What to do if you think your Mac has a virus

Macworld

If you are worried you have some kind of malware or virus on your Mac, we are here to help you figure out what’s going on and, if necessary, clean up the damage and get rid of a Mac virus – all for free. A lot of the websites offering advice on Mac malware removal are companies trying to sell your anti-virus solutions, which makes their tips somewhat biased, but here you can expect impartial advice.

We’ll cover how to check for a virus and how to remove malware from your Mac, getting rid of any viruses that might be lurking. We’ll also explain why it’s probably not a virus thanks to Apple’s stringent protections in macOS, but, if it is, we’ll let you know about the free and cheap options that can protect your Mac from malware.

Note that in this article we are going to be mixing and matching the terms malware and virus, but they are actually separate concepts. Malware tends to take the form of apps that pretend to do one thing, but actually do something nefarious, such as steal data. Viruses are small discrete bits of code that get onto your system somehow and are designed to be invisible. There are also other threats, such as ransomware and adware, and other phishing attempts, where an attempt is made to extract information that can be used to obtain money from you.

We’ll address how to detect and get rid of these types of malware on your Mac in this article.

We also recommend you read our best Mac security tips and our roundup of the best Mac antivirus apps, in which we currently recommend Intego as our top choice.

PROMOTION

Antivirus Deal: Intego Mac Premium Bundle

Get Intego’s Mac Premium Bundle X9 with antivirus, firewall, backup and system performance tools for just $29.99 (down from $84.99) for the first year.

How to tell if your Mac has a virus

If your Mac has suddenly become very slow and laggy, started regularly crashing or showing error messages, and the sound of your fans whirring keeps you company, you may be suspicious that you have picked up some Mac malware. Another sign is the sudden appearance of annoying pop-up windows or extra toolbars and applications you don’t remember installing. These are all signs that you might have a virus on your Mac.

It’s not necessarily the case that a virus is to blame though. Mac malware is incredibly rare – Mac viruses do exist, in fact, there have been a few notable malware and virus reports in recent years, but there are a few reasons why Mac viruses don’t tend to take hold. One is the stringent protections Apple builds into macOS, another is the fact that it is exceptionally difficult for a virus to propagate itself and spread to other Macs, see: Why Macs are more secure than Windows PCs.

Signs your Mac has a virus

Here are some of the symptoms of malware or viruses you might watch out for:

Your Mac suddenly becomes sluggish or laggy in everyday use, as if there’s some software running in the background chewing up resources.

You find a new toolbar in your browser that you didn’t install. Typically these toolbars claim to make it easier to search or shop.

You find any web searches are unexpectedly redirected away from your usual search engine to some site you’ve never heard of (or the results appear on a page that’s faked up to look like your usual search engine).

All web pages are overlaid with adverts – even those where you don’t expect to see adverts, such as Wikipedia.

Going to your favorite sites doesn’t always work, as if something is randomly redirecting you to spam advertising pages.

Advertising windows pop up on your desktop, seemingly unconnected with any browsing you’re doing or any program that’s running.

If you get any of these symptoms then don’t panic: they don’t necessarily mean you have a malware or virus infection on your Mac. There are a thousand reasons why a Mac might run slowly.

How to check for viruses on a Mac

If having read the above you are sure that you have a virus or some other form of malware on your Mac then this tutorial should help you address the problem, read on for a guide on what to do if your Mac has a virus, starting off with how to scan your Mac for viruses.

Here’s one thing you definitely shouldn’t do if you think your Mac is infected with malware: don’t Google a description of the problem and install the first thing you find that claims to be able to fix things. Sadly, a lot of software that claims to be able to fix Macs is malware itself or is simply fake and designed only to make you part with money. These apps can look incredibly convincing and professional, so beware.

Fake antivirus apps like MacDefender (see image above), which hit the headlines a few years ago, might look the part but are actually malware in disguise.

If you think there is a virus, or some other threat, on your Mac, then there are a few things you can do, we’ll run through your options below. 

How to remove malware from a Mac for free

Using software to run a virus scan on your Mac is the easiest option. Luckily there are lots of apps offering to scan your Mac for viruses–some for free.

One option is the free-of-charge Bitdefender Virus Scanner. (If you are willing to spend a little cash then the paid-for version of Bitdefender ($39.99/£29.99 is worth consideration). Read our review of the free Bitdefender Virus Scanner and our review of Bitdefender Antivirus for Mac.

