How to Remove Malware from Mac

The longer a virus is on your Mac, the more damage it can do and the more data it can steal. To rid your machine of potential threats fast, use MacKeeper’s Antivirus tool. As well as constant, real-time protection, you can run on-demand scans at any time.

Download MacKeeper

System Requirements: macOS 10.11 or later

60+ million downloads

AV-TEST certified

AV-TEST is an independent lab that checks the effectiveness of antivirus apps against real malware samples.

Notarized by Apple

Notarization by Apple is a security measure to check if software is free from malicious components.

Trustpilot is an independent digital platform that hosts insightful and honest consumer reviews.

Written by Yana Khodun

Updated: November 15, 2024

In this article you will find the following:

Despite what some people think, Macs can and do get viruses and other malware. If it happens to your Apple computer, you might notice it working slower than usual. Mac malware might also cause system instability or other unpredictable behavior, including issues with your web browser.

If your Mac is infected, how do you get rid of malware and give your system a clean bill of health? In this guide, we’ll explore some of the most practical Mac malware detection and removal measures you can take.

How to tell if your Mac has a virus

Sometimes, malware will do its best to remain undetected. Other times it will be more obvious, and that can be by design or a side effect that the virus coders never intended. Either way, there may be warning signs that help you delete viruses on your trusty Macintosh.

Signs of malware on Mac

Whether you have an iMac, MacBook, or Mac mini, malware can result in these kinds of symptoms:

An unusually slow Mac, particularly if the slowdown happens suddenly
Your Mac freezes up or restarts unexpectedly
Your web browser changes its home page and/or search engine
Files and folders won’t open
Frequent error messages pop up on your Mac
One or more processes take up all your RAM and/or CPU resources
Disk space mysteriously disappears.

These symptoms can be caused by legitimate things, like background downloads or software conflicts. If you’re looking to clean viruses from your Mac, you need a reliable way of checking the cause of unwanted behavior.

A note from our experts

Here’s how to protect your Mac with MacKeeper’s Antivirus:
Open MacKeeper, and click Antivirus in the sidebar
Click Start Scan
If the scan finds anything suspicious, select it from the results list
Click Delete, and then Delete to confirm.
MacKeeper can handle viruses, trojan horses, spyware, and more. Download it today, and try these and other features out for yourself.

How to get rid of viruses on Mac

Now that you know about detecting viruses on your Mac, it's time to discuss the best steps for removing malware. Here's how to get rid of viruses on Mac:

1. Disconnect from the internet

Malware is often designed to connect to the internet—sending stolen information to criminals, using your machine to send spam emails, or just spreading itself further. If you’re trying to get rid of a potential threat detected on your Mac, it’s a good idea to disable your internet connection.

Here’s how to disable Wi-Fi on a Mac:

In System Settings, click Network
Select Wi-Fi
Click the toggle to turn off Wi-Fi.

It's a good idea to turn off your Wi-Fi to stop malware from connecting to the internet to send stolen information from your Mac. — **Step 1. Select Network in System Settings**

To turn off your Wi-Fi, open the Wi-Fi settings. You can see if it's currently connected or not by looking for a green or red circle. — **Step 2. Open Wi-Fi settings**

Turning Wi-Fi on and off is simple. You just click the toggle/slider to activate and deactivate your Wi-Fi connection. — **Step 3. Turn off Wi-Fi**

How to disable Ethernet on Mac:

In System Settings, click Network > Ethernet
Click Make Inactive.

Similar to when you turn off Wi-Fi, you can deactivate your Mac's Ethernet connection from your System Settings. Just click Ethernet. — **Step 1. Go to Network > Ethernet in System Settings**

Turning off your Ethernet is as simple as click the 'Make Inactive' button. To reverse the process, just click the button again, and Ethernet will automatically reconnect. — **Step 2. Click Make Inactive**

To be doubly sure you’re not connected to the internet, you could unplug your Ethernet cable.

