Apple-approved malware has arrived, leading experts to wonder if more is on the way. In a blog post, Patrick Wardle, Principal Security Researcher at Jamf, said malicious adware accidentally. MacOS has many features that help protect your Mac and your personal information from malicious software, or malware. One common way malware is distributed is by embedding it in a harmless-looking app. You can reduce this risk by using software only from reliable sources.

Oct. 1, 2020

It’s possible to remove malware from a Mac or PC by running a scanner and taking steps to fix your web browser. Here’s our step-by-step guide to removing malware from your computer.

How to remove malware from a Mac

Step 1: Disconnect from the internet

Virus Scanner For Mac

Disconnecting from the internet will prevent more of your data from being sent to a malware server or the malware from spreading further. So stay offline as much as possible if you suspect that your computer has been infected. If you need to download a removal tool, disconnect after the download is complete and don’t connect again until you are sure that the malware has been removed.

Step 2: Enter safe mode

Safe mode, often referred to as safe boot, is a way to start your computer so that it performs checks and allows only the minimum required software and programs to load. If malware is set to load automatically, this will prevent the malware from doing so, making it easier to remove. To enter safe mode:

1. Start (or restart) your Mac, then immediately press and hold the Shift key. The Apple logo will appear on your display.
2. Release the Shift key when you see the login window (if you are asked to log in twice, learn more about what to do here).

Disclaimer: Avoid logging into accounts during malware removal

Be careful to not expose passwords though a copy-paste function or by clicking a ‘show password’ box if you suspect your computer has been infected. Keylogger viruses are a common component of malware, which run invisibly and are designed to capture your keystrokes. To avoid sharing your personally identifiable information, refrain from logging into sensitive accounts while your device is infected.

Step 3: Check your activity monitor for malicious applications

If you know that you’ve installed a suspicious update or application, close the application if it’s running. You can do so by using your activity monitor. This shows the processes that are running on your computer, so you can manage them and see how they affect your computer’s activity and performance.

Malware can take up resources on your computer, so check the CPU tab to see which applications are working the hardest. If you are able to find the suspicious application, you can close out of it through your activity monitor and then delete the application from the Finder menu. To check your activity monitor:

In Finder, click → Applications → Utilities → Activity Monitor → Select Application → Quit

Step 4: Run a malware scanner

Fortunately, malware scanners can remove most standard infections. It’s important to keep in mind that if you already have an antivirus program active on your computer, you should use a different scanner for this malware check since your current antivirus software may not detect the malware initially. If you believe your computer is infected, we recommend downloading an on-demand scanner from a reliable source and then installing and running security software which provides protection against existing and emerging malware, including ransomware and viruses.

Step 5: Verify your browser’s homepage

It’s common for malware to modify your web browser’s homepage to re-infect your Mac. Check your homepage and connection settings using the steps below for common browsers. Note that you will need to connect your computer to the internet to complete the following steps.

To verify your homepage on Chrome:

1. In the top right corner of your Chrome browser, click More → Settings.
2. Select the dropdown menu in the “Search engine” section.
3. Verify your default homepage.

To verify your homepage on Safari:

1. In the top left corner of your screen, select Safari → Preferences → General.
2. Next to “New windows open with” and “New tabs open with,” select Homepage.
3. Next to “Homepage,” you will verify your default homepage.

Step 6: Clear your cache

After you’ve verified your homepage setting, you should clear your browser’s cache. This is a temporary storage location on your computer where data is saved so your browser doesn’t need to download it each time. Follow these steps below to learn how to clear your cache for Chrome and Safari.

To clear your cache on Chrome:

Select Chrome → History → Clear Browsing Data → Time Range → All Time → Clear Data.

To clear your cache on Safari:

Select Safari → Preferences → Privacy → Manage Website Data → Remove All.

How to remove malware from a PC

Step 1: Disconnect from the internet

Disconnecting from the internet will prevent more of your data from being sent to a malware server or the malware from spreading further.

