Suspicious "Mac Protector" application

dtravis7 said:

I tried it. I stopped the download that automatically started and quit the tab. I am amazed at some would click allow on something like that when that site clearly downloaded and launched something.

I tried the url in Firefox. It goes to that address but sits at a white screen and nothing downloads, nothing shows.

Opera opens it and offers it for for download!

So Firefox will not even open that fake app or start the download which is a good thing. CWA take note!

Click to expand...

It is amazing isn't it! I do a lot of voluntary work and in this capacity I'm often called upon to help people with problems with their computers and it constantly amazes me how little they bother to learn about even the simplest security procedures or how to set up their computer. I come across even intelligent sensible people like writers and civil servants using laptops without password protection and using it to do their internet banking on, allowing their browsers to save passwords and user ID's for bank and building society accounts...

octavedoctor said:

Thanks I put a lot of work into it last night. The second half of the walkthrough deals with the removal procedure for which you need a freeware app called TrashMe but I had to split it into two to meet the forum rules on image content and couldn't post the second half last night as I had to wait for mod approval for the first half to appear...

Click to expand...

I think there are quite a few variants on the same theme with this little bugger. For instance - when doing an image search for something a couple of weeks ago - using Google - I simply clicked on an image from the Google search - to go look at the source - and was immediately treated to that java show. This was before I knew about the Safari checkbox - and I saw it download and launch. Of course, I knew that I could simply close it - and delete the downloaded file - and was none the worse for wear. It's easy to see how many folks would be a little taken in by it though. That actually happened 3 separate times in 5 minutes!

My wife - I don't really know what happened - as she couldn't articulate it that well - but somehow she managed to have 5 of the packages downloaded - and the java show was pretty entertaining. The problem for her was - she clicked scan. Frankly - because she has a antivirus package installed (by the school) - she may have thought it was actually doing something. That was enough to convince her to click scan - before she realized something didn't seem right and called me over to look at it.

Fortunately - like I said before - it's easy to eliminate - and led to the discovery of that Safari setting.

Yep. I think there is a rollover link or something because i ended up with about six packages without clicking on anything.

You could also disable Java in prefs; I'm not sure how often that is needed for the most part. Google Docs utilises it I think. I'll have to try it one day. Not javascript though, that's quite different.

The important thing to remember is that there are no Mac viruses that can install themselves, and nor should there ever be, as long as OSX respects the UNIX security policy. Until then, all attackers have is exploits which make use of users naiveté and fear of the machine to get them to install the nasties themselves. The idea that the only reason Macs aren't inundated with viruses is because there aren't as many of us is complete rubbish. It's important to drum that home to new Mac users because it puts the onus on them to think about their security instead of trusting it to third parties flogging commercial software. AV is now a huge industry and a lot of people are making money out of it. I'm sure Microsoft could address Windows' virus vulnerability if they really wanted to but it would not be politic to undermine that sector of the IT economy. Far better to spread the idea that more secure OSes are equally at risk, then you open up a whole new market for your products. And the Mac market is generally more affluent and less tech savvy, so you can bilk them for a lot more...

Nice computer; shame if anything should happen to it...

Part two. how to kill the beast.

First go to System Preferences in the Apple menu, up there in the top left. Look for the Accounts Preferences



Once you are in your account, select login items from the menu and look for MacProtector.

Remove it by highlighting the item and clicking on the minus sign down below left.



Restart your computer. This will kill all active processes, including any code that MacProtector might be running. It won't restart when you start up again. Hopefully...



See? There it was, gone.



Some people have suggested using spotlight to track down the files mac protector installs. Sorry, doesn't work. Spotlight only reveals the app and the installer.



Instead you need to download "Trash Me" a freeware application that acts as a Universal Uninstaller. I use AppZapper which will work as well, but I found that Trash Me detected a file in Home/Library/Caches that App Zapper didn't.



TrashMe has a simple drag and drop window,



or you can use the file browser option.



Click on the "related files" button and you will see all the files that have been installed. The folder com.aple.sv lurks elusively in Users/Home/Library/Caches. you want shot of them all.



Er, yes...



Once you have said goodbye to all those files (and the installers, if you haven't already trashed them) your system should be free of MacProtectionRacket.

Uploaded with ImageShack.us

Macprotector Virus

thank you Lizzybluts, your directions for removing the Macprotector virus worked just as you said they would cheers!

Nice instructions octavedoctor.

MacProtector will attempt to connect to the following URL 95.64.55.5. God only knows what information it will be sending back

Click to expand...