How to get rid of a virus on a Mac
Macs have never been “virus-proof”. In fact one of the world’s earliest computer viruses was written specifically to target Macs (Elk Cloner) and ever since then there have been various online nasties lurking around to trap unwary Apple fans. Unfortunately, the signs of a virus are many and varied, but most of them revolve around performance issues and/or your computer behaving in an unusual way (e.g. changing your browser home page). Essentially, at this point in time if your computer is doing anything remotely strange, you should probably assume that a virus could be to blame and investigate thoroughly. Here are some tips.
Check your browser extensions
Browser extensions, as their name suggests, are pieces of software which aim to extend the functionality of your browser. Some of them are both safe and helpful, but some are so badly written that they wind up being more hassle than they’re worth and some are deliberately malicious. Here’s how to find your list of browser extensions in the main browsers.
Safari - Safari > Extensions
Chrome - Three-line (hamburger) menu (at the top right) > More Tools > Extensions
Firefox - Three-line (hamburger) menu (at the top right) > Add-ons > Extensions
If you use more than one browser, then you will need to check each one. Go down the list and remove all extensions apart from the ones which you actively recognize and know that you want.
Look for a malicious app and delete it
This is where life can get a bit more complicated. Frankly, the smart way to get rid of a malicious app on a Mac is to download a good antivirus and have it clean up your computer for you. This will ensure that you avoid making life even worse for yourself either by spreading the virus or by deleting files you actually need along with infected ones. If you’re going to go down this route, make sure you use an antivirus from a reputable vendor such as Comodo, otherwise you could wind up downloading another virus.
Unfortunately, some viruses will stop you from downloading good antivirus programs, which means you’ll need to clean your computer the manual way.
Start with your applications folder. You may see an obvious culprit but sadly you’re unlikely ever to see a virus helpfully labeled as such. Unfortunately, it’s risky to purge apps in the same way as you purged browser extensions, but your likeliest culprit is your most recent download install. Head to your applications folder and drag it to your trash. Then go to your ~/Library folder (not the main library folder) and check the subfolders for anything which might be connected to the app. In particular check Application Support, Launch Agents and Launch Daemons. Then head to your main library folder and repeat the process.
You need to be really careful here. If you miss files belonging to the virus, you may still have the same problem, but if you delete legitimate files, you may wind up with a new set of problems.
Create a new profile
Some viruses connect to a specific profile, such as the Admin profile, so you may be able to escape them by creating a new profile.
Go to Apple menu > System Preferences>Users & Groups. Click the lock icon, then type in your admin password. Click the plus sign and create a new user profile. Then go to Finder > Go to Folder and search on /Users where you should be able to see a Shared folder from where you can then copy over important files to your new account. Please note, however, this does not deal with the virus itself, it may just give you a way to work around it (and this is by no means guaranteed).
Turn back time
If nothing else works, then you’ll need to restore to a point before the virus hit. Connect to your Time Machine backup drive. Restart your Mac, holding down the Command and R keys until the Apple logo appears. This will be followed by the macOS Utilities screen. Choose Restore from a Time Machine Backup and click Continue. Choose the last point you know your Mac was clean.
For the sake of completeness, in principle you can try saving any work you did between the virus hitting and you deciding to restore to the last-good point, but if you do you run the risk of saving an infected file and ending up right back where you started.
Make sure it doesn’t happen again
If all this sounds like a whole lot of hard work, that’s because it is, or at least it can be. In simple terms, it’s generally a whole lot easier to download a robust ant-virus program than it is to get rid of a virus once it’s taken hold, The good news is that Comodo antivirus provides superb protection for a very affordable price. Head to the Comodo website now to get the protection you need.