How to Remove Malware from Mac

Despite what some people think, Macs can and do get viruses and other malware. If it happens to your Apple computer, you might notice it working slower than usual. Mac malware might also cause system instability or other unpredictable behavior, including issues with your web browser.

 

If your Mac is infected, how do you get rid of malware and give your system a clean bill of health? In this guide, we’ll explore some of the most practical Mac malware detection and removal measures you can take.

 

Continue reading to find out how to remove malware from Mac.

 

Before we start

 

The longer a virus is on your Mac, the more damage it can do and the more data it can steal. To rid your machine of potential threats fast, use MacKeeper’s Antivirus tool. As well as constant, real-time protection, you can run on-demand scans at any time.

 

Here’s how to protect your Mac with MacKeeper’s Antivirus:

  1. Open MacKeeper, and click Antivirus in the sidebar
  2. Click Start Scan
  3. If the scan finds anything suspicious, select it from the results list
  4. Click Delete, and then Delete to confirm.

MacKeeper can handle viruses, trojan horses, spyware, and more. Download it today, and try these and other features out for yourself.

How to tell if your Mac has a virus

Sometimes, malware will do its best to remain undetected. Other times it will be more obvious, and that can be by design or a side effect that the virus coders never intended. Either way, there may be warning signs that help you delete viruses on your trusty Macintosh.

Signs of malware on Mac

Whether you have an iMac, MacBook, or Mac mini, malware can result in these kinds of symptoms:

  • An unusually slow Mac, particularly if the slowdown happens suddenly
  • Your Mac freezes up or restarts unexpectedly
  • Your web browser changes its home page and/or search engine
  • Files and folders won’t open
  • Frequent error messages pop up on your Mac
  • One or more processes take up all your RAM and/or CPU resources
  • Disk space mysteriously disappears.

These symptoms can be caused by legitimate things, like background downloads or software conflicts. If you’re looking to clean viruses from your Mac, you need a reliable way of checking the cause of unwanted behavior.

How to get rid of viruses on Mac

Now that you know about detecting viruses on your Mac, it's time to discuss the best steps for removing malware. Here's how to get rid of viruses on Mac:

1. Disconnect from the internet

Malware is often designed to connect to the internet—sending stolen information to criminals, using your machine to send spam emails, or just spreading itself further. If you’re trying to get rid of a potential threat detected on your Mac, it’s a good idea to disable your internet connection.

 

Here’s how to disable Wi-Fi on a Mac:

  1. In System Settings, click Network
  2. Select Wi-Fi
  3. Click the toggle to turn off Wi-Fi.
It's a good idea to turn off your Wi-Fi to stop malware from connecting to the internet to send stolen information from your Mac.
Step 1. Select Network in System Settings
To turn off your Wi-Fi, open the Wi-Fi settings. You can see if it's currently connected or not by looking for a green or red circle.
Step 2. Open Wi-Fi settings
Turning Wi-Fi on and off is simple. You just click the toggle/slider to activate and deactivate your Wi-Fi connection.
Step 3. Turn off Wi-Fi

How to disable Ethernet on Mac:

  1. In System Settings, click Network > Ethernet
  2. Click Make Inactive.
Similar to when you turn off Wi-Fi, you can deactivate your Mac's Ethernet connection from your System Settings. Just click Ethernet.
Step 1. Go to Network > Ethernet in System Settings
Turning off your Ethernet is as simple as click the 'Make Inactive' button. To reverse the process, just click the button again, and Ethernet will automatically reconnect.
Step 2. Click Make Inactive

To be doubly sure you’re not connected to the internet, you could unplug your Ethernet cable.

2. Reboot into safe mode

Sometimes, malware is difficult to remove, because it loads up as soon as macOS starts. But if you boot into safe mode, you might be able to remove this malware, because it’s designed to load only the files and apps macOS needs to run. Safe mode also deletes some system caches, so they can be rebuilt again automatically.

 

How to boot into safe mode on an Intel Mac:

  1. Hold down Shift as soon as your Mac turns on or restarts
  2. When you see the login window, take your finger off the Shift key
  3. Log in using your usual details
  4. You should see Safe Boot in the top-right corner of the login screen.

