Apr
Step by Step: How to Remove a Mac Virus
The differences between Mac and PC computers are generally well-understood by this point in the Platform Wars. One of the prime selling points for Macintosh has traditionally been its relative immunity from computer viruses. Unfortunately, however, that changed recently when a Trojan virus called Flashback attacked more than 500,000 Macs.
Unhappy Mac’s (and Mac users) are fighting the Flashback virus.
Unhappy Mac’s (and Mac users) are fighting the Flashback virus.
Get ready to squash some bugs with our step-by-step virus removal instructions. Section 2: Removing the Virus If you’re still reading, we’ll assume that our diagnostic testing has revealed that your machine is indeed infected with Flashback. Here again you have a couple of options you can follow in order to eradicate the menace. Protect your Mac from malware. MacOS has many features that help protect your Mac and your personal information from malicious software, or malware. One common way malware is distributed is by embedding it in a harmless-looking app. You can reduce this risk.
How to remove malware from macs including MacBook Air, MacBook Pro, iMac and other Macs. Malwarebytes Free. Step by step instructions from an Apple Certified. Protect your Mac from malware. On your Mac, choose Apple menu System Preferences, click Security & Privacy, then click General. Click the lock icon to unlock it, then enter an administrator name and password. Select the sources from which you’ll allow software to be installed: App Store: Allows.
And although it was pretty much a first-time occurrence, it was an event that’s now giving Mac users plenty of cause for concern. As a public service to those Mac users, we’re offering the following tips on how to find out if your Mac is hosting the Flashback virus, and what to do about it if your computer is infected.
Know Your Enemy: How to Find Out if Your Mac Has a Virus
Flashback (which spreads malware) is a very insidious virus, partly because it can get under your computer’s skin even without first gaining an administrative password. It gets “in” by targeting a weakness in Java. That’s not news to Oracle, Java’s creators, which has been proactive in dealing with the matter.
Flashback (which spreads malware) is a very insidious virus, partly because it can get under your computer’s skin even without first gaining an administrative password. It gets “in” by targeting a weakness in Java. That’s not news to Oracle, Java’s creators, which has been proactive in dealing with the matter.
In February, Oracle came up with a fix for the Java problem. And that would have taken care of Flashback altogether, except for the fact that Apple has its own version of Java and Oracle’s patch would not solve the problem for Apple’s version. And although Apple got its own patch out recently, there was a time delay that gave Flashback the chance to do its worst. Consequently, the die had already been cast for a half million Mac users, whose machines became infected with malware initiated by Flashback.
Section 1: Running Diagnostic Tests
First things first: You need to determine if your CPU is carrying the virus. The quickest and best way to do this is to use Kaspersky Lab’s Flashbackcheck. But there is one caveat to following this method: you must first know the universally unique identifier (UUID) for your particular Mac.
First things first: You need to determine if your CPU is carrying the virus. The quickest and best way to do this is to use Kaspersky Lab’s Flashbackcheck. But there is one caveat to following this method: you must first know the universally unique identifier (UUID) for your particular Mac.
Don’t worry…Fortunately, finding your UUID is a painless process…
How to Find Your UUID
- Go to Finder and choose the menu item called “About This Mac.”
- Next, locate the “More info” option and select that.
- In the next window you see, locate “Hardware UUID.”
- Copy the Hardware UUID, which is a lengthy series of 32 numerals and letters.
In the event you’re running a MacBook Air, the procedure for locating the UUID is roughly the same:
- Go to Finder and choose the menu item called “About This Mac.”
- Next, press the button labeled “System Report.”
- Within the Hardware Overview, you’ll find the UUID.
- Copy the Hardware UUID to your clipboard.
At this point, if you’ve got the UUID, you’re pretty much set. All you need to do is go to Flashbackcheck.com, follow the prompts and enter the UUID when requested. That’s it. Flashbackcheck will then tell you whether or not your computer is carrying the virus.
There are also other ways to find out if your Mac has the virus, if you don’t like the idea of giving a sensitive piece of data (such as the UUID) to an external website.
Option 1: Download FlashbackChecker onto your Mac and then simply run the program.
