How To Check For Malware On Macbook Pro

Although 2020 will surely go down as “virus year,” viruses on Mac are not going anywhere. Just recently, a fake Adobe Flash Player updater named Shlayer has infected 10% of all Macs in the world (according to Kaspersky’s lab).

  1. MacBook:: Check For Malware Such As The Flashback Trojan? May 22, 2012 I had one of 15 of these laptops in the same room and it did not let the user login to a web-based grading site.
  2. MacBook Pro (13-inch, 2020) Review Mac users attempting to download the app need to be extra careful about what link they use as the wrong one could lead to a ransomware attack.

The problem: Mac malware in the Library folder; How to fix a corrupted Mac; The problem: Mac malware in the Library folder. Serenity Caldwell writing for iMore in 2017: My father-in-law's MacBook Pro had been running into curious slowdowns for a two-year-old laptop and he kept on seeing weird sites taking over his Safari and Firefox search bars.

Even newer malware type, Tarmac, is increasingly sweeping the Mac world. All it takes to contract it is to open a pirated website or even click a link on Wikipedia. At least that’s been the case with Shlayer, which had its malicious links planted inside Wikipedia’s external resources.

In this Mac Malware removal guide, we’ll tell you how to get rid of malware on your Mac. We’ll also cover how to tell apart different viruses on Mac: adware, scareware, and others. We’ll be using the manual methods as well as some respected antivirus tools for Mac. Let’s go.

The malware apparently causes a Mac's processor to run near 100%, which could prevent other applications from performing well or, in some cases, at all. Continually running the processor at its maximum capacity also has the effect of draining a Macbook's battery more rapidly which will have an adverse effect on its overall health. I wondered if your Mac is infected with Malware. Under this circumstance, i would recommend you install an antivirus software on your Mac. Run a scan to check whether your device is infected with virus or malware. Professional antivirus software can find out the issue. You can try dr antivirus.

What is malware

First off, let’s point out that the term “malware” is a broad term for all unwanted intrusions. It’s also not synonymous with the term “virus” because the latter is only a model of distribution i.e. how an app self-replicates. Here are common types of malware you can encounter on Mac:

  • Download managers — download unauthorized objects
  • Spyware and keyloggers — steal users’ personal data
  • Backdoor infections — apps that remotely seize control of your computer
  • Rootkit — infiltrate admin privileges
  • Botnet — turn your Mac into a shadow bot
  • Trojan horses — apps disguised as legit software
  • Ransomware — lock your Mac’s screen
  • PUP — potentially unwanted programs

Among these, PUPs are the most numerous type. According to Malwarebytes, Windows platform is no longer a hotbed for viruses — the macOS is. The has been a 400% spike in macOS-specific malware infections with an average of 11 threats per number of Mac devices — the same figure for Windows is only 5.8.

Mac malware: The symptoms

Oftentimes a malware app would trick you into believing it’s perfectly harmless. Such apps are known to disguise themselves as antiviruses, extractors or video players. But how to check your Mac for viruses? Here are some of the tell-tale signs:

  • A sudden drop in Mac’s performance or frequent freeze-ups.
  • Pages that you visit get obscured with ads.
  • Unexpected Mac reboots or apps starting for no reason.
  • Your browser installs suspicious updates automatically.

How Mac can get infected with malware

By clicking on fake Flash Player updater. Or by installing a seemingly useful browser extension. As of 2020, a trojan browser extension NewTab infected 30 million Mac computers. This malware disguised itself as a parcel tracking helper but was in fact spreading ads. So how to protect your Mac from malware? You can start by studying typical infection gateways.

How to remove a virus from Mac

Just as with any disease, to doctor a virus you need to remove the infected part of your software — as simple as that.

1.Remove malware from Mac manually:
The Activity Monitor

If you know which app on your Mac is malicious, you’re half-way through the problem. First of all, you need to close the app and then root it out from the system processes.

  1. Open Activity Monitor (type its name in the Launchpad).
  2. Locate the problematic app in the Processes.
  3. Use [x] button to quit the process

Now go back to your Applications and move the app to the Trash bin. Immediately empty the Trash.