 

How to boot into safe mode on an Apple Silicon Mac:

  1. Shut down your Mac. Press and hold the power button for 10 seconds
  2. Release it when you see the startup options window
  3. Choose your startup disk, then hold down Shift
  4. When prompted, click Continue in Safe Mode and release the Shift key
  5. Log in, and you should find your Mac in safe mode.

Hint from our team:

 

To check safe boot is on, follow these steps:

  1. Click the Apple logo in the top-left of your screen
  2. Go to About This Mac > More Info > System Report > Software
  3. Check Boot Mode says Safe. Be aware, this process is slightly different in older versions of macOS like Catalina.
To check if you are in a Safe Mode click on System Report from the About this Mac settings.

If your Mac is now running normally, then there’s either malware on it that doesn’t load in safe mode, or you have some other kind of software-related problem. If you know what you’re looking for, you can try deleting suspicious files, extensions, and so on. Reboot your Mac normally and see if your problem has been fixed.

3. Find suspicious processes in Activity Monitor

If you suspect malware on your Mac, start by checking Activity Monitor. This built-in macOS tool shows you what’s running on your Mac, including in the background. If anything is taking up a lot of CPU cycles or RAM, it could be malware, and Activity Monitor can help with finding it.

 

Here’s how to check Activity Monitor for macOS malware:

  1. Open Activity Monitor from Applications > Utilities. Click the CPU tab, then click the % CPU column to sort processes by most CPU used. Look for processes you don’t recognize that are using a lot of processing power
  2. Do the same with the Memory column in the Memory tab, Bytes Written in the Disk tab, Sent Bytes in Network.
  3. Take note of anything that seems suspicious and Google it. If it’s malware or something else you don’t want, double-click on it in Activity Monitor and click Quit. Then click Force Quit to kill the process.
Open Activity Monitor from Applications > Utilities, then sort the CPU tab by %CPU, and you can see what's using your processor the most.
Step 1. Use Activity Monitor to detect suspicious CPU usage
After checking CPU usage, also check the other tabs of Activity Monitor, including memory and disk. Malware may result in higher usage than normal.
Step 2. Check memory, disk, and network use too
If you see anything suspicious, you can force it to quit. Bear in mind, though, this doesn't remove that process from your Mac, and it may start up again.
Step 3. Quit any suspicious processes

Stopping a process doesn’t eliminate it. It might start up again immediately or when you restart your Mac.

4. Remove malicious programs

If an app is causing suspicious activity on your Mac, you should remove it by uninstalling that app. This might not remove malware from a Mac completely, but it's an important step. If you suspect an app is unsafe, check out our guide on how to remove a trojan virus.

 

This is the normal way of uninstalling apps on a Mac:

  1. In Finder, navigate to your Applications folder. If you see anything suspicious, right-click it and select Move to Trash.
  2. Now right-click your trash, and select Empty Trash.
The default way of removing apps from your Mac is to send them to your trash or bin. Note that they aren't completely deleted at this point.
Step 1. Move unwanted apps to your trash
To fully delete programs, you need to empty your trash or bin. You can do that by right-clicking the trash icon and selecting Empty Trash or Bin.
Step 2. Empty your trash

Note from our experts: 

 

You can also uninstall apps with MacKeeper’s Smart Uninstaller. Our tool will also delete files that would normally be left behind, which is vital when doing a virus cleanup. Download MacKeeper and try it yourself.

A warning on manually removing malware

Be very careful when manually deleting malware from your Mac—you may delete the wrong thing and make your Mac worse.

 

If in doubt, you may want to contact Apple support. You can also get support from MacKeeper’s Premium Services—as an alternative to quickly solve your user's concern.

 

5. Delete Mac malware from your Login Items

Malware is often designed to launch when computers start up. On a Mac, you may find these are listed in the Login Items part of System Settings. Follow these steps to check:

  1. Open System Settings, and select General > Login Items
  2. Look through the list for anything suspicious. Select what you want to remove, and click the minus button
  3. Restart your Mac, and then check to see if the suspicious Login Item didn’t reinstall itself.
In System Settings, select General, then Login Items. From here you'll be able to stop processes from starting with macOS. That may include malware.
Step 1. Go to General > Login Items
To remove a login item, you just select it from the list, then click the minus button. That process should no longer load at boot time.
Step 2. Select a login item and remove it

Unfortunately, the standard Login Items tool doesn’t show absolutely everything that starts with macOS. To find and stop these hidden items, use MacKeeper’s Login Items tool to find a wider variety of startup processes.