Option 2: If you don’t like Option 1, you can also find out if your machine is infected by using your Mac’s Terminal app. This isn’t terribly complicated but does require some additional maneuvers.
- Go to your Applications folder.
- Open the Terminal application.
- Paste the following line of code within Terminal: defaults read ~/.MacOSX/environment DYLD_INSERT_LIBRARIES
- Hopefully, you’ll get the following response: The domain/default pair of (/Users/<yourusername>/.MacOSX/environment, DYLD_INSERT_LIBRARIES) does not exist
- The key words you’re looking for are “does not exist.” If you get that message, you can relax because it means your Mac is not carrying the Flashback virus. If you don’t get that message, don’t worry…but your machine is probably infected. Assuming you’re not infected, let’s run a double check to make sure your CPU is clean.
- Type and run this line of code: defaults read /Applications/Safari.app/Contents/Info LSEnvironment
- With any luck you’ll again receive a message saying that it “does not exist.”
- As a further check, type in: defaults read /Applications/Firefox.app/Contents/Info LSEnvironment
- Once more, you should see a “does not exist” response. If so, go on about your business, because your Mac is clean. On the other hand, if you don’t get that message, move on to our next section.
Get ready to squash some bugs with our step-by-step virus removal instructions.
Section 2: Removing the Virus
If you’re still reading, we’ll assume that our diagnostic testing has revealed that your machine is indeed infected with Flashback. Here again you have a couple of options you can follow in order to eradicate the menace.
If you’re still reading, we’ll assume that our diagnostic testing has revealed that your machine is indeed infected with Flashback. Here again you have a couple of options you can follow in order to eradicate the menace.
Affinity photo beta 1 8 2 173 cc. As before, the easiest way is to let the pros handle it. There is a special app created by Kaspersky Lab that can manage the entire operation. All you have to do to follow this method is to download the app (which is called the Flashfake Removal Tool) and then run it on your system. When you’ve done so, your machine should be clean as a whistle…although it wouldn’t hurt to re-run the diagnostic procedure we’ve already performed so you can confirm that Flashback’s gone.
For the more adventurous DIY types among you, we’ve got a procedure you can use, although it comes with a warning: If you’re not a skilled computer user who is comfortable working with CPU’s operating system, it may be better to use the Flashfake Removal Tool. (Otherwise you could casually derail your system by entering something incorrectly in your Mac’s command line.)
Still with us? Good, let’s go:
- Within the Terminal app, type and run this command: defaults read /Applications/Safari.app/Contents/Info LSEnvironment
- Notice the value given with the response “DYLD_INSERT_LIBRARIES.” Is there only one entry here? (You’ll need to use this info later.)
- In the event you then receive an error message stating: “The domain/default pair of (/Applications/Safari.app/Contents/Info, LSEnvironment) does not exist,” move directly to Step 8.
- Provided you didn’t receive the error message mentioned in Step 3, type and run this command within Terminal: grep -a -o’_ldpath_[- ~ ]*’ %path_obtained_in_step2%
- Notice the value given after “_ldpath_”. (You’ll need to use this info later.)
- Provided you only saw one entry back in Step 2, you’re ready to type these commands, still within the Terminal app: sudo defaults delete /Applications/Safari.app/Contents/Info LSEnvironment sudo chmod 644 /Applications/Safari.app/Contents/Info/plist
- Remember back in Steps 2 and 5 when we asked you to notice the values (files)? Now you should delete those files.
- In Terminal, type this command and run it: defaults read ~/.MacOSX/environment DYLD_INSERT_LIBRARIES
- Now at this point, you may see the following: “The domain/default pair of (/Users/joe/.MacOSX/environment, DYLD_INSERT_LIBRARIES) does not exist”. If this is the case, congrats! You’re done! On the other hand, if you don’t get the message, keep pressing on with the rest of our steps, and take note of whatever file information is specified. (You’ll need this info later.)
- Within Terminal, type and run this command: grep -a -o’_ldpath_[- ~ ]*’ %path_obtained_in_step9%
- Notice the value given after “_ldpath_”. (You’ll need to use this info soon.)
