Malware Removal

Steps 1-2 can and should be done on a testing drive, not booted into the customers OS. It can still be done in the customers OS if necessary, but some programs may be more stubborn to remove. Steps 3-6 should be done in the customers OS.

Step 1: Clear Malicious Apps

Applications (Root)

• Check for and remove anything weird
  • Any Antivirus
  • Install Mac
  • Webtools
  • MacKeeper
  • MalwareBytes
  • Tune My Mac
  • Clean My Mac

Applications (User)

• Navigate through Macintosh HD/Users/(user name)/Applications
  • Check for and remove anything weird. Remove Chromium and Opera if the customer does not know what those are.
  • Delete any MacCleaner type applications

Shared (User)

• Navigate through Macintosh HD/Users/Shared
  • Check for and remove anything weird. The only typical folders seen here are Adobe and audio libraries.

Step 2: Clear Directory Remnants

Finder (If on Sierra or newer use CMD+Shift+Dot to show hidden files, Does not work on El Cap or lower.)

Library (Root)

• Internet Plug-Ins
  • Do NOT remove these
    • Default browser.plugin
    • Flash player.plugin
    • Flashplayer.xpt
    • iPhotoPhotocast.plugin
    • nslQTScriptablePlugin.xpt
    • Quartz Composer.webplugin
    • QuickTIme Plugin.plugin
    • SharePointBrowserPlugin.plugin
    • SharePointWebKitPlugin.webplugin
  • Use best judgment for the rest
• Launch Agents
  • Delete all
• Launch Daemons
  • Delete all
  • User Library
• Occassionally you will find additional remnants in Application Support files.  Delete any remnants associated with the files you removed but proceed with caution!  

User Library

*Note: to access hold option/alt key while under “GO” menu of finder if running newer OS;

Otherwise, navigate through Macintosh HD/Users/(user name)/Library

• Internet plug-ins
  • If there are any here they are probably bad
    • Use best judgement
• Launch Agents
  • Delete all
• Launch Daemons
  • Delete all
• Application Support - Same as library files above.

Step 3: Check Login Items

• Under system pref->users->login items
  • Delete anything that doesn’t need to run at start

Step 4: Clear Browser(s)

Safari: Click Safari under menu. Then select preferences

• Check home page
  • Reset to “google.com” if wonky
  • Check browser extensions/ add-ons
    • Delete anything suspicious
      • Install Ghostery Lite

Firefox: Click Firefox finder menu. Then select preferences

• Check home page
  • Reset to “google.com” if wonky
  • Check browser extensions
    • Click on the button with 3 parallel horizontal bars
    • Select add-ons
      • Delete anything suspicious
      • Install Ghostery

Chrome: Click Chrome from finder menu. Then select preferences

• Under Appearance, make sure home page set to “google.com”
• Click Extensions (top left)
  • Delete anything suspicious or anything non-google
  • At bottom of page click “Get more extensions”
  • Install Ghostery
  • See Cleaning Policies For Chrome for additional assistance if needed

Step 5: Check System Preferences

• Verify that no additional profiles have been added
• If a profile has been added, remove it directly from system preferences. If unable to remove from system preferences, refer to Google search.
• Check network settings to make sure there aren't any weird connections/devices/VPNs/proxies.

Step 6: Empty Trash and TEST!

• Reboot and recheck all browsers. They should have a legitimate home page and when using the search bar, should return a major search engine directly, like google.