6. Run an antivirus app

A good antivirus app can scan your entire Mac quickly and check every single file against a vast database of threats and suspicious behavior. MacKeeper Antivirus is one such app, which makes it easy to find and get rid of Mac malware.  

 

How to run an antivirus scan on Mac with MacKeeper:

  1. Select Antivirus from the sidebar
  2. Click Start Scan, and wait for the virus scan to complete
  3. Check the results, in case of false positives. Then click Delete > Delete.
MacKeeper's Antivirus offers both real-time and on-demand scanning. To start a scan, open the tool, then click the Start Scan button.
Step 1. Select Antivirus and start a scan
If MacKeeper finds any malware, you simply have to select it from the list, then click the Delete button to start the removal process.
Step 2. Select malware and click Delete
Finally, click the Delete button to confirm that you want to permanently delete the selected file. Note that it cannot be restored.
Step 3. Confirm that you want to delete malware

 

How to clean viruses from Mac automatically

 

Although it’s possible to manually identify and remove malware from your Mac, it’s not the best way to deal with the problem. It’s time-consuming and difficult, and there’s a chance you might delete something you need. With the right tools, you can find and remove malware automatically in just a few minutes.

 

7. Verify your browser’s homepage

A favorite trick of malware creators is taking over people’s web browser homepages. Doing so, they can serve you ads or notifications that they get paid for—or in worse cases, direct you to other sites, which may install even more malware.

 

Using Safari, there are a few things you can do to check your homepage hasn’t been affected:

  1. Click the address bar to reveal the full URL and make sure it’s accurate
  2. In the menu bar, select Safari > Settings
  3. In the General tab, check what it says next to the Homepage. If it’s wrong, change it.
If you click on the address bar in Safari, you can see the whole URL. This will reveal if you're on a fake site or not connected via HTTPS, which offers encryption.
Step 1. Click the URL to check it
Next, you want to go into Safari's settings, where you can double-check that homepage is right and make changes to it, if you need to.
Step 2. Go to Safari settings

Checking your homepage with Chrome is similar:

  1. Double-click the address bar to reveal the full URL, and verify it
  2. Select Chrome > Settings from the menu bar
  3. Click Appearance, and under Show Home button, check the URL.
If you double-click in the Chrome address/search bar, you'll see the current site's full URL. Do this when you're on your normal homepage and check it's right.
Step 1. Click the Chrome search bar to see the full URL
To doubly sure everything is as it should be, go to Chrome's settings, where you'll be able to check exactly where the home button will send you.
Step 2. Open Chrome's settings
Under Appearance > Show Home button, you'll be able to set where the home button sends you. If the URL is wrong, you can change it here.
Step 3. Check the homepage is right

In cases of serious infection, your homepage may still get redirected, and it won’t be fixed until you delete the virus from your Mac.

8. Clear your cache

There are various caches on your caches. Individual apps and web browsers have their own caches, but there’s also system cache. Clearing these temporary files out can help you remove all traces of malware from your desktop or laptop Mac.

 

Follow these steps to manually clear caches on your Mac:

  1. In Finder, select Go > Go to Folder from the menu bar
  2. Type in ~/Library/Caches/ and press return
  3. You can now see cached files for many of the apps on your Mac
  4. Delete the contents of a folder to clear the cache.
Use the macOS 'Go' function to go directly to the caches folder on your Mac. There are system caches, but it's safe to change user caches.
Step 1. In Finder, select Go > Go to Folder
Type in '~/Library/Caches', then press Return. This will take you directly to your user cache files, which covers multiple apps on your Mac.
Step 2. Use Go to get into your Mac's caches
In this folder, you'll see the cached files created by many of the apps installed on your Mac. Deleting these files will clear those caches.
Step 3. Look through the different app caches
If you know what you can safely delete, you simply send those files to your trash and empty it, as you would with any other files you want to delete.
Step 4. Delete anything you know is safe to remove

While manually deleting cached files manually may work, it’s not always clear what you’re deleting, so there’s a risk you could mess something up. Avoid that risk with MacKeeper’s Safe Cleanup—in just a few clicks process to find and remove cached data.