- Still within Terminal, type and run these commands: defaults delete ~/.MacOSX/environment DYLD_INSERT_LIBRARIES launchctl unsetenv DYLD_INSERT_LIBRARIES
- Take those files you got in Steps 9 and 11 and delete them.
- In Terminal, type and run this command: ls -lA ~/Library/LaunchAgents/
- Notice the file name displayed and remember it for later use. If you have one file, move on to the remaining final steps. (However, if you don’t see a file name displayed, go ahead and contact Customer Support so a trained tech can help you finish up the procedure.)
- In Terminal, type this command: defaults read ~/Library/LaunchAgents/%filename_obtained_in_step15% ProgramArguments
- Notice the path, which you’ll need during the final step. Does the file name begin with this: “.”? If so, you’re probably no longer infected. Otherwise, proceed to Step 18.
- Delete the files you got during Steps 15 and 17.
And that should just about do it. To repeat, it’s our recommendation that instead of stepping through a fairly tricky computer procedure, you check out the offerings from Kaspersky Lab. Both Flashbackcheck.com and the Flashfake Removal Tool are designed expressly to keep you from having to monkey around with your computer’s core functionality. But either way, now you should be able to resume your normal Mac activities, secure in the knowledge that all manner of malicious malware isn’t working away, deep within your computer.
Finally, it’s important to note that if you own a Mac, you’re probably going to need to take some proactive measure to defend the machine against Flashback. Why? Because the usual antivirus utilities won’t sniff this particular virus out, so it’s up to you to remain on guard.
Keeping Your Computer Heathly
The world of computing is constantly evolving. Learning more about computers and the code that makes them run can not only be a lifesaver when you’re trying to keep your computer healthy but it can also be a life changing career. Learning C+++ or Java programming for example, these programming languages power smartphones, ATMs and a whole host of other electronic devices. Get the skills to fight the hackers – and squash nasty bugs like the Flashback virus too, while you’re at it.
The world of computing is constantly evolving. Learning more about computers and the code that makes them run can not only be a lifesaver when you’re trying to keep your computer healthy but it can also be a life changing career. Learning C+++ or Java programming for example, these programming languages power smartphones, ATMs and a whole host of other electronic devices. Get the skills to fight the hackers – and squash nasty bugs like the Flashback virus too, while you’re at it.
SIGN IN TO LEAVE A COMMENT – or – SHARE THIS ARTICLE WITH OTHERS:
Learn More:
posted by DMA Jordan in Apple,News Blog and have No Comments
Please fill your data and comment below. Email
How To Remove Malware From A Macbook Air
DMA Central© 2010 Digital Media Academy, Inc. All rights reserved. Digital Media Academy, Inc. represents the best in high-tech teen summer camps, advanced media, digital art and computer training classes and day and summer overnight kids computer camps.
Although 2020 will surely go down as “virus year,” viruses on Mac are not going anywhere. Just recently, a fake Adobe Flash Player updater named Shlayer has infected 10% of all Macs in the world (according to Kaspersky’s lab).
Even newer malware type, Tarmac, is increasingly sweeping the Mac world. All it takes to contract it is to open a pirated website or even click a link on Wikipedia. At least that’s been the case with Shlayer, which had its malicious links planted inside Wikipedia’s external resources.
In this Mac Malware removal guide, we’ll tell you how to get rid of malware on your Mac. We’ll also cover how to tell apart different viruses on Mac: adware, scareware, and others. We’ll be using the manual methods as well as some respected antivirus tools for Mac. Let’s go.
What is malware
Wifi scanner 2 9x9. First off, let’s point out that the term “malware” is a broad term for all unwanted intrusions. It’s also not synonymous with the term “virus” because the latter is only a model of distribution i.e. how an app self-replicates. Here are common types of malware you can encounter on Mac:
- Download managers — download unauthorized objects
- Spyware and keyloggers — steal users’ personal data
- Backdoor infections — apps that remotely seize control of your computer
- Rootkit — infiltrate admin privileges
- Botnet — turn your Mac into a shadow bot
- Trojan horses — apps disguised as legit software
- Ransomware — lock your Mac’s screen
- PUP — potentially unwanted programs
Among these, PUPs are the most numerous type. According to Malwarebytes, Windows platform is no longer a hotbed for viruses — the macOS is. The has been a 400% spike in macOS-specific malware infections with an average of 11 threats per number of Mac devices — the same figure for Windows is only 5.8.
