How to Remove Malware on Macs

Hey everybody, welcome back to PC911. We are over here today working on a Macbook Air, which has some malware on it. Browsers are corrupted and it is just acting all kinds of crazy. I’ll show you what’s going on. I’m going to go through cleaning it up and show you how to remove Macbook malware.

First off, let’s go to Safari which is the default browser. They opened up pretty clean and everything looks good so far. Let’s see what I was doing before, if I can show you what’s going on. I put it here ‘cat’ just to basically do a search and we’ll just grab any of these searches. This opened up on the second tab and that was worst. Both tabs opened up; in the first tab, which we didn’t pick that, that was basically some software that did that there. If we do another search  it’s probably going to open up worst than that. I could have sworn I saw something; there you go. This AMCRDBQ patterns; whatever it may be that automatically downloaded; we would have to slow down the video; but when I clicked the second tab this opened up automatically and downloaded to my download folder. Crazy stuff – and this is a Mac, remember Macs don’t have viruses. Well we can toss that to the can. Let’s see if it opens up another page and do a little search here for a ‘hat’.  If we click on a hat over here, what’s going to happen? Even worst! We got a redirect notice. Here’s another MacAfee ad or failed ad; this is crazy. So that hat didn’t work. Let’s try it again. We’re going to go to ftd to order some flowers and let’s see what happens. So that page opened up and we got all these tabs all over here. So as you can see, you get an ad from a MacAfee; that’s nuts. This is messed up. We’re going to clean this up, so let’s get out of here. Even worst! When we wanted to leave there, we got more promos and more pop ups. This one doesn’t look so malicious. It actually lets you continue to do your thing; it’s just more like ads are popping up and you know some people ask why are they doing this? This one, what it looks like is basically those ads that are popping up; you click on and they monatize it. So they want you to use the computer and then basically they are going to give you some pop ups; some links and things like that. They probably wind up making some money on it. In which they don’t want to make it bad;  so they take your stuff. That appears to be what’s going on. Let’s go to Chrome, usually when it’s on one, it’s going to be on the other. In this case the whole page is hijacked. Keep in mind, when your whole page has changed and you get something like this; you know more than likely that’s not a good sign. It looks like Google Chrome kind of; the Google homepage; but it’s not. So let’s see if we do a little search. Is it malicious? Chrome is probably a little bit better for these things, as far as more resistance to these things taking over. I am seeing over here where we pick up the page; we’re getting a pop up blocker. Chrome is doing some blocking there. Let’s go to YouTube. YouTube is highly not a site itself. If you have a hijacked browser, something is going to popup on there. We usually use that as one of our go to pages to see how that laptop is doing. This one looks a little better; I’m going to leave that running in the background while we go back to Safari. When it initially opens, it looks clean which is the odd part. Many times we are going to have the browser taking over or the homepage taking over. Let’s just use a different one. We’ll use hat on this one and see where we’re going. Let’s check out these hats over here; this one opens fine; this one looks okay; I doubt it looks like it’s not coming from the page; it’s an ad being fed into this here. Let’s go to YouTube and we are going to see what we have there, see how clean YouTube is. Some of these are not on, like pounding ads and the pages, because they really want to stay; they don’t want you to notice that your computer is compromised, so they can continue doing their thing. For right now the Safari; there it goes, I took a couple clicks, but if you notice now we got a tab open over here. We have ran the Safari and when we click there; this tab opened up and it says you might have a virus; blah, blah, blah; and then of course there is a button there to scan. If you look at this, they have used the application logo so it kind of looks fake. They could have done a better job. So you can see where the hijacks are. We are going to follow up and start with our clean up. I am going to put this on pause and then show you how to clean this baby up. So for right now, let’s see if we can get out of these pages. I’m going to show you where we are going to start. See you in a minute.