Step 2: Enter safe mode

If malware is set to load automatically, this will prevent the malware from loading, making it easier to remove. To enter safe mode:

1. Restart your PC.
2. When you see the sign-in screen, hold down the Shift key and select Power → Restart.
3. After your PC restarts, to the “Choose an option” screen, select: Troubleshoot → Advanced Options → Startup Settings.
4. On the next window, click the Restart button and wait for the next screen to appear.
5. A menu will appear with numbered startup options. Select number 4 or F4 to start your PC in Safe Mode.
   

Disclaimer: Avoid logging into accounts during malware removal

To avoid sharing your personally identifiable information, do not log into sensitive accounts while your device is infected.

What Is P Malware On Mac

Step 3: Check your activity monitor for malicious applications

If you know that you’ve installed a suspicious update or application, close the application if it’s running. Your activity monitor shows the processes that are running on your computer, so you can see how they affect your computer’s activity and performance.

In Type to search type → Resource Monitor → Find End Task → Right Click → End Process

Step 4: Run a malware scanner

Luckily, malware scanners can remove many standard infections. But remember that if you already have an antivirus program active on your computer, you should use a different scanner for this malware check since your current antivirus software may not detect the malware initially.

Step 5: Fix your web browser

Malware is likely to modify your web browser’s homepage to re-infect your PC. Check your homepage and connection settings using the steps below for common browsers.

To verify your homepage on Chrome:

4. In the top right corner of your Chrome browser, click More → Settings.
5. Select the dropdown menu in the “Search engine” section.
6. Verify your default homepage.

To verify your homepage on Internet Explorer:

1. Select the Tools icon.
2. Click Internet options.
3. In the General tab, find the “Search” section and click Settings.
4. Verify your default homepage.

Step 6: Clear your cache

After you’ve verified your homepage setting, it’s imperative to clear your browser’s cache. Follow these steps below to learn how to clear your cache for Chrome and Internet Explorer.

To clear your cache on Chrome:

History → Clear Browsing Data → Time Range → All Time → Clear Data.

To clear your cache on Internet Explorer:

Tools → Safety → Delete browsing history.

What if malware removal is unsuccessful?

If malware removal is unsuccessful, sometimes the only way to be sure your computer is free of malware is to entirely reinstall the operating system and your applications or programs from scratch. Before wiping your hard drive, backup all your files to an external drive and consult Apple support or Microsoft support before beginning the process. Learn how to erase your startup disk prior to reinstalling MacOS in the steps below:

To reinstall MacOS:

Restart the Mac and hold down Command-R after the startup chime sounds → Select Disk Utility → Erase.

To reinstall Windows:

Follow the factory restore options. Windows gives you the option to keep your files or remove everything.

Select the Start button → Settings → Type Recovery Options → Reset this PC → Get started → Remove everything

How to tell if your device has been infected with malware

Some of the tell-tale signs of your device being infected with malware include:

• Changes in your device behavior: for example, unusual ads or pop-up windows may begin to appear, even when you’re not surfing the web.
• Your device may begin to run more slowly.
• Your device may suddenly lack storage space.
• Your browser behavior or homepage appearance may change.
• Ads may pop up featuring inappropriate content and flashing colors. They may also block whatever content you’re trying to view.

Malwarebytes Free Mac

How to help protect your devices from malware

Malware or viruses get on your computer in a handful of ways, so it’s a good idea for computer owners to develop good online habits to avoid an infection. Use our best practices below to help protect your computer:

• Avoid suspicious emails, links, and websites. Sometimes malware or viruses are disguised as an image file, word processing document, or PDF that you open. Additionally, if you find a strange new file on your desktop, do not open it.
• Clear your downloads and empty your trash often. If you’ve deleted downloads or moved suspicious files to the trash, empty the trash immediately after.
• Create strong passwords. Once you’re sure the computer virus infection has been cleaned up, change all your passwords, using unique combinations of letters, numbers, and symbols. Don’t use words found in the dictionary since they can be cracked via a dictionary attack. To help create, manage, and securely store all your passwords, consider using a password manager.

