Removing the Mac Defender trojan

From what I've read on the Apple discussion forums, here's how you delete the Mac Defender trojan from your system.

  1. Assuming the trojan is currently running, you can kill it using the Mac Activity Monitor. To start the Activity Monitor, click Applications > Utilities > Activity Monitor.
  2. Find the process named something like "Mac Defender" or "Macdefender".
  3. Click that line once, then click the "Quit Process" icon in the top of the Activity Monitor dialog.
  4. Click the "Quit" button. From what I've read, that will kill the Mac Defender process, but if it doesn't, then click the Force Quit button.

This kills the program from currently running, and the Mac Defender window should quit running, for now.

Removing the Mac Defender, Part 2

While the Mac Defender trojan has been stopped for now, from what I've read, it installs itself as a "Login Item", so when you log out of your computer or restart it, it may appear again.

This Mac discussion forums thread describes how to get rid of the Mac Defender trojan completely. In short, you should:

  1. Boot your Mac into Safe Mode. Do this by holding down the [Shift] key during the Mac boot-up process. (You just have to hold this down until you see the progress bar appear on screen. I just tested this, and boot-up seems to take quite a bit longer this way.)
  2. Remove the Mac Defender from your Login Items (see below) and Startup Items.
  3. Remove the Mac Defender from your Applications folder (drag it to the trash).
  4. Remove the file from your Downloads folder (drag it to the trash).
  5. Restart your computer

Removing the Mac Defender login item

To remove the Mac Defender as a "login item", follow these steps:

  1. Click the Apple menu, then System Preferences.
  2. Click Accounts.
  3. Click the Login Items tab.
  4. Click the Mac Defender item in the list of login items, then click the '-' icon to remove it (then click "Okay") if you're prompted for that.

(For more detailed information on this process, see my Mac Login Items tutorial.)

Removing the Mac Defender Startup Items

"Startup Items" on a Mac OS X system are configured by putting special "startup" files in special directories on your Mac. Normally this is a good thing, but in this case, it's not. From what I've read the Mac Defender may put files in the following startup items folders on your Mac.

To see these folders, start your Mac Finder, then click the "Macintosh HD" icon in the top-left of the Finder. Then look in these folders:

  1. Library > StartupItems
  2. System > Library > StartupItems

Be careful in these folders, because again, normally there might be good things in these folders. But if you see a file or folder named "Mac Defender" or something like that, you can be sure it's nothing good, and you should delete it. Again, you can read more about this process on the Mac discussion forums here and here.

Removing the Mac Defender trojan - Summary

If I find more information I'll share it here, but for now, that's what I've read about removing the Mac Defender trojan/virus. If you have any information to share, please leave a note in the Comments section below.