How to remove the AdLoad malware from your Mac

What does AdLoad do?

Once the Trojan virus is downloaded, AdLoad implements shell scripts to download additional malware or adware onto the infected system. AdLoad is executing these commands in the same way that you can implement top-level changes through Terminal, except it is doing this without your knowledge, quietly running in the background.

These shell scripts operate like a command-line equivalent of an Automator or AppleScript app, similar to a Windows .bat ("batch") file. AdLoad acts as a bundler or installer for a series of malware infections, known as OSX/MacOffers, macOS/MacOffers (also named BundleMeUp, Mughthesec, and Adload), or OSX/Bundlore adware as a secondary payload.

Because these programs all come with a cryptographic digital signature, they all bypass Apple's Gatekeeper protection and Apple's XProtect bad download blocker functionality. Apple is unable to distinguish between the malware infections downloaded by the Trojan and a legitimate app that a user has elected to download.

It appears that the objective behind this activity is to fill a Mac with adware to collect browser data and passwords and generate advertising revenue for the creators of this malware. Some people who've been infected note that a pop-up appears every ten minutes until the malware is removed. This pop-up comes with this message:

Infection: User: _analyticsd Process: /usr/libexec/xpcproxy File: /System/Library/PrivateFrameworks/CoreAnalytics.framework/Support/analyticsd

Clearly, removing this virus is the most sensible approach to keeping your Mac safe.

How to remove AdLoad?

Removing malware manually is possible, although, in this case with so many executable payloads, it might prove somewhat difficult. However, if you want to try manually, we recommend that you start looking for the following files in Applications and Library folders.

Here is the list of Applications:

  • AdLoad
  • Shlayer
  • MacOffers
  • BundleMeUp
  • Bundlore

Here is the list of locations where you should look for the applications mentioned above:

  • /Library/Application Support/
  • /Library/LaunchAgents/
  • /Library/LaunchDaemons/
  • /Library/LaunchDaemons/
  • /Library/LaunchDaemons/
  • /Library/PrivilegedHelperTools/
  • /System/Library/Frameworks/

Take anything you find to the Trash, then empty it, and restart your Mac. It may also be worth removing any extensions or add-ons from web browsers and then resetting those. Always be careful when deleting adware and malware — you always run the risk of removing something that is actually needed without realizing it.

Another way to remove a malicious virus is with a dedicated app like CleanMyMac X.

Delete AdLoad safely with CleanMyMac X

CleanMyMac X is a Mac performance enhancement tool. With millions of users around the world, CleanMyMac X clears out mountains of junk and duplicate files making your Mac work as good as new.

It also operates as a fantastic Malware Removal tool. Here is how you remove AdLoad with CleanMyMac X:

  1. Download CleanMyMac X (free trial available).
  2. Launch the app.
  3. Click on Malware Removal.
  4. Click Scan.
  5. Click Remove.
Removing malware files

After that, your Mac will be operating at peak performance again. Good as new, without any viruses, infections, Trojans, or malware.

Laptop with CleanMyMac
CleanMyMac X

Your Mac. As good as new.