 

We are back! We are going to be running some malware clean up tools here. The first thing we are going to start off with is malware bytes. Just make sure you spell that right when you find that online. It’s free, it’s been around forever and you can trust it. It’s a super fast scan on Macs, I guess. We got it downloaded and installed, so we are just going to run it. Accept that and basically it’s a scan right here that should pick up most of the stuff. I got a new version; I’m using this off the USB which we have our tech tools. Sorry for this here we had to do an update and we launched this. I am recommending that you install an anti-virus on your computers. We recommend Kapersky, which we have been using that for a very long time; primarily on our Windows computer, but I still trust it enough to use it on these Macs. So we did find all kinds of stuff here. I am going to move this camera up so you can see some of the stuff that we found. That’s malware bytes finding these fun hijacks there. We’re going to head in and remove what’s selected. What I am going to do when I do these things again, I am going to go over this. Some of these stuff do get a little bit technical than what you are going to see on this video. What I like to do is take a picture of everything that’s there or basically jot down everything that’s there. The reason for that is; I want to go later and take a look at files that didn’t get removed. Sometimes these things don’t allow themselves to be removed. This one here; it appears to be just adware; I think it’s not going to be too challenging and we are going to do restart. So that’s the first scan there. It says we are going to re-run it again. I am not going to go through each single thing in detail like that. I don’t want you to be here forever. Run the malware bytes and then re-run it until it shows up clean. We are going to show you what’s next.

Alright guys, so we are back here with the computer rebooted! We have ran the malware bytes again and made sure everything was updated so it came back clean. So far so good; we are going to run into some of the other items. One of the other items that I want you to look at is your start-up items. You are going to go to your preferences, then to your user, and go to your login items. Sometimes you can have things here that are starting up or could be reinstalling or just basically launching something else. For example, here we have this item which is a little bit of unknown; If something is not recognized, you want to do diligence and take a look where it’s coming from. Everything is clear. I am going to do a little follow up and see where this is coming from. It can’t be found. We are going to eliminate that. This could have been kicking off one of the items that malware bytes removed. Due to when we highlighted it, it’s telling us go to dropbox. The drop box is telling you where it’s at; iTunes and showing it could not be found. So let’s get rid of that sucker, so that looks good there. It’s the other item you want to do. We are going to re-set some of the browsers.  We are going to go to Chrome; which is probably the easiest one of all. I’ll show you some of the things we are going to do here. This will be the same in Windows or Mac. Go to this little hamburger on the side over here and settings. We are going to do a couple of things. One, we want to go to extensions; anything here out of the ordinary we want to get rid of. This is cool stuff. Extensions are good. We want to go to settings, all the way down, show advanced and then we want to reset. We want to come up here; well this is personal customization; how do want to startup; take a look at that. Some of the things I do here is I show the home part; the bookmark; I do want to manage the search engines and want to see what search engines are here. Like this search tech; which is that one that’s taking over. I am going to get rid of that. You should have your Google, Yahoo, Bing. You can get rid of them, but you should have the three big ones here. I mean you can just have Google if you’d like, so I’ll leave those three there.

The other thing you want to take a look at is; at start up; where is it going to open up? The default page. I want to take a look at this open specific page and see what’s there. That’s the previous homepage that software took over that’s still there. I want to get rid of that. I don’t want anything in this open up specific pages unless you choose to put something there yourself. We clean that up and we did a reset. Our extensions are good and all this is default. I also like to close this off and open it back up to make sure everything it’s good; so let’s do that. Again, Chrome wasn’t having the big issues. I don’t know if this guy wants it to be his default or not, so we’ll say don’t ask again. He can change that afterwards. So that’s the deal! This one wasn’t so hijacked, but if you’ll notice prior to this; it was giving me all kinds of pop ups. Little pop ups that was blocking and it’s not blocking anymore. The software that was trying to get even on Chrome which wasn’t getting through that one’s gone.

We put in a little search for cat. Remember when we were hitting this, we were getting a little pop there that said Chrome blocked a pop up. Let’s try dog for a change. Why just cats? Why are cats getting all the attention? So there we go; so far looks good, but don’t count your chickens yet because you would be surprised. You clean this and then 5 minutes later the stuff comes back. That one is good. We are going to go now and clean up Safari. Give me a minute, we’ll be right back.

