How to Remove Malware From Your Mac
Despite what you may have heard, Mac computers are also infected with viruses. There are several signs that your Mac may be infected with malware: your computer running slower or working harder than usual (or overheating), apps or programs crashing unexpectedly, or unfamiliar software or processes running on your device.
Here’s what to do if you suspect a malware infection on your Mac, and how to get rid of it.
Disconnect your Mac from the Internet
An active Internet connection can allow malware to spread across your network to other devices or transfer information to and from attackers, ultimately making it more difficult to isolate and remove. If you need to download any programs to eliminate a potential infection, such as a malware scanner, do so quickly.
Otherwise, disconnect your device from the Internet and do not connect again until you are sure that the threat has been resolved. You should also avoid logging into any accounts that require credentials, as some malware includes keylogger capabilities that steal your passwords.
Reboot in Safe Mode
When you restart in Safe Mode, your Mac prevents some programs from loading and runs a scan of your startup disk, allowing you to isolate and fix potential problems. The process for entering Safe Mode depends on whether you’re using an Intel-based Mac or an Apple-based Mac. If you’re not sure what you’re using, click Apple in the top left corner of the screen, then select About This Mac for more information. The Apple processor will be labeled as Chip, followed by the M-series processor (like the M1 or M2 Pro), and Intel Macs will be labeled as Processor.
To restart your Apple Silicon Mac in Safe Mode, go to Apple menu > Shut Down and wait until the device turns off completely. Then press and hold the Power button until Loading Startup Settings appears. Select the volume ( Macintosh HD in most cases), then press and hold the Shift key , and then click Continue in Safe Mode . When your device reboots, you will see “Secure Boot” in the menu bar.
For Intel-based Macs, restart your device and press and hold Shift until the login window appears. Log into your device and you should see “Secure Boot” in the menu bar.
You can also make sure you’re in Safe Mode by pressing and holding Option, then choosing Apple Menu > System Information > Software . Under System Software Overview, look for Boot Mode: Secure . If it says Boot Mode: Normal , you are not in Safe Mode.
Run a malware scan
Apple has built-in antivirus software called XProtect , but it doesn’t allow you to run manual scans on demand. It may be best to use a second opinion scanner to identify, quarantine and remove anything that XProtect may have missed. Lifehacker sister site PCMag recommends BitDefender as the best antivirus software for Mac. If you’re looking for free solutions, PCMag also recommends Avast and Malwarebytes for fighting malware infections.
Monitor your Mac’s activity
Activity Monitor in macOS shows real-time information about processes running on your device, including memory usage and disk and network activity. This is a good way to identify suspicious programs or processes that may be malicious.
To open, go to Launchpad and search for Activity Monitor . Look for any unusual names or processes that are hogging your CPU or memory, then double-click them and close them. You should also close any currently running applications until you determine the source of the problem.
Reset your browser settings
Malware can also change your browser settings, so you should reset all browsers on your Mac to their default settings. Safari doesn’t have a dedicated reset button, but you canmanually reset your settings to default by clearing your browsing data.
In Chrome, open Settings by clicking the three dots in the top right corner. Click Reset Settings in the left toolbar and select Restore Settings to Original Defaults . Confirm your choice with the “Reset settings” button. In Firefox, go to Menu > Help > More troubleshooting information and click Update Firefox > Update Firefox > Done .
Also consider disabling and removing extensions that you may not recognize or think are slowing down your browser and Mac. You’ll find them in Settings > Extensions ( Extensions and Themes in Firefox).
Delete temporary files
Malware can install temporary files on your Mac that allow it to run or hide, so you may want to consider removing them from your device. However, a good malware scanner should be able to find these types of files on its own, so you don’t have to delete them yourself. If you don’t know what you’re looking for, you may need to delete files that will help your Mac run more smoothly.
However, if you want to delete these temporary files yourself, here’s how: Open a Finder window, press and hold Shift + Command + G. Type ~/Library/Caches in the search bar to get the temporary files, select whatever you want to delete to open it in the Finder folder, and press Command + Delete (or Control + click > Move to Trash ) to move it to the Trash. You will also need to empty the Trash to permanently delete files from your device.
Reboot (or reinstall) macOS
Once you’re sure the malware threat is gone, you can restart your Mac as normal. However, if you think or are concerned that any remnants of malware are still present, you may have to start overby reinstalling macOS from Recovery .
While you can restore your data from a backup so that everything is as it was before you reinstalled, note that you should only do this if you are sure that the backup was created before your device was infected with malware. If there is a possibility that you made a backup that was infected with malware, do not use it.