Well I don't use Mac, but am quite horrified the number of user's that think they are immune to viruses, but then forget about all the spyware, rougeware, dns changers, and trojans that can affect them. Malicous creaters take advantage of any 'false' sense of security.
One fake anti-virus for Mac I know of is the MacSweeper...
MacSweeperSetup.dmg - 1.5 MB (1,600,201 bytes)
MacSweeper.app - 2.6 MB (2,563,303 bytes)
A SWF flash file and javascripts are used to track traffic and clicks.
The buttons "Ignore" and "Remove" are useless since it will continue to display another message box, and this time the user has no other option but to click "OK".
Clicking "Ok" triggers the downloading of MacSweeperSetup.dmg. Inside this DMG file is the rogue application - MacSweeper.app.
MacSweeper does not require root admin password to execute and it remains in Download folder unless the user manually drag it to another location.
MacSweeper, Cleanator, Clenator and Kivvisoftware websites are sharing same name server IP address which this application links through. Cleanator is a rogue application that works in Windows platform.
Most of the files inside MacSweeper.app are images file (in PNG file format).
Database.plist contains thousands of cookie data.
The TODO.txt list and bad english/spelling is a dead giveaway it's up to no good, for example (censored):
"18. When update in process arert of new version can come, and f*ck everithing"
The file MacSweeper inside MacOS folder is a binary file in universal binary format (Java code marker at the beginning: CA FE BA BE). Which means, this could work both in PPC and x86. While Mac and PC can't normally affect each other, it might be setup to use java as a bridge between these rouge applications.
During the scanning process, it drops the following temporary files:
/private/tmp/com.MacSweeper.found.tmp
/private/tmp/com.MacSweeper.found2.tmp
It then uses these files to display the scan result. This application does not scan for unwanted files, instead it is giving you list of legitimate information installed in your system.
• Shows commercial adverts
• Connects itself to the internet
• Stays resident in background
• Fake virus / privacy warnings
• Attempt forced purchase of junkware
The user is forced to purchase a serial to clean the 'fake' warnings, then displays (again poor spelling):
Thank You! You made me a bit hapier :)
Search with Finder or Spotlight for 'macsweeper', if it isn't listed, it's not on the Mac.
I'm not qualified on this forum location to offer advice for you to clean it (not malware expert labeled), but if it's looks like that's the one, it might give you some idea how to remove by knowing what it's doing.