Mac Shield is a fake rogue anti-spyware program that for the Mac OS operating system from the same family as Mac Guard. This infection is spread through spam, hacked sites that have poisoned the search results for image search engines such as Google Images, and hacked sites that infect you when you visit them. When you click on images belonging to the hacked sites, you will automatically be redirected to a page that shows an advertisement that pretends to be a fake online scanner. When these fake scans are finished, it will state that your computer is infected and then automatically download the Mac Shield program onto your computer. Once the program has finished downloading, the installer will start and prompt you to install the program.
Once the program is installed it will be configured to start up automatically when you login to your Mac. Once running it will pretend to scan your computer and then state that there are numerous files on your computer that are infected. If you attempt to clean these fake infections, though, the program will state that you must first purchase a license before it will allow you to do so. After the scan, the Control Center screen for Mac Shield will be updated to state that your computer is infected and at Risk. Regardless of the information presented by this program, you should not purchase this program as all of this information is false.
Unfortunately, when MacShield is installed on your computer it will also be added to your accounts Login Items so that the program is launched every time you login to your Mac. As there is no Dock icon for this application, it is also not easily closed and will instead require you to terminate its process through the Activity Monitor before you are able to remove the application from your computer.
While the program is running it will also display fake security alerts that are further used to scare you into thinking that your computer has a serious problem. Some of these alerts include:
The system is infected
Your system is infected. It's highly recommended to cleanup your system to protect critical information like credit card numbers, etc.
Sorry, the copy of your program is unregistered. Register to have an ability to cleanup your system.
Infected file detected:
Infected file detected:
Just like the fake scan results, these alerts are also fake and are only being used to scare you into purchasing the program. Therefore, please ignore them and do not purchase the program. Last, but not least, while the program is running it will also open up Safari and display various pornographic sites. These sites include gay.porn.com, buy-viagra-now.net, fitish.com, www.gay.com, www.porn.com, and www.freebdsmgalleries.com.
As you can see, MacShield was created to scare you into thinking your computer has a severe security problem so that you will then purchase this program. For no reason should you purchase Mac Shield , and if you already have, you should contact your credit card company and dispute the charges stating that the program is a computer infection. Finally, to remove this infection, and any related malware, please use the removal guide below.
Self Help Guide
- Print out these instructions so it will be easier to reference it as you follow these steps.
will stay on top of any other programs that are running, we first want to close the program so that we can see the other screens that we need to open during this cleaning process. Please close this window by clicking on the red close (X) button in the top left of the
Windows. The button that you need to click in order to close the window is shown below:
- Next you should open Safari, or other web browser, and download the BleepingComputer Mac Rogue Remover Tool from the following link:
Mac Rogue Remover Tool Download Link (http://download.bleepingcomputer.com/mac-rogue-remover-tool/mac-rogue-remover.zip)
- Once the program has finished downloading, open up the folder that you downloaded the program to. If you have Open "safe" files after downloading enabled in Safari, then the application will automatically have been extracted. Otherwise double-click on the mac-rogue-remover.zip file to extract it. Once it is extracted you should see an icon similar to the one below in your folder.
- Please double-click on the mac-rogue-remover icon to start the program. Mac OS will now prompt you as to whether or not you wish to run the program.
Please press the Open button to run the program.
- Mac Rogue Remover will now start and you will see a message box that displays the End User License Agreement for this program. If you agree to this EULA, click on the I Agree button to start the program. Otherwise, click on the Cancel button to not use Mac Rogue Remover.
- If you agreed to the license agreement, Mac Rogue Remover will start to scan your computer for the
When it has finished it will display another message stating what it has found and removed. You can press the OK button to close the program. While Mac Rogue Remover was running it also created a file on your Mac OS desktop called mac-rogue-remover.txt that contains a log of what the program removed from your computer. Please review this file as if it found that
was installed under a different user account, it will prompt you to run Mac Rogue Remover while logged in as that account to completely remove the infection.
When using Mac Rogue Remover, if you have any questions on how to use it or would just like to tell us how the program worked, please leave a post in this topic:
Introducing the BleepingComputer Mac Rogue Remover Tool
- Now that
has been removed, we need to change a setting in Safari so that these types of programs are not automatically run on your computer in the future. By default Safari opens and launches programs that it considers safe to run. These programs include movies, pictures, sounds, PDFs, text documents, archives, and disk images. Due to this, these types of infections are able to be downloaded and automatically run on your Mac. To fix this, start the Safari program and then click on the Safari menu option. From the Safari drop down menu, select Preferences. This will open the Preferences screen as shown below. When the screen opens, if you are not on the General settings screen, please click on the General button.
You should now uncheck the checkbox labeled Open "safe" files after downloading as shown in the image above. After unchecking this box you can close the Preferences screen and Safari.
Your computer should now be free of the MacShield program and Safari should be secure so that it does not automatically launch these types of programs again in the future.