Web announced the discovery of a new piece of Mac malware on Monday, which they are calling Mac.Backdoor.iWorm. According to their report, they believe the malware is affecting ‘more than 17,000 unique IP addresses,'” The Safe Mac reports. “Of course, this may not correlate well with the number of infected Macs, since most Macs do not have static IP addresses, but the number of infected Macs should at least be on the same order of magnitude.” “It’s unclear from Dr. Web’s report exactly how the malware gets installed,” The Safe Mac reports. “The name ‘iWorm’ suggests some kind of virus-like behavior. According to the report, the ‘dropper’ (ie, the program that installs the malware) puts the executable in a folder named JavaW in the /Library/Application Support/ folder, but this does not necessarily mean that Java is involved in any way. The name could simply be chosen as camouflage.” “To check to see if you are infected, go to the Finder and choose Go to Folder from the Go menu,” The Safe Mac reports.

• Check For Viruses On Macbook Pro

ManageEngine Log360 can do all that and also help you comply with IT mandates. Download the free trial. Edit Article How to Scan Mac for Malware. In this Article: Using Malwarebytes Using ClamXav Community Q&A Scanning your Mac for malware should never require pulling out your credit card. Unfortunately, Mac malware can disguise itself as a removal tool, demand payment in exchange for protecting your computer.

“Copy the following path and paste it into the window that opens – /Library/Application Support/JavaW – then, click the Go button. If you just get a beep, and the window displays a message in the bottom left corner that the folder can’t be found, then you should be okay.” More info and links in the full article. [Thanks to MacDailyNews Reader “elder norm” for the heads up.].

Every Apple fanboy will tell you that Macs are safe from malware, but it’s just not true. Recently a fake AV program has been targeting and infecting OS X computers in the wild.

Here’s a quick look at how it works, how to remove it, and also how to prevent it in the first place. The virus in question is actually a fake antivirus and trojan which goes by a few different names. It may present itself as Apple Security Center, Apple Web Security, Mac Defender, Mac Protector, and possibly many other names.

Note: we encountered this malware on a handful of user workstations at my day job, and then spent some time doing analysis of how it works. This is a real piece of malware, that’s really infecting people. Screenshot Tour of a Mac Protector Malware Infection The infection comes about from a webpage redirect which will present the user with the following page, that makes it appear like a real Mac OS X popup dialog. If the user clicks remove all they will immediately begin downloading a package which will install the virus.

Once downloaded your computer will probably automatically begin installation. Luckily, for now, you still have to manually walk through the installation process. As more vulnerabilities are found this will probably change in the future just like it has for Windows’ users in the past. Note: This was installed on a fully patched fresh install of OS X 10.6.7 with Symantec Endpoint Protection 11.0.6 fully up to date. Install microsoft office spelling checker. The installer will start and you will need to walk through the normal OS X process. Users will also be prompted for a username and password with administrative rights during the installation.

You may notice the new shield-like icon in the menu bar. The program will automatically run and pretend to be loading some sort of database for what we can assume is virus definitions. You will then be barraged with notifications and popups letting you know about your fake infection. Just like fake antivirus programs on Windows, if you click on the cleanup button or on one of the notifications you will be told that your software is not registered and needs to be paid for. If you click on the register button you will be asked for your credit card information. Note: Do not fill out, submit, or even type your credit card info in this window.

If you close out of this window you will be asked to put in your serial number to continue. Mac Protector/Defender Removal To remove the virus close out of all of the windows with either the command+Q keyboard shortcut or click the red orb in the top left corner. Now browse to your hard drive -> Applications -> Utilities and open the Activity Monitor.

Check For Viruses On Macbook Pro

Locate the MacProtector process and click quit process. Confirm the pop-up asking if you are sure you want to quit the process. Open your Apple menu and select system preferences. Select Accounts from the new window. If you are not able to edit your account settings click on the lock in the lower left corner of the window and put in your admin password.