Here’s how you can use the free Bitdefender Virus Scanner to search and remove viruses for free:

Open the Bitdefender Virus Scanner.

Click the Update Definitions button. 

Once that’s completed click the Deep Scan button.

Follow the instructions to allow the app full access to your Mac’s hard disk.

Another free option is AVG Antivirus for Mac. It’s basic, but protects you from viruses, spyware, and malware. You might also like to try Avira Free Security for Mac, which offers some features for free, although most require a paid subscription. Read our review of AVG AntiVirus for Mac.

Here are our favorite free options for detecting and removing malware:

Avast Free Antivirus

AVG Antivirus for the Mac.

Bitdefender Virus Scanner for Mac.

Avira Free Security for Mac

Intego VirusBarrier Scanner

If you don’t mind paying for a more complete solution, you could use any of the top picks in our roundup of the best Mac antivirus apps to scan for and remove a virus from your Mac – and the benefit of installing one of these should be that you never get caught out again. To get the best value for a Mac antivirus app check out the Best Antivirus for Mac deals this month.

Another option is a Mac Cleaner like CleanMyMac X, which offers a virus scan among other features. This option costs $34.95/£29.95 a year right now (RRP: $39.95/£34.95), but it is one of our go-to utilities for doing various jobs on the Mac, such as deleting unnecessary files to make space. Here’s how we used CleamMyMac X to check for viruses.

Open CleanMyMac.

Click Smart Scan.

Wait while it scans. The results of the scan can be found in the Protection section.

Click Remove to get rid of any malware.

How to remove malware from your Mac without antivirus software

Using an antivirus app is a great option because it will scan your Mac for viruses and then remove them. But you don’t necessarily need to use a virus scanner to identify and remove viruses on your Mac.

Apple already scans your Mac for viruses. As we explain in how Apple checks your Mac for viruses Apple includes antivirus software in macOS that monitors your Mac for malware, blocks malware, and removes it if necessary.

Even with these protections (which do depend somewhat on the age of your Mac and the version of macOS you are running), there are still some ways to clean a virus from your Mac manually.

You may be wondering if you need to wipe your Mac to remove the virus, or indeed if wiping your Mac will completely remove the virus. It’s possible that you won’t have to go that far–try these steps to clean things up:

At a glance

Time to complete: 1 hour

1.

Update macOS to the latest version

One reason you may not need a Mac antivirus on your Mac is that Apple offers its own protection. For several years now Apple has included invisible background protection against malware and viruses. We cover this in a separate article: Do Macs need Antivirus software?

One of these protections is Xprotect. Xprotect is Apple’s built-in malware protection. Xprotect will scan files you’ve downloaded and check them for known malware or viruses. If any are found you will be told the file is infected or damaged. The Xprotect system gives a warning when you download malware that it knows about, and tells you exactly what to do.

Xprotect has been very effective at halting the spread of Mac malware before it can even get started and is yet another reason why malware or virus infections on a Mac are rare.

Apple updates Xprotect automatically, so you shouldn’t need to manually update macOS yourself to get the latest virus protections. However, if you are running an older version of macOS your Mac might not be protected (Apple only supports the past three versions of macOS).

While it’s partially true that updating your Mac software could rid you of a virus, you should note that as good as Apple’s protections are, they may not be enough. Unfortunately, sometimes it takes Apple a few days (or longer) to respond to a threat. For that reason, it is worth considering an additional antivirus tool to stay safe.

2.

Use Activity Monitor to find viruses on a Mac

If you know for sure you’ve installed some malware – such as a dodgy update or app that pretends to be something else – make a note of its name. You can quit out of that app by tapping Cmd + Q, or clicking Quit in the menu, but note that this won’t stop it from starting up again – in fact, it may still be working in the background.

If you don’t have any idea what is causing the issues you suspect are caused by a virus on your Mac, you can use Activity Monitor to spot if an app or a task is using a lot of resources – this may be the malicious software.

Open Activity Monitor, which you’ll find within the Utilities folder of the Applications list (or you can search for it in Spotlight by pressing Command + Space and typing Activity Monitor).

If you are suspicious about a particular app, use the search field at the top right to search for that app’s name. You might find that the questionable app is still running, despite the fact you quit it.

To stop such an app from running select it in the Activity Monitor list, click the X icon at the top left of the toolbar, and select Force Quit. Note that this won’t stop the malware from starting up again – we’ll explain how to remove it in the next step.

