Gone are the days when buying a Mac meant your computer was immune from viruses. We are seeing an increase in the number of Macs infected with viruses, mostly adware. Remember, prevention is your best defense!

Symptoms of infection with adware or viruses

  • Your search engine or home page has been changed without your consent to Ask, Bing, Yahoo, or an unknown site
  • Advertising banners have appeared under the Google search bar and elsewhere
  • Web applications like MyMathLab or an eBook site are not working properly
  • Unwanted adware programs are installed without your knowledge; for example, MacKeeper, Search Conduit, or TuneUpMyMac
  • Browser popups appear recommending fake updates or other software

Adware prevention

Be proactive by following these prevention tips, but if you notice any symptoms of infection, go the Malware Removal section of this article.

  • Set your security to allow downloads only from approved apps from the Mac App Store. Open System Preferences > Security & Privacy, and under “Allow apps downloaded from” place a check box in front of Mac App Store and identified developers.
  • Do not go to unfamiliar sites to watch movies or TV shows. If you find yourself on one of these sites, do not install any programs, even if it says your Mac is not safe or you need a plug-in to continue
  • Install software only from that software’s official page (avoid CNET or other download sites).
  • Be careful when installing software because it might include bundled, unwanted software. Always choose the custom installation and uncheck anything that is not familiar, especially optional software or toolbars which would put ads on your computer.
  • If you have the slightest feeling that you do not trust a piece of software, check with helpdesk@gps.edu first.
  • Stay away from Mac “protection software” like MacKeeper or TuneUpMyMac.
  • Avoid clicking on popups. If you can’t get out of a popup or window, attempt a Force Quit by holding down the OptionCommand-Esc (top left of keyboard) keys together, select your browser, and click the Force Quit button. Additional information on quitting an unresponsive application is here.

Download Malwarebytes malware removal software

  1. Set System Preferences to allow downloads from anywhere
    • Click on the Apple icon (top left of your screen) > System Preferences.
    • Click Security & Privacy. Click the lock at the bottom and login to allow changes. Under Allow Apps From: click Anywhere.
    • Change this back to Mac App Store and Identified Developers when you are done with Malwarebytes installation.
  2. Download the Malwarebytes installer
    • Click here to open the Malwarebytes download site for Mac. Click Download. A new window will open while it downloads.
    • Once the download has finished, open your downloads and double click the installer 
    • Drag the Malwarebytes icon on top of the applications folder and let go. This copies Malwarebytes to your applications folderScreen Shot 2016-07-24 at 10.03.25 AM
  3. Install the Malwarebytes application
    • Open Finder, click Applications, and double-click the application Screen Shot 2016-07-24 at 10.12.07 AM
    • or click the Launchpad and click the Malwarebytes icon to begin installation
    • Click OpenScreen Shot 2016-07-24 at 10.04.08 AM
    • Click the Scan button and follow directions for removalScreen Shot 2016-07-24 at 10.04.26 AM
    • Empty the trash

Restart your Mac, then click Finder > Empty Trash (or right-click your trash icon on the dock) to permanently remove the files.

Check your Results

Open Safari or Chrome, do a search, and make sure you do not have popups or the wrong search engine (such as Ask.com or Bing). If you are still having problems, please bring your Mac to the IT department for help, or submit a help desk request by clicking here,

Other Steps to Take

Follow these additional steps to remove malware/adware.

Check browser settings and extensions (Safari, Chrome, Firefox)

Follow these steps to make sure that your homepage, search engine, and browser extensions are the ones you choose.

Check your homepage

Safari: Open Safari and click on the Safari menu next to the Apple icon.  Click Preferences, then click the General tab. Make sure that the “New Tab Opens with” Homepage field contains the website you want. If not, type in the address (URL) of the website your prefer, for example, https://www.google.com.Screen Shot 2016-07-24 at 10.36.55 AMChrome: Open Chrome and click on the Customize and Control icon (top right)  Screen Shot 2015-01-30 at 10.54.18 AM, then Settings > On startup > Open a specific page or set of pages. Click Set Pages to specify a home page.
Firefox: Click on the Menu icon (top right)  Screen Shot 2015-01-30 at 10.54.18 AM, then Preferences > General tab > type in your desired home page.

Check your preferred search engine
 

Safari: Open Safari and click the Safari menu > Preferences > Search. Click the dropdown menu to choose your preferred search engine (e.g., Google).
Chrome: Open Chrome and click on the Customize and Control icon (top right)  Screen Shot 2015-01-30 at 10.54.18 AM > Settings > Search. If the search engine listed is not your preferred, click on Manage Search Engines. Choose the search engine you prefer (e.g., Google) from the dropdown menu. Click Manage Search Engines and click Google to make it the default.
Firefox: Click the Menu icon > Preferences > Search tab. Choose your search engine from the drop-down list. Uncheck alternate search engines that you don’t use under “One-click search engines.”

Check for and delete unknown extensions
 

Safari: Open Safari and click Safari menu > Preferences, then click Extensions. If you don’t want an extension or did not install it, select the extension from the list, then click Uninstall. Examples of ad-injection extensions are Omnibar or Search Conduit.
Chrome: Open Chrome and click on Settings > Extensions (in the list on the left). Click the trash can next to any unknown extension to delete it. Examples of an ad-injection extensions are Omnibar or Search Conduit.
Firefox: Click the Menu icon > Add-ons > Extensions > If you don’t want an extension or did not install it, select the extension from the list, then click Remove.

Check for malware applications
 

Open Finder Screen Shot 2015-02-25 at 11.51.26 AM, click on your Applications folder and drag the following applications to the trash, if present: MacKeeper, Search Conduit, Tuneupmymac, or Submarine. Caution: do not delete other applications, even though they may sound unfamiliar.Empty the trashRestart your Mac, then choose Finder > Empty Trash (or right-click your trash icon on the dock) to permanently remove the files.

Check your Results

Open Safari or Chrome, do a search, and make sure you do not have popups or the wrong search engine (such as Ask.com or Bing). If you are still having problems, please bring your Mac to the IT department for help, or submit a help desk request by clicking here,


Print this article