9. Delete suspicious browser extensions

If you’re experiencing problems with your web browser, they could be caused by a rogue extension. Remove any recently installed extensions and any that don’t come from reputable sources. Here, we’ll look at removing extensions from Safari and Chrome, but the process is similar for other browsers like Firefox.

 

How to remove extensions in Safari:

  1. In Safari, click Safari, from the top menu, and select Settings. In the Extensions tab, select an extension, then click the Uninstall button
  2. Click Show in Finder
  3. Delete the extension like would any other file.
In Safari's settings, you can browse through installed extensions and then remove them. Look for anything that might be malware.
Step 1. Select an extension and then Uninstall
After clicking 'Uninstall', you have to click 'Show in Finder'. This will take you to wherever the extension is installed, so you can remove it.
Step 2. Click Show in Finder
Now, just delete the extension like any other file, making sure to empty your trash afterwards. This  may help you to remove malware.
Step 3. Delete the extension

How to remove extensions from Chrome:

  1. In Chrome, select Window > Task Manager
  2. Sort the CPU column to see if any extensions are using a lot of processing power. Do the same with the Memory footprint and Network columns
  3. Now select Window > Extensions from the menu bar
  4. Look through the installed extensions, and click the Remove button on any that seem suspicious.
The Chrome Task Manager can show you the extensions that are running on your Mac and what resources they're using too.
Step 1. Open the Task Manager
If you sort the Chrome Task manager output but CPU, you can quickly spot extensions that are using a lot of resources. This may be malware.
Step 2. Check Task Manager for suspicious extensions
If you see anything that you want to remove, visit Window > Extensions from the menu bar, to start the process of removal.
Step 3. Go to Chrome's extensions
To remove an extension from Chrome, find it in the list, then click the 'Remove' button. Confirm removal, and then it will be gone.
Step 4. Click Remove to uninstall an extension

MacKeeper’s Smart Uninstaller doesn’t just remove apps—it’ll also delete extensions, including those installed by malware.

10. Get rid of pop-up ads on Mac

Another symptom of malware infection is an increase in unwanted pop-ups, which can affect browser performance. Thankfully, you can do something to get rid of these annoyances.

 

To prevent pop-ups in Safari:

  1. In Safari, select Safari > Settings in the menu bar, and go to the Websites tab. In the sidebar, click Pop-up Windows
  2. Use the drop-down menus to block pop-ups.
Select Websites > Pop-Up Windows in Safari's settings. Here you'll be able to any pop-ups that are currently blocked or allowed.
Step 1. Find pop-up in Safari's settings
If you see a pop-up you want to block, use its drop-down menu and then select 'Block'. That will stop it bothering you in future.
Step 2. Choose which pop-up to block

Follow these steps to block pop-ups in Chrome:

  1. In the menu bar, go to Chrome > Settings, and then Privacy and security > Site settings
  2. Scroll down and select Pop-ups and redirects
  3. Look through the list under Allowed to send pop-ups and use redirects. Click the three dots next to an entry, and select Block.
In Chrome's settings, click 'Privacy and security', then go to 'Site Settings', which lets you control various aspects of website behaviour.
Step 1. Go to Site settings in Chrome
Now click 'Pop-ups and redirects'. You'll be able to block and allow sites to serve you with pop-ups. This can prevent malware from bothering you.
Step 2. Choose Pop-ups and redirects
Go through the list and choose something to change. Click the three dots, then use the menu to select Block. Pop-ups and redirects will be prevented.
Step 3. Select a site and block pop-ups

MacKeeper’s Adware Cleaner makes it even easier to remove the malware that causes unwanted pop-ups. In just a few minutes, this adware remover can get your Mac free of unwanted apps.  

11. Resettle the system and restore from a backup

When you’re trying to remove a virus from a Mac, you may want to restore from a backup. Using the Time Machine function built into macOS, you can return your machine to a previously saved snapshot, taken before you picked up the malware.

