Sidebar Sidebar
Become a MacRumors Supporter for $50/year with no ads, ability to filter front page stories, and private forums.

Virus via Safari?

E

elohel

macrumors member
Original poster
Jul 2, 2010
34
0
I honestly don't remember what website this popped up on, but Safari started downloading this MacSecurity.mpkg and it ran instantly and bypassed inputting my password? I couldn't really stop it

has anyone gotten this before? it took me to some webpage but I closed it

It said something about me being infected?

Am I going crazy? I didn't click anything(maybe by accident?) and yet this thing popped up, gave me a file and ran the installer without me being able to stop it lol wtf

can someone please explain, I think I'm missing something
 
Hold on, I will go look for you as I have an internet connection.
 
Last edited:
1. Open Applications → Utilities → Activity Monitor and terminate processes linked to MACDefender (or whatever name is being used).

2. Delete MACDefender from the Applications folder.

3. Check System Preferences → Accounts → Login Items for MACDefender entry.

4. Run a Spotlight search for "MACDefender" to check for any associated files and remove them if exist. Use this method to fully delete the trojan.
 
Last edited:
For future protection, I'd also recommend you uncheck the "Open Safe Files After Downloading" check box on Safari preferences: This will stop these drive by downloads automatically opening on you
 
elohel said:
I honestly don't remember what website this popped up on, but Safari started downloading this MacSecurity.mpkg and it ran instantly and bypassed inputting my password? I couldn't really stop it
Click to expand...
What exactly did it do, that you couldn't stop? I understand it launched, but you would have had to respond to it for it to complete the installation.

Also, this isn't a virus. There has never been a virus in the wild that affects Mac OS X since it was released 10 years ago. The handful of trojans that exist can be easily avoided with some education and common sense and care in what software you install:
 
Same thing.

Don't worry had the same thing when in google pictures searching for German Art.

A good friend said it would be in the short term memory in Safari,(ie Ram/cache i think i am sure others will correct me, i am no whizz i just draw pretty pictures) so re boot the machine and it will be wiped.

Well that worked for me.

I had a simular panic the classic FFS reaction, when buried in research and time limits, thus stressed.

FFF :D
 
elohel said:
I honestly don't remember what website this popped up on, but Safari started downloading this MacSecurity.mpkg and it ran instantly and bypassed inputting my password? I couldn't really stop it

has anyone gotten this before? it took me to some webpage but I closed it

It said something about me being infected?

Am I going crazy? I didn't click anything(maybe by accident?) and yet this thing popped up, gave me a file and ran the installer without me being able to stop it lol wtf

can someone please explain, I think I'm missing something
Click to expand...


After reading this post do this:

Go to Safari -> Safari Preferences (Command + ,)
Remove the checkmark from: Open safe files after downloading
 

Attachments

  • Screen shot 2011-05-07 at 3.53.48 AM.png
    Screen shot 2011-05-07 at 3.53.48 AM.png
    120.2 KB · Views: 64
when i first got it, i wasnt even asked for my password, it looked as though it went through the whole install process on its own, maybe it was just a webpage(do remember closing one, maybe it just had an animation on it?)

thats why i was freaking out, i didnt enter my password, and i know you have to for installs

ive done searches on my hdd and havent seen anything so i dont think it was installed

thanks for the advice

can someone post this for me since i dont have an internet connection?
 
elohel said:
when i first got it, i wasnt even asked for my password, it looked as though it went through the whole install process on its own, maybe it was just a webpage(do remember closing one, maybe it just had an animation on it?)
Click to expand...

The website does have animation to make it look like it's scanning. That's not the app doing that. The site does that even if the app isn't downloaded or launched. Unless you entered your password and credit card info, you don't have anything to worry about. Just delete the package from your Downloads folder and empty your Trash. Done.
 
elohel said:
when i first got it, i wasnt even asked for my password, it looked as though it went through the whole install process on its own, maybe it was just a webpage(do remember closing one, maybe it just had an animation on it?)
Click to expand...

That was just the webpage. It is made to look like finder to trick users.

thats why i was freaking out, i didnt enter my password, and i know you have to for installs
Click to expand...

Drag and drop apps do not require your password but they also do not have system level access.

ive done searches on my hdd and havent seen anything so i dont think it was installed
Click to expand...

If you didn't type your password, the Trojan was not installed.

thanks for the advice

can someone post this for me since i dont have an internet connection?
Click to expand...

Sorry about the attitude in previous posts. It came from the fact the forum already had a thread concerning this malware.
 
You must log in or register to reply here.
Register on MacRumors! This sidebar will go away, and you'll see fewer ads.
Top Bottom
Back