Skip to main content

How to remove malware from Mac

Find out what types of viruses Mac OS X is mainly targeted by, learn prevention techniques and efficient methods to remove malware from infected Mac.

Apple’s “walled garden” is a fascinating countermeasure for ensuring security of Mac machines. Its gist consists in continuously monitoring and restricting the scope of applications that can be downloaded and installed by users from the official store. The company is maintaining a whitelist of trusted developers who are permitted to submit new software, while the code written by parties with unknown reputation and potentially dubious intensions gets sandboxed and rigorously inspected for adverse attributes. This approach creates a closed environment of certified apps that won’t cause harm.

Despite all effort, new samples of malicious software are sneaking into Mac machines all the time, bypassing the Gatekeeper feature and other obstacles on their way. These include browser-specific infections for the most part, with some system-level pests like counterfeit optimization tools and rogue antiviruses occasionally breaking the news as well. The prevalent attack channels are bundled installations from untrusted sources, and highly obfuscated exploits dropped on one’s box when compromised websites are visited.

Safari locked by fake FBI alert

The native Safari and Mac variants of Chrome and Firefox browsers have been consistently the lowest-hanging fruit for attackers. Luckily, as annoying as these compromises are, they are relatively easy to address. The scammers’ idea is to furtively install a plugin or some other browser component which displays pre-defined commercial content, causes page redirect activity or even locks the browser. One example of the latter hoax is the infamous FBI hijack, where the malware displays a spoof law violation screen and prevents the victim from navigating away until a ransom is paid. This predicament can be resolved by clearing the infected browser’s cache.

Some samples of Mac malware, having inconspicuously trespassed on the system, will mimic a security scan and report viruses that aren’t there for real. The abominable objective in these scenarios is to dupe the user into registering the “licensed copy” of the product. One of the known scareware apps typifying this sort of fraud is Mac Defender, which blatantly claims to be “the world’s leading security solution”. The irritating system scan emulation instances and recurring pop-ups will vanish under two conditions: if the payment is submitted by the victim, or if the bug gets removed – it’s needless to contemplate over the correct option, obviously.

Misleading update alert caused by a piece of adware

A whole standalone cluster of Mac infections is adware. These are currently occupying a dominating niche as far as their overall share is concerned. The most widespread examples are homepage and search hijackers, redirect scripts and ad-injecting extensions that install on web browsers without the admin’s authorization. Some of these threats embed advertisements (coupons, comparison shopping, text links and transitional ads) in sites visited by the user. Others trigger fake warnings stating that some critical software is out of date, recommending installations that can turn out to be dangerous. There are instances of adware that modify browsing preferences in order to promote shady online services.

Whichever species of Mac malware is encountered, it should be eliminated as soon as possible. The tips below provide the general methodology to handle malicious items in a hassle-free way.

Malware removal from Mac (manual way)

This method is applicable if the name of the infection is known, for instance in case it’s a rogue antivirus that’s causing issues. The steps listed below will walk you through the removal process. Be sure to follow the instructions in the order specified.

1. Open up the Utilities folder as shown below

Open up the Utilities

2. Locate the Activity Monitor icon on the screen and double-click on it

Locate the Activity Monitor

3. Under Activity Monitor, find the entry for the troublemaking app, select it and click Quit Process

Quit MacDefender process

4. A dialog should pop up, asking if you are sure you would like to quit the executable. Select the Force Quit option

5. Click the Go button again, but this time select Applications on the list. Find the malicious entry on the interface, right-click on it and select Move to Trash. If the user password is required, enter it

6. Now go to Apple Menu and pick the System Preferences option

Pick the System Preferences

7. Select Accounts and click the Login Items button. Mac OS will come up with the list of the items that launch when the box is started up. Locate the malware object there and click on the “-“ button

Remove MacDefender from Login Items


Remove malware from web browsers on Mac

Settings for the web browser that got hit by adware should be restored to their default values. The overview of steps for this procedure in different browsers is as follows:

1. Reset Safari

• Open the browser and go to Safari menu. Select Reset Safari in the drop-down list

• Make sure all the boxes are ticked on the interface and hit Reset

Resrt Safari

2. Reset Google Chrome

• Open Chrome and click the Customize and Control Google Chrome menu icon

• Select Options for a new window to appear

• Select Under the Hood tab, then click Reset to defaults button

Reset Chrome

3. Reset Mozilla Firefox

• Open Firefox and select HelpTroubleshooting Information

• On the page that opened, click the Reset Firefox button

Reset Firefox


Automatic malware removal from Mac

The Mac maintenance and security app called Combo Cleaner is a one-stop tool to detect and remove malware virus. This technique has substantial benefits over manual cleanup, because the utility gets hourly virus definition updates and can accurately spot even the newest Mac infections.

Furthermore, the automatic solution will find the core files of the malware deep down the system structure, which might otherwise be a challenge to locate. Here’s a walkthrough to sort out the malware issue using Combo Cleaner:

  1. Download Combo Cleaner installer. When done, double-click the combocleaner.dmg file and follow the prompts to install the tool onto your Mac.

    Download Combo Cleaner

    By downloading any applications recommended on this website you agree to our Terms and Conditions and Privacy Policy. The free scanner checks whether your Mac is infected. To get rid of malware, you need to purchase the Premium version of Combo Cleaner.

  2. Open the app from your Launchpad and let it run an update of the malware signature database to make sure it can identify the latest threats.
  3. Click the Start Combo Scan button to check your Mac for malicious activity as well as performance issues.

    Combo Cleaner Mac scan progress

  4. Examine the scan results. If the report says “No Threats”, then you are on the right track with the manual cleaning and can safely proceed to tidy up the web browser that may continue to act up due to the after-effects of the malware attack (see instructions above).

    Combo Cleaner scan report – no threats found

  5. In case Combo Cleaner has detected malicious code, click the Remove Selected Items button and have the utility remove malware threat along with any other viruses, PUPs (potentially unwanted programs), or junk files that don’t belong on your Mac.

    Combo Cleaner – threats found

  6. Once you have made doubly sure that the malicious app is uninstalled, the browser-level troubleshooting might still be on your to-do list. If your preferred browser is affected, resort to the previous section of this tutorial to revert to hassle-free web surfing.

Was this article helpful? Please, rate this.

There are no comments yet.
Authentication required

You must log in to post a comment.

Log in