 Alright, so here we are we are back! We are going to take a look at Safari, actually let’s make sure that we got Chrome closed. Let’s take a look at Safari and see how it’s doing. We are here in our Google homepage; let’s do what we were doing before. We are going to search for cat; hit a link and let’s see if we are cleared up and we are not getting any secondary pages. Remember, one time is not going to do because you know how that goes. Take a few minutes and then we come back. So we’ll click a couple links, we’ll do catfish. Now, one of the things that you definitely don’t want to get caught doing is saying we’re good to go. We are going to do a couple searches here. It is looking good so far. We may have gotten it out with just that alone. I did open up a secondary tab myself; that’s looking good; we are going to do some clean ups in Safari and show you how to clear it up. You want to go to history and clear the history; basically remove it all; don’t click on one of the previous links that were already there, since they are all over the place. You want to clear that. Go to our preferences over here and click on the privacy tab. Let’s remove all website data; get rid of all that. Remove website data right there, just do that right now. From there we want to go to all the extensions. Take a look at that and see if you got any extensions in here. Right now there is nothing here so we are good. No one wants any funky extensions. You may have some there, but they should be something you recognize that you put there that you’ve used so that’s clean. We want to go over next to advanced, you want to toggle this show develop menu bar toggle that, that’s going to bring up the develop menu up here. Then you want to come up here and you want to empty the caches right there, you want to do that. Then you want to go to your general tabs you know setup here your homepage to whatever the parameter, the homepage. If stuff got hijacked and alternated, it might not change back. You still have the old one there. So that looks pretty good as well. So we have cleared up our Safari browser looks good and let’s go to YouTube and it looks good no new tabs are opening up. For the most part the average person would probably leave it like that we are going to go a little further and show you a couple of the things that we are going to be doing as well just to cover all the bases here on this unit and we’ll catch you in the next video.

Alright guys, here we are so we continue what we are doing right now is installing Kaspersky Internet Security my recommended anti-virus at the moment. We are going let that run, let me show you some other little things that you want to take a look at and as far the clean up. Here we are on our hard drive I’m going to show you a couple of places you want to delete some information. We are going to go to the hard drive, you going to go to library, I already did these but I am going to show you where they are at. Library then you are going to go to caches which is this right here and I want you to delete what’s in there which is cache information. Cache information is like temporary files. There is going to be stuff that come back there that we want to delete. Later, want to come back to system and library and caches as well, then you go there and you want to delete that. We had a couple other areas we want to take a look at this is getting pretty deep but just want to show you all the little tips that I can give you. We are going to go to library, launch agents. Here we are going to take a look at with these names we have Adobe and we have Kaspersky. We are basically looking for things out of the ordinary so some of the maybe the names that we saw on that first malware bytes removed we took a picture of and some of the malware or browser adware that we saw so want to make sure that none of that is still here. So this is one of the areas that we want to take a look at. that looks clean and we are in launch agents and then the other one is launch, the one you want to take a look in here as well. There you see malware bytes is fine, Microsoft Adobe so that looks clean as well and one last folder we want to take a look at which is library then applications support. You want to take a look in here and again you got to be careful here not to just delete anything arbitrarily but many times most of the malwares they have this really funky names which I’m surprised they haven’t put you know names that people will just overlook. So you want to take a look in here and you will see if you see anything odd or out of the ordinary the name or something that looks like the name of one of the malwares that the malware bytes pulled up. Everything here looks pretty normal, Kapersky…origin, this origin which I guess the gaming company but the actual program itself is not installed so I don’t know where that folder is going from so it could be something that I did online. So I am not going to mess with here and then last but not least, this shouldn’t have been last this should have been towards the beginning but it’s very basic so I guess we’ll just jump right over that. Take a look at your application folder, go to your programs why wasn’t it done on the previous ones what you are going to do on that…I think I just jumped through that. But on this application support again you see there that’s kind of funky is delete, not delete it you want to throw everything in your trash can and you know run through the program restart and you know go through some motions. That way if something maybe you deleted something that you have and was creating some issues you could restore it. Let’s take a look at our trash because this is a bunch of stuff that has been deleted for…but frankly some of this maybe still be from before actually this is most of our stuff. This is the cache files and things like that we deleted so we’ll leave that there and at the end if everything goes well then we’ll go ahead and removed everything from there out of the trash can.

