Malware Disguised as System Settings Notifications
Certain pop-ups are disguised as system settings notifications that engages users into clicking the advertisements. This in return will redirect the web browser to unknown and suspicious websites.
When visiting an unreliable site, users may be redirected to malicious pop-ups when they click somewhere on the website.
Even though these malware notifications are not really from the system, if you keep on redirecting to these sites every few minutes then you may have adware installed on your browser or computer. It is a type of malware that is frequently spread throughout the internet and has infected many people everyday.
It is an irritating piece of malware that shows unwanted advertisements and redirects you to a multitude of websites of it’s partners. The main purpose of these programs are to earn money by displaying ads on a user’s computer without their consent.
These pop-up website are not malicious at all however they may provide greater risk if the user falls for it. That is why it is necessary to remove it from the browser and the system as soon as possible. The removal guide below should help you eliminate the malware threat from your computer.
How to Remove Malware Disguised as System Notifications
This procedure will assist you in removing the fake alerts as well as any dangers related with the adware infection. You can rest assured that the information provided below has been tried and tested.
Step 1: Remove Adware and Associated Files
The first step is to address the source of the problem, which is removing the adware from the system. Since this sort of malware takes the form of an application, it can be removed easily with only a few clicks. It’s also worth noting that leftovers and files related to the adware should be deleted as well.
Remove Adware Application Related to the Pop-up Malware
- Open the Finder application from the Dock.
- Select Application from the left sidebar.
- Find adware related to “MacOS Virus Detected! Take Action” Fake Support then right click it’s icon then select Move to trash. (We will be using the MacKeeper application as an example.)
Remove Files Associated with Adware
- Click the Go from the Finder toolbar and select Go to folder from the expanded menu.
- Search the following paths for files associated with the fake notifications and adware app. These files will have the .plist extension and will look similarly to com.MacKeeper.plist. (Note: Do not delete files that comes from legit applications)
~/Library/LaunchAgents
~/Library/Application
/Library/LaunchAgents
/Library/LaunchDaemons
3. Once you have found them, right click and select Move to trash in order to get rid of those files.
Empty the Trash Bin
- From the Dock, right click the Trash application and select Empty Trash in order to delete the files permanently.
- A confirmation window may appear asking if you really want to delete the files on the Trash, go ahead and proceed to delete them.Now that the adware is removed the threat is now permanently deleted from the mac system.
Step 2: Remove Profiles Created by Adware
Malicious mac adware has the ability to prevent users from reverting to their default browser settings. As a result, when users attempted to alter their preferences back, they were either unable to do so or their preferences were turned back after a few minutes.
Removing the profiles added by the adware is required to ensure that configurations are not altered again once they have been reverted. (Note: If the device does not have any profiles related to the adware, you may proceed to the next step.)
- Click the Apple logo on the upper left corner of the screen then select System Preferences from the drop-down menu.
- On the System Preferences window, find and click Profiles. (If you cannot find Profiles, then it means you do not have profiles on your mac. You may skip this procedure and head over to the next step.)
- Find and remove profiles that may be associated with the adware. Click the minus button on the lower left part of the window to remove the profile.
Step 3: Reset the Infected Browser
Your browsing program is most likely tainted by the fake pop-up that is why you keep getting redirected to the fake site, which is why resetting it will undo the changes done by the adware.
If you do not wish to reset your browser, you can undo the changes manually by removing the extension, changing the default homepage and search preferences back to normal. However if you are not much of a techy person, resetting the browser will be the easier approach.
For Google Chrome:
- Open Google Chrome and click the three dots in the upper right corner of your screen to access the Google Chrome menu.
- Click the Settings button, then click the Advanced menu on the left side of the screen from the settings screen.
- On the drop down menu, select Reset settings.
- Click on the Restore settings to their original defaults.
- hen a small window will appear and click the Reset Settings.
For Safari:
We will be using the utilization of the Terminal application to reset the Safari browser because unlike Chrome or Safari, they do not have an auto reset feature for the browser.
- To use the Terminal application, open Finder and navigate to the Applications/Utilities folder.
