How to remove Trojan viruses on Mac

Trojan viruses are often concealed in a software or movie file you choose to download, which adds to the sense of frustration. However, most Trojans can be dealt with fairly easily and shouldn’t have a long-term effect on your Mac or your data. In this article, we’ll answer all questions you may have about Trojans and explain how to get rid of Trojan virus on your Mac.

What is a Trojan virus?

A Trojan virus — or, to give it its full name, a Trojan Horse — is so called because it’s a cyber equivalent of the Wooden Horse of Troy. In that case, the wooden horse was used to trick the defenders of Troy into allowing enemy soldiers behind the city walls. In the case of a Trojan virus on your Mac, it tricks users into downloading the virus by hiding it in something that looks legitimate.

Trojans are often disguised as software updates — say, for Adobe Flash or, worse, as antivirus tools. One of the most pernicious types of Trojan is linked to adware that displays a pop-up claiming your Mac has been infected and then takes you to a download for what is claimed to be an antivirus tool, but which in itself is a virus.

The best Trojan is a silent one


Some Trojans can stay under the radar for many years before they reveal themselves. That’s exactly the story of Coldroot, a Mac virus of the remote-access type. Coldroot Trojan remained undiscovered for two years and has stolen thousands of passwords around the world.

What does a Trojan virus do?

You may have seen a Trojan before: it could take the form of an email attachment. Although the letter may seem trustworthy, its only purpose is to make you click a malicious link or download the attachment, which will immediately infect your Mac with a Trojan.

The primary issue with Trojans is that you don’t know that you’re installing them — they look and act like legitimate files, but they can install other malware and even track your activity without you noticing.

How to check for Trojan malware on your Mac

Many of the symptoms of Trojan horse viruses are the same as other types of viruses. These include:

  • Your Mac starts behaving erratically and doing things you don’t expect.
  • Your Mac starts running very slowly as if something is hogging the processor.
  • You start seeing adverts on your desktop.
  • Your internet connection becomes slow and unstable. 
  • You notice changes in browser settings or system preferences. 
  • You cannot access some files or apps you could access in the past.

The telltale sign of a Trojan virus, however, is that you discover software on your Mac that you didn’t intend to download. That could be an application in your Applications folder or an extension in the web browser you use.

Now that you know how to detect Trojan virus on Mac when you think it is infected, let’s find out how to remove Trojans and other malware from your computer. 

How to remove a Trojan virus from Mac

If you’ve spotted that your Mac behaves strangely, you need to perform a thorough malware scan. The best way to do it is to use a dedicated tool like CleanMyMac X. It’s much better than ordinary Trojan virus removers, as it can detect and neutralize thousands of threats, including adware, spyware, ransomware, worms, and more. You can download it for free here.

  1. Once you’ve downloaded the app, install it and then open it from your Applications folder.
  2. Click the Malware Removal tab.
  3. Click Scan, and CleanMyMac X will start examining your Mac for malware, including worms, spyware, viruses, etc. 
  4. When the scan is done, click Remove.

Trojan virus removal has never been easier — every trace of the malware will be removed from your Mac.

Manual removal

If you do not want to use a third-party tool for removing malware, it’s still possible to get rid of Trojan manually. Some detective work is needed, though. Below, we list all the steps necessary for Trojan removal. Based on a particular virus, you may need to take fewer of them, but we recommend not to skip any. 

1. Remove malicious profiles

Some Trojan viruses create additional profiles and use them to change browser and system settings. So, the first step is to check whether new profiles have been added and remove the malicious ones. Here’s how:

  1. Open System Settings. 
  2. Navigate to Users & Groups.
  3. If there is a profile you haven’t created, click an i next to it and select Delete Account. Select Delete the home folder from the pop-up.

Repeat the steps for any profiles you want to remove. 

2. Delete malicious apps

As mentioned, Trojans can install apps on your Mac without you even knowing it. Therefore, the next step is to find and delete those apps.

Here are the steps for complete app removal: 

  1. Open the Applications folder and find the malicious app. 
  2. Move it to the Trash and empty it.
  3. Now, find and delete leftover files by opening the Finder and clicking Go > Go to Folder from the menu bar. Paste the following paths into the window that pops up one at a time and send to the Trash any files associated with the app you’ve just removed: 

~/Library/Application Support

/Library/Caches/

~/Library/Caches/

~/Library/Internet Plug-Ins/

~/Library/Preferences/

~/Library/Application Support/CrashReporter/

/Library/LaunchAgents

~/Library/LaunchAgents

~/Library/Saved Application State/

/Library/Application Support

/Library/LaunchDaemons

    Once you’ve removed the files, empty the Trash and restart your Mac. 

