You can make a difference in the Apple Support Community!

When you sign up with your Apple Account, you can provide valuable feedback to other community members by upvoting helpful replies and User Tips.

Looks like no one’s replied in a while. To start the conversation again, simply ask a new question.

User profile for user: mr rock
mr rock Author
User level: Level 1
17 points

how to remove virus from MacBook pro

Dear Apple Communities,

I have a MacBook Pro and am aware it has a 'virus' - it could be malware or a trojan?

I've noticed that when I search for web addresses in Safari the browser will either redirect me to a random websites, often re-directing me to some of the following websites:

  • 'securefastmac.space' (for MacKeeper)
  • 'gen.mactechright.com'
  • 'apple.com-websecurity.review'
  • 'my memory.co.uk'
  • 'tsofdvmgile.com'
  • 'securefastmac.trade' (MacKeeper') etc

For example, the 'apple.com-websecurity.review' website notes my 'system is infected with 3 viruses (malware and phishing/ spyware) and immediate action is required. They go on to say they have detected a trojan virus on my Mac, and I should click 'OK' to begin the repair process. I have not clicked 'OK' or proceeded to download and software.


However, I recently downloaded an update link for a Adobe Flash Player and believe that MacKeeper malware was 'bundled up' in this download. I thankfully didn't click 'install' and managed to find the Mackeeper application in 'Applications' and deleted it.

I also followed previous Apple Discussion's advice and deleted a few links from my Library (e.g. via Application Support and Caches etc)


However, the problem has retuned and this time I cannot see any suspicious app in my Applications and don't know where to start?

I updated the OS to Sierra yesterday and hoped that would solve things, however it hasn't.

It would be appreciated if someone could please suggest how I could rectify this issue.

Kind Regards,

Mr Rock

Posted on May 10, 2017 3:58 AM

Reply
Question marked as Top-ranking reply
User profile for user: MrHoffman
MrHoffman
Community+ 2024
User level: Level 10
127,979 points

Posted on Jan 29, 2018 1:15 PM

Web sites that claim to scan a Mac... cannot.


MacKeeper is installed by the user. Either directly, or via a bogus download of some other app. Or this is something else other than MacKeeper, that's claiming to be MacKeeper. Short of analyzing the pieces and parts, no one can know.


If your Mac is infested, you can try to clean up the mess, or can try add-on software that claims to be able to clean up malware — that stuff can be just as much of a problem as the malware itself, and Malware Bytes and which is reputedly reasonable itself recently caused problems for Windows systems with bad updates — or you can transfer all your files to backup and wipe the system and reinstall from known-good copies of macOS and apps, and (in any case) change all of your local and your remote passwords.


Less effort than a reinstallation, and might address the problems here... Usual way that Safari browser sites are redirected elsewhere is either a DNS hijack or a router hijack, or a Safari browser extension. Check Safari for extensions, and check your macOS DNS settings, and — if you have access to it from your ISP — check that your router is configured per your ISP requirements and is up to the most current firmware. Make sure your local DNS settings match those of your ISP, or you can choose to use Google DNS (8.8.8.8 and 8.8.4.4) or Quad9 DNS (9.9.9.9) as your DNS server; whatever you choose, the DNS server(s) selected will receive all of the host names that you access.


Once macOS access has been granted to malware, your passwords and the rest of what's on the Mac can already have been accessed and uploaded. Time to change your login passwords and your email server passwords.


Outside of some Microsoft Office documents containing macro malware for macOS, most of the malware on Mac uses what's called "social engineering" — it cons the user — to convince the user to install it. Fake updates, fake anti-virus or fake anti-malware, fake video players or fake Adobe updates, "cracked" software are a common source of malware, etc.


Unless you're specifically playing Adobe Flash games, you probably don't even need Adobe Flash Player around, too. It's no longer necessary for playing videos on any of the major web sites.

View in context
12 replies
Question marked as Top-ranking reply
User profile for user: MrHoffman
MrHoffman
Community+ 2024
User level: Level 10
127,979 points

Jan 29, 2018 1:15 PM in response to mr rock

Web sites that claim to scan a Mac... cannot.