This method is simple, but for the best malware removal results, you’d have to invest a bit more time. There are still parts and pieces of the virus app scattered around your system folders. It’s a bit like killing a dragon that re-grows its head after you’ve chopped it off. To remove malware from your Mac completely, it’s better to use a powerful uninstaller.

Tip
Do a quick search for virus-infected .DMG files within your Downloads. The potential culprits could be recently downloaded files, especially media-related ones. Delete them and empty the Trash bin.

2. Get rid of malware using CleanMyMac X

CleanMyMac X has a 10-year reputation of guarding Macs around the world. The app will scan your Mac for any vulnerabilities and offer immediate removal if it finds something suspicious. CleanMyMac detects thousands of malware threats, including viruses, adware, spyware, ransomware, cryptocurrency miners, and more. The app’s database is regularly updated to keep all those “-wares” away from your Mac.

Here’s how to remove malware from your Mac:

  1. Download CleanMyMac X — it’s free to download.
  2. Click Malware Removal tab.
  3. Click Scan.
  4. Click Remove.
  5. Done!

3. Remove Mac malware from your Login Items

Most adware or spyware will try to sneak inside the bootup process. Good news, you don’t have to be Kaspersky to prevent this.

  1. Go to the Apple menu > System Preferences.
  2. Choose Users & Groups section.
  3. Make sure if your username is highlighted.
  4. Open Login Items tab.

Now use the “—” sign to disable all the suspicious apps (like Mac Defenders) that you’ll find. Restart your Mac for the changes to take place.

4. Get rid of pop-up ads on Mac

Advertising pop-ups are browser-related, so whatever browser you are using, be prepared for a thorough cleanup. First off, don’t buy into whatever the ad is telling you. Some scary alerts would mention 343 viruses found on your Mac forcing you to immediately install a “Mac Defender” or “Mac Security” tool. Just ignore it and don’t click anywhere on the pop-up. Use [x] button and if it doesn’t close the ad, Ctrl + click the browser icon to quit the browser completely.

Tip
Hold the Shift key when starting a new Safari session. This way all your previous tabs (including the ad pop-up) will not be reopened.

How to block pop-up ads in Safari

  1. Open Safari preferences (in the top menu).
  2. Go to the Security tab.
  3. Tick “Block pop-up windows”.

How to get rid of pop-ups in Chrome

  1. Open Chrome Settings (a three-dot icon)
  2. Click Privacy and security
  3. Go to Site settings > Pop-ups and redirects
  4. Locate the Popups tab and block them from appearing

Additionally, make sure your browser’s homepage is set to standard Google page or other trusted source.

5. Clean up extensions to remove adware from Mac

Apple lists several browser extensions as potentially malicious. The list includes:

  • Amazon Shopping Assistant by Spigot Inc.
  • Slick Savings by Spigot Inc.
  • FlashMall
  • Cinema-Plus

This is just to give you an idea of how different these adware extensions could be. But if you’re looking at how to remove malware from the Mac Safari browser, follow this path.

Remove extensions in Safari

How To Check For Malware On Macbook Pro
  1. Go to Safari Preferences
  2. Choose the Extensions tab
  3. Select an extension and click Uninstall

Disable browser extensions in Chrome

And here’s how to remove malware from Mac Chrome. Open Chrome and click Window in the top menu. In the bottom of the list choose Extensions. This opens up the list of all your installed extensions. Now use a trash bin icon to remove the ones you suspect are adware viruses. Right after that, your Chrome experience should get much less distracting.

How To Check For Malware On Macbook Pro

Just to be doubly sure, we recommend you to remove all the extensions you'll find. Later you can re-install each one separately.

TIP: How to remove Mac adware via Javascript

You can prevent some malware attacks from happening by disabling JavaScript in your browser. Although, it may break certain webpages, your browsing will get more secure and, likely, faster too.