Malware is a dangerous threat to the data that computer owners store on their PCs and Macs. New types of malware are being discovered frequently, and the profitable nature of some types of malware can make it especially attractive to cybercriminals around the globe. It’s important to exercise good online habits and understand the signs of a malware infection.

Malwarebytes

If you suspect your computer is infected, act as soon as possible to prevent the spread of malware and protect your personal information.

30 days of FREE* comprehensive antivirus, device security and online privacy with Norton Secure VPN.

*Terms Apply

Copyright © 2021 NortonLifeLock Inc. All rights reserved. NortonLifeLock, the NortonLifeLock Logo, the Checkmark Logo, Norton, LifeLock, and the LockMan Logo are trademarks or registered trademarks of NortonLifeLock Inc. or its affiliates in the United States and other countries. Firefox is a trademark of Mozilla Foundation. Android, Google Chrome, Google Play and the Google Play logo are trademarks of Google, LLC. Mac, iPhone, iPad, Apple and the Apple logo are trademarks of Apple Inc., registered in the U.S. and other countries. App Store is a service mark of Apple Inc. Alexa and all related logos are trademarks of Amazon.com, Inc. or its affiliates. Microsoft and the Window logo are trademarks of Microsoft Corporation in the U.S. and other countries. The Android robot is reproduced or modified from work created and shared by Google and used according to terms described in the Creative Commons 3.0 Attribution License. Other names may be trademarks of their respective owners.

According to a study done by Kaspersky, the Shlayer malware is the most popular malware that attacks Macs nowadays. When a Mac is infected with the malware through fake Adobe Flash updates, the Any Search bar is installed and deployed on the computer of the victim. But what is this Shlayer malware on Macs all about?

What Is Shlayer?

You may ask, “Is Shlayer a virus?” The answer is YES.

Shlayer is a type of Trojan virus designed to distribute different adware, launch fake search engines, and install potentially unwanted applications. Although it is usually disguised as an Adobe Flash Player installer, it may take other forms, such as software cracking tools, as well.

What Is A Virus On Mac

Once Shlayer makes it to a Mac, it causes a plethora of problems, including invasive advertisements that point to malicious sites and run scripts that download malware and fake-search engines that collect sensitive information, such as IP addresses, pages viewed, geo-locations, and other personal details, from users.

It is believed that this virus can be acquired by visiting Torrent sites that flash various intrusive ads and entice you to download deceptive files. Don’t worry, though. No matter how damaging this Trojan virus may be, you can always get rid of it or prevent it from harming your Mac.

How to Remove Shlayer from Macs

If you suspect that this malicious Trojan virus has harmed your Mac, below are some Shlayer removal methods you can try:

Method #1: Remove Shlayer Without the Use of Any Third-Party App

Yes, it is possible to remove Shlayer without the involvement of any third-party app. First, you need to uninstall any suspicious apps using Finder. And then, delete the Trojan from Safari, Firefox, and Chrome.

Delete Any Suspicious Apps Using Finder

Regardless of your macOS version, the process of removing malware and adware is generally the same. Here is a step-by-step guide:

1. Open Finder and select Applications.
2. At this point, a list of all installed apps on your Mac will open. Go through the list and remove any unknown and suspicious-looking apps. Right-click on any dubious app and click Move to Trash. Alternatively, drag the app to the Trash folder.

Delete the Shlayer Trojan from Safari, Firefox, and Chrome

Are random pages opened upon the launch of your web browser? Are intrusive ads popping at random while browsing the web? Then it is likely that the Shlayer Trojan has attacked your Mac.

The Shlayer Trojan may change your web browser’s settings without your knowledge. You may even be redirected to a suspicious website and see additional toolbars and extensions. But it’s no reason to panic. What you should do is revert your browser’s default settings.

