AppleCare reps told not to help users remove malware; how to remove MacDefender – Examiner.com
Follow me on Twitter and on Facebook
Despite the fact that Mac OS fans like to believe that their platform is impervious to malware, it's not. And despite the fact that attacks are increasing, Apple customer service representatives have been told not to help remove it.
The most recent case of malware infecting Macs is "MacDefender." It pretends to be a Mac AV program, but once installed it runs in the background and launch pornographic Web sites and other such undesirable content. It will also show you what looks to be a virus scanner, and shows a real-looking scanner interface that will ask you to purchase an upgrade. That, of course, is a faux upgrade which could lead to fraudulent credit card charges.
At any rate, Ed Bott spoke anonymously to an AppleCare rep, and learned the following (AC stands for AppleCare):
AC: We have a team of people who go though all case notes and find new issues that are popping up a lot and send notices to all of AppleCare. Our notice for Mac Defender is that we’re not supposed to help customers remove malware from their computer.
The reason for the rule, they say, is that even though MacDefender is easy to remove, we can’t set the expectation to customers that we will be able to remove all malware in the future. That’s what antivirus is for.
Despite what many think, there are a number of antivirus programs available for the Mac. They include such big names as Symantec, Sophos and McAfee, among others.
Fortunately, with the MacDefender virus, which also comes named as "MacSecurity," and "MacProtector," the removal process is easy. Here is how to remove it:
First shut down the malware.
Open the Activity Monitor utility and either search for the malware (or browse through the list of running processes). The malware should be called "MacDefender," "MacSecurity," or "MacProtector" and will be running under your username. Actual antivirus software will be run under the username "root."
Select the malware in the Activity Monitor, click the "Quit Process" button and confirm. If necessary use the force-quit option.
You can also use Terminal to do this with the following command (no quotes): "sudo killall macdefender macsecurity macprotector"
Remove the malware.
Go to the /Applications folder and move the program to the trash (it will be called "MacDefender," "Mac Security," or "Mac Protector"). Additionally, locate the installer file (likely in your Downloads directory, or wherever Safari stores your downloaded items) and move it to trash as well. Empty the trash to eliminate any traces.
Remove references to the malware.
The program is executed at log-in via Mac OS X's "Login Items" feature. Go to the "Accounts" system preferences; choose your account name, and then go to the "Login Items" tab and remove any reference to the malware.
As we've noted before, Mac OS X has been "immune" to malware only because of its relative lack of popularity. As it continues to increase in adoption, hackers will see this as something to take advantage of, and begin to target the OS in greater numbers.
Indeed, it's time to buy a Mac antivirus program.
This entry passed through the Full-Text RSS service — if this is your content and you're reading it on someone else's site, please read the FAQ at fivefilters.org/content-only/faq.php#publishers. Five Filters featured article: If At First You Don't Succeed - Four Decades Of US-UK Attempts To Topple Gadafi.