![Malware Malware](https://9to5mac.com/wp-content/uploads/sites/6/2018/05/how-to-clear-cache-iphone-ipad-lead.jpg?quality=82&strip=all)
Mac malware: The symptoms
Oftentimes a malware app would trick you into believing it’s perfectly harmless. Such apps are known to disguise themselves as antiviruses, extractors or video players. But how to check your Mac for viruses? Here are some of the tell-tale signs:
- A sudden drop in Mac’s performance or frequent freeze-ups.
- Pages that you visit get obscured with ads.
- Unexpected Mac reboots or apps starting for no reason.
- Your browser installs suspicious updates automatically.
How Mac can get infected with malware
By clicking on fake Flash Player updater. Or by installing a seemingly useful browser extension. As of 2020, a trojan browser extension NewTab infected 30 million Mac computers. This malware disguised itself as a parcel tracking helper but was in fact spreading ads. So how to protect your Mac from malware? You can start by studying typical infection gateways.
How to remove a virus from Mac
Just as with any disease, to doctor a virus you need to remove the infected part of your software — as simple as that.
1.Remove malware from Mac manually:
The Activity Monitor
If you know which app on your Mac is malicious, you’re half-way through the problem. First of all, you need to close the app and then root it out from the system processes.
- Open Activity Monitor (type its name in the Launchpad).
- Locate the problematic app in the Processes.
- Use [x] button to quit the process
Now go back to your Applications and move the app to the Trash bin. Immediately empty the Trash.
This method is simple, but for the best malware removal results, you’d have to invest a bit more time. There are still parts and pieces of the virus app scattered around your system folders. It’s a bit like killing a dragon that re-grows its head after you’ve chopped it off. To remove malware from your Mac completely, it’s better to use a powerful uninstaller.
Tip
Do a quick search for virus-infected .DMG files within your Downloads. The potential culprits could be recently downloaded files, especially media-related ones. Delete them and empty the Trash bin.
Do a quick search for virus-infected .DMG files within your Downloads. The potential culprits could be recently downloaded files, especially media-related ones. Delete them and empty the Trash bin.
Free Computer Malware Removal
2. Get rid of malware using CleanMyMac X
CleanMyMac X has a 10-year reputation of guarding Macs around the world. The app will scan your Mac for any vulnerabilities and offer immediate removal if it finds something suspicious. CleanMyMac detects thousands of malware threats, including viruses, adware, spyware, ransomware, cryptocurrency miners, and more. The app’s database is regularly updated to keep all those “-wares” away from your Mac.
Here’s how to remove malware from your Mac:
- Download CleanMyMac X — it’s free to download.
- Click Malware Removal tab.
- Click Scan.
- Click Remove.
- Done!
3. Remove Mac malware from your Login Items
Most adware or spyware will try to sneak inside the bootup process. Good news, you don’t have to be Kaspersky to prevent this.
- Go to the Apple menu > System Preferences.
- Choose Users & Groups section.
- Make sure if your username is highlighted.
- Open Login Items tab.
Now use the “—” sign to disable all the suspicious apps (like Mac Defenders) that you’ll find. Restart your Mac for the changes to take place.
4. Get rid of pop-up ads on Mac
Advertising pop-ups are browser-related, so whatever browser you are using, be prepared for a thorough cleanup. First off, don’t buy into whatever the ad is telling you. Some scary alerts would mention 343 viruses found on your Mac forcing you to immediately install a “Mac Defender” or “Mac Security” tool. Just ignore it and don’t click anywhere on the pop-up. Use [x] button and if it doesn’t close the ad, Ctrl + click the browser icon to quit the browser completely.
Tip
Hold the Shift key when starting a new Safari session. This way all your previous tabs (including the ad pop-up) will not be reopened.
Hold the Shift key when starting a new Safari session. This way all your previous tabs (including the ad pop-up) will not be reopened.
