By. 8:00 am, March 3, 2016.
Don't get caught like this. Photo: Stephen Smith/Cult of Mac In addition to various viruses that can harm your Mac, there’s a different kind of annoyance you might have stumbled upon: adware. This might manifest itself as a web page that tells you you’ve been infected, with an accompanying phone number to call or malicious website to visit, or it might even show up as an ostensibly helpful Mac app you don’t remember installing. If you’re experiencing the pain of malicious adware, we’re here to help. Here’s how to eliminate the adware that’s plaguing your Mac.
![Antivirus for mac os sierra Antivirus for mac os sierra](https://images.sftcdn.net/images/t_app-cover-l,f_auto/p/20bb40fc-9b27-11e6-b9d2-00163ec9f5fa/3204730332/avira-free-antivirus-for-mac-screenshot.png)
Please note that Sophos Home is for private and non-commercial use. If you would like to use Sophos cybersecurity in a business, commercial, or government organization, we invite you to try Sophos Central for free at Sophos.com. Shop Antivirus Internet Security Software from ESET, Norton, Kaspersky & more! 10.0 or later Firefox Google Chrome Safari (Mac and iOS OS.
Close all pop-up ads First off, you’ll want to take some time and close any pop-up windows that appear. Don’t click on any of the buttons in the web page itself, but rather use the red X button in the upper left of the window to shut things down. Close all pop-ups with the dreaded red x. Photo: Rob LeFebvre/Cult of Mac If you see a message on your Mac that says, “Don’t show more alerts from this webpage,” go ahead and check the box before closing the pop-up. If there’s a Block Alerts button after you dismiss a pop-up window on your iPhone or iPad, tap it to keep alerts from coming back.
If the pop-up won’t close, force quit your browser. On your Mac, you can hit the Command-Option-Escape keys at the same time to get the Force Quit window. Click on your browser in the list and then hit the Force Quit button.
When you restart Safari, you can hold the Shift key down when you start to keep it from reopening any windows, including the pop-up. Block all pop-ups Many malicious adware uses pop-up windows to get your attention or to scare you into installing even more adware. Make sure your computer is pop-up free. Check this box to block pop-ups in Safari. Photo: Rob LeFebvre/Cult of Mac Both Safari and have pop-up blockers. Go to Safari preferences and click on the Security icon in the upper row, then click Block pop-up windows there. In Chrome, you simply click the Chrome menu (three horizontal lines) in the upper-right corner, click Settings, click Show advanced settings.
Then, under Privacy, click Content Settings. Choose Do not allow any site to show pop-ups under the Pop-ups section. Click Done when finished. Here’s where you block pop-ups in Chrome.
Photo: Rob LeFebvre/Cult of Mac Both web browsers allow you to add exceptions if you need specific sites to open pop-ups. Check homepage and search-engine settings Sometimes, adware will change what homepage your browser starts up with or the search engine it uses to find stuff you want on the web. Check these settings to make sure they haven’t been changed. Make sure you’ve got the right search engine selected in Safari. Photo: Rob LeFebvre/Cult of Mac In Safari, go to Preferences and click the General tab at the top. Look at the Homepage field and make sure it contains the site you want to start up with, or is empty. Click on the Search tab and make sure the default search engine there is one you want.
Set your home page in Chrome here. Photo: Rob LeFebvre/Cult of Mac In Chrome, open the Settings page (with the three horizontal lines or by hitting Command-comma) and check the “On Startup” section. Choose an option there, or click through to “Open a specific page or set of pages” to make sure your browser opens to what you want it to, not some adware site. Check Extensions Safari and Chrome allow little programs called extensions to enrich your browsing experience, like Amazon Wishlist or Evernote.
Check your extensions to make sure they’re all things you’ve installed. If you don’t know what an extension is or what it does, disable it.
Disable or delete Chrome extensions here. Photo: Rob LeFebvre/Cult of Mac In Chrome, go to the Settings menu again and click on Extensions. Uncheck the “Enabled” checkbox near any extension you don’t recognize, or delete it completely by clicking on the trash can icon to the far right. Uninstall Safari extensions here. Photo: Rob LeFebvre/Cult of Mac In Safari, head into the Preferences, click on the Extensions icon in the top row and then the extension you want to uninstall on the left. Click the Uninstall button to the right to get rid of the suspicious extension.
Here’s a list of extensions that Apple suggests looking for:. Amazon Shopping Assistant by Spigot Inc. Cinema-Plus Pro or variations such as Cinema + HD, Cinema + Plus, and Cinema Ploos. Ebay Shopping Assistant by Spigot Inc. FlashMall. GoPhoto.It.
Omnibar. Searchme by Spigot, Inc. Slick Savings by Spigot Inc. Shopy Mate Find and remove adware from your Mac Finally, you’ll need to dig into your Mac’s file system to root out any specific adware that may have been installed alongside legitimate Mac software. You can do this manually or with a third-party app, as below. Manually You’ll need to quit Safari or Chrome, then start checking your system for specific files known to be adware. Search for these files and root out any malware.
Photo: Rob LeFebvre/Cult of Mac In the Finder, you’ll need to go to the Go menu and select Go to Folder, or hit Shift-Command-G. Type or copy/paste one of the lines below into the resulting Go to Folder field to see if you have the offending file. If you get no result, you’re free of that specific adware file. If you do see something with this type of search, simply drag the file (and only that file) to the trash. Once you’ve removed all the files you need to, restart your Mac, then empty the trash. Start your web browser up again with Shift held down to prevent it from opening any previous windows. /System/Library/Frameworks/v.framework.
/System/Library/Frameworks/VSearch.framework. /Library/PrivilegedHelperTools/Jack. /Library/InputManagers/CTLoader/. /Library/Application Support/Conduit/.
/Library/Internet Plug-Ins/ConduitNPAPIPlugin.plugin. /Library/Internet Plug-Ins/TroviNPAPIPlugin.plugin. /Applications/SearchProtect.app. /Applications/WebTools.app.
/Applications/cinemapro1-2.app. /Applications/cinemapro1-2.app Quit any malicious process with this X button in Activity Monitor. Photo: Rob LeFebvre/Cult of Mac You’ll also want to check your Activity Monitor app (in your Utilities folder) for a process called Genieo or InstallMac; you can use the Search field to find them.
If you find either one, click on them, one at a time, and hit the Force Quit button (it looks like an X in the upper left). Restart your Mac.
A phishing scam has targeted Mac users by redirecting them from legitimate websites to fake websites which tell them that their computer is infected with a virus. The user is then offered Mac Defender 'anti-virus' software to solve the issue. 
 