To disable JavaScript in Safari

  1. Go to Safari Preferences > Security.
  2. Uncheck Enable JavaSript.

6. Launch Agents and Daemons: Where else to look

So far we’ve covered browser Extensions, Applications, and Login Items trying to remove malware from your Mac. But these are not the only locations where malicious agents may be hiding. Another type of system services that could be affected by malware are the so-called Launch Agents and Daemons — yes, the name does derive from the word demon. These are small helper programs that stealthily run in the background, like software updaters or automatic backups.

While Launch Agents and Daemons are two different entities, both can be infiltrated by malware. As it often happens, trojan apps would place their executable files within the Launch Agents folder. The result — the virus app launches automatically and potentially harms or steals your data.

7.How to remove daemons and agents from Mac startup

  1. Click Finder.
  2. Choose Go > Go to Folder.
  3. Type in: /Library/LaunchDaemons

For Launch Agents, repeat the steps above, but this time search in 2 more locations:

/Library/LaunchAgents

~/Library/LaunchAgents

Inside you’ll find a bunch of PLIST files and if some of them look suspicious to you, delete them. Sure, the names of these files may not be very telling, but if you already know the problematic app that you are after, knowing this folder may help you fully extinguish it.

Don’t forget to reboot your Mac — until you do, all these files are still in memory.

One more way to remove daemons, agents, and plug-ins

If the manual path described here sounds too complicated, you can again be rescued by CleanMyMac X. This app has a special tool to remove malware Launch Agents.

  1. Download CleanMyMac X (it’s free to download).
  2. Install the app.
  3. Click Optimization tab > Launch Agents
  4. Click Perform.

By the way, this app has a real-time anti-malware monitor. It monitors for any problematic apps that try to get into your Launch Agents. If it finds such, it will notify you and offer to remove the intruder.

If all else fails

Below a few more ideas to help you remove malware from Mac.

  • Switch to a different user account and do a full system cleanup.
  • Restore your Mac using Time Machine (to the point before it got infected).
  • Update all your software, including the macOS.

How to protect Mac from malware

As a conclusion, we’ve prepared a few basic tips to minimize your chance of catching malware in 2020 and beyond. They are just as relatable for a PC computer.

  • Closely read those dialogue boxes
  • Get a reliable password manager app
  • Browse anonymously
  • Cover your webcam when possible
  • Use passphrases instead of passwords
  • Create an “emergency” bootable SD card for your Mac

OK, looks we’ve covered how to remove malware from Mac including both manual and software solutions. Hope your Mac stays virus-free and may you never click on those scary Mac alerts again.

These might also interest you:

Do you think that your Mac was hacked? Do you feel that someone or something is spying on you when you are watching YouTube, or when your Mac is left unattended at home?

There are many ways how a human or a program can get on your computer and do harm to you and your privacy:

  • It could be a spyware, a malicious hacker, or someone you know, such as a parent, a spouse, a friend.
  • They can access your photos, videos, and emails
  • They can take embarrassing pictures of you using a webcam
  • They can listen and record your conversations
  • They can monitor your browsing history
  • They can use your computer to mine Bitcoins
  • They can encrypt everything on your disk and then ask for a ransom

Computers have never been safe, and now when we rely so much on them, it is extremely important to protect ourselves from malicious actors.

This topic is too broad to fit into one blog post, so I am writing mini-series, which will help you to minimize the impact and secure your Mac.

Signs That Your Mac Was hacked

If you are reading this post, chances are you noticed something unusual is happening on your Mac. Sometimes you have a hunch, but you can’t explain it. However, most of those signs can be explained by reasons other than malware or hackers. So, let’s review the major signs.

Mac suddenly became slow for no apparent reasons

I’ve been developing commercial software for more than twenty years. There were many times when I received a call from the customer complaining that their computers, servers, programs are slow.

Every time I am getting a call, the first thing I ask if they did something before they noticed the problem. Do you know how many times they admitted that they changed something? You guessed it, zero. How many times did customers cause the problem? Almost always.

Following are some of the reasons why Mac can be slow:

  • There is a virus or other malware
  • Not enough disk space on Mac
  • New OS was installed
  • Hardware failure

Mac is using more Internet than usual

This one is harder to detect now than before. We used to have limits on how much Internet bandwidth we could use. Today, when many people have unlimited data with cable, you may not even know that something is happening.