2. Reboot into safe mode

Sometimes, malware is difficult to remove, because it loads up as soon as macOS starts. But if you boot into safe mode, you might be able to remove this malware, because it’s designed to load only the files and apps macOS needs to run. Safe mode also deletes some system caches, so they can be rebuilt again automatically.

How to boot into safe mode on an Intel Mac:

Hold down Shift as soon as your Mac turns on or restarts
When you see the login window, take your finger off the Shift key
Log in using your usual details
You should see Safe Boot in the top-right corner of the login screen.

How to boot into safe mode on an Apple Silicon Mac:

Shut down your Mac. Press and hold the power button for 10 seconds
Release it when you see the startup options window
Choose your startup disk, then hold down Shift
When prompted, click Continue in Safe Mode and release the Shift key
Log in, and you should find your Mac in safe mode.

Hint from our team:

To check safe boot is on, follow these steps:
Click the Apple logo in the top-left of your screen
Go to About This Mac > More Info > System Report > Software
Check Boot Mode says Safe. Be aware, this process is slightly different in older versions of macOS like Catalina.

If your Mac is now running normally, then there’s either malware on it that doesn’t load in safe mode, or you have some other kind of software-related problem. If you know what you’re looking for, you can try deleting suspicious files, extensions, and so on. Reboot your Mac normally and see if your problem has been fixed.

3. Find suspicious processes in Activity Monitor

If you suspect malware on your Mac, start by checking Activity Monitor. This built-in macOS tool shows you what’s running on your Mac, including in the background. If anything is taking up a lot of CPU cycles or RAM, it could be malware, and Activity Monitor can help with finding it.

Here’s how to check Activity Monitor for macOS malware:

Open Activity Monitor from Applications > Utilities. Click the CPU tab, then click the % CPU column to sort processes by most CPU used. Look for processes you don’t recognize that are using a lot of processing power
Do the same with the Memory column in the Memory tab, Bytes Written in the Disk tab, Sent Bytes in Network.
Take note of anything that seems suspicious and Google it. If it’s malware or something else you don’t want, double-click on it in Activity Monitor and click Quit. Then click Force Quit to kill the process.

Open Activity Monitor from Applications > Utilities, then sort the CPU tab by %CPU, and you can see what's using your processor the most. — **Step 1. Use Activity Monitor to detect suspicious CPU usage**

After checking CPU usage, also check the other tabs of Activity Monitor, including memory and disk. Malware may result in higher usage than normal. — **Step 2. Check memory, disk, and network use too**

If you see anything suspicious, you can force it to quit. Bear in mind, though, this doesn't remove that process from your Mac, and it may start up again. — **Step 3. Quit any suspicious processes**

Stopping a process doesn’t eliminate it. It might start up again immediately or when you restart your Mac.

4. Remove malicious programs

If an app is causing suspicious activity on your Mac, you should remove it by uninstalling that app. This might not remove malware from a Mac completely, but it's an important step. If you suspect an app is unsafe, check out our guide on how to remove a trojan virus.

This is the normal way of uninstalling apps on a Mac:

In Finder, navigate to your Applications folder. If you see anything suspicious, right-click it and select Move to Trash.
Now right-click your trash, and select Empty Trash.

The default way of removing apps from your Mac is to send them to your trash or bin. Note that they aren't completely deleted at this point. — **Step 1. Move unwanted apps to your trash**

To fully delete programs, you need to empty your trash or bin. You can do that by right-clicking the trash icon and selecting Empty Trash or Bin. — **Step 2. Empty your trash**

Note from our experts:

You can also uninstall apps with MacKeeper’s Smart Uninstaller. Our tool will also delete files that would normally be left behind, which is vital when doing a virus cleanup. Download MacKeeper and try it yourself.

A warning on manually removing malware

Be very careful when manually deleting malware from your Mac—you may delete the wrong thing and make your Mac worse.

If in doubt, you may want to contact Apple support. You can also get support from MacKeeper’s Premium Services—as an alternative to quickly solve your user's concern.