So let’s go back again we are talking about applications, one of the first things really that you would do and what I like to do here is I like to put in a date modifier. I basically look at the recent stuff cause otherwise, if you have by default; which is by name; it’s all over the place. I look at that and I want to see at the recent; to look if there is any recent programs that got installed. Typically, if a customer brings this in they probably had a problem recently. Obviously if you’re having a problem, it would be recent. I see everything here. I didn’t delete anything out of here; everything looks pretty normal, except this Oovoo video chat. It’s kind out of junky malware and led themselves to junk, but who am I to judge. So everything here was fine so you want to go over that and that pretty much runs through all the basics. If this doesn’t get rid of your problem the problem is pretty deep seated, some of the other things that you may want to do which is the basic stuff. Is run a disk check and a permissions check but you know that is not really malware related that’s more just maintenance related so I am not going to go deep into that. You can catch on another video. We reinstalled Kapersky security and we’re just going to go through the basic motions here, we are going to do an update, we are going to do a scan and see what it comes up with and I’ll show you that in a little bit.

Alright guys, so here we are basically going to wrap this up, I’m not going to keep you watching the scan; we ran the Kapersky. Installed it; did the update for the database; ran the quick scan if you look at it here. Quick scan was clean and now we are running the full scan. This is going to take about an hour to run this, maybe more. So we are just going to let this one run. If we don’t find anything here, we are going to be wrapped up. I’ll give you a quick wrap up at the end of this, unless we find something then we’ll be continuing. That’s where we are at, the browsers are looking good so far, even when that’s done we are going to still open up a few couple browsers and play around with the motion and to make sure it comes back. Because we have seen that more so in Windows machine where the all the stuff…everything looks good and you do a restart and there is a buddy malware somewhere that re-downloads itself and you start it and all those crazy things. So that’s what we got here for you MacBook Air – malware browser hijack removal, keep in mind for that really loving your Mac because of the malware or because of the non malware. I mean there all kinds of stuff heading your way so if you really want to stay away from malware the only way I know how to do it, the only way I can recommend for you to do it is Linux. Linux is still not getting targeted, I doubt it will get targeted plus there is many other reasons why it’s going to be the cleanest system. In my view it’s the best operating system to use as far as the internet is concerned. If your primary use is browsing the web, you are going to have a Chrome version of Linux, you are going to have a firefox version of Linux and that is the way to surf the web, click any link, surf any website, open any email on Linux. If you are interested in that take a look at our website and take a look at our virus-proof computers its basically how we call them. We have dual boot operating systems they run Linux and they also run Windows 7/10, we got customs configurations that you could setup anywhere from 4 Gb t0 16 Gb, anywhere from a 500 Gb standard spinning drive to a 500 Gb SSD. So we got some custom configurations check them out, thanks for watching, see you in the next video.

Hey guys, so here is the final wrap up, the Kaspersky full scan finished running. It did find one item, here is the quarantine there is really three items but two of them as you can see are the ones that are in the trash. So I scanned the trash can and found those two. We did have one here that kind of slip through our cracks here, we didn’t see this here in the Harmundu library…this is a hidden folder. We didn’t go into this hidden folder in this video due to the fact that deleting something or making a wrong move the user library folder could create some consequences right here for you so we didn’t actually go into that in this video. But Kaspersky went in there and did find this little life shoppers which was one of the ones that was in the trash can as well. So it put those into the trash, put those into the quarantine, going to delete those and that was a quick scan was cleaned. Here you can see the full scan, a full scan had the three items disinfected…cleaned them out. So pretty much we are good to go, like I mentioned prior you know we’ll run through some different scenario from different web browsers before we call it a wrap. Looks like we got some updates going on over here, maybe we’ll do some updates and we’ll just let it run for a while on the different web browsers and different conditions. If all goes well it’s going to be a wrap and as far as I’m concerned at this point 90% chance…99% that it going to be a wrap so that will do it for this MacBook Air malware, browser hijack removal

See additional info on removing malware from a Mac