You may have heard it's said that Macs don’t get viruses. That there’s no Apple virus. You may even have said it yourself. Sadly, it’s not true. According to AppleInsider portal, the number of detected Mac viruses jumped up 60% in 2019. And, it’s not just viruses you have to be wary of. There are all sorts of different forms of malware, from bits of code that download themselves and show you adverts for things you have no interest in, to really nasty bugs that steal your personal data.
Oct 11, 2017 Question: Q: dmg installer Virus? I have been having this weird problem on my macbook pro where every second or third dmg I download and attempt to open comes up as Installer no matter what the program is actually called and when I click on install it starts installing 7zip. Im just assuming this is some kind of virus but I would love some help.
How do I know if my Mac has a virus?
Before you remove a virus from a Mac, you need to be sure it actually has one. We’ve covered that in more detail in this article but here are a few pointers.
- Your Mac starts behaving erratically and doing things you don’t expect;
- Your Mac starts running very slowly, as if something is hogging the processor;
- You start seeing adverts on your desktop;
- You find software or applications you didn’t install.
- An app asks for your administrator password
These symptoms may mean your Mac has a virus, although there could be other explanations.
How to remove a virus from a Mac
Thankfully, there are lots of ways to do it. And Mac virus removal doesn’t have to cost money.
1. Delete browser extensions
One of the most common types of malware comes in the form of browser extensions. Even extensions that aren’t particularly malicious can be annoying, and if you didn’t deliberately install them, they’re malware. Here’s how to get rid of unwanted browser extensions.
Safari
- Launch Safari.
- Click Safari in the top menu, then choose Safari Extensions.
- Look down the list and click on any extensions that look suspicious. Read the description of the extension. If you don’t remember installing it, click Uninstall.
- Repeat until you’ve removed all the extensions you don’t want.
Chrome
- Launch Chrome.
- Click on the 3-dot icon in the upper right corner.
- Select More Tools and choose Extensions from the menu that appears.
- Look over the extensions in the browser window and click Remove on any that you don’t recognise.
Firefox
- Launch Firefox.
- Click the 3-line (hamburger) icon at the top right corner.
- Choose Add-ons
- Click the Extensions tab and remove on any you don’t recognise.
2. Uninstall apps
Malware comes in lots of different forms. And it even comes disguised as security software to help you get rid of viruses! Devious, huh?
If you’ve inadvertently downloaded an app that turns out to be a virus, you need to uninstall it immediately. There are a couple of ways to do this. Here’s the hard way.
- Go to your applications folder and drag the app to the Trash.
- Go to your ~/Library folder and look in the Application support folder for any files related to the app and drag those to the Trash.
- Look in the other folders in ~/Library, especially Launch Agents and Launch Daemons and remove any files related to the app from there. But be careful, if you remove files used by legitimate app you could cause lots of problems.
- Repeat Step 3 for your Mac’ main Library folder.
The easy way: Uninstall apps in a few clicks
- Download and launch CleanMyMac X.
- Click Uninstaller.
- Check the box next to the application name.
- Click Uninstall.
If you don’t know the name of the application, it’s more difficult. But if you use CleanMyMac, all you have to do is scroll through the list of applications and look for any you don’t recognise or don’t need and remove them. CleanMyMac removes every trace of an app, including files that you may overlook when you remove applications manually. This is particularly important for viruses, so it’s much better to use CleanMyMac.
What's makes this method even better, is that CleanMyMac X also shows you app leftovers that remained after the main app is gone.
3. Use a malware removal tool
While the above steps work very well in lots of cases, sometimes the Mac virus removal means using a dedicated application to scan and remove malware from your Mac.
There are lots of these applications available, and many of them are either free or allow you to at the very least scan your Mac for free to find out whether you need to take action. Be careful, however. It’s important to choose a tool from a reputable vendor. If you just google ‘Mac antivirus tool’ some of the results may well be for tools that are themselves malicious and instead of removing viruses from your Mac will infect it. We recommend using CleanMyMac X.
It can identify thousands of malware threats, including adware, spyware, ransomware, worms, cryptocurrency miners. And if CleanMyMac finds something suspicious, it will offer immediate removal. Here’s how to perform a full system scan:
- Download CleanMyMac X (free download) and launch the app.
- Click on the Malware Removal tab.
- Click Scan.
- Click Remove.
4. Escape the virus: Create a new user profile
Usually viruses are attached to a particular user profile on your computer. In this way they are able to seize control of your admin profile. But you can start if from scratch and create a new user on your Mac. Don't worry, you will be able to transfer all your important data from one user to another.
Go to Apple menu > System Preferences, click Users & Groups.
- Click the lock icon , then type in your admin password.
- Use the plus sign to add new user profile
To move your important information from one user to another, you will need to access the Shared folder.
Click on the Finder > Go to Folder...
Paste in this: /Users
Can you see the Shared folder? Here you can copy the needed files from your old user account. Hurray, you've started a clean, virus-free life!
Bonus tip: Clean up your login items
Login items are apps that launch automatically upon startup. Malware programs would often sneak into your login items without you knowing. How to prevent them from launching?
Go to Apple Menu > System Preferences
Click Users & Groups
Click on the Login items tab
From here you can manage them using the [+] and [—] buttons.
How to disable the invisible agents
Some small supporting applications never show up in the Login items. They are called the Launch agents and may as well be hacked by viruses. You can find them with the universal Mac cleaner, CleanMyMac. This app is notarized by Apple, so you are safe using it.
