The MacDefender malware and phishing scam that has been wreaking havoc on a few Apple customers was finally acknowledged by a post on the Apple’s Support site with an explanation of the problem, instructions for avoiding it and removing it, and a promise that a future update will deal with the problem more permanently. The acknowledgment from Apple took a while, but in typical Apple fashion they waited till they had a solution in sight.
The page says:
In the coming days, Apple will deliver a Mac OS X software update that will automatically find and remove Mac Defender malware and its known variants. The update will also help protect users by providing an explicit warning if they download this malware.
Until such time, follow the instructions below to protect yourself if you’ve been infected already or to prevent it.
Dealing with MacDefender and It’s Various Iterations
We previously showed you some unofficial steps for avoiding infection or for removing the malware if you were infected. The primary means for avoiding it included disabling the “Open safe files after downloading” feature in Safari (see the link above for detail instructions). Until Apple releases its update to deal with the malware, disabling the feature that opens files after downloading is still a good idea if you use Safari.
Apple’s newly posted official instructions deal with what to do in the different phases of a potential infection.
- If you see the notification that there are viruses on your system, then quit Safari or if needed Force Quit it.
- If the malware is downloaded and launched, then cancel the installation process and delete the installer from your hard drive – it will most likely be in the Downloads folder so just move it to Trash and don’t forget to empty your Trash afterwards.
- If the malware was already installed, then you have to follow their removal process.
The MacDefender malware removal process
First, do not give the software any personal information if it asks for it. Apple offers the following steps from their support page:
- Move or close the Scan Window
- Go to the Utilities folder in the Applications folder and launch Activity Monitor
- Choose All Processes from the pop up menu in the upper right corner of the window
- Under the Process Name column, look for the name of the app and click to select it; common app names include: MacDefender, MacSecurity or MacProtector
- Click the Quit Process button in the upper left corner of the window and select Quit
- Quit Activity Monitor application
- Open the Applications folder
- Locate the app ex. MacDefender, MacSecurity, MacProtector or other name
- Drag to Trash, and empty Trash
Finally, there may be some a login item associated with the malware in your Accounts in System Preferences. Go to System Preferences and open the Accounts option. Choose Login items and select the name of the malware and click on the minus button at the bottom left. Apple said this step is not essential, but is a good idea.
The above should protect you until Apple releases the update through the Software Update feature, which is accessed through the Apple menu.