    3. Reset browser settings 

    Trojan viruses commonly change browser settings, so resetting them to default is necessary in order to get rid of malware. Steps vary for different browsers. 

    Safari
    1. Open Safari and go to Settings from the menu bar.
    2. In the General tab, set your preferred homepage.
    3. Go to the Search tab and choose your preferred search engine. 
    4. Now, navigate to the Privacy tab and click Manage Website data.
    5. Click Remove all and confirm by hitting Remove Now. 
    6. Finally, move to the Advanced tab and select Show features for developers.
    7. Now, from the menu bar, click Develop > Empty caches.
    Did you know?

    You can reset all browsers to their default settings by using CleanMyMac X and its Uninstaller module.

    Chrome
    1. Open Chrome.
    2. Click three vertical dots top right and navigate to settings. 
    3. Go to Reset settings from the sidebar. 
    4. Click Restore settings to their original defaults and confirm the reset. 
    Firefox
    1. Open Firefox.
    2. Click three horizontal lines top right and go to Help > More troubleshooting information.
    3. Click Refresh Firefox and confirm the refresh. 

    4. Remove malicious extensions

    Another important step in Trojan virus removal is getting rid of any malicious extensions it may have placed on your Mac. Below are the steps for different browsers. 

    Safari
    1. Go to Safari Settings > Extensions.
    2. Select an extension and click Uninstall.
    Chrome
    1. Open Chrome and click on the 3-dot icon in the upper right corner.
    2. Select Settings and choose Extensions from the menu that appears.
    3. Choose any extension you don’t recognize and click Remove.
    Firefox
    1. Open Firefox.
    2. Click the 3-line (hamburger) icon at the top right corner.
    3. Select Add-ons and themes.
    4. Click the Extensions tab and remove any extension you don’t recognize.
    5. Click the ellipsis and select Remove

      is megabackup a virus

      How to protect your Mac from Trojan viruses

      The simplest way to make sure you don’t get a Trojan virus on your Mac is to make sure you don’t download anything unless you’re absolutely sure what it is. That means don’t click on a link in an email unless you’re 100% certain where it leads to.

      You should also heed warnings in web browsers when they tell you a site is suspected of being unsafe. Keep your Mac’s Firewall turned on and keep your Mac updated to the latest version of macOS.

      When you download an application, and your Mac alerts you that you have done so and asks if you trust it and want to proceed, don’t just agree. Check the name of the application and make sure it’s what you thought you were downloading.

      If you want to protect your Mac from Trojan viruses and malware in real time, CleanMyMac X can also prove useful. With its malware monitor feature, you can stay updated on anything that wants to creep into your Mac. Here’s how to enable real-time protection in CleanMyMac X:

      1. Go to your menu bar and click the CleanMyMac X icon.
      2. Сlick Turn On in the Protection section.

      From now on, CleanMyMac X will run regular checks and notify you when malware is about to infect your Mac. You can quickly scan your Mac and remove Trojan virus and other malware using the CleanMyMac X menu. It also lets you monitor your Mac performance and manage memory and CPU load.

      Protection

      Where do Trojan viruses come from?

      Knowing where malware threats can attack you can help prevent the infection in the first place. So Trojans can expect you in the following sources:

      • File-sharing platforms

      Torrent websites provide an easy way for cybercriminals to distribute malicious software — free or cracked programs that can hide Trojan viruses inside and infect your Mac as you install such software.

      • Email attachments

      We’ve already touched upon malicious email attachments earlier, but it’s easier to trick you into believing it’s legitimate than you think it is. Scammers make those letters look as if they are from someone you know to make sure you open that malicious attachment.

      • Spoofed messages

      In the hands of cybercriminals, spoofed messages act the same as emails: they trick you into clicking certain links. Make sure you know the sender before following any links in a message you’ve received.

      The most-reported Mac Trojans in 2023

      The GravityRAT Trojan
      This virus infects Office documents and secretly logs keyboard strokes.

      UpdateAgent
      A Trojan that impersonates legitimate software. It bypasses Gatekeeper protection and installs malicious software such as Adload adware on your Mac.

      ElectroRAT

      A Mac Trojan app that, once installed, launches a background process called “mdworker.” It can then log your keystrokes, take screenshots, run shell commands, and even upload and download files.

      Removing Trojan viruses from a Mac isn’t too difficult, but as with any malware, it’s much better if you can prevent your Mac from downloading it in the first place. A little vigilance and common sense go a long way. And if you do need to remove an application, use a cleaner like CleanMyMac to get rid of it completely.

      Laptop with CleanMyMac
      CleanMyMac X

      Your Mac. As good as new.