5. Delete Mac malware from your Login Items

Malware is often designed to launch when computers start up. On a Mac, you may find these are listed in the Login Items part of System Settings. Follow these steps to check:

Open System Settings, and select General > Login Items
Look through the list for anything suspicious. Select what you want to remove, and click the minus button
Restart your Mac, and then check to see if the suspicious Login Item didn’t reinstall itself.

In System Settings, select General, then Login Items. From here you'll be able to stop processes from starting with macOS. That may include malware. — **Step 1. Go to General > Login Items**

To remove a login item, you just select it from the list, then click the minus button. That process should no longer load at boot time. — **Step 2. Select a login item and remove it**

Unfortunately, the standard Login Items tool doesn’t show absolutely everything that starts with macOS. To find and stop these hidden items, use MacKeeper’s Login Items tool to find a wider variety of startup processes.

6. Run an antivirus app

A good antivirus app can scan your entire Mac quickly and check every single file against a vast database of threats and suspicious behavior. MacKeeper Antivirus is one such app, which makes it easy to find and get rid of Mac malware.

How to run an antivirus scan on Mac with MacKeeper:

Select Antivirus from the sidebar
Click Start Scan, and wait for the virus scan to complete
Check the results, in case of false positives. Then click Delete > Delete.

MacKeeper's Antivirus offers both real-time and on-demand scanning. To start a scan, open the tool, then click the Start Scan button. — **Step 1. Select Antivirus and start a scan**

If MacKeeper finds any malware, you simply have to select it from the list, then click the Delete button to start the removal process. — **Step 2. Select malware and click Delete**

Finally, click the Delete button to confirm that you want to permanently delete the selected file. Note that it cannot be restored. — **Step 3. Confirm that you want to delete malware**

How to clean viruses from Mac automatically

Although it’s possible to manually identify and remove malware from your Mac, it’s not the best way to deal with the problem. It’s time-consuming and difficult, and there’s a chance you might delete something you need. With the right tools, you can find and remove malware automatically in just a few minutes.

7. Verify your browser’s homepage

A favorite trick of malware creators is taking over people’s web browser homepages. Doing so, they can serve you ads or notifications that they get paid for—or in worse cases, direct you to other sites, which may install even more malware.

Using Safari, there are a few things you can do to check your homepage hasn’t been affected:

Click the address bar to reveal the full URL and make sure it’s accurate
In the menu bar, select Safari > Settings
In the General tab, check what it says next to the Homepage. If it’s wrong, change it.

If you click on the address bar in Safari, you can see the whole URL. This will reveal if you're on a fake site or not connected via HTTPS, which offers encryption. — **Step 1. Click the URL to check it**

Next, you want to go into Safari's settings, where you can double-check that homepage is right and make changes to it, if you need to. — **Step 2. Go to Safari settings**

Checking your homepage with Chrome is similar:

Double-click the address bar to reveal the full URL, and verify it
Select Chrome > Settings from the menu bar
Click Appearance, and under Show Home button, check the URL.

If you double-click in the Chrome address/search bar, you'll see the current site's full URL. Do this when you're on your normal homepage and check it's right. — **Step 1. Click the Chrome search bar to see the full URL**

To doubly sure everything is as it should be, go to Chrome's settings, where you'll be able to check exactly where the home button will send you. — **Step 2. Open Chrome's settings**

Under Appearance > Show Home button, you'll be able to set where the home button sends you. If the URL is wrong, you can change it here. — **Step 3. Check the homepage is right**

In cases of serious infection, your homepage may still get redirected, and it won’t be fixed until you delete the virus from your Mac.

8. Clear your cache

There are various caches on your caches. Individual apps and web browsers have their own caches, but there’s also system cache. Clearing these temporary files out can help you remove all traces of malware from your desktop or laptop Mac.

Follow these steps to manually clear caches on your Mac:

In Finder, select Go > Go to Folder from the menu bar
Type in ~/Library/Caches/ and press return
You can now see cached files for many of the apps on your Mac
Delete the contents of a folder to clear the cache.