MacKeeper is installed by the user. Either directly, or via a bogus download of some other app. Or this is something else other than MacKeeper, that's claiming to be MacKeeper. Short of analyzing the pieces and parts, no one can know.


If your Mac is infested, you can try to clean up the mess, or can try add-on software that claims to be able to clean up malware — that stuff can be just as much of a problem as the malware itself, and Malware Bytes and which is reputedly reasonable itself recently caused problems for Windows systems with bad updates — or you can transfer all your files to backup and wipe the system and reinstall from known-good copies of macOS and apps, and (in any case) change all of your local and your remote passwords.


Less effort than a reinstallation, and might address the problems here... Usual way that Safari browser sites are redirected elsewhere is either a DNS hijack or a router hijack, or a Safari browser extension. Check Safari for extensions, and check your macOS DNS settings, and — if you have access to it from your ISP — check that your router is configured per your ISP requirements and is up to the most current firmware. Make sure your local DNS settings match those of your ISP, or you can choose to use Google DNS (8.8.8.8 and 8.8.4.4) or Quad9 DNS (9.9.9.9) as your DNS server; whatever you choose, the DNS server(s) selected will receive all of the host names that you access.


Once macOS access has been granted to malware, your passwords and the rest of what's on the Mac can already have been accessed and uploaded. Time to change your login passwords and your email server passwords.


Outside of some Microsoft Office documents containing macro malware for macOS, most of the malware on Mac uses what's called "social engineering" — it cons the user — to convince the user to install it. Fake updates, fake anti-virus or fake anti-malware, fake video players or fake Adobe updates, "cracked" software are a common source of malware, etc.


Unless you're specifically playing Adobe Flash games, you probably don't even need Adobe Flash Player around, too. It's no longer necessary for playing videos on any of the major web sites.

Reply
User profile for user: dominic23
dominic23
User level: Level 10
83,964 points

May 10, 2017 4:05 AM in response to mr rock

1. Use Malwarebytes Anti-Malware for Mac to remove adware/malware.


https://www.malwarebytes.org/antimalware/mac/

Download, install , open, and run it by clicking “Scan” button to remove adware.

Once done, quit Malwarebytes Anti-Malware.


2. Disable Extensions if any and test.


Safari > Preferences > Extensions

Select and disable all extensions and test.

Enable Extensions one by one and test.

To uninstall any extension, select it and click the “Uninstall” button.


3. Safari > Preferences > Search > Search engine:

Select your preferred search engine.


4. Visit the site you want it to be the Home page

Safari > Preferences > General > Homepage

Click the button “Set to Current Page” button.


5. Restart your Mac.

Reply
User profile for user: Bryan E. Thompson
Bryan E. Thompson
User level: Level 4
2,707 points

May 10, 2017 4:14 AM in response to mr rock

I just responded to a similar thread. If you found Mac Keeper in your applications folder, that was your problem. After you deleted Mac Keeper, did you get a pop-up asking why you were deleting it? Once you delete the application, Mac Keeper is supposed to delete all residual files. There is sometimes more cleaning necessary.


Below is a helpful link to fully remove Mac Keeper:


Click this link

Reply
User profile for user: JimmyCMPIT
JimmyCMPIT
User level: Level 7
29,258 points

May 11, 2017 5:37 AM in response to mr rock

Anyone who has used Malwarebytes or suggested it to another user here has had nothing less than stellar results with it. If you are reading negative reviews saying anything else you can check these forums and see where MWB for Mac was used to remedy a system infected with adware or malware leaving no residual garbage to interfere with the OS. You may be confusing it with a long list of "trusted" windows Anti-Virus solutions for Mac which are not recommended because the evidence shows they are truly destabilizing and problematic, this may be due to the fact they want to stay resident and have components that conflict with Mac OS, which MWB for Mac does not do.


MWB for Mac the only malware/adware removal application I ever recommend or use for OS X/Mac OS.

Reply

how to remove virus from MacBook pro

Welcome to Apple Support Community
A forum where Apple customers help each other with their products. Get started with your Apple Account.
Learn more Sign up