What to do if you think your Mac has a virus

If you are worried you have some kind of malware or virus on your Mac, we are here to help you figure out what’s going on and, if necessary, clean up the damage – all for free. A lot of the websites offering advice on Mac malware removal are companies trying to sell your anti-virus solutions, which makes their tips somewhat biased, but here you can expect impartial advice.

We’ll cover how to check for a virus and how to remove malware from your Mac, getting rid of any viruses that might be lurking. We’ll also explain why it’s probably not a virus thanks to Apple’s stringent protections in macOS, but, if it is, we’ll let you know about the free and cheap options that can protect your from Mac from malware.

Note that in this article we are going to be mixing and matching the terms malware and virus, but they are actually separate concepts. Malware tends to take the form of apps that pretend to do one thing, but actually do something nefarious, such as steal data. Viruses are small discrete bits of code that get on to your system somehow and are designed to be invisible. There are also other types of threat, such as ransomware and adware, and other phishing attempts, where an attempt is made to extract information that can be used to obtain money from you.

We’ll address how to detect and get rid of these types of malware on your Mac in this article.

We also recommend you read our best Mac security tips and our roundup of the best Mac antivirus apps, in which we recommend Intego as our top choice.

How to tell if your Mac has a virus

If your Mac has suddenly become very slow and laggy, started regularly crashing or showing error messages, and the sound of your fans whirring keeps you company, you may be suspicious that you have picked up some Mac malware. Another sign is the sudden appearance of annoying pop-up windows or extra toolbars and applications you don’t remember installing. These are all signs that you might have a virus on your Mac.

It’s not necessarily the case that a virus is to blame though. Mac malware is incredibly rare – Mac viruses do exist, in fact there have been a few notable malware and virus reports in recent years, but there are a few reasons why Mac viruses don’t tend to take hold. One is the stringent protections Apple builds into macOS, another is the fact that it is exceptionally difficult for a virus to propagate itself and spread to other Macs.

Here are some of the symptoms of malware or viruses you might watch out for:

Signs your Mac has a virus

  • Your Mac suddenly becomes sluggish or laggy in everyday use, as if there’s some software running in the background chewing up resources
  • You find there’s a new toolbar in your browser that you didn’t install. Typically these toolbars claim to make it easier to search or shop
  • You find any web searches are unexpectedly redirected away from your usual search engine to some site you’ve never heard of (or the results appear in a page that’s faked up to look like your usual search engine)
  • All web pages are overlaid with adverts – even those where you don’t expect to see adverts, such as Wikipedia
  • Going to your favourite sites doesn’t always work, as if something is randomly redirecting you to spam advertising pages
  • Advertising windows pop up on your desktop, seemingly unconnected with any browsing you’re doing or any program that’s running

If you get any of these symptoms then don’t panic: they don’t necessarily mean you have a malware or virus infection on your Mac. There’s a thousand reasons why a Mac right run slowly, for example.

How to check for viruses on a Mac

If having read the above you are pretty sure that you have a virus or some other form of malware on your Mac then this tutorial should help you address the problem, read on for a guide on what to do if your Mac has a virus, starting off with how to scan your Mac for viruses.

Here’s one thing you definitely shouldn’t do if you think your Mac is infected with malware: don’t Google a description of the problem and install the first thing you find that claims to be able to fix things. Sadly, a lot of software that claims to be able to fix Macs is in fact malware itself, or is simply fake and designed only to make you part with money. These apps can look incredibly convincing and professional, so beware.

Fake antivirus apps like MacDefender (see image above), which hit the headlines a few years ago, might look the part, but are actually malware in disguise.

If you think there is a virus, or some other threat, on your Mac, then there are a few thing you can do, we’ll run through your options below. 

How to scan a Mac for viruses

Using software to run a virus scan on your Mac is the easiest option. Luckily there are lots of apps offering to scan your Mac for viruses – some for free.

One option is the free-of-charge Bitdefender Virus Scanner, which you can download from the Mac App Store. (If you are willing to spend a little cash then the paid-for version of Bitdefender is worth consideration).

  1. Open the Bitdefender Virus Scanner.
  2. Click the Update Definitions button. 
  3. Once that’s completed click the Deep Scan button.
  4. Follow the instructions to allow the app full access to your Mac’s hard disk.

Another option is CleanMyMac X, which offers a virus scan among other features. This option costs £29.95 a year right now (RRP: £34.95), but it is one of our go-to utilities for doing various jobs on the Mac, such as deleting unnecessary files to make space.

  1. Open CleanMyMac.
  2. Click Smart Scan.
  3. Wait while it scans. The results of the scan can be found in the Protection section.
  4. Click Remove to get rid of any malware.

You could use any of the top picks in our roundup of the best Mac antivirus apps. to scan for and remove a virus from your Mac – and the benefit of installing one of these should be that you never get caught out again.

These are great options because they will scan you Mac for viruses and then remove them. But you don’t necessarily need to use a virus scanner to identify or remove viruses on your Mac.