Use the macOS 'Go' function to go directly to the caches folder on your Mac. There are system caches, but it's safe to change user caches. — **Step 1. In Finder, select Go > Go to Folder**

Type in '~/Library/Caches', then press Return. This will take you directly to your user cache files, which covers multiple apps on your Mac. — **Step 2. Use Go to get into your Mac's caches**

In this folder, you'll see the cached files created by many of the apps installed on your Mac. Deleting these files will clear those caches. — **Step 3. Look through the different app caches**

If you know what you can safely delete, you simply send those files to your trash and empty it, as you would with any other files you want to delete. — **Step 4. Delete anything you know is safe to remove**

While manually deleting cached files manually may work, it’s not always clear what you’re deleting, so there’s a risk you could mess something up. Avoid that risk with MacKeeper’s Safe Cleanup—in just a few clicks process to find and remove cached data.

9. Delete suspicious browser extensions

If you’re experiencing problems with your web browser, they could be caused by a rogue extension. Remove any recently installed extensions and any that don’t come from reputable sources. Here, we’ll look at removing extensions from Safari and Chrome, but the process is similar for other browsers like Firefox.

How to remove extensions in Safari:

In Safari, click Safari, from the top menu, and select Settings. In the Extensions tab, select an extension, then click the Uninstall button
Click Show in Finder
Delete the extension like would any other file.

In Safari's settings, you can browse through installed extensions and then remove them. Look for anything that might be malware. — **Step 1. Select an extension and then Uninstall**

After clicking 'Uninstall', you have to click 'Show in Finder'. This will take you to wherever the extension is installed, so you can remove it. — **Step 2. Click Show in Finder**

Now, just delete the extension like any other file, making sure to empty your trash afterwards. This may help you to remove malware. — **Step 3. Delete the extension**

How to remove extensions from Chrome:

In Chrome, select Window > Task Manager
Sort the CPU column to see if any extensions are using a lot of processing power. Do the same with the Memory footprint and Network columns
Now select Window > Extensions from the menu bar
Look through the installed extensions, and click the Remove button on any that seem suspicious.

The Chrome Task Manager can show you the extensions that are running on your Mac and what resources they're using too. — **Step 1. Open the Task Manager**

If you sort the Chrome Task manager output but CPU, you can quickly spot extensions that are using a lot of resources. This may be malware. — **Step 2. Check Task Manager for suspicious extensions**

If you see anything that you want to remove, visit Window > Extensions from the menu bar, to start the process of removal. — **Step 3. Go to Chrome's extensions**

To remove an extension from Chrome, find it in the list, then click the 'Remove' button. Confirm removal, and then it will be gone. — **Step 4. Click Remove to uninstall an extension**

MacKeeper’s Smart Uninstaller doesn’t just remove apps—it’ll also delete extensions, including those installed by malware.

10. Get rid of pop-up ads on Mac

Another symptom of malware infection is an increase in unwanted pop-ups, which can affect browser performance. Thankfully, you can do something to get rid of these annoyances.

To prevent pop-ups in Safari:

In Safari, select Safari > Settings in the menu bar, and go to the Websites tab. In the sidebar, click Pop-up Windows
Use the drop-down menus to block pop-ups.

Select Websites > Pop-Up Windows in Safari's settings. Here you'll be able to any pop-ups that are currently blocked or allowed. — **Step 1. Find pop-up in Safari's settings**

If you see a pop-up you want to block, use its drop-down menu and then select 'Block'. That will stop it bothering you in future. — **Step 2. Choose which pop-up to block**

Follow these steps to block pop-ups in Chrome:

In the menu bar, go to Chrome > Settings, and then Privacy and security > Site settings
Scroll down and select Pop-ups and redirects
Look through the list under Allowed to send pop-ups and use redirects. Click the three dots next to an entry, and select Block.

