Checklist 27: Steps to take when you suspect a malware infection

• Pinpoint the nature of the issue.
• Install reputable and trusted anti-malware software.
• Reach out to your security vendor for additional assistance.
• Make an appointment with Apple or an authorized repair center.
• Start over with a blank slate.

Have you recently noticed your Mac behaving strangely? Do you have reason to believe that malware or a virus has infected your machine? Infections aren’t always as blatant and disruptive as a ransomware attack. When you suspect that your Mac is infected, it’s important that you take steps to find and fix the problem before the issue becomes severe — or worse, before your personal information is exposed to a malicious third party.

In today’s episode of The Checklist, we’ll look at the process you should follow if you think your Mac has an infection. By staying calm and following this procedure, you can boost your chances of purging the virus and returning your system to normal. With all that said, where should you begin?

Pinpoint the nature of the issue. Understanding what is affecting your Mac is the first step to finding a solution. Since it’s not uncommon for an infection to take time to show up, days or weeks after an infection, you should familiarize yourself with the common signs and symptoms. Once you notice a problem, you can immediately take steps to remediate the issue.

The sudden appearance of pop-up ads in your web browsing experience is one of the most common problems. Anyone who has dealt with adware in the past will know this sign well. Especially if you regularly use an ad blocker, sudden pop-ups should make you ask if something is wrong. It’s also worth noting that at various times pop-up ads have been delivery vehicles for malware on their own. While browser flaws that enable this are relatively rare these days, a pop-up ad might still try to direct you towards a site that does contain malware.

Another sign related to your web browsing involves sudden re-directs. Do you find that your browser mysteriously sends you to sites that you didn’t request? Do you notice strange URLs appearing in your browser’s address bar between page loads? This experience is often a sign that some malware is at work, much like with the appearance of pop-ups.

One increasingly popular method for tricking users into installing malicious software involves lying about video codecs. Have you recently encountered a website that required you to download and install a codec or some software to watch a video? What about a new plugin for your browser? In practically every case, these codecs and plug-ins are scams packed with malware, pure and simple.

In a similar vein, have you noticed new software on your Mac that you don’t remember installing? It could easily look like something innocent, such as a video player, or even an antivirus program. The sudden appearance of a new program is a major telltale sign of an infection. Authors of malicious software disguise their malware payloads with clever facades to avoid or delay detection. It is also much easier to convince a user to willingly open the door to a virus when it initially seems legitimate.

Not only should you avoid running any unknown programs you encounter, but you should also begin to take the appropriate steps to remove it right away. When you encounter any of the signs we’ve just discussed, you need to take immediate action. Let’s move on to discuss the initial steps you should take now that you know for certain you’ve been infected.

Install reputable and trusted anti-malware software. Now it’s time to start fighting back. Trying to remove a virus or malware infection manually is a lost cause; not only is it hard to locate the many files malware might use, they often have mechanisms for self-preservation built into their code. Thus, if a user tries to remove it on their own, it will just return immediately. The solution is to download and run an effective antivirus program for your Mac. With more advanced technology, you can circumvent the infection’s safeguards against removal and ideally purge it from your hard drive altogether.

There are many reputable products on the market serving up antiviral protection for Mac users. Over the years and after looking at many of these products, we identified several ways to improve on the offerings we saw. The result of those efforts today is MacScan 3.

If you find yourself in a situation where you know you’re infected, you can download a free trial edition of the MacScan software from our website. We wrote the engine that powers its infection detecting abilities from scratch to deliver the most robust performance possible. We also keep MacScan 3 up to date with new virus and malware definitions added frequently and applied automatically.

Once you have an antivirus program installed and ready to go, just let the app run a scan. Before too long, it should uncover the cause of the problems you’ve noticed. In most cases, the next step after identification is an automatic quarantine process, involving moving the infected file to a “vault” for potentially malicious files. Think of it like a digital jail that keeps the malware from spreading or using an Internet connection. After quarantine, you can safely delete the files for good.

