Over the last month or so, Mac rogues have started to be released into the wild from the same developer as the FakeRean Windows rogue. These rogues, regardless of what may be said by Apple and its employees, have been successful. With our Mac rogue removal guides having an aggregate total of over 100,000 views and my receiving many emails from people thanking me for our guides, but stating they fell for the scam and purchased the program, we can be assured that the malware developers are making plenty of money from these programs. The purpose of these Mac rogues is to make money and if the developers are making it, we can be assured that they will continue to release new versions of these rogues that are trickier to install or remove.
This can be seen in the latest Mac rogue called Mac Guard. Previously, when this family of rogues was installed on your Mac you had to enter your password for the application to be installed. Mac Guard introduced a new technique that does not require your password to be entered if you are running an Administrator account. As you can see, the malware developers are already introducing new techniques to make it easier for their programs to be installed. I expect as time goes on, these developers will introduce new techniques that will make removing these programs harder to do.
BleepingComputer's goal for writing guides is to offer removal methods that are not only easy to understand but also easy to accomplish. With this in mind, I have created a new tool named Mac Rogue Remover Tool. This tool, when run, will scan your Mac and terminate the rogues processes, remove Login Items, the Application folders, and any left over folders or files that may reside in your Downloads folder. I have purposely made it so that it does not scan your entire disk for these applications in order to not have false positives with possibly legitimate programs that may be released in the future. Therefore, if you have installed these programs in a different location or changed the location where they are downloaded to, you should use the Manual Removal procedure that is present in all of the Mac rogue guides, which I have listed at the end of this post.
All of our Mac rogue guides have already been updated to contain two removal methods. The first is detailed instructions on how to use Mac Rogue Remover to remove the Mac rogues and the second is the manual removal method.
In summary, To use this tool, you need to download it from the following link:
If Safari is configured to Open "safe" files after downloading, which you should disable to be more secure, the Mac Rogue Remover will automatically be unpacked for you in the folder that you downloaded it to. If not, then you will need to double-click on the file to extract the application. Once it is extracted, just double-click on the mac-rogue-remover app icon to launch it. When launched you will be presented with a license agreement that you must agree to in order to use the program. Once you agree to the license, Mac Rogue Remover will launch and remove any items associated with the rogue. It will then display what it has found and create a log of what actions it took on the desktop called mac-rogue-remover.txt. The rogue should now be removed from your mac.
At present, the Mac Rogue Remover Tool will remove the following:
- Mac Security - Mac Security Removal Guide
- Mac Defender - Mac Defender Removal Guide
- Mac Protector - Mac Protector Removal Guide
- Mac Guard - Mac Guard Removal Guide
Please let us know in this topic if there are issues running the tool.
I hope you find this tool helpful.