As I’m no longer regularly working in the security industry, this page is no longer being maintained. It’s left up here for historical reasons only.
David Harley, 15th April 2020
If you got to this page looking for the Mac Virus page at macvirus.com (which for a long time has also been the Small Blue-Green World Mac page), welcome! You are in the right place. It should, I guess, really be the Mac Malware home page, but old habits die hard. This is essentially a blog site, though I’ll be adding more reference material here in due course.
Mac Virus was originally launched in the 1990s by Susan Lesch. While one of the contributors currently working in the anti-malware industry with a company that has a Mac product, Mac Virus will remain a resolutely independent site. It is not financed or resourced by any security company, and opinions expressed here do not represent the views, policies or interests of any company.
If you’re looking for macvirus.org/macvirus.net, they’re nothing to do with us and seem to have been mothballed. However, you may find more information at http://www.securemac.com.
The entire Small Blue-Green World web site is undergoing a drastic makeover at present, and there will be much more here in the near future. If you want to make contact in the meantime, you can contact me as info (at) smallbluegreenworld.com.
You can check our latest blogs here or via the archives menu top right.
David Harley
Author/Consultant/MD, Small Blue-Green World
Administrator, Mac Virus
Mac Virus 
David, thanks for getting this up and running again! Long time coming.
By: Larry on February 5, 2010
at 13:18
Thanks, Larry. It has been a good while but I think the time is right, with all that’s happening in Mac security now. 🙂
By: David Harley on February 5, 2010
at 13:26
its really a gud application but pls i want to download an antivirus on my phonepls
By: owadara mabel on November 17, 2010
at 18:45
Virus?
cant
use
spacebar
or
deletebutton
By: Simon on July 16, 2011
at 01:10
Very unlikely to be malware. Have you tried swapping out the keyboard?
By: David Harley on July 16, 2011
at 09:30
Hi Larry….. i just upgraded to Snow leopard today and was able to add the keyboard viewer.. By doing so I was ablew to see that by pressing the control button the spacebar and delete button would function so i know the keys are ok.? I also have another problem of tryingto log into my email accounts.In fact any acc i try to log into the server stops responding. I can load pages just not log into acc…..
Any help is appreciated
By: simon on July 17, 2011
at 00:46
You mean that the kb viewer responds to ctrl-del (for example), but not del? That wouldn’t necessarily rule out a keyboard fault: it depends on the way the keyboard is wired, I guess. But I’m not in a position to offer Mac support, I’m afraid, hardware or software. It’s unlikely to be connected to malware. Your email problem could conceivably be a side-effect of a malware infection, but it wouldn’t be my first guess. And I can’t think of Mac malcode that is noted for causing that effect, deliberately or accidently. You probably need to look at more generalist resources. Sorry!
By: David Harley on July 17, 2011
at 09:20
Hi Larry. I mean that with the help of the kb viewer I was able to check more closely the keys that functioned. I was able to prove by pressing fn & delete/spacebar on keyboard that keys are ok.It now turns out that after a pram boot the keyboard functioned correctly.However once i switched off comp & turned back on there are now more keys not functioning…eg..fn,spacebar,caplocks,tab, ‘,arrow keys(up,Left)……
Email sorted,problem with hotel router.
Any assistance is appreciated
By: simon on July 19, 2011
at 20:48
Sorry, but I don’t have any suggestions. And I’ m not Larry. 🙂
By: David Harley on July 20, 2011
at 05:26
[…] of malware activity involving Mac OS computers. A couple “must read” pages include the Mac Virus blog, the ESET Threat blog, and Kaspersky’s SecureList blog. Some of these pages get into […]
By: Wake up, Mac users… « Inside the Mind on April 18, 2012
at 04:14
The worst Apple Virus Ever!
I downloaded the most destructive virus I ever encountered, and it came directly from APPLE.
I began to be concerned about Apple eliminating iDisk. I use it to transfer files to other computers in my office. I thought I had better get software that would better support iCloud. So having great trust in Apple being that I have been a Mac user since the Mac 512, I downloaded OS X 7.4, LION.
I lost the use of all the important software on my computer. OS X 7.4 Lion does not support PowerPC Applications. Any older software from Adobe like Illustrator and Photoshop and Microsoft Office will not work.
The worst part is there is no way back to on older operating system. You can no longer hold down the C key and start up from a Disk.
OS X 7. Anything is a VIRUS
I am,
Larry D. Rose
Graphic Design Consultant
By: Larry D. Rose on June 11, 2012
at 13:35
I’m sorry to hear that, but backward compatibility has never seemed a high priority for Apple… That’s rather different to distributing intentionally malicious software, though.
By: David Harley on June 30, 2012
at 11:29
I have been researching the Tapsnake virus for over 30mins now, and it says stuff about removing it from mobile devices, but its showing up on my mac as a virus! Its a pop-up website that wants me to downloaad Mackeeper (app) to remove it. It says that this is the infected file, but idk… /os/apps/snake.icv
I’m worried about my personal info, please help me!