Ideally, that’s it — you’ve solved the problem, and you can return to using your Mac . However, that’s not always how things play out in reality. What happens if you’re still experiencing problems even after running an intensive virus scan?

Reach out to your security vendor for additional assistance. Hackers and malware authors are always working to find new ways to avoid detection. It can sometimes be helpful to think of antivirus efforts as a kind of arms race. As we develop better methods of finding and eliminating infections, hackers fight to circumvent that work. In rare cases, you might encounter a virus that you can’t yet protect yourself against easily. When your antivirus software can’t destroy an infection, the first thing you should do is check your definitions. Are they as up to date as possible? These definitions tell the engine how to find malware — it’s why we now push them out automatically.

If an infection persists through updated definitions, it may be that you’ve encountered a new type of malware or at least a new twist on an existing version that hasn’t been seen before. At this stage, you should consider contacting the vendor for your software for support. Be thorough and detailed when explaining the problem. You may receive instructions on additional steps to take, including running new scans. Some software also generates reports for analysis by your security vendor.

If you’ve encountered a new infection, your vendor will work with you to get to the bottom of the issue. If it is new malware, it provides them with the opportunity to develop a fix and implement it right away. Of course, then all the vendor’s users must receive new definition updates to include this fix.

Hackers increasingly look for ways to break into the Mac, and thousands of new items of malware appear across all platforms every day. It’s not impossible that you might run into something brand new. Hopefully, in this scenario, the team behind your security software will be able to uncover a viable solution.

Make an appointment with Apple or an authorized repair center. However, your vendor may determine that the issue you’re experiencing is not one they can fix, for example with a ransomware attack that’s locked your files behind encryption. In other cases, they may feel that the problem doesn’t reside in software but may instead be a hardware problem with your system.
When you reach this stage, it’s time to book the next available slot at the Genius Bar for help directly from Apple. If you don’t live in an area with a nearby Apple Store, don’t worry. Any authorized repair center will be fine as well. Once again, be prepared to give a detailed account of everything you’ve done up to this point. If you contacted your AV vendor and were told to seek repairs, let them know that as well.

With luck and some professional expertise, Apple or an authorized agent will be able to get to the bottom of the problem. While it can be frustrating to be unable to fix the issue on your own, Macs can be complex machines. It’s not always easy to isolate the root cause of a problem, especially when you’re frustrated and just want your computer back.

Start over with a blank slate. Unfortunately, you won’t always find a solution at the end of the road. Sometimes the infection is so severe or problematic that there is no way to restore the system to the previous status quo. If you’ve reached this stage, the only thing left to do is begin again. In other words, it’s time to reinstall the operating system from scratch.

To make this process easier, keep a backup copy of all your critical data and update that backup regularly. A backup that receives regular updates can be the thing that saves you from a complete data-loss disaster. Apple’s Time Machine software and the Time Capsule product (or your own extra hard drive) makes accomplishing this easy.

One important note to point out: be careful about which backup copy you use for restoration. If you discovered an infection after it has inhabited your system for a while, there is always the chance that you archived a copy of the malware, too; in other words, restoring the wrong backup could potentially restore the malware along with it! Close attention to which backups you use can help prevent arriving back at square one after the entire restoration process.

Working through the process of fixing an infected Mac is never fun, especially if you reach the point where your only option is to start over and work from backups. That’s why prevention is always the easiest path. For example, the built-in MacScan 3 scheduling features are perfect for setting up a pattern of regular defensive sweeps within your system.

The sooner you identify and eliminate malicious threats, the less stress and anxiety you’ll have to deal with both now and in the future. We recommend you familiarize yourself with all the steps we’ve discussed. Think about how you’d respond to a hypothetical infection, and ensure you have everything in place — from good antivirus software to a recent backup — to make recovery as smooth as possible.

That wraps up another episode of The Checklist! If you’d like more information on the topic we covered today, or if there’s a specific topic you’d like to see featured on a future episode, send us an e-mail at checklist@securemac.com!