This “anti-virus” software is malware (i.e.
Malicious software&rpar. Its ultimate goal is to get the user's credit card information which may be used for fraudulent purposes. 
 
The most common names for this malware are MacDefender, MacProtector and MacSecurity. Apple released a free software update () that will automatically find and remove Mac Defender malware and its known variants.

 
The Resolution section below also provides step-by-step instructions on how to avoid or manually remove this malware. How to avoid installing this malware If any notifications about viruses or security software appear, quit Safari or any other browser that you are using.
If a normal attempt at quitting the browser doesn’t work, then the browser. In some cases, your browser may automatically download and launch the installer for this malicious software. If this happens, cancel the installation process; do not enter your administrator password.
Delete the installer immediately using the steps below. 
.
Go into the Downloads folder, or your preferred download location. 
. Drag the installer to the Trash. 
. Empty the Trash.

 How to remove this malware 
 If the malware has been installed, we recommend the following actions: 
. Do not provide your credit card information under any circumstances. 
. Use the Removal Steps below. 
 Removal steps 
. Move or close the Scan Window.

. Go to the Utilities folder in the Applications folder and launch Activity Monitor. 
. Choose All Processes from the pop up menu in the upper right corner of the window. 
.
Under the Process Name column, look for the name of the app and click to select it; common app names include: MacDefender, MacSecurity or MacProtector. 
.
Click the Quit Process button in the upper left corner of the window and select Quit. 
. Quit Activity Monitor application. 
. Open the Applications folder. 
.
Locate the app ex. MacDefender, MacSecurity, MacProtector or other name. 
. Drag to Trash, and empty Trash.

 Malware also installs a login item in your account in System Preferences. Removal of the login item is not necessary, but you can remove it by following the steps below. 
. Open System Preferences, select Accounts, then Login Items 
. Select the name of the app you removed in the steps above ex.
MacDefender, MacSecurity, MacProtector 
. Click the minus button 
 Use the steps in the “How to avoid installing this malware” section above to remove the installer from the download location. Note: Apple provides security updates for the Mac exclusively through Software Update and the site.
User should exercise caution any time they are asked to enter sensitive personal information online. Information about products not manufactured by Apple, or independent websites not controlled or tested by Apple, is provided without recommendation or endorsement. Apple assumes no responsibility with regard to the selection, performance, or use of third-party websites or products. Apple makes no representations regarding third-party website accuracy or reliability.
Risks are inherent in the use of the Internet. For additional information.
Other company and product names may be trademarks of their respective owners.