Mac Guard is a fake antivirus program that targets OS X users and is a variant of the first widespread scareware to target Mac users on the Internet first labeled as MAC Defender. The malware is a Trojan virus and is designed to spread through maliciously infected websites (also being called SEO poisoning by the early reports of the infection). The virus has proven to be pretty successful at infecting Mac users due to lack of updated anti-virus protection being installed throughout much of the Mac community as well as a lack of computer security awareness due to the relatively small amount of computer malware that is targeted towards to the OS X Operating System (OS).
How Does Mac Guard Infect Your Computer?
Unlike previously discovered version of the Mac Defender Trojan virus, the Mac Guard variant is deployed in two parts. The downloader component is downloaded automatically to a MAC user’s computer when visiting a website that has been corrupted (or designed) to infect other computers. The downloader will install a package called avSetup.pkg which with the Mac Guard upgrade does not require administrator permissions to install. As a result, Mac’s can now be infected with scareware similar to Windows computers without administrator permissions having to be used. Once installed, Mac Guard will prompt the user of the computer to register the program in order to remove false infection warnings stating the computer is infected with Trojan viruses, computer worms, and spyware. The Mac Guard virus will also periodically open Safari to gay pornographic websites while it is running on your computer.
Files Associated with the Mac Guard Trojan Virus
/Application/MacGuard.app/Contents/MacOS
/Application/MacGuard.app/Contents/MacOS/MacGuard
/Application/MacGuard.app/Contents/PkgInfo
/Application/MacGuard.app/Contents/Resources
/Application/MacGuard.app/
/Application/MacGuard.app/Contents
/Application/MacGuard.app/Contents/Info.plist
Steps to Remove Mac Guard from Your Computer
Step 1 – Select the “Applications,” “Utilities,” and “Activity Monitor” menu options on your computer.
Step 2 – Terminate or kill all processes that look like they are linked to the Mac Guard infection.
Step 3 – Delete the Mac Guard folder and all contents from the Applications folder on your computer.
Step 4 – Select the “System Preferences,” “Accounts,” and “Login Items” menu options and look for the MacGuard entry. After you find the entry, push the “-” button to remove it.
Step 5 – Use Spotlight and search for the term “Mac Guard” on your computer to identify any files that you have missed related to the scareware installation on your computer. If any files are discovered, delete them from the machine to finish removal of Mac Guard.
**** Update 1 June 2011
Apple has released an update for OS X that incorporates a major change to the File Quarantine feature in Snow Leopard which will offer to remove Mac Guard or Mac Defender if detected. Unknown to the author if this update will help users of older versions of OS X or how long it will take the authors of Mac Guard and Mac Defender to release a new version of the malware that can defeat this update.
Related posts:
- How Do You Flush DNS Cache in Mac OS X? If you are running Mac OS X, you will notice...
- Blackhole RAT Trojan Virus Mac OS X computer users have been able to feel...
Related posts brought to you by Yet Another Related Posts Plugin.
