Virus via Safari?

Discussion in 'Mac Apps and Mac App Store' started by elohel, May 5, 2011.

  1. elohel macrumors member

    Jul 2, 2010
    I honestly don't remember what website this popped up on, but Safari started downloading this MacSecurity.mpkg and it ran instantly and bypassed inputting my password? I couldn't really stop it

    has anyone gotten this before? it took me to some webpage but I closed it

    It said something about me being infected?

    Am I going crazy? I didn't click anything(maybe by accident?) and yet this thing popped up, gave me a file and ran the installer without me being able to stop it lol wtf

    can someone please explain, I think I'm missing something
  2. munkery, May 5, 2011
    Last edited: May 5, 2011
  3. elohel thread starter macrumors member

    Jul 2, 2010
  4. munkery, May 5, 2011
    Last edited: May 5, 2011

    munkery macrumors 68020


    Dec 18, 2006
    Hold on, I will go look for you as I have an internet connection.
  5. munkery, May 5, 2011
    Last edited: May 8, 2011

    munkery macrumors 68020


    Dec 18, 2006
    1. Open Applications → Utilities → Activity Monitor and terminate processes linked to MACDefender (or whatever name is being used).

    2. Delete MACDefender from the Applications folder.

    3. Check System Preferences → Accounts → Login Items for MACDefender entry.

    4. Run a Spotlight search for "MACDefender" to check for any associated files and remove them if exist. Use this method to fully delete the trojan.
  6. Consultant macrumors G5


    Jun 27, 2007
    It opens but requires your password to install.

    Just don't install it.
  7. Phil A. Moderator

    Phil A.

    Staff Member

    Apr 2, 2006
    Shropshire, UK
    For future protection, I'd also recommend you uncheck the "Open Safe Files After Downloading" check box on Safari preferences: This will stop these drive by downloads automatically opening on you
  8. GGJstudios macrumors Westmere


    May 16, 2008
    What exactly did it do, that you couldn't stop? I understand it launched, but you would have had to respond to it for it to complete the installation.

    Also, this isn't a virus. There has never been a virus in the wild that affects Mac OS X since it was released 10 years ago. The handful of trojans that exist can be easily avoided with some education and common sense and care in what software you install:
  9. felixfatfunk macrumors newbie


    Oct 13, 2007
    Same thing.

    Don't worry had the same thing when in google pictures searching for German Art.

    A good friend said it would be in the short term memory in Safari,(ie Ram/cache i think i am sure others will correct me, i am no whizz i just draw pretty pictures) so re boot the machine and it will be wiped.

    Well that worked for me.

    I had a simular panic the classic FFS reaction, when buried in research and time limits, thus stressed.

    FFF :D
  10. techpr macrumors 6502


    Sep 9, 2008
    San Juan, PR

    After reading this post do this:

    Go to Safari -> Safari Preferences (Command + ,)
    Remove the checkmark from: Open safe files after downloading

    Attached Files:

  11. elohel thread starter macrumors member

    Jul 2, 2010
    when i first got it, i wasnt even asked for my password, it looked as though it went through the whole install process on its own, maybe it was just a webpage(do remember closing one, maybe it just had an animation on it?)

    thats why i was freaking out, i didnt enter my password, and i know you have to for installs

    ive done searches on my hdd and havent seen anything so i dont think it was installed

    thanks for the advice

    can someone post this for me since i dont have an internet connection?
  12. GGJstudios macrumors Westmere


    May 16, 2008
    The website does have animation to make it look like it's scanning. That's not the app doing that. The site does that even if the app isn't downloaded or launched. Unless you entered your password and credit card info, you don't have anything to worry about. Just delete the package from your Downloads folder and empty your Trash. Done.
  13. munkery macrumors 68020


    Dec 18, 2006
    That was just the webpage. It is made to look like finder to trick users.

    Drag and drop apps do not require your password but they also do not have system level access.

    If you didn't type your password, the Trojan was not installed.

    Sorry about the attitude in previous posts. It came from the fact the forum already had a thread concerning this malware.

Share This Page