How to remove malware from a Mac for free

If you decide not to use a virus scanner or Mac antivirus, as described above, there are still some ways to clean a virus from your Mac.

You may be wondering if you need to wipe your Mac to remove the virus, or indeed if wiping your Mac will completely remove the virus. It’s possible that you won’t have to go that far – try these steps to clean things up:

  • Time to complete: 1 hour
1.

Update macOS to the latest version

One reason you may not need a Mac antivirus on your Mac is that Apple offers its own protections. For several years now Apple has included invisible background protection against malware and viruses. We cover this in a separate article: Do Macs Need Antivirus Software?

One of these protections is Xprotect. Xprotect is Apple’s built-in malware protection. Xprotect will scan files you’ve downloaded and check them for known malware or viruses. If any are found you will be told the file is infected or damaged. The Xprotect system gives a warning when you download malware that it knows about, and tells you exactly what to do.

Xprotect has been very effective at halting the spread of Mac malware before it can even get started, and is yet another reason why malware or virus infections on a Mac are rare.

Apple updates Xprotect automatically, so you shouldn’t need to manually update macOS yourself to get the latest virus protections. However, if you are running an older version of macOS might not be protected (Apple only supports the past three versions of macOS).

While it’s partially true that updating your Mac software could rid you of a virus, you should note that as good as Apple’s protections are, they may not be enough. Unfortunately some times it takes Apple a few days (or longer) to respond to the latest threat. For that reason it is worth considering an additional antivirus tool to stay safe.

2.

Use Activity Monitor to find viruses on a Mac

If you know for sure you’ve installed some malware – such as a dodgy update or app that pretends to be something else – make a note of its name. You can quit out of that app by tapping Cmd + Q, or clicking Quit in the menu, but note that this won’t stop it from starting up again – in fact it may still be working in the background.

If you don’t have any idea what is causing the issues you suspect are caused by a virus on your Mac, you can use Activity Monitor to spot if an app or a task is using a lot of resources – this may be the malicious software.

  1. Open Activity Monitor, which you’ll find within the Utilities folder of the Applications list (or you can search for it in Spotlight by pressing Command + Space and typing Activity Monitor).
  2. If you are suspicious about a particular app, use the search field at the top right to search for that app’s name. You might find that the questionable app is still running, despite the fact you quit it.
  3. To stop such an app running select it in the Activity Monitor list, click the X icon at the top left of the toolbar and select Force Quit. Note that this won’t stop the malware from starting up again – we’ll explain how to remove it in the next step.
  4. If you don’t have a suspicious app name to search for, sort your Activity monitor by CPU so you can see which applications and tasks are using a lot of your Mac’s resources. Make sure you note the details and names of these suspicious processes before quitting them by clicking on the X icon and selecting Force Quit.
  5. Next check the Memory tab to see if anything is using a lot of memory.
  6. Check the Disk tab to see if anything is standing out in the Bytes Written column.
  7. Check the Network tab and pay special attention to the Sent Bytes column.
  8. Once you have a selection of names that could relate to what you are looking for search your system for them using Spotlight (Command + Space) and remove them from your Mac (we’ll explain how to do that next).
3.

Delete the file or app and empty the Download folder

If you believe your Mac was infected after opening a particular file or app and you have a file name to search for, you can attempt to locate that app, delete that file permanently by putting it into the Trash, and then empty the Trash.

You should also empty the Downloads folder and delete everything in there: drag the whole lot to the Trash, and then empty the Trash.

However, it is rarely this simple: most malware authors will obfuscate their code so that it uses non-obvious names, which makes it almost impossible to uncover this way.

4.

Clear your cache

You should also clear your browser’s cache. In Safari this can be done by clicking Safari > Clear History, and then selecting All History from the dropdown list. Finally click the Clear History button.

In Google Chrome this can be done by clicking Chrome > Clear Browsing Data, then in the Time Range dropdown box selecting All Time. Then click Clear Data.

It’s also worth deleting your application cache, although this could cause even more problems for you. If you want to try it we have a guide here: How to delete cache on a Mac.

5.

Shut down and restore from a backup

If none of the above have worked, which is unfortunately likely, you could try restoring from a backup, such as one made with Time Machine, but not a back up made since you contracted the virus – obviously, this backup should be from a time before you believe your computer became infected. For alternatives to Time Machine, take a look at our roundup of the best backup software & services for Mac. 

After restoring the backup, be careful when rebooting not to plug in any removable storage such as USB sticks you had plugged in earlier when your computer was infected, and certainly don’t open the same dodgy email, file or app.

6.

Wipe your Mac and reinstall macOS

Sometimes the only way to be sure you’re clean of an infection is to wipe your Mac to restore it to factory settings and then reinstall macOS and all your apps from scratch. Restoring your Mac to factory settings should remove the virus.

