Microsoft KB Archive Search

Notice: This website is an unofficial Microsoft Knowledge Base (hereinafter KB) archive and is intended to provide a reliable access to deleted content from Microsoft KB. All KB articles are owned by Microsoft Corporation. Read full disclaimer for more details.

  1. Home
  2. How to detect MacDefender malware in System Center 2012 Endpoint Protection for Mac and how to remove the malware

How to detect MacDefender malware in System Center 2012 Endpoint Protection for Mac and how to remove the malware

View products that this article applies to.

Summary

MacDefender malware is malware that provides personal information to an unauthorized third party. Typically, MacDefender malware is manifested as a pop-up window that indicates that a virus was detected and suggests that you install software to remove the virus. 

You may also experience the following symptoms if your computer is infected with MacDefender malware:
  • Slow system performance 
  • System instability 
  • Many pop-up screens 


Note MacDefender malware uses several names. These names include the following:
  • MacDefender
  • MacGuard
  • MacShield
  • MacSecurity
  • MacProtector
  • Apple Security Center
Note Microsoft System Center 2012 Endpoint Protection for Mac detects MacDefender malware and variants as "OSX/Adware MacDefender."

The following shows how one MacDefender variant is displayed on the screen:




This article describes the steps to follow to remove MacDefender malware if your computer is already infected.

↑ Back to the top

More Information

To remove MacDefender malware, follow these steps:
  1. Remove the malware files. To do this, follow these steps:
    1. Exit all running programs.
    2. On the Go menu, click Downloads.

      Note The Downloads folder is the default folder where downloaded files are stored. If your browser is configured to use a different folder, open that folder instead.
    3. Control + click the installation package for the malware, and then click Move to Trash. For example, Control + click MacDefender, and then click Move to Trash.
    4. On the Go menu, click Utilities.
    5. Double-click Activity Monitor.
    6. In the Activity Monitor window, click All Processes in the drop-down box.
    7. Under Process Name, click the name of the malware, and then click Quit Process. For example, click MacDefender, and then click Quit Process.

      Note  Click Force Quit if you are prompted.
    8. In the menu bar, click Activity Monitor, and then click Quit Activity Monitor.
    9. On the Go menu, click Applications.
    10. Control + click the malware program file, and then click Move to Trash.

      Note The MacDefender application file may have any one of several names. These names include the following:
      • mdDownloader
      • downlSh
      • spavid
      • ashield
    11. Click Finder and then click Secure Empty Trash.
  2. Remove other malware files. To do this, follow these steps:
    1. On the Go menu, click Computer.
    2. Double-click the hard disk.

      Note Typically, the hard disk is named Macintosh HD.
    3. Double-click Library, and then double-click Preferences.
    4. Control + click com.aplle.md.plist, and then click Move to Trash.

↑ Back to the top

References

For more information about how to avoid or to remove MacDefender malware, visit the following Apple website:
How to avoid or remove Mac Defender malware


↑ Back to the top

Keywords: kbsurveynew, kbinfo, kbentirenet, kb

↑ Back to the top

Article Info
Article ID : 2685344
Revision : 1
Created on : 1/7/2017
Published on : 6/27/2012
Exists online : False
Views : 78