How to block pop-up ads in Safari
- Open Safari preferences (in the top menu).
- Go to the Security tab.
- Tick “Block pop-up windows”.
How to get rid of pop-ups in Chrome
- Open Chrome Settings (a three-dot icon)
- Click Privacy and security
- Go to Site settings > Pop-ups and redirects
- Locate the Popups tab and block them from appearing
Additionally, make sure your browser’s homepage is set to standard Google page or other trusted source.
5. Clean up extensions to remove adware from Mac
Apple lists several browser extensions as potentially malicious. The list includes:
- Amazon Shopping Assistant by Spigot Inc.
- Slick Savings by Spigot Inc.
- FlashMall
- Cinema-Plus
This is just to give you an idea of how different these adware extensions could be. But if you’re looking at how to remove malware from the Mac Safari browser, follow this path.
Remove extensions in Safari
- Go to Safari Preferences
- Choose the Extensions tab
- Select an extension and click Uninstall
Disable browser extensions in Chrome
And here’s how to remove malware from Mac Chrome. Open Chrome and click Window in the top menu. In the bottom of the list choose Extensions. This opens up the list of all your installed extensions. Now use a trash bin icon to remove the ones you suspect are adware viruses. Right after that, your Chrome experience should get much less distracting.
Just to be doubly sure, we recommend you to remove all the extensions you'll find. Later you can re-install each one separately.
TIP: How to remove Mac adware via Javascript
You can prevent some malware attacks from happening by disabling JavaScript in your browser. Although, it may break certain webpages, your browsing will get more secure and, likely, faster too.
To disable JavaScript in Safari
- Go to Safari Preferences > Security.
- Uncheck Enable JavaSript.
6. Launch Agents and Daemons: Where else to look
So far we’ve covered browser Extensions, Applications, and Login Items trying to remove malware from your Mac. But these are not the only locations where malicious agents may be hiding. Another type of system services that could be affected by malware are the so-called Launch Agents and Daemons — yes, the name does derive from the word demon. These are small helper programs that stealthily run in the background, like software updaters or automatic backups.
While Launch Agents and Daemons are two different entities, both can be infiltrated by malware. As it often happens, trojan apps would place their executable files within the Launch Agents folder. The result — the virus app launches automatically and potentially harms or steals your data.
7.How to remove daemons and agents from Mac startup
- Click Finder.
- Choose Go > Go to Folder.
- Type in:
/Library/LaunchDaemons
For Launch Agents, repeat the steps above, but this time search in 2 more locations:
/Library/LaunchAgents
~/Library/LaunchAgents
Inside you’ll find a bunch of PLIST files and if some of them look suspicious to you, delete them. Sure, the names of these files may not be very telling, but if you already know the problematic app that you are after, knowing this folder may help you fully extinguish it.
Don’t forget to reboot your Mac — until you do, all these files are still in memory.
One more way to remove daemons, agents, and plug-ins
If the manual path described here sounds too complicated, you can again be rescued by CleanMyMac X. This app has a special tool to remove malware Launch Agents.
- Download CleanMyMac X (it’s free to download).
- Install the app.
- Click Optimization tab > Launch Agents
- Click Perform.
By the way, this app has a real-time anti-malware monitor. It monitors for any problematic apps that try to get into your Launch Agents. If it finds such, it will notify you and offer to remove the intruder.
If all else fails
Below a few more ideas to help you remove malware from Mac.
- Switch to a different user account and do a full system cleanup.
- Restore your Mac using Time Machine (to the point before it got infected).
- Update all your software, including the macOS.
How to protect Mac from malware
As a conclusion, we’ve prepared a few basic tips to minimize your chance of catching malware in 2020 and beyond. They are just as relatable for a PC computer.
- Closely read those dialogue boxes
- Get a reliable password manager app
- Browse anonymously
- Cover your webcam when possible
- Use passphrases instead of passwords
- Create an “emergency” bootable SD card for your Mac
OK, looks we’ve covered how to remove malware from Mac including both manual and software solutions. Hope your Mac stays virus-free and may you never click on those scary Mac alerts again.