 

Assuming you already have Time Machine activated, here’s how to restore from a backup:

  1. Go to System Settings > General > Transfer or Reset
  2. Click Erase All Content and Settings, then follow the on-screen instructions to erase all your user data
  3. When your macOS has been reset and restarted, open Applications > Utilities > Migration Assistant. Click Continue, and enter your system password.
  4. Select From a Mac, Time Machine backup or Startup disk, and click continue
  5. Select your Time Machine backup and click Continue
  6. Choose a backup to restore from, and click Continue. Follow the on-screen instructions to finish the restore.
Removing all your data from your Mac may be enough to remove malware too. Be aware you'll lose all your files and settings if you do this.
Step 1. Select Transfer or Reset
In System Settings, choose to 'Erase All Contents and Settings'. Follow all the on-screen instructions to successfully complete this process.
Step 2. Click Erase All Content and Settings
Open the Migration Assistant from Applications > Utilities. Enter your username and password when prompted to continue.
Step 3. Open Migration Assistant
In Migration Assistant, select 'From a Mac, Time Machine backup or Startup disk', then click the 'Continue' button.
Step 4. Choose where you want to transfer information from
In the list, choose the drive where your Time Machine backup is stored. This will usually be an external hard drive.
Step 5. Choose the drive to restore from
Choose the Time Machine backup you want to restore. This should be one you made before you got the suspected malware on your Mac.
Step 6. Select a backup to restore

12. Wipe your Mac and reinstall macOS

If all else fails, you can wipe your Mac and reinstall macOS. Certainly if you’re unable to boot into macOS at all, this may be the only solution left to you to get a virus off your Mac. To reinstall the OS, you’ll need to get into macOS Recovery.

 

Enter Recovery on an Apple silicon Mac like this:

  1. Shut down your Mac
  2. Press and hold the power button until you see Loading startup options
  3. Choose Options > Continue, and follow the instructions.

Use these steps to get into Recovery on an Intel Mac:

  1. As soon as you turn your machine on, press Cmd + R
  2. In the Recovery app, select Reinstall for your macOS release, then Continue
  3. Follow the instructions to reinstall macOS.

Check out our guide on factory resetting your Mac for more information.

How to protect Mac from malware

Prevention is, of course, better than cure. If you take the right precautions, you might never have to get rid of viruses on your Mac.

 

Here are a few ways to protect your Mac from viruses and other malicious software:

  • Don’t open email attachments from people you don’t know
  • Don’t visit websites you don’t trust
  • Avoid piracy websites and services
  • Use unique, strong passwords
  • Buy apps from the App Store where possible
  • Use antivirus with real-time malware protection for Mac
  • Use an ad blocker to stop your web browser downloading dangerous files
  • Just in case, back up your important files regularly.

Best way to remove malware from Mac

Without a doubt, the best way to remove malware is with an automated checker like MacKeeper’s Antivirus. Removing viruses manually is slow, and you need to know what to look for.

 

With MacKeeper, you can scan your entire Mac quickly and safely delete malware, while keeping the rest of your data untouched. Thanks to its real-time protection, our tool can also help you prevent malware from ever getting on your Mac in the first place.

Use your Mac to the fullest! Sign up and get:
Effective tips on how to fix Mac issues
Reliable advice on how to stay safe online
Mac-world news and updates

Thank you!

You’ll love exploring your Mac with us.

Oops, something went wrong.

Try again or reload a page.

Here’s another sign you need to upgrade your macOS ASAP:

30% off your MacKeeper subscription

Сopy the code now and use it in the MacKeeper checkout after the upgrade.

Copy Code

Please be aware that this code cannot be combined with any other discounts, offers, or promotions.

Contents

Unlocked

Scan you Mac for malware and enable real-time protection to stay safe.

Start Now
PC

MacKeeper - your all-in-one solution for more space and maximum security.

Try Now

Read more

Zeus Virus Removal on Mac
Zeus Virus Removal on Mac
How to Remove Trovi from Mac
How to Remove Trovi from Mac
arrow

Run Application

step_1

Click Continue

step_2

Click Install

step_1

Your macOS version is lower than OS 10.11. We’d like to offer you MacKeeper 4 to solve the cleaning, privacy, and security issues of your macOS.