search a google image and as soon as I clicked on it the whole thing went beserk...scanning files with constant updates scrolling files that looked familiar to my me...I NEVER GAVE A PASSWORD TO ANY PROMPT...really I am no noob at this...I will follow the link cwa with thanks. I truly appreciate all the mods input. cheers!
ediddy

Click to expand...

OK, that may certainly be the case - I don't have first-hand knowledge of this particular trojan. If it didn't prompt for a password, then chances are that it's relatively benign (although I do believe it tries to extort your credit card number - hopefully you didn't give it that).

Just so you understand, the reason that Macs tend to be fairly secure is that nothing can modify the operating system in a significant way unless you give it your password. So, any changes it might make are limited to your user account (that means that removal is as simple as creating a new user account, porting your data, and removing the old account).

But either way, it's good advice to be wary of anything that pops up out of the blue. This one exploits a particular setting in Safari that automatically unzips files. I would recommend turning that setting off...

1. Open Safari
2. Go into the Safari menu and go to Preferences
3. Under the General tab, uncheck this box:

mac security virus

ediddy...
had the same problem today with partner's computer. Something popped up as a security update and he said ok but gave no password. Suddenly the program began "scanning" and reporting infected files. Couldn't get it to stop. It launched itself at each restart. The program wasn't called MacDefender but just MacSecurity Version 2.6. Couldn't quit or force quit but after a little online research, went to Apple, Preferences, Accounts, login items, and highlighted said program and clicked on the - sign to delete it from login items. Restarted computer, opened Activity Monitor and dumped everything related to that particular program that I could find and then emptied the trash. So far, that seems to have done the trick. Keeping my fingers crossed.

I think it might be time to start spreading the advice that all users should run Standard accounts, not Administrator accounts (unless you're tech savvy perhaps).

After all, that IS the advice given by Apple(pdf).

For those who have not seen this yet:

http://www.mac-forums.com/forums/ap...-macdefender-malware-targeting-mac-users.html

northrnchimp said:

I think it might be time to start spreading the advice that all users should run Standard accounts, not Administrator accounts (unless you're tech savvy perhaps).

Click to expand...

The document you link to doesn't say that at all. In fact, it says the opposite.

And of course, "duh" logic applies as well: if all users should run in User Mode, then why is Admin mode the default for the owner of the computer?

Is this something that triggers from Google? A co-worker and my boss have had the same issue, although not on Macs. They search Google and everything went crazy. These are work laptops they use and now they can't access anything on them. They both have Macs at home, but they've gotten this from merely searching Google and hitting a link to what they've used before. Also the network in our school district is pretty well protected but these things are getting through.

cwa107, are there any threads or tutorials on creating a new user account and porting data? Thanks, I'm still learning my way around the Mac.

Just because it downloaded, you still have to put in your password for it to install, just another thing to watch out for.

jram said:

Just because it downloaded, you still have to put in your password for it to install, just another thing to watch out for.

Click to expand...

Not according to the OP. So, it is limited to just the user account (fortunately).

zerimar3 said:

Is this something that triggers from Google? A co-worker and my boss have had the same issue, although not on Macs. They search Google and everything went crazy. These are work laptops they use and now they can't access anything on them. They both have Macs at home, but they've gotten this from merely searching Google and hitting a link to what they've used before. Also the network in our school district is pretty well protected but these things are getting through.

Click to expand...

Yeah. It's an image that was (or is still) hosted on Google of the body of Osama Bin Laden. When a user goes to look at it, this auto downloads. Safari is complicit in the process because it will auto-extract the ZIP file and auto-execute the mailware.

cwa107, are there any threads or tutorials on creating a new user account and porting data? Thanks, I'm still learning my way around the Mac.

Click to expand...

No need to in this case. I posted a tutorial previously in this thread that explains exactly what you need to do to remove it. Additionally, I posted instructions previously that tell you what you can do to completely prevent it.

Do remember, as long as the run after Download is unchecked in Safari, it's not going to run it. I have checked and all he systems I tried a fresh install of OSX 10.6 on had it unchecked. I hope on newer versions of 10.6 they have not started to check that by default as it's been ages now since it was by default.

I have 10.6.7 and the box was NOT checked by default in Safari.

Is there a way to prevent Firefox 3.6.17 from running after download?

Larry H

Larry H said:

I have 10.6.7 and the box was NOT checked by default in Safari.

Is there a way to prevent Firefox 3.6.17 from running after download?

Larry H

Click to expand...

I have never seen Firefox on the Mac auto run downloads. On Windows I have had a box pop up saying run or download or something like that, but not on OSX.