This is what worked for me, step by step, to remove the MacDefender using Sophos Anti-Virus for Mac Home (which is free):
The 3 threats found after my first full scan on my Macbook were
which needed to be cleaned up manually.
- In the Quarantine Manager, click on the blue link file name of the threat to get it’s details.
- You need to note the path & file name.
- In my example I will use users/myname/library/cache/java……
- You will need to make a custom scan.
- In the window that’s titled Scan Local Drives, click on the arrow next to Custom Scans
- Click on the + sign. You will see a message untitled – No items in scan, this scan has never been run.
- Double click on it and another window will open asking for a Scan Name (can fill in later). At the bottom of this window, click the + sign – this will open a finder window called Open.
- Double click on the file called Users (another window opens)
- Double click on the home file with your name on it (another window opens)
- Double click on the Library folder (another window opens)
- Single click on the Caches folder and then click on the Open button bottom right
- You should now see the folder Caches with a tick next to it in the window described in step 3.
- Type in whatever name you want to call the custom scan. I called mine Caches.
- Under the title you’ve just typed are 3 buttons. Click on the Options button.
- Click on the drop down menu where it says log only and choose Delete threat. So it now says When a threat is found: Delete threat.
- Click on the Done button.
- In the customs scan window from step 1. you should see a new custom scan called Caches (or whatever you named it). Click on the Play button next to the pencil button.
- A drop down dialogue box asks you to Scan with privileges, Cancel or Scan All.
- Click on the Scan All button & type in your administrator password & click OK.
- The scan is performed. If you Open Quarantine Manager, the threats should be gone.