macOS malware detection and removal¶
Check activity monitor¶
- Open Activity Monitor from Applications -> Utilities
- Go to the CPU tab
- Click the % CPU column to sort high to low, and look for high CPU use
- If you see a process that looks suspicious, do a DuckDuckGo search on it
Check for unwanted applications¶
- Go to the Applications folder
- Look for any apps you do not recognize or do not remember installing
- Check with DuckDuckGo whether they are legitimate or not
- If they are not, or if you are suspicious, delete them and empty your Trash
Note that this does not help much with trojans, evil files made to look like legitimate apps.
Look at login items¶
- In System Preferences, select Users & Groups
- Go to the Login Items tab
- Look through the list, and select anything suspicious
- Click the minus button to remove it
Note that LaunchDaemons and LaunchAgents will not appear in this list.
Fail¶
- If all else fails, go to a previous point in time or backup.
- If that fails too, the
NVRAM
or Time Machine or backups may even be infected. It is possible for malware to persist across a re-format and re-install, if it is sufficiently ingenious and sophisticated: if for example, it can persist in NVRAM, in the firmware for peripherals (some hardware devices have firmware that can be updated, and thus could be updated with malicious firmware), or with a virus infecting data files on removable storage or on your backups.