Trojan viruses are sneaky since they are good at hiding. Luckily, most of them are easy to remove and shouldn’t have a long-term effect on your Mac or your data. In this article, we’ll show you how to get rid of Trojan virus on Mac either manually or automatically with the help of a Mac cleaner. We’ll also explain how to prevent infecting your MacBook with Trojans and other malware.

What is a Trojan virus?

A Trojan virus — or, to give it its full name, a Trojan Horse — is so called because it’s a cyber equivalent of the Wooden Horse of Troy. It tricks users into downloading the virus by hiding it in something that looks legit. Trojans are often disguised as software updates — say, for Adobe Flash or, worse, as antivirus tools. They may also display a pop-up claiming your Mac has been infected and then takes you to a download for what is claimed to be an antivirus tool, but which in itself is a virus.

What does a Trojan virus do?

You may have seen a Trojan before. It could take the form of an email attachment. Although the letter may seem trustworthy, its only purpose is to make you click a malicious link or download the attachment, which will immediately infect your Mac with a Trojan.

The primary issue with Trojans is that you don’t know that you’re installing them — they look and act like legitimate files, but they can install other malware and even track your activity without you noticing.

The best Trojan is a silent one


Some Trojans can stay under the radar for many years before they reveal themselves. That’s exactly the story of Coldroot, a Mac virus of the remote-access type. Coldroot Trojan remained undiscovered for two years and has stolen thousands of passwords around the world.

Signs of Trojan infection on Mac

Many of the symptoms of Trojan horse viruses are the same as other types of viruses. These include:

  • Your Mac starts behaving erratically and doing things you don’t expect.
  • Your Mac starts running very slowly, as if something is hogging the processor (e.g., apps are slow to open or react to clicks).
  • You start seeing adverts on your desktop.
  • Your internet connection becomes slow and unstable. 
  • You notice changes in browser settings or system preferences. 
  • You cannot access some files or apps you could access in the past.

The telltale sign of a Trojan virus, however, is that you discover software on your Mac that you didn’t intend to download. That could be an application in your Applications folder or an extension in the web browser you use.

How to detect Trojan virus on Mac

The easiest way to detect Trojan virus on Mac is to run a Mac virus scan, especially if you notice any of the signs we’ve outlined above. To scan your Mac for malware, including Trojan Horses, you’ll need a trusted tool that can do the job. We recommend CleanMyMac — a Mac cleaner app notarized by Apple — and its Malware Removal feature that comes with the Protection tool.

Here’s how to use it:

  1. Start your free CleanMyMac trial.
  2. Click Protection > Scan, and CleanMyMac will start examining your Mac for malware, including worms, spyware, viruses, etc.
  3. Wait for the scan to complete.

Now that you know how to detect Trojan virus on Mac when you think it is infected, let’s find out how to remove Trojans and other malware from your computer. 

How to remove a Trojan virus from Mac

If you’ve spotted that your Mac behaves strangely and detected Trojan after a thorough malware scan, the best way to deal with it is to use CleanMyMac to remove it. It’s much better than ordinary Trojan virus removers, as it can detect and neutralize thousands of threats, including adware, spyware, ransomware, worms, and more. 

Here’s how to get rid of malware with CleanMyMac:

  1. Once again, open CleanMyMac.
  2. Click the Protection tab > Scan.
  3. When the scan is done, click Remove.

Trojan virus removal has never been easier — every trace of the malware will be removed from your Mac.

Manual removal

If you do not want to use a third-party tool for removing malware, it’s still possible to get rid of Trojan manually. Some detective work is needed, though. Below, we list all the steps necessary for Trojan removal. Based on a particular virus, you may need to take fewer of them, but we recommend not to skip any. 

Before taking any step, disconnect your Mac from the internet to prevent further damage and data loss. It prevents the virus from connecting to its command and control server. Worry not about going offline since you do not need the internet to complete the steps outlined below.

1. Remove malicious profiles

Some Trojan viruses create additional profiles and use them to change browser and system settings. So, the first step is to check whether new profiles have been added and remove the malicious ones. Here’s how:

  1. Open System Settings. 
  2. Navigate to Users & Groups.
  3. If there is a profile you haven’t created, click an i next to it and select Delete Account. Select Delete the home folder from the pop-up.

Repeat the steps for any profiles you want to remove. 

2. Delete malicious apps

As mentioned, Trojans can install apps on your Mac without you even knowing it. Therefore, the next step is to find and delete those apps.

Here are the steps for complete app removal: 

  1. Open the Applications folder and find the malicious app. 
  2. Move it to the Trash and empty it.
  3. Now, find and delete leftover files by opening the Finder and clicking Go > Go to Folder from the menu bar. Paste the following paths into the window that pops up one at a time and send to the Trash any files associated with the app you’ve just removed: 

~/Library/Application Support

/Library/Caches/

~/Library/Caches/

~/Library/Internet Plug-Ins/

~/Library/Preferences/

~/Library/Application Support/CrashReporter/

/Library/LaunchAgents

~/Library/LaunchAgents

~/Library/Saved Application State/

/Library/Application Support

/Library/LaunchDaemons

Once you’ve removed the files, empty the Trash and restart your Mac. 

3. Reset browser settings 

Trojan viruses commonly change browser settings, so resetting them to default is necessary in order to get rid of malware. Steps vary for different browsers. 