If you don’t have a suspicious app name to search for, sort your Activity monitor by CPU so you can see which applications and tasks are using a lot of your Mac’s resources. Make sure you note the details and names of these suspicious processes before quitting them by clicking on the X icon and selecting Force Quit.

Next check the Memory tab to see if anything is using a lot of memory.

Check the Disk tab to see if anything is standing out in the Bytes Written column.

Check the Network tab and pay special attention to the Sent Bytes column.

Once you have a selection of names that could relate to what you are looking for search your system for them using Spotlight (Command + Space) and remove them from your Mac (we’ll explain how to do that next).

3.

Delete the file or app and empty the Download folder

If you believe your Mac was infected after opening a particular file or app and you have a file name to search for, you can attempt to locate that app, delete that file permanently by putting it into the Trash, and then empty the Trash.

You should also empty the Downloads folder and delete everything in there: drag the whole lot to the Trash, and then empty the Trash.

However, it is rarely this simple: most malware authors will obfuscate their code so that it uses non-obvious names, which makes it almost impossible to uncover this way.

4.

Clear your cache

You should also clear your browser’s cache. In Safari this can be done by clicking Safari > Clear History, and then selecting All History from the dropdown list. Finally, click the Clear History button.

In Google Chrome this can be done by clicking Chrome > Clear Browsing Data, then in the Time Range dropdown box selecting All Time. Then click Clear Data.

It’s also worth deleting your application cache, although this could cause even more problems for you. If you want to try it we have a guide here: How to delete cache on a Mac.

5.

Shut down and restore from a backup

Foundry

If none of the above have worked, which is unfortunately likely, you could try restoring from a backup, such as one made with Time Machine, but not a backup made since you contracted the virus–obviously, this backup should be from a time before you believe your computer became infected. For alternatives to Time Machine, take a look at our roundup of the best backup software & services for Mac

After restoring the backup, be careful when rebooting not to plug in any removable storage such as USB sticks you had plugged in earlier when your computer was infected, and certainly don’t open the same dodgy email, file or app.

6.

Wipe your Mac and reinstall macOS

Sometimes the only way to be sure you’re clean of an infection is to wipe your Mac to restore it to factory settings and then reinstall macOS and all your apps from scratch. Restoring your Mac to factory settings should remove the virus.

However, this is quite a drastic solution and we think a better option would be to use a virus scanner, like one of the ones included here: best Mac antivirus apps.

If wiping your Mac is the way you want to deal with the problem follow the steps here: How to wipe a Mac.

What to do if your Mac has a virus

In addition to the above, there are a few other things you should do to protect yourself if you think you might have been infected with Mac malware–before and after the virus is removed. 

1. Stay offline

While you think you are infected you should stay offline as much as possible. Try and turn off your internet connection by either clicking the Wi-Fi icon in the menu back and selecting Turn Wi-Fi Off, or disconnecting the Ethernet cable if you’re using a wired network.

If possible, keep your internet connection turned off until you’re sure the infection has been cleaned up. This will prevent any more of your data being sent to a malware server. (If you need to download cleanup tools then this obviously might not be possible.)

2. Use safe mode

Boot your Mac up in Safe mode – this should at least stop the malware from loading at start up.

3. Don’t use any passwords – and change them as soon as you can

From the moment you suspect you have a virus you shouldn’t type any passwords or login details in case a hidden keylogger is running. This is a very common component of malware.

Beware that many keylogger-based malware or viruses also periodically secretly take screenshots, so be careful not to expose any passwords by copying and pasting from a document, for example, or by clicking the Show Password box that sometimes appears within dialog boxes.

Once you are free of the virus you should change all your passwords, and we really do mean all of them – including those for websites, cloud services, apps, and so on.

4. Cancel bank and credit cards

If you handed over money at any point for the malware – such as if you paid for what appeared to be a legitimate antivirus app, for example – then contact your credit card company or bank immediately and explain the situation. This is less about getting a refund, although that might be possible. It’s more about ensuring your credit card details aren’t used anywhere else.

Even if no money has changed hands you should inform your bank or financial institutions of the infection and seek their advice on how to proceed. Often at the very least, they make a note on your account for operatives to be extra vigilant should anybody try to access in future but they may issue you with new details.

Hopefully, these tips will help you remove malware from your Mac, now read How to protect your Mac against attack and disaster to avoid getting infected again.