Download the cleaner here — the link to a free edition
Launch the app and go to the Optimization tab
Click Launch agents
How many apps do you see there? Remove any flash players, automatic updaters, or everything else that you find suspicious. Even if you deleted the main app itself, its launch agents may still occupy your drive. Here is what I have:
To prevent your Mac from infection, the above app has a real-time monitor tool. It sees that no harmful apps place their code in your Launch Agents. It monitors several such locations that could be gateways for viruses.
Dmv Virus Humans
How to get rid of virus on a Macbook Pro (or any other Mac) if all else fails
If you’ve run through all the steps above and are still having problems trying to remove a virus from a Mac, the next step is to restore from a Time Machine backup. The benefit of restoring from Time Machine is that you can do it quickly and easily by booting into the recovery partition and you can choose to backup to a state just before your Mac started behaving erratically.
The downside of this option is that any work you’ve done since the backup you restore from will be lost. You could manually copy files from your Mac to another drive or cloud storage service before you restore and then copy them back afterwards. However, if one of those files is infected, you risk contaminating your Mac all over again. If there are documents you really need and that aren’t backed up elsewhere, use one of the antivirus tools above to run a scan on them before you copy them to another disk. That way you’ll know they’re safe.
Here’s how to restore from a Time Machine backup
- Make sure you’re connected to your Time Machine backup drive.
- Restart your Mac, holding down the Command and R keys until you see the Apple logo. When the macOS Utilities screen appears, choose Restore from a Time Machine Backup. Click Continue.
- Choose the last backup before your Mac started misbehaving or you suspect you were infected with a virus.
Your Mac will now return to the state it was in when you made that backup.
If you don’t have a Time Machine backup to restore from, the last resort is to reinstall macOS. This is a ground-zero approach. You’ll need to wipe your startup drive completely clean and start again. That means re-installing all your applications and copying all your data back to your Mac afterwards. If you have a recent backup of your data, from before your Mac became infected, you can use that to copy data from after you re-install. If not, you’ll need to back up important files now — but scan them with an antivirus tool first to make sure they’re not infected.
To perform a clean install of macOS, you’ll need a bootable installer disk. Creating one is beyond the scope of this article, but there is a comprehensive guide here.
Once you’ve made your bootable installer, plug it into your Mac, go to System Preferences, choose Startup Disk and select the disk you just plugged in. Restart your Mac, holding down Command-R and do the following:
- When the macOS Utilities screen appears, select Reinstall a new copy of macOS. Click Continue and then Continue again when the next window appears.
- Agree to the terms and conditions and select your Mac’s internal disk.
- Click Install. Wait for your Mac to restart.
- Your Mac will startup as if it’s a new Mac and you’ll need to go through the process of setting it up from scratch.
- Once you’ve set it up, copy back the files you need from the backup and that you know aren’t infected.
As you can see, there are many different ways to remove a virus from a Mac, depending on how badly infected it is and what kind of virus it is. The main thing to remember is if you suspect your Mac is infected, don’t worry. It can be fixed!
These might also interest you:
A phishing scam has targeted Mac users by redirecting them from legitimate websites to fake websites which tell them that their computer is infected with a virus. The user is then offered Mac Defender 'anti-virus' software to solve the issue.
This “anti-virus” software is malware (i.e. malicious software). Its ultimate goal is to get the user's credit card information which may be used for fraudulent purposes.
The most common names for this malware are MacDefender, MacProtector and MacSecurity.
Apple released a free software update (Security Update 2011-003) that will automatically find and remove Mac Defender malware and its known variants.
The Resolution section below also provides step-by-step instructions on how to avoid or manually remove this malware.
Resolution
How to avoid installing this malware
If any notifications about viruses or security software appear, quit Safari or any other browser that you are using. If a normal attempt at quitting the browser doesn’t work, then Force Quit the browser.
In some cases, your browser may automatically download and launch the installer for this malicious software. If this happens, cancel the installation process; do not enter your administrator password. Delete the installer immediately using the steps below.
- Go into the Downloads folder, or your preferred download location.
- Drag the installer to the Trash.
- Empty the Trash.
How to remove this malware
Dmv Virus
If the malware has been installed, we recommend the following actions:
- Do not provide your credit card information under any circumstances.
- Use the Removal Steps below.
Removal steps
- Move or close the Scan Window.
- Go to the Utilities folder in the Applications folder and launch Activity Monitor.
- Choose All Processes from the pop up menu in the upper right corner of the window.
- Under the Process Name column, look for the name of the app and click to select it; common app names include: MacDefender, MacSecurity or MacProtector.
- Click the Quit Process button in the upper left corner of the window and select Quit.
- Quit Activity Monitor application.
- Open the Applications folder.
- Locate the app ex. MacDefender, MacSecurity, MacProtector or other name.
- Drag to Trash, and empty Trash.
Dmg Virus Files
Malware also installs a login item in your account in System Preferences. Removal of the login item is not necessary, but you can remove it by following the steps below.
- Open System Preferences, select Accounts, then Login Items
- Select the name of the app you removed in the steps above ex. MacDefender, MacSecurity, MacProtector
- Click the minus button
Use the steps in the “How to avoid installing this malware” section above to remove the installer from the download location.
Note: Apple provides security updates for the Mac exclusively through Software Update and the Apple Support Downloads site. User should exercise caution any time they are asked to enter sensitive personal information online.