To delete the Shlayer Trojan from Safari, here’s what you should do:

1. Open Safari.
2. Click on its menu and choose Preferences. This will launch the Safari Preferences window.
3. Navigate to the Extensions tab and look for any suspicious extensions installed. If you find one, click on it and hit Uninstall. Do this with all other dubious extensions on Safari.
4. Once done, navigate to the General tab. Change the value under Default Search Engine to Google.

To delete the Shlayer Trojan from Mozilla Firefox, here’s what you should do:

1. Launch Mozilla Firefox.
2. Click on the Menu button.
3. At this point, a drop-down menu should display on your screen. Click the question mark (?) icon.
4. Select Troubleshooting Information. If you cannot see this option, type about:support into the address bar and hit Enter.
5. Choose Refresh Firefox.
6. You will be asked to confirm your action. Click Refresh Firefox again.
7. Mozilla Firefox will now begin to fix any issues that are triggered by the Shlayer Trojan. Once done, hit the Finish button.

To delete the Shlayer Trojan from Google Chrome, here’s what you should do:

1. Launch Google Chrome.
2. Click the three-dotted menu and choose More Tools.
3. Go to Extensions.
4. Go through the list of extensions currently installed on Google Chrome. If you see an add-on that is signed with Installed by your administrator or Installed by enterprise policy, then remove it.
5. Next, open the three-dotted menu again and select Settings.
6. Scroll down and click Advanced.
7. Look for the Reset section and hit Reset.
8. Chrome will now begin the clean-up process. Once it is finished, its search engine, new tab page, and home page settings will be set back to their respective default values.

Method #2: Remove the Shlayer Trojan Using Antivirus Software

If you wish to remove the Shlayer Trojan the quick and easy way, then install an antivirus tool. You can always get one for free, but make sure that you download antivirus software from the website of its official developer to avoid problems in the long run. With legit and reliable antivirus software, browser hijackers, unwanted programs, adware software, and Trojans won’t stand a chance.

Method #3: Remove All Potentially Unwanted Applications (PUAs)

The Shlayer Trojan can disguise itself as a potentially unwanted application, so be sure your Mac is free of any PUAs.

To remove PUAs from your Mac, follow these steps:

1. Click Finder to open a Finder window.
2. Choose Applications.
3. In the window that opens, look for NicePlayer, Mplayer, or other suspicious apps. If you see one, drag it to Trash.
4. Now, scan your Mac to check if there are still unwanted components associated with the suspicious apps.

Method #4: Remove All Shlayer Trojan-Related Files and Folders

Do you think there are still Shlayer Trojan-related files and folders hiding on your Mac? Then here’s what you should do:

1. Click Finder and navigate to Go > Go to Folder.
2. In the text field, input /Library/LaunchAgents.
3. Look for any suspicious files and move them to Some files you need to find are the following:
   • Installmac.AppRemoval.plist
   • Myppes.download.plist
   • Mykotlerino.ltvbit.plist
   • Kuklorest.update.plist
4. Next, go to the /Library/LaunchDaemons folder.
5. Look for any suspicious files and move them to Trash. Examples of these files are:
   • com.aoudad.net-preferences.plist
   • com.myppes.net-preferences.plist
   • com.kuklorest.net-preferences.plist
   • Com.avickUpd.plist

How to Prevent the Installation of Shlayer

To prevent the installation of Shlayer and other potentially harmful applications, pay caution when browsing the web, especially when downloading, updating, or installing software. Always remember that intrusive advertisements are often disguised as legitimate ones. Once clicked, they will only redirect you to suspicious websites.

What Is Malware On Mac

In the event that you download dubious apps or extensions, remove them right away. Should there be a need to update an application, make sure you download the required updates from the official website of the app’s developer.

Also, be sure to have a trusted anti-malware tool installed and running on your Mac. It will help detect and eliminate viruses and malware entities before they cause harm to your Mac.

Wrapping Up

Now, your Mac should be free of the annoying Shlayer Trojan and other possible threats. Again, the key to Mac safety is caution. As long as you think before you click, then your files and data will remain safe.

Do you know other ways to remove the Shlayer Trojan? Let us know in the comments!

What Is Malware On Mac Pro