How to remove malware from your Mac

Macs used to be the computers of choice for people who wanted minimal exposure to viruses.  Even in those days, however, Macs were never “virus-proof”. Now, however, not only are Macs not “virus-proof” they are increasingly attractive targets for malware-creators.  This is because these days malware-creators are less likely to be interested in random destruction and more likely to be interested in data theft and if you have the money to buy a Mac then your data is worth a premium on the black market.

XProtect on its own is not enough protection

XProtect is more properly known as File Quarantine.  As its name suggests, it checks downloaded files, which is certainly useful, but does not provide anything like the same level of protection as real-time virus monitoring.  As previously mentioned, you need a proper, robust security program to keep your data safe. If, however, you’ve learned that fact the hard way, then here are some suggestions about what you can do.

Try downloading an antivirus program

These days it is increasingly common for malware creators to take steps to stop their victims from downloading security software, but you never know your luck until you try.  If you can’t download the software on the infected Mac, try downloading it on another Mac and installing it from an offline medium. Again, don’t get too hopeful about this, there’s a good chance the installation will be blocked, but you can at least give it a go.

Restore to a point before the virus hit

Depending on how your user your Mac, using this option could be anything from an absolute last resort to a fairly painless solution.  Basically, if you use the “old-school” approach of having everything installed/stored locally then you probably want to keep this option for when everything else has been tried and has failed.  If, however, your Mac is essentially a way to get onto the cloud and has practically nothing (legitimately) stored locally, then restoring to a point when your Mac was “clean” might actually be your easiest option.

Create a new account

This is a similar idea, just approached from a different angle.  Basically, you hope that the virus you’ve picked up is linked to a specific user account (a lot of them are) in which case creating a new account would let you go on using your machine without being impacted by the virus.  Having said that, the virus would still be in the machine, so you might want to consider having it professionally purged at some point, especially if have any plans to pass on your computer when you upgrade.

Try to find it manually and delete it

Unless you get very lucky, this may be one of the most tedious jobs you will ever do, but if it’s the only way, then it’s the only way.

Start by checking your browser extensions - for each browser you use.

  • Safari - Safari>Extensions
  • Chrome - Three-line (hamburger) menu (at the top right)>More Tools>Extensions
  • Firefox - Three-line (hamburger) menu (at the top right)>Add-ons>Extensions

Browser extensions are rather like socks, many of them do actually serve a useful functional purpose, but even if they do, you don’t necessarily need all of them and you particularly don’t need the ones which are full of holes or the odd ones you’re almost guaranteed to encounter when you actually make the time to take a good look at what you have.  With that in mind, declutter your browser extensions like you’d declutter your sock drawer, keep the ones you need and the ones you really like and ditch the rest.

Once you’ve done all of that, reboot and see if your Mac now behaves normally.  If it does, congratulations, if it doesn’t then the issue is probably a rogue app and finding and eliminating a rogue app is an even more tedious process. Basically you want to go to your application folders and both your library folders (you have an ~/Library folder as well as your main Library folder) and look through all your apps, plus your Application Support, Launch Agents and Launch Daemons.  If your luck is in you may see something with an obvious name, but beware of celebrating too soon because it could be a decoy and even if it is the app you’re looking for, you’ll still need to make sure that every trace of it is removed.

Take steps to stop it happening again

Hopefully you will succeed in removing the virus from your Mac and hopefully you will not find the experience too painful.  You will, however, probably find that it’s one you won’t want to repeat. The good news is that you won’t have to if you head to this page and download Comodo antivirus for Mac right now.