Despite what some people say, Macs can and do, get viruses and other malware. If it happens to your Mac, you might notice it working slower than usual. Mac malware might also cause system instability or other unpredictable behavior, including problems with your web browser.
If your Mac is infected with malware, how do you remove it and give your system a clean bill of health? In this guide, we’ll explore some of the most practical Mac malware removal measures you can take.
Before we start
As well as malware, you might want to check your Mac for adware too. MacKeeper’s adware cleaning tool means you can do that in just a few clicks.
- Open MacKeeper, and select Adware Cleaner
- Click Open
- Click Start scan
- If anything is found, you can now delete it
MacKeeper also offers StopAd, an ad blocking feature for Chrome and Safari. Download MacKeeper, and try these and other features out for yourself.
Warning signs your Mac has a virus
In some cases, malware will do its best to remain undetected. If criminals are using it to steal your data, they don’t want you to notice too soon, so they won’t make it obvious. But in some cases, malware is designed to disrupt you and make a nuisance of itself. And sometimes, the signs of malware can be purely accidental, a side-effect that the virus coders never intended.
Common signs of malware include:
- An unusually slow Mac, particularly if the slowdown happens suddenly
- Your Mac freezes up or restarts unexpectedly
- Your web browser changes its home page and/or search engine
- Files and folders won’t open
- Frequent error messages pop up on your Mac
- One or more processes take up all your RAM and/or CPU resources
- Disk space mysteriously disappears
But although these kinds of symptoms can result from viruses and other malware on your Mac, that’s not the only reason for them. Sometimes, there are legitimate reasons, like background downloads or software conflicts. So if you’re looking to remove malware from your Mac, you need to work out if there’s actually anything to remove at all.
How to find and remove malware from your Mac
Check the Activity Monitor for anything suspicious
If your Mac is playing up and you suspect malware, one of the first things you should do is check the Activity Monitor. This built-in macOS tool will show you what’s running on your Mac, including in the background. If anything is taking up a lot of CPU cycles or RAM, it could be malware, and you’ll be able to see it here. So you should always make this one of your first steps in Mac malware removal.
Here’s how to check Activity Monitor for macOS malware:
1. Open Activity Monitor from Applications > Utilities
2. Click the CPU tab, then click the % CPU column to sort processes by most CPU used
3. Look for processes you don’t recognize that are using a lot of processing power
4. Do the same with the Memory tab and the Memory column
5. Repeat this with the Bytes Written column of the Disk tab
6. Finally, click the Network tab and sort the Sent Bytes column
If you spot anything out of the ordinary, take a note of its name, then Google it. In most cases, you’ll be able to find out if it’s a legitimate application or a virus. If it’s malware or something else you don’t want, double-click on it in Activity Monitor and click the Quit button. Then click Force Quit.
Note, though, that stopping a process doesn’t remove it. It might start up again immediately or when you restart your Mac. If the suspicious activity is coming from an app, you might be able to remove it by uninstalling that app. Just drag the app into your trash and then empty your trash. If you’re lucky, this might be enough to remove the virus from your Mac.
Disconnect from the internet
A lot of malware is designed to connect to the internet. Sometimes, this is because it’s stealing your information and sending it to criminals. Other malware will use the internet to spread further or to send spam emails. In any case, it’s not something you want. So if you suspect your Mac is carrying a virus, you should disable your internet connection. Then you can work on getting rid of the malware.
Here’s how to disable Wi-Fi on a Mac:
1. In System Preferences, click Network
2. Select Wi-Fi from the sidebar
3. Click Turn Wi-Fi Off
How to disable Ethernet on Mac:
1. In System Preferences, click Network
2. Select Ethernet from the sidebar
3. Use the Configure IPv4 dropdown menu, and select Off
4. Click Apply
To be doubly sure you’re not connected to the internet, you could unplug your Ethernet cable. You could also turn off your router, but you’ll probably want to connect to the internet on another device while you fix your Mac.
Delete suspicious browser extensions
If you’re experiencing problems with your web browser, they could be caused by a rogue extension. Remove any recently installed extensions and any that don’t come from reputable sources. Here, we’ll look at removing extensions from the two most popular web browsers Mac: Safari and Chrome.
How to remove extensions in Safari:
1. In Safari, click Safari, from the top menu, and select Preferences
2. Select the Extensions tab
3. To remove an extension, click it, then click the Uninstall button
Remove any extensions you don’t recognize or which are using a lot of CPU in Activity Monitor.
