Macintosh Malware Removal

From Free Knowledge Base- The DUCK Project: information for everyone
Revision as of 12:28, 20 June 2016 by Admin (Talk | contribs)

Jump to: navigation, search

Macintosh software is installed and removed differently than Microsoft Windows software. Macintosh programs tend to be packages that can be uninstalled by simply dragging the application to the Trash.

Applications may create preference files that are stored in the /Home/Library/Preferences directory. The benign remnants orphaned in the Preferences folder can be removed manually to recover disk space.

  • /Home/Library/Preferences

Application components may place files in the /Home/Library/Applications Support directory. These will also become orphaned if the package is removed. Delete these files to recover disk space.

  • /Home/Library/Applications
  • /Library/Receipts

Check for "StartupItems" and "LoginItems"

  • /Library/StartupItems
  • /Home/Library/StartupItems

Check for startup services

  • /Library/LaunchAgents
  • /Library/LaunchDaemons
  • /Home/Library/LaunchAgents

Commercial software typically comes with an uninstall utility that is responsible for removing all orphaned files. The thoroughness of the uninstaller may vary from one package to another.

Malware does not follow these conventions. The malware developer makes effort to conceal the malware as to be installed in places which are difficult to locate and remove. Malware may place some components in common locations while installing residuals in hidden locations as to prevent removal, or to provide a backdoor for further malware to be added later.

Apple’s OS X (being Unix-based) is less vulnerable to malware and computer virii than a PC running Microsoft Windows. Yet there are still threats to the Macintosh computer.

Advanced Mac Cleaner (Malware)

  • Category: FAKE ANTI-VIRUS SOFTWARE / MALWARE

Software that identifies itself as Advanced Mac Cleaner is not antivirus and is not a security tool, it is actually malware. This software is installed by the user inadvertently as it piggy-backs with other software, and is classified as a PUP (Potentially Unwanted Program) as well as Malware, as it has poses a threat to system security and stability.

Removal

  • Click FILE -> NEW FINDER WINDOW -> click APPLICATIONS, then go to the search box and type "Activity Monitor"
  • On the Activity Monitor locate the process and Force Quit. Force Quit "Advanced Mac Cleaner" and anything related.
  • Click on the BACK arrow to return to the Applications list.
  • Find the Advanced Mac Cleaner entry on the interface, right-click on it and select Move to Trash. If you cannot Right Click then you can locate the little gear icon on the menu/title bar at the top, click it and from there choose "Move to Trash."
  • The malware will launch Safari, close it immediately.
  • Go back to the Activity Monitor, locate "Mackeeper Helper" and Force Quit. It may relaunch itself.

MACDefender

  • Category: FAKE ANTI-VIRUS SOFTWARE / MALWARE

MacKeeper

  • Category: FAKE ANTI-VIRUS SOFTWARE / MALWARE

Also includes the process MacKeeperHelper.