Malware Removal

From LogiWiki
Jump to navigation Jump to search

Steps 1-2 can and should be done on a testing drive, not booted into the customers OS. It can still be done in the customers OS if necessary, but some programs may be more stubborn to remove. Steps 3-6 should be done in the customers OS.

Step 1: Clear Malicious Apps

Applications (Root)

  • Check for and remove anything weird
    • Any Antivirus
    • Install Mac
    • Webtools
    • MacKeeper
    • MalwareBytes
    • Tune My Mac
    • Clean My Mac

Applications (User)

  • Navigate through Macintosh HD/Users/(user name)/Applications
    • Check for and remove anything weird. Remove Chromium and Opera if the customer does not know what those are.
    • Delete any MacCleaner type applications

Shared (User)

  • Navigate through Macintosh HD/Users/Shared
    • Check for and remove anything weird. The only typical folders seen here are Adobe and audio libraries.

Step 2: Clear Directory Remnants

Finder (If on Sierra or newer use CMD+Shift+Dot to show hidden files, Does not work on El Cap or lower.)

Library (Root)

  • Internet Plug-Ins
    • Do NOT remove these
      • Default browser.plugin
      • nslQTScriptablePlugin.xpt
    • Use best judgment for the rest
  • Launch Agents
    • Delete all
  • Launch Daemons
    • Delete all
    • User Library
  • Startup
  • Occassionally you will find additional remnants in Application Support files.  Delete any remnants associated with the files you removed but proceed with caution!  

User Library

*Note: to access hold option/alt key while under “GO” menu of finder if running newer OS;

Otherwise, navigate through Macintosh HD/Users/(user name)/Library

  • Internet plug-ins
    • If there are any here they are probably bad
      • Use best judgement
  • Launch Agents
    • Delete all
  • Launch Daemons
    • Delete all
  • Application Support - Same as library files above.
  • Startup

Step 3: Check Login Items

  • Under system pref->users->login items
    • Delete anything that doesn’t need to run at start

Step 4: Clear Browser(s)

Safari: Click Safari under menu. Then select preferences

  • Check home page
    • Reset to “google.com” if wonky
    • Check browser extensions/ add-ons
      • Delete anything suspicious

Firefox: Click Firefox finder menu. Then select preferences

  • Check home page
    • Reset to “google.com” if wonky
    • Check browser extensions
      • Click on the button with 3 parallel horizontal bars
      • Select add-ons
        • Delete anything suspicious

Chrome: Click Chrome from finder menu. Then select preferences

  • Under Appearance, make sure home page set to “google.com”
  • Click Extensions (top left)
    • Delete anything suspicious or anything non-google
    • At bottom of page click “Get more extensions”
    • See Cleaning Policies For Chrome for additional assistance if needed

Step 5: Check System Preferences

  • Verify that no additional profiles have been added
  • If a profile has been added, remove it directly from system preferences. If unable to remove from system preferences, refer to Google search.
  • Check network settings to make sure there aren't any weird connections/devices/VPNs/proxies.

Step 6: Empty Trash and TEST!

  • Reboot and recheck all browsers. They should have a legitimate home page and when using the search bar, should return a major search engine directly, like google.
Retrieved from "https://logi.wiki/index.php?title=Malware_Removal&oldid=5943"