In Chrome's settings, click 'Privacy and security', then go to 'Site Settings', which lets you control various aspects of website behaviour. — **Step 1. Go to Site settings in Chrome**

Now click 'Pop-ups and redirects'. You'll be able to block and allow sites to serve you with pop-ups. This can prevent malware from bothering you. — **Step 2. Choose Pop-ups and redirects**

Go through the list and choose something to change. Click the three dots, then use the menu to select Block. Pop-ups and redirects will be prevented. — **Step 3. Select a site and block pop-ups**

MacKeeper’s Adware Cleaner makes it even easier to remove the malware that causes unwanted pop-ups. In just a few minutes, this adware remover can get your Mac free of unwanted apps.

11. Resettle the system and restore from a backup

When you’re trying to remove a virus from a Mac, you may want to restore from a backup. Using the Time Machine function built into macOS, you can return your machine to a previously saved snapshot, taken before you picked up the malware.

Assuming you already have Time Machine activated, here’s how to restore from a backup:

Go to System Settings > General > Transfer or Reset
Click Erase All Content and Settings, then follow the on-screen instructions to erase all your user data
When your macOS has been reset and restarted, open Applications > Utilities > Migration Assistant. Click Continue, and enter your system password.
Select From a Mac, Time Machine backup or Startup disk, and click continue
Select your Time Machine backup and click Continue
Choose a backup to restore from, and click Continue. Follow the on-screen instructions to finish the restore.

Removing all your data from your Mac may be enough to remove malware too. Be aware you'll lose all your files and settings if you do this. — **Step 1. Select Transfer or Reset**

In System Settings, choose to 'Erase All Contents and Settings'. Follow all the on-screen instructions to successfully complete this process. — **Step 2. Click Erase All Content and Settings**

Open the Migration Assistant from Applications > Utilities. Enter your username and password when prompted to continue. — **Step 3. Open Migration Assistant**

In Migration Assistant, select 'From a Mac, Time Machine backup or Startup disk', then click the 'Continue' button. — **Step 4. Choose where you want to transfer information from**

In the list, choose the drive where your Time Machine backup is stored. This will usually be an external hard drive. — **Step 5. Choose the drive to restore from**

Choose the Time Machine backup you want to restore. This should be one you made before you got the suspected malware on your Mac. — **Step 6. Select a backup to restore**

12. Wipe your Mac and reinstall macOS

If all else fails, you can wipe your Mac and reinstall macOS. Certainly if you’re unable to boot into macOS at all, this may be the only solution left to you to get a virus off your Mac. To reinstall the OS, you’ll need to get into macOS Recovery.

Enter Recovery on an Apple silicon Mac like this:

Shut down your Mac
Press and hold the power button until you see Loading startup options
Choose Options > Continue, and follow the instructions.

Use these steps to get into Recovery on an Intel Mac:

As soon as you turn your machine on, press Cmd + R
In the Recovery app, select Reinstall for your macOS release, then Continue
Follow the instructions to reinstall macOS.

Check out our guide on factory resetting your Mac for more information.

How to protect Mac from malware

Prevention is, of course, better than cure. If you take the right precautions, you might never have to get rid of viruses on your Mac.

Here are a few ways to protect your Mac from viruses and other malicious software:

Don’t open email attachments from people you don’t know
Don’t visit websites you don’t trust
Avoid piracy websites and services
Use unique, strong passwords
Buy apps from the App Store where possible
Use antivirus with real-time malware protection for Mac
Use an ad blocker to stop your web browser downloading dangerous files
Just in case, back up your important files regularly.

Best way to remove malware from Mac

Without a doubt, the best way to remove malware is with an automated checker like MacKeeper’s Antivirus. Removing viruses manually is slow, and you need to know what to look for.

With MacKeeper, you can scan your entire Mac quickly and safely delete malware, while keeping the rest of your data untouched. Thanks to its real-time protection, our tool can also help you prevent malware from ever getting on your Mac in the first place.

Use your Mac to the fullest! Sign up and get:

Effective tips on how to fix Mac issues

Reliable advice on how to stay safe online

Mac-world news and updates

Send me exclusive offers and Mac tips

Thank you!

You’ll love exploring your Mac with us.

Oops, something went wrong.

Try again or reload a page.