SecureMac says it’s discovered a new version of the previously identified MAC Defender malware (http://macte.ch/JGEpO). The new variant is an updated version of the original malware, rebranded as
The new version didn’t change the main functionality of the code, but rather cleaned up the existing code and added small updates including the capability to send information about the infected system back to the authors of the malware, along with an updated user interface to reflect the name change, according to SecureMac. This new version of MAC Defender exhibits the same behavior as the original variant detected by SecureMac, and should be removed as soon as possible, the company says.
MacScan users can identify the new malware by running a spyware scan with the latest spyware definitions update, which was release May 4. A 30-day demo of MacScan can be downloaded from SecureMac at http://macscan.securemac.com .
To update spyware definitions from within the program, click the “MacScan” menu and then click “Check for updates.” Once the malware has been detected and isolated, users should drag the “MacScan Isolated Spyware” folder from their Desktop to the Trash in order to remove MacSecurity variant of the MAC Defender malware from their system.
For manual removal users should follow either of these two methods:
1. Open Activity Monitor from the Utilities folder. Make sure the drop-down menu is set to “all processes.”
2. Use the search field in Activity Monitor to search for MacSecurity.
3. Click on the MacSecurity process. Click the “Quit Process” button. Click “Force Quit.”
4. Drag the MacSecurity program (installed in the Applications folder by default) to the Trash. Empty the Trash.
5. Remove MacSecurity from the Login Items for your Account in the OS X System Preferences (if it exists).
Method Two (Advanced)
1. Open the Terminal application from the Utilities folder.
2. Type the following command in the terminal (without quotes) and hit the return key: ‘ps -ax | grep -i MacSecurity’
3. Note the process ID associated with the MacSecurity program (the first digits listed in the result).
4. Type the following command in the terminal (without quotes, and substituting the process ID noted above for XXXX) and hit the return key: ‘kill XXXX’
At this time the MacSecurity program will no longer be running. Continue with steps 4 and 5 from Method One for removal.