Thursday, May 19, 2011

Malware on the Mac

This week MacRumors reported the AppleCare hotline which normally has about 15 minutes between support calls now has a constant flow of calls coming in. A full 50% of these calls are because of a piece of Malware people have started installing called MacDefender. There is also Mac Protector and free iWork and Adobe Creative Suites floating around on the Internet that are really Malware. I won’t say the honey moon is over and we as Mac users really need to be particularly concerned about Malware and viruses. After all we are not PC users and our computers still can’t be infected by just going to a website or popping in a CD.

These Malware programs are either presented on a website or via an unsolicited email. I even got an email the other day structured to look just like something Apple would send and even took me to a website that looked very much like an Apple website. Except it wasn’t it. It was selling all kinds of fake or pirated software well below retail and most of it directed at PC users. The dead giveaway is Apple would never send an email from live.com (Domain owned by Microsoft and provides free email services).

So today I am going to give my readers a couple of tips to be safe when surfing the web and installing software. Plus I am going to include a quick step by step tutorial on how to remove the malware if you have already installed it on your computer. First, a quick synopsis of what is malware. These malware programs do nothing but tell the user they have a virus and if you buy the program it will remove this virus. Since there are no viruses in the wild on the Mac it is a fairly useless program. All it likely does is stop hounding you to buy it. However the people who wrote these programs don’t just want the $20.00 or so dollars for you to “buy” the software but then they have your credit card information and can sell that to the highest bidder online. It is about identity theft and credit card fraud. So your best bet is to just remove the program yourself and only install software from known and trusted software sources.

Safety Tips

1.) If you are running OS X 10.6.6 purchase your software from the App Store. It has been vetted by Apple and approved. It is the safest way to get software and you don’t have to worry about finding license keys if you have to reinstall and you can install software on each computer you own.

2.) Do not install software on your computer that you didn’t seek out yourself or you were not referred to by someone you trust. If you get an email saying get this great software cheap or you get something on Facebook or Twitter don’t be too quick to install it. Sometimes there are great deals like MacHeist and some others that put together bundles. Just be cautious and make sure the message came from someone you trust.

3.) When in doubt don’t install it. Do a Google search and find out more about it from trusted websites. You can even email me here at the blog and I will check it out and let you know if something is safe.

How to Remove Mac Defender / Mac Protect and other Malware

If you see the following screen as an example. You should not pay anything but follow these steps below to remove the malware from your computer.

4C92FAA4-7E36-4705-8A4A-159C70A0B0B1-2011-05-19-12-54.png
Should you install the software and need to remove it follow these steps.

1.) Open Activity Monitor and locate the program running and select it. Under Process Name it will have the name of the malware. Click on it and then click the Quit Process

Screenshot2011-05-19at1.17.34PM-2011-05-19-12-54.png

2.) Go online and download an app removal program from the internet. There are three I can recommend and the links to them are below.

        App Zapper http://appzapper.com/ available for $12.95
        App Cleaner http://www.freemacsoft.net/AppCleaner/ available for free although donations are accepted via the website. If you do use this please help support the                                                                                          developer.
        App Delete http://www.reggieashworth.com/appdelete avaiable for $7.99
        Hazel http://www.noodlesoft.com/hazel.php available for $21.95 Hazel, does much more than just help clean up apps.

All four of these apps I have tried and I have checked out these links so they are safe for installation.

3.) Find the MacProtect or MacDefender in the Applications folder of your Mac. Drag the Application to the running App Delete program of your choice. Once all the pieces of the program have been found just press the delete button your App Delete utility. Once it is deleted empty your trash and your computer is once again malware free.
Screenshot2011-05-19at3.20.43PM-2011-05-19-12-54.png


App Cleaner is the app I have been choosing to remove this malware from the peoples machines I have tested this procedure on. So far all the feedback has been good and everyone indicated it has been a simple fix. If you have issues let me know through the blog or via email and I will modify the directions as needed and try and help users solve their problems. After all that is what the Mac community is all about helping one another.

Remember be safe when surfing, always exercise caution and make sure you understand what you are installing when anything asks for your admin password. If you or a family member are running as a Standard User the malware should not be able to install unless your provide an admin level password.