Safari
  1. Open Safari and go to Settings from the menu bar.
  2. In the General tab, set your preferred homepage.
  3. Go to the Search tab and choose your preferred search engine. 
  4. Now, navigate to the Privacy tab and click Manage Website Data.
  5. Click Remove all and confirm by hitting Remove Now. 
  6. Finally, move to the Advanced tab and select Show features for web developers.
  7. Now, from the menu bar, click Develop > Empty caches.
Did you know?

You can reset all browsers you installed on your Mac to their default settings by using CleanMyMac and its Applications tool.

Chrome
  1. Open Chrome.
  2. Click three vertical dots top right and navigate to Settings. 
  3. Go to Reset settings from the sidebar. 
  4. Click Restore settings to their original defaults and confirm the reset. 
Firefox
  1. Open Firefox.
  2. Click three horizontal lines top right and go to Help > More troubleshooting information.
  3. Click Refresh Firefox and confirm the refresh. 

4. Remove malicious extensions

Another important step in Trojan virus removal is getting rid of any malicious extensions it may have placed on your Mac. Below are the steps for different browsers. 

Safari
  1. Go to Safari Settings > Extensions.
  2. Select an extension and click Uninstall.
Chrome
  1. Open Chrome and click on the 3-dot icon in the upper right corner.
  2. Select Settings and choose Extensions from the menu that appears.
  3. Choose any extension you don’t recognize and click Remove.
Firefox
  1. Open Firefox.
  2. Click the 3-line (hamburger) icon at the top right corner.
  3. Select Add-ons and themes.
  4. Click the Extensions tab and remove any extension you don’t recognize.
  5. Click the ellipsis and select Remove

By now, you should have removed any virus from your Mac. However, if you could not complete any of the steps above — say, you could not delete the user or change browser settings — follow the extra steps below. 

5. Boot into safe mode

For extremely stubborn and hard-to-delete Trojans, you may need to boot into safe mode and try following the steps above once again. Safe mode is a special startup mode that loads only vital system extensions, so if something is running in the background and prevents you from following any of the steps above, it should disable it and let you complete Trojan virus removal. Follow the steps below, depending on your chip/processor.

Apple silicon

  1. Shut down your Mac and press and hold the power button.
  2. Release it when you see Loading startup options.
  3. Select the volume and press and hold the Shift button.
  4. Click Continue in Safe Mode and enter your login credentials.
  5. Your Mac will restart, and you should see Safe boot top right.

Intel

  1. Shut down your Mac.
  2. Turn it on and immediately press Shift until the login window appears.
  3. Log in to your Mac — you may need to do it twice.

6. Reinstall macOS

If booting into safe mode did not help and you still ask how to remove Trojan virus from Mac, consider reinstalling macOS. It overwrites the current macOS version and may help remove some types of malware. However, if Trojan is in your files, it might not help because your data should remain intact.

Before reinstalling macOS, make sure that you have a backup. Just in case anything goes wrong. Ideally, it should be a snapshot of your Mac before you started noticing malware-related behavior. 

Next, follow the steps below to boot into macOS Recovery, depending on your chip/processor.

Apple silicon

  1. Shut down your Mac.
  2. Press and hold the power button until you see Options or Loading startup options.
  3. Click Options > Continue.
  4. Select your startup disk and click Next.
  5. If requested, log in and click Next.
  6. Click Reinstall macOS [your macOS version] and follow the on-screen instructions.

Intel

  1. Shut down your Mac.
  2. Press and hold Command + R when booting it.
  3. You may be asked to connect to Wi-Fi, select a volume or user, or enter your password.
  4. Click Reinstall macOS [your macOS version] and follow the instructions on the screen.

If reinstalling macOS hasn’t helped, consider booting into recovery mode following the steps above and erasing your disk using Disk Utility. After erasing the disk, you can try reinstalling macOS once again.

Still, it is better to try removing Trojan with a dedicated cleaner first before you do it, especially if you do not have a backup with all your files.

How to protect your Mac from Trojan viruses

Now that you’ve removed Trojan from your Mac, you need to prevent any further infections. Here are a few effective ways to do it: 

  • Stay vigilant online. Don’t download anything unless you’re absolutely sure what it is and don’t click on a link in an email or a message unless you’re 100% certain where it leads to. Also, heed warnings in web browsers when they tell you a site is suspected of being unsafe. 
  • Keep your Mac’s Firewall turned on and keep your Mac and apps updated to the latest version of macOS.
  • When you download an application, and your Mac alerts you that you have done so and asks if you trust it and want to proceed, don’t just agree. Check the name of the application and make sure it’s what you thought you were downloading.
  • Make sure to back up your Mac regularly so that you can restore your data should Trojan removal go wrong. 
  • Use password managers to generate secure passwords and keep them safe — it can help protect from Trojan-PSW attacks that mainly steal logins and passwords from infected computers.
  • Scan your Mac for malware regularly. The easiest way is to have a tool run in the background and protect your Mac from Trojan viruses and malware in real time. CleanMyMac and its malware monitor can do it for you. To enable it, click the CleanMyMac icon in the menu bar and click Turn On in the Protection section.

Removing Trojan viruses from a Mac isn’t too difficult, but as with any malware, it’s much better if you can prevent your Mac from downloading it in the first place. A little vigilance and common sense go a long way. And if you do need to remove an application, use a cleaner like CleanMyMac to get rid of it completely.