A program called MacDefender, MacProtector and MacSecurity has been mysteriously finding its way onto many Mac computers. The program cons the user into a paid protection subscription which does nothing. Â How has this been happening? A rather malicious file called "mac-antivirus.zip" has been spreading via fairly legitimate advertising networks, including google. A download is initiated automatically via javascript to the users Downloads folder. If your Mac is set up to open downloaded files automatically... then the trouble starts.
What can you do to avoid this?
Safari's default option is to automatically 'Open "Safe" files after downloading'. This is not a good idea, it seems that OS X has troubles distinguishing safe from un-safe files.
Disable 'Open "Safe" files after downloading'.
- Open Safari.
- In the top left of the screen click the Safari menu, then Preferences.
- Click the General tab.
- Uncheck the "Open 'safe' files after downloading" option.
How do I remove MacDefender, MacProtector or MacSecurity?
- Open Activity Monitor located in your Applications/Utilities folder - Alternatively type "Activity Monitor" into Spotlight and hit return.
- Locate MacDefender, MacProtector, or MacSecurity in the Process Name column.
- Highlight the title then choose Quit Process from the menu bar.
- Next go to System Preferences/Accounts. Select your account from the left-hand column.
- With Login Items highlighted select the program from the list then press the '-' (minus) button.
- Finally check your Applications folder and drag the program into the trash can. Empty your trash can.
The excellent ClamXav virus scanner continuously updates its definitions to detect and remove these types of "scareware" programs. For more information click here.
Generally it is considered good practice to never 'click through' from unknown pop up windows that appear on your screen. And you should never make payments to an organisation unless you have instigated the transaction or it is a reputable company.