How to Get Rid of a Virus on a Mac

Learn how to clean that nasty bug off your Mac

Screenshot of binary code with an acrostic of computer infections superimposed.

bunhill/Getty Images

While Macs get fewer viruses than PCs, that doesn't mean your Mac is completely safe; very few Macs have any kind of virus or malware protection installed. And while Mac viruses are rare, there's a plethora of Mac-specific malware lurking in the wild. If you suspect your system is infected with a virus, it's time to learn how to get rid of a virus on a Mac. The method below can help you clean house.

How Do You Know It's a Virus?

Before we start trying to remove some kind of virus, you need to make sure your Mac is actually infected. As your Mac ages, it will naturally get slower, which is an expected behavior. New software demands more of your hardware, and, eventually, your Mac will start to fall behind. But if you're experiencing the issues below in a sustained, disruptive way, you probably need to give your Mac a good cleaning:

  • Your Mac suddenly runs far slower than it used to, or your Mac's fans are constantly running.
  • You see frequent kernel panics or "hangs," where your computer stops responding or suddenly reboots.
  • You see ads inserted on your desktop, browser homepage, or other websites, including unexpected pop-ups.
  • You discover browser extensions, toolbars, or plugins you didn't install.
  • You discover third-party applications you didn't intentionally install.
  • Your web browser's settings, like your default search engine or homepage, have suddenly and mysteriously changed.
  • Your internet activity has suddenly increased despite no change in your internet usage or behavior.
  • You notice odd, consistent, unexplained behavior, especially as related to the internet or web browsing.

What exactly is a virus, anyway? While the removal method is basically the same for all types of malicious software, we can use these definitions to get a better handle on what we're dealing with.

  • Malware, or malicious software: This is any kind of software that intentionally harms a computer or performs user-hostile actions. It's a catch-all term that includes many sub-types: adware, which displays ads; spyware, which tracks the user's behavior; ransomware, which encrypts your user files and demands payment to decrypt them; and Trojans, which seem innocent on the surface but contain hidden malware,
  • Potentially Unwanted Software (PUPs): These can be more difficult to define. A potentially unwanted program may perform some valuable function, but it comes bundled with a lot of unwanted behavior. A PUP might change your home page and search engine, add other malware to your computer, or steal your credit card information when you pay for the application's dubious "service". Sometimes, people install PUPs voluntarily because they were tricked by dishonest ads or clicked through installer steps without reading them. PUPs are the most common type of malware found on Macs.
  • Virus: A Virus is a subset of malware and has a specific set of properties. It spreads from computer to computer like a disease, attaching itself to other files to infect more and more devices, using the internet, local network connections, or even USB keys as a transmission vector. Mac viruses are virtually unheard of in the wild, but the term has become a generic word for describing any type of malware infection.

    How to Get Rid of a Virus on Mac

    1. Kill running processes: Before you remove the malicious software from your Mac, you need to make sure you quit it completely. If you don't, it may continually re-launch itself, blocking the uninstaller from proceeding.

      1. Open Activity Monitor and look for any user apps that are unfamiliar to you. If you can't figure out what's causing the problem, you can consult Malwarebytes' list of current viruses and malware for the Mac. You can also consult a historical list of Mac malware to ensure you're not infected with some ancient bug.
      2. If and when you do find malware, such as MacKeeper, select the application, then select the stop sign with an 'X' in the upper left.
      3. Make sure to also quit any "helper" apps that share a name with the malware.
    2. Find and uninstall the malicious program: Before you can remove software, you need to track it down. Fortunately, all Mac apps are stored in the same place.

      1. Scan your Applications folders for any programs you don't remember installing. Keep an eye out for new folders as well, in case the malware is hiding in there.
      2. If you find any, uninstall them by dragging them to the Trash and emptying it.
      3. To be sure you're thoroughly removing the programs, use App Cleaner to remove any leftover files. Malwarebytes' lists of Mac malware will again be useful for identifying programs with bad intentions.
    3. Remove login items: Login items are programs that launch automatically when your computer boots. If you see an application's window as soon as you log in to your Mac, that's a login item. You can find them in System Preferences > Users & Groups > Login Items. If you see any login items you don't recognize, you should remove them.

      Savvy users may know this isn't the only place login items live. The last step will clear our the more deeply-buried daemons or launch agents.

    4. Clean your browsers: Many forms of adware and malware install some sort of browser extension or change your browser settings. Most commonly, they change your homepage, search engine, or new tab page. It might also insert advertisements into your browsing session, or even change your default browser to a malicious one.

      1. Look through your web browser's installed extensions or add-ons to make sure you know what each extension does.
      2. If you don't remember installing an extension, remove it right away. Legitimate extensions can always be reinstalled later if they were removed erroneously.
      3. You'll also want to adjust your browser's settings. Malware frequently changes your search engine and homepage. You can undo those changes in the browser's preferences.
      4. Repeat this for every web browser installed on your computer, not just the one you use the most.
    5. Run Malwarebytes: After your cleanup, you'll want to make sure you got everything. Malwarebytes will scan your system for any kind of known malware. If any dangerous files are found, they'll be transferred to the Quarantine section, where they can be successfully deleted.

      Screenshot of Malwarebytes scanning a Mac for viruses and malware.
    6. You're done!

    How Did I Get Malware?

    Malware normally gets on your computer through a lack of good web browsing hygiene, meaning you did something to cause the malware to appear on your computer. Malware creators are skilled deceivers. If you're not alert for possible issues, you can miss the warning signs completely.

    People who want you to install malware are going to hide it in an installer for another application or imitate a trusted program. One way or another, they most likely got you to agree to install it — whether you know it or not.

    Preventing Viruses

    Screenshot of XProtect warning about dangerous software.

    Your Mac does come with some basic virus protection. macOS uses XProtect to block certain programs known to be troublemakers. There are nearly 100 different installers blocked by XProtect. Unfortunately, that's not very many, and this tracking can be circumvented.

    The best way to avoid getting malware or viruses in the future is to change your browsing habits.

    Avoiding Common Infection Vectors

    • The primary tip is to avoid untrusted downloads. BitTorrent is a primary source of malware today. If you use torrents to pirate content, stop. Never mind the legal or moral issues: torrents are the most successful vector for malware installation.
    Screenshot of a fake flash player installer in a web browser.
    Alexander Fox
    • Be highly aware of what you're installing on your computer. Make sure to read every word in an installer to avoid inadvertently agreeing to install unwanted software.
    • Remember, tech support will never call you without you contacting them first. Apple, Microsoft, or any other company has no way to know your computer has a virus. In general, practice healthy skepticism towards anyone claiming to be an authority figure without proof.
    • Keep your software up-to-date. Download the new versions of macOS, especially the security updates. If you must have Java installed on your computer, update it immediately after an update is available. The same goes for Flash and any other software you have installed. If you can uninstall Java and Flash, do so right away. Those two applications are riddled with security bugs, and they aren't necessary for today's online ecosystem.
    • If a sudden browser pop-up within a web page tells you your Flash plugin (or any other plugin) is out-of-date, don't select it. Flash does not produce pop-ups like that. Even if it did, they would not exist in a brand new tab or web page. These are web pages made to imitate the Flash installer, and they are universally malicious. If your web browser sends you a message, it will appear in a window outside of a tab. Warning messages inside tabs should always be disregarded.