How to remove extensions from Chrome:
1. In Chrome, select Window > Task Manager
2. Sort the CPU column to see if any extensions are using a lot of processing power. Do the same with the Memory footprint and Network columns
3. Now select Window > Extensions from the menu bar
4. Look through the installed extensions, and click the Remove button on any that seem suspicious
Boot into safe mode
Sometimes, malware is difficult to remove, because it loads up as soon as macOS starts. But if you boot into safe mode, you might be able to remove this malware, because it’s designed to load only the files and apps macOS needs to run. Safe mode also deletes some system caches, so they can be rebuilt again automatically.
How you get into safe mode depends on whether you have an Intel processor or one of Apple’s new ARM-based M1 chips.
How to boot into safe mode on an Intel Mac:
- Hold down Shift as soon as your Mac turns on or restarts
- When you see the login window, take your finger off the Shift key
- Log in using your usual details
- You should see Safe Boot in the top-right corner of the login screen
How to boot into safe mode on an M1 Mac:
- Shut down your Mac. Press and hold the power button for 10 seconds
- Release it when you see the startup options window
- Choose your startup disk, then hold down Shift
- When prompted, click Continue in Safe Mode and release the Shift key
- Log in, and you should find your Mac in safe mode
To check safe boot is on, click the Apple logo in the top-left of your screen, then go to About This Mac > System Report > Software. Check Boot Mode says Safe.
If your Mac is now running normally, then there’s either malware on it that doesn’t load in safe mode, or you have some other kind of software-related problem. Provided you know what you’re looking for, you can try deleting suspicious files, extensions and so on.
When you’re done, reboot your Mac normally and see if your problem has been fixed.
Run an antivirus app
Although it’s possible to manually identify and remove malware from your Mac, it’s not the best way to deal with the problem. It’s time consuming and difficult, and there’s a chance you might delete something you need.
A good antivirus app can scan your entire Mac in just a few minutes and check every single file against a vast database of threats and suspicious behavior. MacKeeper Antivirus is one such app, which makes it easy to find and get rid of Mac malware.
How to run an antivirus scan on Mac with MacKeeper:
1. Select Antivirus from the sidebar
2. Click Start scan
3. Wait for the virus scan to complete
4. Check the results, in case of false positives. Then click Move to quarantine
5. When it’s done, you can click the Quarantine button to see the quarantined files
6. Click Select all, followed by the Delete button
Dealing with ransomware
Most malware can be dealt with using the steps we’ve already outlined – particularly using an antivirus app. But removing ransomware from a Mac can be much more difficult. Ransomware encrypts data, demanding you pay a ransom to get an unlock code, which may or may not even work. In some cases, ransomware can lock certain files or folders, in which case you might be able to remove it using the methods above.
But if it encrypts all of macOS, you might not even be able to log in – even in safe mode. Unless you want to risk paying the criminals holding you hostage, there’s not much you can do, other than start again.
How to deal with ransomware on a Mac:
- Back up anything you can, if it’s not encrypted by the ransomware. Only back up to an empty drive, because ransomware can spread onto external drives
- If you’re able to, use antivirus like MacKeeper to remove the ransomware
- In the event that you can’t get into macOS, wipe your Mac and do a fresh installation of macOS
- Restore any backed up files you might have, from cloud services, external drives or Time Machine
- Install antivirus
How to prevent malware from getting onto your Mac
Prevention is, of course, better than cure. If you take the right precautions, you might never have to remove any malware from your Mac.
Here are a few ways to protect your Mac from viruses and other malicious software:
- Don’t open email attachments from people you don’t know
- Don’t visit websites you don’t trust
- Avoid piracy websites and services
- Use unique, strong passwords
- Buy apps from the App Store where possible
- Use antivirus with real-time protection
- Use an ad blocker to stop your web browser downloading dangerous files
- Just in case, back up your important files regularly
A warning on manually removing malware
You should always be very careful about manually deleting malware from your Mac. It’s all too easy to delete the wrong thing and end up making your Mac worse. In some instances, you might mistake a normal process for a virus and then damage macOS for no reason.
If you’re at all unsure, we recommend consulting with an expert. You might be able to speak to Apple itself, if your Mac is under warranty. Plus Apple’s user guides cover subjects like how to protect your Mac from malware. Other helpful resources include MacKeeper’s Premium Services, and third-party repair shops.
For most people, simply being careful about what you download and what sites you visit, combined with an antivirus app, will be enough to steer clear of malware. But if you do need to remove a virus from your Mac, don’t panic. If you’ve been backing up, you can always factory reset your Mac and start again.