However, if you are on a limited plan, and you see a significant increase in data consumption (more than 25% more), it’s time to investigate.

The reasons could be the following:

  • Your Mac is being used as a bot by hackers
  • There is a virus or other malware
  • Your little one grew up and now watching YouTube all day on your computer
  • New OS was installed
  • Youtube and other web sites are taking forever to load

Similar to the previous sign, problems with the Internet could be a sign pointing to a virus or adware affecting the browser. Or it could be a new browser update. Or maybe the system became unstable.

Programs crashing more often

Did you notice that apps getting stuck and eventually crashing? Very often, it’s a sign of malware. Additional reasons for frequent app crashes are the following:

  • Lack of memory (RAM)
  • Lack of disk space
  • Temporary system instability
  • Hardware failure
  • Unusual pop-ups in the browser

This is something we all have seen. You download an app from the Internet and seems like it was a legit software. But little did you know a good app was bundled with bloatware.

Usually, the result is that your default search engine gets changed from Google to Yahoo, the home page changes, and there are additional icons in the browser toolbar. But there could be other issues such as adware.

Adware is trying to redirect you to other sites, not related to what are you searching for. Their goal is direct traffic to certain sites. More traffic, more money they get. So, they litter your screen with pop-up, hoping that you can click and open the site you don’t want.

New files appear or old files disappear

Malware often creates new files with cryptic names. For instance, ransomware encrypts the files on your disk and renames them. However, there could be more innocent explanations.

How To Check For Spyware On Macbook Pro

For instance, if you can’t find a file, it does not necessarily mean that it was deleted by malware or someone who logged in on your computer remotely. Maybe, you just can’t remember that you deleted the file or the folder. In this case, first, check Trash on Mac.

If you still can’t find what you need, check my post about finding any files. I guarantee, if the file is still on your Mac after reading my post, you will be able to locate it.

How To Tell If Mac Was Hacked

First, scan your Mac with an antimalware solution. Next, turn off remote desktop and screen sharing features to make sure that nobody can connect to your Mac remotely. Verify that there are no keyloggers. Finally, eliminate reasons unrelated to hacking: reboot Mac, perform NVRAM/PRAM reset, check if there is enough space on the startup disk. If possible, visit the Apple Genius Bar for advice.

How To Check For Malware On Macbook Pro

Now, let’s go over all the above in detail.

Scan Mac for viruses

I recently called Apple Support and complained about the slowness of my MacBook Pro. I could’ve solved the problem myself, but I just wanted how much would it cost for Apple to perform diagnostics on a 5-year old MacBook.

Since I don’t have AppleCare for my Mac, I thought that they would charge me something. Spoiler alert: I wasn’t charged for anything.

So, when I called, the first thing the Apple advisor made me do is to install the Malwarebytes app.

While Malwarebytes is a solid recommendation for scanning, it is not the best. In fact, I stopped recommending it to any Mac user after the test I performed myself recently.

I tested a dozen of antimalware product and only one detected 100% of 117 malware samples I intentionally downloaded on my MacBook. So, if you need a recommendation on a good antivirus check it here.

Tighten up access to your Mac

Programs are not the only threat out there. People sometimes can be even more harmful. There are several ways for someone to spy after you.

One is via remote desktop. Maybe you had experience connecting to servers or other Windows machines at work by remote desktop connection. Macs, even MacBooks, also allow such connections.

Also, it is possible to share the screen of your laptop. While it’s a useful feature, if you mean it, it’s not so good if someone’s using it when you are not aware.

And finally, since macOS has UNIX roots, as any UNIX like the operating system, it can be controlled via SSH protocol. Anyone with access can do pretty much anything on your Mac, and you wouldn’t even know.

If all of the above sounds complicated, don’t worry. I wrote a very detailed post on a topic of remote access to your Mac (https://macmyths.com/how-to-tell-if-someone-is-remotely-accessing-your-mac/). All you need is to go over the post and follow the simple steps outlined there.