- Copy and paste each code lines separately in Terminal. Some of the first codes will have a confirmation line, type y to continue.(Note: Make sure the Safari application is closed while proceeding with working with the codes.)
rm -Rf ~/Library/Cookies/*;
rm -Rf ~/Library/Cache/*;
rm -Rf ~/Library/Safari/*;
rm -Rf ~/Library/Caches/Apple\ -\ Safari\ -\ Safari\ Extensions\ Gallery;
rm -Rf ~/Library/Caches/Metadata/Safari;
rm -Rf ~/Library/Caches/com.apple.Safari;
rm -Rf ~/Library/Caches/com.apple.WebKit.PluginProcess;
rm -Rf ~/Library/Cookies/Cookies.binarycookies;
rm -Rf ~/Library/Preferences/Apple\ -\ Safari\ -\ Safari\ Extensions\ Gallery;
rm -Rf ~/Library/Preferences/com.apple.Safari.LSSharedFileList.plist;
rm -Rf ~/Library/Preferences/com.apple.Safari.RSS.plist;
rm -Rf ~/Library/Preferences/com.apple.Safari.plist;
rm -Rf ~/Library/Preferences/com.apple.WebFoundation.plist;
rm -Rf ~/Library/Preferences/com.apple.WebKit.PluginHost.plist;
rm -Rf ~/Library/Preferences/com.apple.WebKit.PluginProcess.plist;
rm -Rf ~/Library/PubSub/Database;
rm -Rf ~/Library/Saved\ Application\ State/com.apple.Safari.savedState;
After running all the codes to the Terminal application, the Safari browser should look good as new.
For Mozilla Firefox:
- Launch Mozilla Firefox browser then open the menu by clicking on the three horizontal lines located in the upper right corner.
- Navigate down and click Help then select More Troubleshooting Information from the options given.
- Select the Refresh Firefox button.
- A confirmation window will appear, click Refresh Firefox.
Step 4: Scan with Malwarebytes Anti-Malware
Malwarebytes Anti-Malware is one of the most powerful anti-malware programs available. They have some of the most advanced threat detection tools, ensuring that any harmful virus on your computer is eliminated completely.
- Using your web browser, go to the official anti-malware website (click here) and download the most recent version of the program. When you first download the application, you will also receive a 14-day trial of the premium software.
- After the file has finished downloading, click on the installation package and run the file to start installing the application.
- Follow the installation procedure shown on the setup and wait for it to finish.
- Your password may be required to continue installer from installing the new software. Give it permission and click Install Software.
- Wait for Malwarebytes Anti-malware to finish installing on the mac system.
- Once the process is complete, the application will open. Click on the Get started button and follow the procedure to start using Malwarebytes.
- When prompted to choose between personal and organizational use, click the personal option unless you are downloading it within your company.
- After the initial start up, proceed to running your first scan. The scanning may take a while depending on how many files you have on your system.
- Malwarebytes will show all malware identified on the machine after the scan, and you can remove the detected threats by pressing the quarantine button. (Note: Some threats may require a restart of the computer.)
The adware should be removed once the process is finished. We also recommend to turn on Malwarebytes Real Time Protection, which will secure your computer and detect threats as soon as they appear.
Tips to be safe online
- It is preferable to avoid websites with unique domain extensions other than .com, .org, .net, and.edu. Because most infected websites have extremely distinct TLDs, always verify the last part of a domain to ensure that you are visiting a safe site, unless the site has been reputable ever since.
- Never acquire software or programs from unknown sources, as this is one of the most common ways for adware and other types of malware to attack your computer. Only download from reputable and legitimate websites. To be safe, stay away from torrent downloads and cracked software download sites, as there will always be malware in the files.
- Using a firewall is one of the most foolproof ways to be safe online. It serves as a first line of defense against dangerous websites, shielding visitors from potential risks. It protects the user’s network and device from intruders. A firewall will safeguard a user from the threats hiding on the vast internet in today’s age.
- It is essential to keep anti-virus software up to date on a computer since hundreds of new malware threats are released every day that target the machine’s vulnerabilities in order to infect it. Anti-virus updates include the most recent files required to counter new threats and safeguard your machine.
- Only visit websites that has a secured connection. A site with HTTP connection does not encrypt the data it receives and therefore is not considered secure. Entering personal information such as email addresses, phone numbers, and passwords on a website with an HTTP connection is risky since it could be compromised and your information stolen. Websites with HTTPS connections, on the other hand, are secure since data is encrypted and attackers are unlikely to gain access to information exchanged within the site.