However, this is quite a drastic solution and we think a better option would be to use a virus scanner, like one of the ones included here: best Mac antivirus apps.

If wiping your Mac is the way you want to deal with the problem follow the steps here: How to wipe a Mac.

What to do if your Mac has a virus

In addition to the above there are a few other things you should do to protect yourself if you think you might have been infected with Mac malware – before and after the virus is removed. 

1. Stay offline

While you think you are infected you should stay offline as much as possible. Try and turn off your internet connection by either clicking the Wi-Fi icon in the menu back and selecting Turn Wi-Fi Off, or disconnecting the Ethernet cable if you’re using a wired network.

If possible, keep your internet connection turned off until you’re sure the infection has been cleaned up. This will prevent any more of your data being sent to a malware server. (If you need to download cleanup tools then this obviously might not be possible.)

2. Use safe mode

Boot your Mac up in Safe mode – this should at least stop the malware from loading at start up.

3. Don’t use any passwords – and change them as soon as you can

From the moment you suspect you have a virus you shouldn’t type any passwords or login details in case a hidden keylogger is running. This is a very common component with malware.

Beware that many keylogger-based malware or viruses also periodically secretly take screenshots, so be careful not to expose any passwords by copying and pasting from a document, for example, or by clicking the Show Password box that sometimes appears within dialog boxes.

Once you are free of the virus you should change all your passwords, and we really do mean all of them – including those for websites, cloud services, apps, and so on.

4. Cancel bank and credit cards

If you handed over money at any point for the malware – such as if you paid for what appeared to be a legitimate antivirus app, for example – then contact your credit card company or bank immediately and explain the situation. This is less about getting a refund, although that might be possible. It’s more about ensuring your credit card details aren’t used anywhere else.

Even if no money has changed hands you should inform your bank or financial institutions of the infection and seek their advice on how to proceed. Often at the very least they make a note on your account for operatives to be extra vigilant should anybody try to access in future but they may issue you with new details.

How to stop malware getting on to your Mac

Typically malware or viruses get on to your computer in a handful of ways, as listed below. You can help diagnose whether you might have an actual infection by seeing if you’ve undertaken any of these steps recently:

1. Avoid downloading malicious software

Apple has in-built protections that should stop you installing this sort of thing. The company won’t allow you to install software that isn’t from a registered developer, for example, without first jumping through a few hoops. When you try to open such an app you’ll see a warning that the application is from an unidentified developer. Of course, it’s not always going to be the case that this is malware, so it is generally possible to open such software, but you will have to make some changes to your settings in order to do so as we explain here: How to open a Mac app from an unidentified developer.

There are also protections in place that should mean macOS’s Gatekeeper technology that should recognise any malicious software and stop you from installing it – as long as it’s not very new (it can take Apple a few days or weeks to address new malware). Should macOS detect a malicious app it will let you know and will ask you to move it to the Trash. Read more about Apple’s built in virus protection here: How Apple protects your Mac from Malware.

However, the malware might have looked like legitimate software, such as a virus scanner that you download and installed in panic after believing yourself to be infected. Check for independent reviews of apps or ask for personal recommendations from others to avoid downloading this kind of thing.

This kind of malware might be downloaded by you, or it might arrive via email, or perhaps even arrive via an instant message.

To protect yourself we also recommend that you choose these Mac security settings.

Don’t relax entirely in the comfort of knowing that Apple has your back. There are still ways that malicious software could fool you into installing it.

2. Be careful with fake files

Sometimes malware or viruses might be disguised as an image file, word processing or PDF document that you open either without realising what it is, or out of curiosity to see what it is – perhaps upon finding a strange new file on your desktop, for example. (Top tip: DO NOT open files that suddenly appear unless you know what they are!)

The malware creator’s technique here is simply to give the malware a fake file extension. Most of us can see straight through this, but it’s surprising how effective an attack vector this can be.

These kinds of files often arrive via mysterious emails from colleague that you later discover have had their email hacked.

3. Look out for malware-loaded via legitimate files

Malware can get on to your system via a flaw or security hole in your browser or other software, such as your word processor or PDF viewer. In such a case an otherwise ordinary document or webpage you open contains hidden malware that then runs without you realising, or opens a hole in your system for further exploitation.

4. Avoid fake updates or system tools

Malware usually looks like a legitimate update. Typically this is offered via a fake warning dialog box while you’re browsing. Fake updates for the Adobe Flash Player browser plugin, or fake antivirus/system optimisation apps, are a particularly popular vector of attack.

Note that Adobe ended support for Adobe Flash on 31 December 2020, so if you are invited to download the Flash Player don’t do it!

5. Don’t accept fake technical help

If you’re phoned out of the blue from Apple or Microsoft, maybe even BT, and they tell you that they believe your computer is infected, and offer to walk you through some steps to undo the damage don’t do it! They will be putting in place their own malware, of course.

Hopefully these tips will help you remove malware from your Mac and avoid getting infected again.

Source : Macworld