Mac keyloggers

For a long time, I thought that all keyloggers could do to record keyboard strokes. Imagine my shock when I started working on my post about keyloggers.

Did you know that a new generation of keyloggers can do screenshots every 5 seconds, or record your messages and social media chats? And they can upload the collected information to the cloud.

And the worst part they are freely available for anyone to purchase!

To find out how one can identify a keylogger on Mac I installed 5 most popular apps on my laptop. They completely trashed my system, but luckily I had backups, so I was able to recover my MacBook.

Things to try if no virus found

While you are maybe suspecting something bad happening on your computer, it very well may be a normal condition.

Things to try before starting panicking:

Reboot

Sometimes glitches in software can make the current state of your system unstable. A reboot is still a remedy for many problems. You can either restart or shutdown and start again. The effect will be the same.

Check

NVRAM/PRAM reset

Macs historically have a little memory cell where they store some information needed for many Mac peripherals to work. Surprisingly, this area gets corrupt pretty often. Fortunately, there is a very simple fix – reset NVRAM/PRAM and SMC.

Apple has very good instructions on how to perform these tasks.

What they don’t tell is that you have to reset at 2-3 times in a row for a fix to work. I found out this in the school of hard knocks so that you don’t need to.

Clear some space on disk

Lack of space on your startup disk may cause all kinds of issues: app slowdown, app crashes, high CPU usage, and MacBook overheating. Sometimes this may lead you to suspect that your Mac was hacked.

So, first, check how much storage you have left. And if it is not enough, you can either spend money on getting software that helps to clean your disk or read my article on free cleaning tips: How Do I Free Up Disk Space On My Mac Without Software.

New operating system

Apple releases a new version of macOS every year. While they do everything they can to produce quality software, bugs still happen.

For instance, after the recent iOS update on my iPhone, my podcast app starts freezing every time I pause. I still didn’t find why it is happening because I am too lazy busy.

In the case of the issue on hand, if you had a recent OS update, take time to investigate if the issues you are noticing are common for the release.

Check for hardware failure

Macs are very dependable, and they can serve for many years. However, any hardware gradually fails. For example, a failing disk causes unexplained app crashes. Failed RAM will prevent the computer from starting.

There is a good article on the Apple web site about running hardware diagnostics. Try and see what it will report.

Visit Apple Genius Bar

If you have an Apple store nearby, definitely check them out. On several occasions, I had to contact them, they helped me for free. If there is a fee for diagnostics, they should tell you upfront, so you can decide if it’s worth it for you or not.

5 Things To Do If Your Mac Was Hacked

So, you did everything I told you, and you found out that either someone spying or if there was malware on your Mac. There are several things you have to do immediately.

Change passwords

I know it could be painful to change all passwords. I have accounts on hundreds of web sites, and there is no way I could remember all of them. Well, this is not what I am suggesting.

You have to change passwords on the most important sites:

  • Your primary email account. The one that is linked to your bank accounts.
  • Bank and credit card accounts
  • Work email password
  • Apple ID and iCloud passwords (note, they are not the same)

If you are using one password for all sites, consider using 1Password utility.

Check bank statements

It never hurts to go over your bank statements (if you have any) once a while. If you notice some suspicious activity, then do a little research. But don’t panic right away if you don’t recognize a charge.

Almost every once, when I check my credit card statements, I see one or more charges which I don’t remember doing. However, after 5 minutes or so, I remember what it was.

Check credit report

Everyone in the U.S. has a right to get a free credit report once a year. Since there are three main agencies, you can get a free report three times a year (one from each agency). Search for “Annual Credit Report” in Google, but be careful to skip some ads and use the legit site.

Turn on Two-Factor Authentication

If you didn’t do this yet, turn on two-factor authentication on main sites: email, any money sites, etc. It’s a little bit inconvenient, but it’s the best way to prevent hackers from stealing your data.

What’s Next?

I hope I gave you some high-level information you needed in case if you think that your computer was hacked. Now, I suggest to check the articles I mentioned above in the following order, so you know how to deal with the problems outlined: