How to Remove Trojan Horse Virus from Mac

Trojan horses are a common way for malware to infect Macs and other computers. Depending on what kind of payload they come with, Trojans can slow down your computer, copy and compromise your data (e.g. make screenshots, notes of your copy and paste, history etc.), send out spam emails, install ransomware, and more. Think you might have a Trojan horse virus on your Mac? Find and remove it fast with MacKeeper’s Antivirus.

Download MacKeeper

System Requirements: macOS 10.11 or later

60+ million downloads

i

AV-TEST certified

AV-TEST is an independent lab that checks the effectiveness of antivirus apps against real malware samples.

i

Notarized by Apple

Notarization by Apple is a security measure to check if software is free from malicious components.

i

Trustpilot is an independent digital platform that hosts insightful and honest consumer reviews.

How to Remove Trojan Horse Virus from Mac
Written by   Yana Khodun
Updated: March 18, 2025
Published: October 02, 2019

In this article you will find the following:

What is a Trojan virus?

A Trojan or Trojan horse is a type of malware that hides its true intent in some way. As you can probably guess, they get their name from Greek mythology. But instead of an army of Greek soldiers hiding inside a giant wooden horse to gain entry to the city of Troy, these Trojans contain malware. This will be hidden in something that looks innocuous, like an app or an email attachment. Often, it’ll only activate when you try to open the infected file.

 

In the past, Macs simply didn’t get viruses, but those days are well behind us. As Apple computers grow more popular, they become an increasingly popular target for hackers—which means Macs get Trojan viruses just like other systems. In February 2022, Microsoft’s security team discovered malware that was being hidden in seemingly legitimate apps like video tools, as well as in pop-up ads. This Mac Trojan has the power to get around macOS’s security features and can even delete evidence of its own existence.

A note from our experts: 

 

Naturally, the sooner you detect and remove the Trojan virus from your Mac, the better. The less time you’re infected, the less damage this malware can do.

 

Here’s how to detect and remove the malicious hazard from your Mac:

  1. Open MacKeeper, and select Antivirus.
  2. If you use it for the first time, you’ll see the Launch Antivirus button. Click on it for our anti-malware utility to get ready to work.
  3. After it’s relaunched, click Start Scan.
  4. If MacKeeper finds anything, select it from the list and click Delete.
  5. Click Delete again to confirm.
MacKeeper Antivirus will scan your Mac to find malware, including Trojans. Open MacKeeper and click the Antivirus option in the sidebar.
Step 1. MacKeeper > Select Antivirus
If you use MacKeeper's Antivirus to detect and remove a Trojan virus on Mac for the first time, you’ll see the Launch Antivirus button. Click on it for our anti-malware utility to get ready to work.
Step 2. Click on Launch Antivirus
In the Antivirus section of MacKeeper, click the start scan button. This will initiate a virus scam which you can use to detect Trojans.
Step 3. Click Start Scan
When the scan is finished in MacKeeper, review the results. If any Trojans or other malware are found on your Mac, you'll see them here.
Step 4. Review the scan results > choose the hazard > Delete

How do you know if your Mac is infected with a Trojan virus?

By definition, a Trojan tries to remain hidden—at the very least, until it’s time to drop its payload. When that happens, you may notice some of the classic signs of malware infection.

 

Signs your Mac might have a Trojan virus:

  • Abrupt changes in your Mac’s productivity or slow performance
  • Crashes and freeze-ups
  • Files show the strange changes in the date of modified (the changes you didn’t make on your side)
  • Unfamiliar folders or files in different locations
  • Your antivirus is disabled
  • More pop-ups
  • Your web browser gets redirected

How to detect a Trojan virus on Mac

You can detect Trojan virus on Mac if you have some performance issues and other suspicious activity can mean you’re potentially carrying malware, they’re just one part of the puzzle. If you know what you’re looking for, you can manually search for malware and then try to delete it. But to truly tell if there’s a Trojan on your Mac, you need to check with a malware scanner, such as MacKeeper’s Antivirus.

 

Our tool will search your entire Mac or selected locations, comparing files against a checklist of known viruses, spyware, Trojans, and other malware. To recollect the steps, see a Note from our experts block above.

How to get rid of a Trojan virus on Mac

If you think you suspect or detect a Trojan virus on your Mac, finding a way to remove it is your next task. Here are a few proven ways to clean this malware from your system:

  1. Delete the infected file.
  2. Remove malicious apps.
  3. Reset browser settings.
  4. Remote malicious extensions.
  5. Use antivirus software.
  6. Load a Time Machine backup.
  7. Factory reset your Mac.
  8. Recover your Mac with Terminal backup.

1. Delete the infected file

When a Trojan virus infects a Mac, it can leave malicious files in all kinds of places. If you can find these unwanted files, you can manually delete them, which may be enough to prevent the malware from doing any more damage—if you’re lucky.

 

There are a few common places to check for Trojan viruses:

  1. In Finder, select Go > Go to Folder. Type in ~/Library, and press Enter.
  2. Among folders to check, start with Application Support. If you spot any malware, drag it to trash, and empty your trash.
  3. Next, check your Login Items. You’ll find these in the Launch Agents. Delete anything suspicious.
  4. Now, use Go to Folder to navigate to the system Library folder at /Library/. Search the Application Support, Launch Agents, and Launch Daemons folders. Again, delete anything related to the Trojan.
In the macOS menu bar, select Go, then Go to Folder. Use this to navigate to your Library folder. From there, you'll be able to delete any suspicious files.
Step 1. Navigate to your user Libary folder
In the Library folder, open the Application Support folder. Often, malware including Trojans will install viruses into this folder.
Step 2. Check Application Support
Next check the LaunchAgents folder. Look for anything that seems suspicious and drag it to your trash. Empty your trash completely.
Step 3. Check LaunchAgents
You should also look in the system library folder as this may also contain malware installed by a Trojan. Check the Application Support, LaunchAgents, and LaunchDaemons folders.
Step 4. Look in the system Library folders too

Our pro advice to unlock even more hidden files:

 

From our experience, there are a few tricks to make hidden files visible. The first one is to use a Command+Shift+Period shortcut. Another way is to go to Terminal and write the following command here:

 

defaults write com.apple.finder AppleShowAllFiles TRUE

To unlock even more hidden files on your MacBook, go to the Terminal and type the following command: defaults write com.apple.finder AppleShowAllFiles TRUE

Then, continue with one more command to restart Finder

 

killall Finder

To continue, you need to restart Finder. The easiest way to do it is by entering the command in Terminal: killall Finder

Also, you can replace TRUE with FALSE to reach the normal viewing mode.

To reach the normal viewing mode in Terminal on your Mac, change the first command a bit by replacing TRUE with FALSE.

2. Remove malicious apps

If you’ve recently installed an app from an untrusted location, it could be the source of your Trojan. Deleting it may be enough to prevent a Trojan horse virus from causing any more issues, although it’s a long shot. Simply dragging the app to your Bin may work, but it’s much better to use a tool like MacKeeper’s Smart Uninstaller, which will also remove all the leftovers and prevent this undesired element from appearing on your Mac again after a while.

 

To remove apps and their leftovers with MacKeeper’s Smart Uninstaller:

  1. In MacKeeper, select Smart Uninstaller, and click Start Scan.
  2. Click Applications. Select what you want to uninstall, and click Remove Selected.
  3. Click Remove.
MacKeeper's Smart Uninstall feature can remove all kinds of data from your Mac, including apps that may be hiding malware.
Step 1. Start a scan with MacKeeper's Smart Uninstaller
Once you've done a scan in MacKeeper, you'll be able to see all the apps installed on your Mac. Select what you want to remove and then click Remove Selected.
Step 2. Select an app to remove
Finally, confirm that you want to remove the selected apps to permanently delete them from your Mac. In the case of Trojans, this may be enough to avoid further damage.
Step 3. Confirm removal

3. Reset browser settings

Web browsers are one of the main ways Trojans find their way onto Macs. By resetting your browser, you may be able to prevent pop-ups, unwanted redirects, and other dangerous browser behavior. Here, we’ll show you how to reset Chrome and Safari, by far the two most popular browsers for macOS.

 

Follow these steps to clean up Safari and reset its settings:

  1. Select Safari > Settings from the menu bar.
  2. Open the Privacy tab, and click the Manage Website Data button.
  3. Click Remove All, then Remove Now.
  4. Now go to the Advanced tab of Settings and activate Show features for web developers.
  5. In the menu bar, select Develop > Empty Caches.
To reset Safari browser, first thing you need to do is visit the Safari settings. Access is from the Safari menu.
Step 1. Open Safari settings
Once you're in Safari settings, open up the Privacy section, then click the Manage Website Data button next to Website Data.
Step 2. Open Privacy settings
Once you're in Safari settings, open up the Privacy section, then click the Manage Website Data button next to Website Data.
Step 3. Click Remove All
Next go to the Advanced tap of settings, and select Show features for web developers at the bottom of the window.
Step 4. Enable developer features
With the web developer options enabled, you can now select Develop from the menu bar, then select Empty Caches.
Step 5. Empty Safari caches

In contrast, reset Chrome for Mac like this:

  1. Select Chrome > Settings from the menu bar.
  2. In Reset settings, click Restore settings to their original defaults.
  3. Click Reset Settings.
In Chrome, select Google Chrome from the menu, bar, followed by Settings to open up the browser's settings menu.
Step 1. Open Chrome settings
In Google Chrome settings, go to the Reset Settings tab, then select Reset settings to the original defaults. This will completely reset Chrome.
Step 2. Enter the Reset Settings area
To complete the reset. You just need to click the Reset settings button to confirm that you want to return Google Chrome to its default state.
Step 3. Confirm Chrome reset

4. Remove malicious extensions

When removing Trojans from a Mac, you may need to remove potentially dangerous browser extensions too. These may spy on your online activity, download more malware, or cause many other issues.

 

For Safari, you have to manually delete extensions from the Applications folder:

  1. In Safari’s settings, go to the Extensions tab, select an extension, and click Uninstall.
  2. Click Show in Finder.
  3. Send the extension to your trash, then empty your trash.
To remove extensions from Safari you need to manually delete them just like you would other apps. Start by going to Safari settings.
Step 1. Click Uninstall in Extensions
When you click the uninstall button, Safari will ask you to show the extension in a Finder window. Click Show In Finder.
Step 2. View the extension in Finder
Now you just need to manually delete the extension in the Applications folder, just as you would with any other app.
Step 3. Delete the extension

For other browsers, you can automatically remove extensions using MacKeeper’s Smart Uninstaller:

  1. Open Smart Uninstaller in MacKeeper, and click Start Scan. When it’s done, click Browser Extensions.
  2. Expand the browser lists to see what’s installed. Select any extensions to remove and click Remove Selected.
  3. Click Accept and Uninstall.
In MacKeeper's Smart Uninstaller feature, click Browser Extensions to see extensions from third-party web browsers.
Step 1. Click Browser Extensions in Smart Uninstaller
Browse through the list of installed browser extensions and select what you want to remove. Click the Remove Selected button.
Step 2. Select extensions to remove
Finally, review the results, and click Accept and Uninstall to remove the troublesome browser extensions from your Mac.
Step 3. Confirm removal of extensions

5. Use antivirus software

Whenever you suspect there might be malware on your Mac, you should run a virus scan. Good antivirus software scans file bits and bytes, structure, file type recognition, signatures, privileges, and attachments, making it a great way to get rid of a Trojan virus.

 

Here’s how you can run a virus scan with MacKeeper’s Antivirus:

  1. Start MacKeeper, and select Antivirus. Click Start Scan.
  2. Wait for the scan to finish.
  3. If any malware is found, select it, and click Delete, then Delete again.
The easiest way to remove malware like Trojans from your Mac is to use an antivirus tool like one in MacKeeper. Select it from the MacKeeper menu.
Step 1. Open the Antivirus tool
Have to click Start Scan, wait for MacKeeper to complete the antivirus scan. It will update as it goes along if it finds anything.
Step 2. Wait for the scan to finish
When the scanner is done, select any malware that it's found then click the Delete button. Click the next Delete button to confirm removal.
Step 3. Confirm malware removal

6. Load a Time Machine backup

Trying to work out if your Mac has a Trojan and then trying to remove it manually is likely to be tricky. It might be simpler to just load a Time Machine backup, one that was made before you installed the infected file.

 

To restore your Mac from a Time Machine backup:  

  1. Click the Time Machine icon in your menu bar. Select Browse Time Machine Backups.
  2. You’ll see a stack of Finder windows, each of which is a different backup.
  3. Select what you want to restore, and click the Restore button.
You can access your Time Machine backups from the menu bar of your Mac. Restoring from a back up will help you if you have a virus.
Step 1. Access Time Machine from the menu bar
Browse through the available Time Machine backups. Find one that was made before you installed the suspected Trojan on your Mac.
Step 2. View the backups
When you find a backup you want to restore, click the Restore button underneath the desired window in Time Machine.
Step 3. Click Restore

7. Factory reset your Mac

That will return your Mac to all its original settings, wiping everything off it. However, your data won’t be deleted if you reinstall macOS and restore it properly through Time Machine from the Recovery mode.

 

Here’s how to enter Recovery mode on an M1 Mac:

  1. Turn off your Mac. Now, press and hold the power button until you see the Loading startup options.
  2. Click Options > Continue. Enter your admin password if you’re asked for it.
  3. In the Recovery mode, select Reinstall macOS, and click Continue. It’ll ask you to select your storage, agree with the license, and confirm the action—do it all.
Loading startup options window in the Recovery Mode to start the factory reset of your Mac.

Here’s how to enter Recovery Mode on Intel Mac:

  1. Turn your Mac off.
  2. Now, turn your Mac on, and press and hold the command + R buttons as quickly as possible until you see the Apple logo.
  3. Select your account and enter your admin password if you’re asked for it.
  4. In the Recovery mode, select Reinstall macOS, click Continue, and then follow the instructions on the screen.

8. Recover your Mac with Terminal backup

if you have some other data or a specific tuned system on a Mac, and you don't want to start all over, then give a try to another macOS restore approach that promises to restore your system state alongside your data. It presupposes using Terminal and the Recovery mode. As a result, macOS will be restored exactly at that stage that is inside your backup, with your files and settings. In contrast, with Migration Assistant, only certain categories and data partitions are migrated.

 

Also, remember that a backup has been completed even if macOS had some unwanted changes or dodgy apps or was infected at the time of the backup. This means that those files will also be restored, and the virus, if it wasn’t removed, may remain on your device, too.

 

To recover your Mac, do the following:

  1. In the Recovery mode, select Restore from Time Machine. It must be the first option on a list.
  2. Confirm that you would like to restore your system with Continue.
  3. A list of available backups will appear. Select the most appropriate one for you.
  4. In the next window, choose your Mac storage disk and wait till the end of the restore process.
  5. After restoring, your Mac will restart automatically into the restored system if there were no interruptions.
Another way to regain control of your Mac after the Trojan attack is to recover it with Terminal backup. For this, enter the Recovery mode and choose Restore from Time Machine.
Step 1. Recovery mode > Restore from Time Machine > Continue
A list of available backups shall now appear on your screen—sorted by date and time. Select the most appropriate one for you. Then, choose your Mac storage disk and wait till the end of the restore process.
Step 2. Select the preferred restore source option

Important:

 

When you see the following message, it means that macOS versions on a Time Machine backup aren’t compatible with the current Mac.

Sometimes, when you try recovering your Mac with Terminal backup, you can face the error of incompatibility. Look how it looks on the screen and either use a Migration Assistant or proceed with a clean macOS isntall.

As such it won't be possible to restore the macOS state from a backup. Either use a Migration Assistant, or if you want to restore your data on a new unaffected macOS, proceed with a clean macOS isntall.

 

Also, check out our full guide to factory resetting a Mac for more information.  

How to protect Mac against Trojan horses

When it comes to malware, prevention is better than cure. To prevent Trojan horses from getting on your Mac or limit the damage they cause if your Mac is infected, follow our checklist:

  • Never open email attachments from people you don’t know.
  • Avoid unsavory websites that are likely to host malware.
  • Never download or install pirated software.
  • Don’t click on pop-up windows unless you know for sure they’re safe.
  • Install all required and recommended system and app updates only by yourself and only through System Settings/Preferences or automatically through MacKeeper’s Update Tracker.
  • Only download apps from trusted sources, like the App Store and official websites.
  • Make sure you have an antivirus tool with real-time protection, such as MacKeeper.
  • Set up a firewall to prevent malware from dialing out to steal your data—it comes installed on Macs by default.
  • Don’t ignore warning signs—if your Mac is so slow, it’s painful, so think about why.

Choosing the right procedure to remove Trojans

With good security practices and MacKeeper’s Antivirus, removing Trojans from your Mac is easy. You can do a lot of the detection and removal work manually, but it’s a long-winded and complex way to do things. Yes, a lot of Trojans will install files in your Library folders, for example, but they could also be in other places on your Mac. Plus, you have to know what you’re looking for.

 

If you find a Trojan on your Mac, you should remove suspicious apps, extensions, and so on, if you can. You can do that manually or save time with MacKeeper’s Smart Uninstaller.

 

Resetting your Mac will work too, but it’s a drastic option. Before you do that, remove all kinds of malware, including Trojans, in just a few clicks. Check out our viruses list to see other types of malware our tool can deal with.

Use your Mac to the fullest! Sign up and get:
Effective tips on how to fix Mac issues
Reliable advice on how to stay safe online
Mac-world news and updates

Thank you!

You’ll love exploring your Mac with us.

Oops, something went wrong.

Try again or reload a page.

Written By

Yana Khodun

A content lover who aims at telling MacKeeper’s story to the rest of the IT world. Ready to love Apple apps with me?

A content lover who aims at telling MacKeeper’s story to the rest of the IT world. Ready to love Apple apps with me?

Here’s another sign you need to upgrade your macOS ASAP:

30% off your MacKeeper subscription

Сopy the code now and use it in the MacKeeper checkout after the upgrade.

Copy Code

Please be aware that this code cannot be combined with any other discounts, offers, or promotions.

Contents

Unlocked

Looking for real-time protection? Give MacKeeper a go.

Try it now
PC

MacKeeper - your all-in-one solution for more space and maximum security.

Try Now

Read more

How to Password Protect Folders and Individual Files on Mac
How to Password Protect Folders and Individual Files on Mac
Apple Security Alert
Apple Security Alert

Download MacKeeper when you're back at your Mac

or

Please enter your email so we can send you a download link

Check your email on your Mac

Install MacKeeper on your Mac computer to rediscover its true power.

arrow

Run Application

step_1

Click Continue

step_2

Click Install

step_1

Your macOS version is lower than OS 10.11. We’d like to offer you MacKeeper 4 to solve the cleaning, privacy, and security issues of your macOS.