According to Malwarebytes, 2017 saw a 230% spike in malware activity within Mac ecosystem. The notable examples include Proton Remote Access Trojan and KeRanger virus. But whatever is that ends with “-ware” on your Mac — ransomware, adware, malware, or scareware — we’ll share a couple of methods to delete it. So, welcome to our Mac Malware Removal Guide.
Mac malware: The symptoms
Oftentimes a malware app would trick you into believing it’s perfectly harmless. Such apps are known to disguise themselves as antiviruses, extractors or video players. But how to check your Mac for viruses? Here are some of the tell-tale signs:
- A sudden drop in Mac’s performance or frequent freeze-ups.
- Pages that you visit get obscured with ads.
- Unexpected Mac reboots or apps starting for no reason.
- Your browser installs suspicious updates automatically.
How to remove a virus from Mac
Just as with any disease, to doctor a virus you need to remove the infected part of your software — as simple as that.
1. Remove adware from Mac manually
If you know which app on your Mac is malicious, you’re half-way through the problem. First of all, you need to close the app and then root it out from the system processes.
- Open Activity Monitor (type its name in the Launchpad).
- Locate the problematic app in the Processes.
- Use [x] button to quit the process
Now go back to your Applications and move the app to the Trash bin. Immediately empty the Trash.
This method is simple, but for the best malware removal results, you’d have to invest a bit more time. There are still parts and pieces of the virus app scattered around your system folders. It’s a bit like killing a dragon that re-grows its head after you’ve chopped it off. To remove malware from your Mac completely, it’s better to use a powerful uninstaller.
Do a quick search for virus-infected .DMG files within your Downloads. The potential culprits could be recently downloaded files, especially media-related ones. Delete them and empty the Trash bin.
2. Uninstall malware using CleanMyMac 3
Recently named by MacStories as “recommended Mac utility”, CleanMyMac 3 has a strong reputation when it comes to maintenance tasks. A free version of the app allows to remove 500 MB of junk and fully remove 3 apps — which is enough to get rid of a particularly nettlesome program. But we like CleanMyMac’s uninstaller because it removes malware apps along with all their leftover parts.
- Download CleanMyMac — it’s free to download.
- Open the Uninstaller module (tab).
- Find and tick the malicious app in the list.
- Click Uninstall.
How to remove Mac Adware cleaner
Ironically, the app called “Mac Adware cleaner” maybe itself be the very source of annoying adware on your Mac — the classic case of a wolf in a sheep’s skin. To remove it, you can use CleanMyMac (which is a legit app that has a 4.5-star rating from MacWorld magazine). Additionally, you can browse through your Login Items list to stop any dubious apps from auto-launching. Below is how to do it.
Remove Mac malware from your Login Items
Most adware or spyware will try to sneak inside the bootup process. Good news, you don’t have to be Kaspersky to prevent this.
- Go to the Apple menu > System Preferences
- Choose Users & Groups section
- Make sure if your username is highlighted
- Open Login Items tab
Now use the “—” sign to disable all the suspicious apps (like Mac Defenders) that you’ll find. Restart your Mac for the changes to take place.
How to get rid of pop-up ads on Mac
Advertising pop-ups are browser-related, so whatever browser you are using, be prepared for a thorough cleanup. First off, don’t buy into whatever the ad is telling you. Some scary alerts would mention 343 viruses found on your Mac forcing you to immediately install a “Mac Defender” or “Mac Security” tool. Just ignore it and don’t click anywhere on the pop-up. Use [x] button and if it doesn’t close the ad, Ctrl + click the browser icon to quit the browser completely.
How to block pop-up ads in Safari
- Open Safari preferences (in the top menu)
- Go to the Security tab
- Tick “Block pop-up windows”
How to get rid of pop-ups in Chrome
- Open Chrome Settings (a three-dot icon)
- Click Advanced
- Go to Privacy and security > Content setting
- Locate the Popups tab and block them from appearing
Additionally, make sure your browser’s homepage is set to standard Google page or other trusted source.
Clean up extensions to remove adware from Mac
Apple lists several browser extensions as potentially malicious. The list includes:
Amazon Shopping Assistant by Spigot Inc.
Slick Savings by Spigot Inc.
This is just to give you an idea how different these adware extensions could be. But if you’re looking how to remove malware from Mac Safari browser, follow this path.
Remove extensions in Safari
1. Go to Safari Preferences
2. Choose the Extensions tab
3. Select an extension and click Uninstall
Disable browser extensions in Chrome
And here’s how to remove malware from Mac Chrome. Open Chrome and click Window in the top menu. In the bottom of the list choose Extensions. This opens up the list of all your installed extensions. Now use a trash bin icon to remove the ones you suspect are adware viruses. Right after that, your Chrome experience should get much less distracting.
Just to be doubly sure, we recommend you to remove all the extensions you'll find. Later you can re-install each one separately.
Launch Agents and Daemons: Where else to look
So far we’ve covered browser Extensions, Applications, and Login Items trying to remove malware from your Mac. But these are not the only locations where malicious agents may be hiding. Another type of system services that could be affected by malware are the so-called Launch Agents and Daemons — yes, the name does derive from the word demon. These are small helper programs that stealthily run in the background, like software updaters or automatic backups.
While Launch Agents and Daemons are two different entities, both can be infiltrated by malware. As it often happens, trojan apps would place their executable files within the Launch Agents folder. The result — the virus app launches automatically and potentially harms or steals your data.
How to remove daemons and agents from the Mac’s startup
Choose Go > Go to Folder
Type in: /Library/LaunchDaemons
For Launch Agents, repeat the steps above, but this time search in 2 more locations:
Inside you’ll find a bunch of PLIST files and if some of them look suspicious to you, delete them. Sure, the names of these files may not be very telling, but if you already know the problematic app that you are after, knowing this folder may help you fully extinguish it.
Don’t forget to reboot your Mac — until you do, all these files are still in memory.
One more way to remove daemons, agents, and plug-ins
If the manual path described here sounds too complicated, you can again be rescued by CleanMyMac 3. This app has a special tool to remove malware Launch Agents along with internet plug-ins, login items and extensions too.
1. Download CleanMyMac 3 (it’s free to download)
2. Install the app
3. Click the Extensions tab > Launch Agents
4. Click “disable” to remove the unwanted items
If all else fails
Below a few more ideas to help you to remove adware from Mac.
- Switch to a different user account and do a full system cleanup.
- Restore your Mac using Time Machine (to the point before it got infected).
- Update all your software , including the macOS.
OK, looks we’ve covered how to remove adware from Mac including both manual and software solutions. Hope your Mac stays virus-free and may you never click on those scary Mac alerts again.