Laura
By: lauraismyname on December 19, 2014
at 02:31
Tapsnake is Android malware from 2010 or thereabouts. About a year ago there were fake antivirus warnings directed against Android users claiming that they’d visited a site that had infected their phones with Tapsnake. I’ve come across some isolated posts referring to Tapsnake warnings from Mackeeper presumably directed towards Mac users, but I haven’t any further information on that, and I’m certainly not aware of OS X malware called Tapsnake. Mackeeper has a somewhat mixed reputation, perhaps because of its aggressive marketing, but I don’t know much about it. I’ll see if I can find out more: however in this case, I’d suggest that you check your system with a mainstream security product. Since I work closely with a company that markets a commercial Mac security product, I try to avoid making specific recommendations. However, Sophos has a Mac AV product that’s free to home users. (No that’s not the company I just referred to!) I’d suggest that you check with Sophos and/or Avast! Free in the first instance, then look at the Mac security market to see if there’s a product that might offer more features – I’d always recommend buying a more general security product with more features rather than buying a product that is free, but only detects malware and doesn’t offer one to one support. Other reputable products are available from ESET, Intego, Kaspersky, McAfee, Symantec/Norton, and others. AV-Comparatives conduct reasonable tests of Mac security products: http://www.av-comparatives.org/mac-security-reviews/
By: David Harley on December 19, 2014
at 14:06
My daughter just got her computer this Christmas. She is already seeing the Mackeeper pop-up. They had a number to call so they could fix it and she called it before checking with us first. Of course they wanted $250.00 to clean it up. At this point she called us and we told her to get off the phone. He said this virus will infect her phone also. Anyone have information on what we should do?
By: shawna on January 5, 2015
at 00:47
That certainly sounds like a rogue pop-up rather than a real malware detection, and $250 is the sort of figure that tech support scammers like to quote for fixing non-existent viruses. Can you confirm (1) that the ‘malware’ is being referred to as Tapsnake? (2) the telephone number your daughter called? (3) that your daughter’s computer is a Mac running OS X? (4) what type of phone she has (Android?)? I’d suggest that you install a reputable anti-malware product (see my response to lauraismyname) to ensure your system is protected, but I very much doubt that this is a real infection. Talking to other people in the security industry, I’ve been told that Mackeeper has been associated with over-aggressive marketing of this sort in the past, but the company has blamed it on rogue affiliates/distributors. If you can give me more information, I’ll try to follow up.
By: David Harley on January 5, 2015
at 09:37
i keep getting Crypted.Gen virus in my Mac. What can it do to my Mac
By: Ashima Kumar on June 26, 2015
at 10:19
That’s a highly generic detection and I don’t know what product is detecting it, so don’t know how likely it is to be a real infection, or what the variant you may be seeing actually does. I suspect that what you’re seeing is HTML/crypted.gen or some variation on that name, but that doesn’t help. It may be that your browser is downloading malicious code from one or more web sites that you’re visiting: it won’t necessarily have any direct impact on your system, but I can’t guarantee that of course. Have you talked to the support team for whatever product you’re using?
By: David Harley on June 26, 2015
at 10:46
Thanks David, It is Mac desktop. Yes it is html/crypts.gen
By: Ashima on June 26, 2015
at 11:07
I still can’t tell you any more about the infection, I’m afraid. What product is detecting it?
By: David Harley on June 26, 2015
at 11:24
It is Mackeeper
By: Ashima on June 26, 2015
at 11:45
There seem to be quite a few issues reported with MacKeeper – see https://grahamcluley.com/2015/06/mackeeper-reason-use/ – maybe try checking your system with a mainstream product. Sophos has a decent product free to home users: https://www.sophos.com/en-us/products/free-tools/sophos-antivirus-for-mac-home-edition.aspx
By: David Harley on June 26, 2015
at 11:57
Thanks David, I heard that Mackeeper is not good?
By: Ashima on June 26, 2015
at 12:01
I haven’t tried it.
By: David Harley on June 26, 2015
at 12:06
i just got a virus that makes my safari go crazy….all these windows pop up saying that my computer has a virus and i need to call a certain number to get it removed……scam virus mess!!……Anyway, safari is all the virus seems to be affecting. I have to press the power button for a few seconds to shut the computer off, then restart with out opening up the previous open applications..I wish i could just delete safari and reload it or install/upgrade something but unfortunately, i need to be able to get to the internet to do it and can’t due to the virus…urggghhhh….if I take it to the mac store, do you think they can help? Or is there any ideas out there from anyone that might help?
By: Mary on July 14, 2015
at 00:03
Taking it to the Mac store is probably your safest bet, rather than my trying to diagnose exactly what is affecting your machine and trying to guess how best to deal with it. I’m not in a position to offer tech support, unfortunately. That said, you may find that Thomas Reed’s page here – http://www.thesafemac.com/tech-support-scam-pop-ups/ – is close enough to what you’re seeing to be helpful, in which case his advice on how to get rid of a scam message may work for you. I’ve had a few conversations with Thomas regarding malware in the past couple of years, and he seems pretty well-informed. There are also lots of comments worth reading from other victims, and Thomas is pretty good at responding to them.
By: David Harley on July 14, 2015
at 09:24
Use google for Mac in place of safari
By: Ashima on July 15, 2015
at 05:36
Other browsers are available. 🙂
By: David Harley on July 15, 2015
at 09:34
Shot in the dark. Strange things happening with my relatively new MacBook Pro. Word doc text progressively replaced with numbers and Chinese characters. Did reset to earlier save with Time Machine and all was well. But machine shut itself off last night changed my User password. Couldn’t log on this morning. Had to reset using Apple ID. Is this a knowns virus/TH or is my computer just self-destructing. Haven’t come up with anything similar on the Google. Any help would be appreciated.
By: James on April 11, 2016
at 16:03
I’m afraid I can’t confirm that this is malware on the basis of this description. Of course, I can’t say it isn’t, but it doesn’t ring a bell. Sorry.
By: David Harley on April 11, 2016
at 16:13
Thanks. Appreciate the quick response. Just discovered the forum. Good stuff. Am going to make an appt at the Apple-IdiotBar. Maybe they can help…
By: James on April 11, 2016
at 16:29
Good idea.
By: David Harley on April 11, 2016
at 18:11