Update:

Apple has released security update 2011-003 which should remove most instances of this malware automatically. Details about the removal process provided by this security patch can be found here.

You should receive this update automatically the next time your computer checks for system software updates. In addition, Apple Support document HT4650 outlines Apple’s recommended removal method for these malicious programs if you still need to remove it manually for some reason.

While it is more of a trick than a virus, many users are reporting infections by malware known as “macdefender” or “macprotector.” This software currently requires an administrator username and password before it can be installed, and results in nude photos for pornagraphic website appearing on the user’s computer. This infection usually begins with a user visiting an infected website and being prompted that “To help protect your computer, Apple Web Security have detected Trojans and ready to remove them.” If you receive this prompt, you should immediately exit your browser and close any running programs that appear to be software installers like this one. If you have already fallen for this trick and installed the software, then you are already infected. Unfortunately, Apple support has been less than helpful with resolving this problem for clients, with their official policy being “Do not attempt to remove malware”. Users are directed to the app store, but not given any instructions on what to do. Fortunately, users have several options for removal. First option: Manual removal

Start in safe mode by turning off your computer completely.

  1. Press the power button to turn the computer back on.
  2. Immediately after you hear the startup tone, hold the Shift key. The Shift key should be held as soon as possible after the startup tone, but not before the tone!
  3. Release the Shift key when the gray Apple icon appears.
  4. Once the computer has booted up, click on Finder (it is the blue happy face icon in the Dock)
  5. Select Applications from the left pane of the window that appears
  6. Important: Follow this step carefully! Find MacDefender.app or MacProtector.app and click and hold the application (do not double-click!) While holding the click-button down drag the application to the trash can on the dock and release.

    remove malware from mac

    MacDefender removal

  7. Open the Trash Can and verify that the application is now in the trash, then close the Trash window
  8. Click and hold the Trash icon on the dock. On the menu that appears select “Empty Trash”
  9. On the prompt “Are you sure you want to permanently empty the items in the Trash?” select Empty Trash
  10. Reboot your computer as you normally would.
  11. Open your browser of choice and reset it. To do this in safari select Safari from the toolbar and click “reset safari”
  12. To prevent this problem in the future with safari click Safari in the toolbar and select Preferences.
  13. Under the general tab unselect the checkmark next to Open “Safe” files including movies, pictures, sounds, PDF and text documents, and disk images and other archives.
  14. Congratulations, Everything should be back to normal!

To remove the program automatically, you have a few options for virus scanners that can detect this malware. Home Users: Sophos for Mac, which is available for home users for free from here can detect this software. Business Users: ClamXav is available free, and can be downloaded here. College Students: If you are a UF student, you are entitled to use McAfee VirusScan for Macintosh (Virex) through the University of Florida’s licensing. While connected to the UF network you can download the software here.