If geeks love it, we’re on it

The Icrontic Mac Defender and Mac Protector removal tool

The Icrontic Mac Defender and Mac Protector removal tool

Remove Mac Defender and remove Mac Protector

So, somehow you’ve gotten infected with Mac Defender or Mac Protector. It’s the latest malware to hit OS X users, and it’s turned out to be particularly rampant. Hundreds and hundreds of posts are out there from folks looking for a way to rid themselves of this insidious malware.

First, let’s clear something up—neither Mac Protector nor Mac Defender is a legitimate anti-virus tool, as they pose to be. They are malware, opening your browser to random porn links, and telling you that legitimate system files like Terminal are actually spyware. No, they aren’t—Mac Protector and Mac Defender is the spyware. When you try to “clean” with it, it says your copy is unregistered, and prompts you to enter your personal information including a credit card. Don’t. If you did? Contact your bank. You’re not buying anything—you’re just sending your credit card information to people who may not have your best interests in mind.

Obviously, with things like this out there, you should be running an anti-virus. There are a number of anti-virus products for Mac OS X from a variety of manufacturers. If you don’t feel like spending your hard earned money on one, Sophos offers their Home Edition for Mac OS completely free. However, Mac Defender and Mac Protector can  interfere with installing legitimate anti-virus products. You need to remove them first.

That’s where your friends here at Icrontic come in. Search Apple support no more, call not the Genius Bar, return not to the shiny white store, my friends! For we deliver unto you: The Icrontic Mac Defender / Mac Protector Removal Tool!

This simple easy to use tool can completely remove Mac Protector AND Mac Defender from your infected systems in two clicks. Since it’s a shell script and an AppleScript, it is virtually impossible for this malware to interfere with its operation.

Using the Icrontic Mac Defender/Mac Protector Removal Tool

First, download the ZIP file. Double click on it to open it, and drag the two files anywhere on your system—even onto a USB drive or your Desktop. They can be run from anywhere, as long as both files are in the same folder. You should have “Clean_MacProtector.sh” and “Clean_MacProtector_Login.scpt”.

There are two possible ways to run this tool; if your Mac is configured to run .sh files from Terminal, this way will work:

Double click “Clean_MacProtector.sh” and Terminal should pop up while it runs. Wait while it cleans your system of Mac Defender or Mac Protector. If you have a lot of applications installed, or a large hard disk, the script can take a very long time to run. It actively searches every directory and drive on your Mac for possible infection, just in case it installed to an unexpected location or an alternate drive.

If that doesn’t work, and it just opens up a bunch of code in TextEdit, close TextEdit and do this:

  1. Go to the folder where you have the .sh file. Hold down Control and click on the file. You’ll get a menu that pops up; select “Open With…” from that menu.
  2. From “Open With”, select “Other”
  3. Scroll down until you see “Utilities”, and double click that
  4. At the bottom of that window you’ll see a box that says “Enable: Recommended Applications”. Click that and change it to “All applications”
  5. Back up in the Utilities window, scroll down until you see “Terminal” and select that. Then click  “Open” and the tool should run.

That’s all there is to it! Your system will be clean, no calls or visits to Apple necessary, and it’s free.

Stay safe!

Comments

  1. Tushon
    Tushon You did better than Apple did
  2. Bandrik
    Bandrik Sweet, now THIS is customer support! Thank you Apple for finally admitting that you have a problem and coming up with this simple, easy-to-use tool that--

    Oh wait. That's right. They didn't. In the meantime, awesome work, Phil. Hope this aids some poor fool that's in need of a helping hand.
  3. Kwitko
    Kwitko This tool is useless since Macs never get viruses or malware or spyware. Clearly this is a failed attempt by PC users to denigrate the Apple name and its superior, magical products.
  4. Bandrik
    Bandrik Mmm, taste the Apple magic! It tastes like... chalk dust. And... other strange, white substances.
  5. Tushon
    Tushon Someone who is on the apple forums should go and post a link in the support area for this. Page views over 9000?!?!?!
  6. Annes
    Annes Great job, Phil!
  7. HO ...oh wait....Macs aren't supposed to be malware free????

    Hmmmm, I'm happy with my Win7, at least MS doesn't hide the facts with Koolaid like Mapple, we know there is that called malware, not like Win7 get's a lot but is there, still, Mapple gets malware and like Hitler in WW2 denies it, yup, it's all koolaid for the mindless drones.
  8. Derek I just got that annoying macdefender. I googled it and came up with this site. I downloaded it and it didn't work. I then contacted the company and got help and they told me how to get to it from another direction. It worked beautifully and before I could send a thank you email, the system was cleaned and everything working great again.

    As I told the rep I spoke with...you guys rock!!!
  9. primesuspect
    primesuspect Haha, thanks Derek. We're not a company, per se... We're just a group of friends and geeks who help when and where we can. Phil (Rootwyrm) is the guy who wrote the software, and thanks to your emails with me, I updated the article with instructions in case it doesn't work.

    Thanks for stopping by Icrontic!
  10. RootWyrm
    RootWyrm And the best part? There's a new version being worked on as I write this (@$%!*ING Xcode!) which will be even EASIER to use.
  11. RootWyrm
    RootWyrm As a note; the current release (5/23/2011) does NOT and cannot remove the following new variants discovered as of 5/25:
    MacGuard + avRunner Trojan Downloaer
    MacSecurity
    Work is in progress to obtain samples of these new variants and add the capability to remove them ASAP.
  12. Mike ManyThanks this thing downloaded itself and was bothersome.
    appreciate the help.
  13. primesuspect
    primesuspect Glad to have helped!
  14. dansones wheres the zip file?
  15. Thrax
  16. Kwitko
    Kwitko
    RootWyrm wrote:
    And the best part? There's a new version being worked on as I write this (@$%!*ING Xcode!) which will be even EASIER to use.
    Even though I neither own a Mac nor like Apple, I think what you're doing is fucking epic. This is why I love Icrontic.
  17. Kate I tried the fix. It did not work. Suggestions?

    Kate
  18. Melanie Thank you, that virus was a pain, glad to have it gone, thank you.
  19. Mannix it didn't work :(
  20. RootWyrm
    RootWyrm If you've updated OS X in the last month, either manually or automatically installed updates, this tool will no longer work. Apple finally added an automatic removal routine to OS X which attempts to block, and removes all 13+ variants. This tool can only remove the first two, and when Apple added their update, the malware authors started creating variants at a rate that was impossible to keep up with.
    If you haven't installed the latest OS X updates, that's definitely the first thing you should do. Then make sure that automatic updating is turned on - Apple is still pushing new definitions every 24-48 hours or so.
  21. Susan R. No matter how many times I use your Removal tool to remove MacDefender, the Removal tool always finds it again. I've done this 15 times already.

    Also, Sophos always finds the Archive.pax.gz file, gets hung-up and basically freezes -- so I guess there really is SOMETHING BAD stuck in this Mac.
  22. Tushon
    Tushon
    If you haven't installed the latest OS X updates, that's definitely the first thing you should do.

Howdy, Stranger!

You found the friendliest gaming & tech geeks around. Say hello!