A fake AntiVirus software was recently discovered by Intego ( http://www.intego.com/ ). This software called MacDefender or MacProtector needs to be installed by the user in order for it to infect the system.

After clicking on certain web URLs in search engines such as Google, users will see a pop-up window that looks like a finder window, but it's fake. It shows a fake virus infection message launched by the "Apple Security Center" ( that application does not exist ).

NOTE: Always pay attention to little details such as typographical errors and poorly written sentences, like in the warning dialog that pops in this fake security software window. Another thing to look at, is your hard drive name – this fake dialog shows your hard drive as "Macintosh HD", but maybe you already renamed your hard drive to "Office HD". Also the list of items under "PLACES" may differ from the list of items in a real finder window.

Clicking anywhere on the "window" will download an installer file to your mac named either MacProtector, MacSecurity or MacDefender (the name keeps changing, but all the programs do the same thing.)

The trojan package file runs in the standard apple installer, and you have to type an admin password to give it access. Then it (1) installs an application in your applications folder and (2) sets the application to launch at startup.

When running, the malware appears as a menu bar item in OS X, but without a Dock icon or any way to exit the program. The program immediately starts to "scan" the infected system, alerts the user they are infected with various malware, and prompts them to purchase the program in order to remove the threats.

The easiest way to remove it is by using AntiVirus software such as MacScan or VirusBarrier ( from Intego itself ), but users familiar with Activity Monitor can also remove this Malware following these instructions:

• Open Activity Monitor from the Utilities folder. Make sure the drop-down menu is set to "all processes."
• Use the search field in Activity Monitor to search for MacDefender, MacProtector or MacSecurity.
• Click on the MacDefender process. Click the "Quit Process" button. Click "Force Quit."
• Drag the MacDefender program (installed in the Applications folder by default) to the Trash. Empty the Trash.
• Remove MacDefender, MacProtector or MacSecurity from the Login Items for your Account in the OS X System Preferences (if it exists).

If you are not familiar with Activity Monitor, you can bring your Mac to MBS and we will get the Malware removed for FREE. If coming to MBS is not an option for you, we can also remove the Malware from your system through a Remote Support session for a special discounted price ( $25 ). If you prefer the latter option, please call us at 1 (888) 354-0100 and a service technician will help you right away.