Yet another MacDefender variant: MacGuard
Published May 25th, 2011 at 7:34 PM EDT , modified May 26th, 2011 at 6:13 AM EDT
Another new trojan has appeared in the MacDefender/MacSecurity/MacProtector line. This time it’s called MacGuard. From the initial reports, it does not sound like it is significantly different in most respects from the earlier versions. However, there is one notable difference: it no longer requires an administrative password to install. I am unclear on this point exactly why… some sites report that it is installed in the user Applications folder rather than the global one, while others give uninstall instructions that refer to the main Applications folder. I will report more as I learn more, but for now it appears that the same old MacProtector removal instructions will work, with minor modifications. First, and obviously, you need to look for the name MacGuard in addition to the other three when removing. Second, look in both the main Applications folder and the one in your user folder and remove MacGuard from wherever it is.
If anyone has additional information, please let me know, and if anyone finds a live link to the malware, please let me know so I can get a copy of it.