Threat Explorer

The Threat Explorer is a comprehensive resource consumers can turn to for daily, accurate, up-to-date information on the latest threats, risks and vulnerabilities.

OSX.MacKeeper

OSX.MacKeeper

Updated:
November 29, 2017
Name:
Mac Keeper
Version:
3.16
Publisher:
Mac Keeper
Risk Impact:
Low
Systems Affected:
Mac

Behavior

OSX.MacKeeper is a misleading application for macOS that may give exaggerated reports about security issues on your computer.

Antivirus Protection Dates

  • Initial Rapid Release version pending
  • Latest Rapid Release version December 13, 2017 revision 021
  • Initial Daily Certified version November 29, 2017 revision 016
  • Latest Daily Certified version December 14, 2017 revision 002
  • Initial Weekly Certified release date November 29, 2017
Click here for a more detailed description of Rapid Release and Daily Certified virus definitions.
Behavior
This misleading application may be silently installed by another program. It may also be manually installed from the Web site.




When the program is executed, it performs a scan and then displays misleading or exaggerated reports of security issues on the computer.




The program then prompts the user to purchase a registered version of the software in order to remove the reported problems.



Installation
When the program is installed, it may create the following files:
  • /Applications/MacKeeper.app
  • /private/tmp/6CA52563-C3F0-4C1C-A573-AB76AC1D0BD3
  • /private/var/folders/3p/3lqkypgx6ns6h8cfpn7x4g_c0000gn/C
  • /Users/admin/Library/Caches/com.crashlytics.data/com.mackeeper.MacKeeper
  • /6ns6h8cfpn7x4g_c0000gn/T/MacKeeperUninstaller.app/Contents/Resources/fi.lproj
  • /private/var/folders/3p/3lqkypgx6ns6h8cfpn7x4g_c0000gn/T/MacKeeperUninstaller.app

The following instructions pertain to all current and recent Symantec antivirus products for Macintosh.
  1. Update the virus definitions.
  2. Run a full system scan and repair or delete all the files detected.
For specific details on each of these steps, read the following instructions.

1. To update the virus definitions
To obtain the most recent virus definitions run LiveUpdate: These virus definitions are posted to the LiveUpdate servers regularly. To determine whether definitions for this threat are available by LiveUpdate, refer to the Virus Definitions (LiveUpdate) .

2. To scan for and delete the infected files
  • Start your Norton AntiVirus or Symantec Endpoint Protection for Macintosh program and make sure that it is configured to scan all files.
  • Run a full system scan.
  • If any files are detected, click Repair (if available) or Delete.