The most popular infections I see in the wild are Genieo and InstallMac. They usually tag along with legitimate programs downloaded from software repositories. Typically someone searches for a popular program and clicks on one of the top search results, which is an ad. Once the problem software is on the Mac, Safari or another browser’s search engine changes and ads are injected. Sometimes the computer isn’t infected, but an intrusive ad pops up and prevents the user from surfing. These ads either take advantage of the Mac’s resume feature or use a JavaScript that prevents Safari from going further.
Scareware window? Use Safe Mode to Get Un-Stuck
Some of these infections start as a Safari ad that won’t go away until you click a link or call a special number. The window might claim you are being watched by the FBI, like PC Ransomware. A few of these ads will start talking to you. Don’t fall for that scam. To get Safari back in order, first you’ll need to force quit Safari. Hold down the Command + Option + Esc keys all at the same time. That brings up the Force Quit Menu. Select Safari and then Force Quit. Sometimes the Safari window is stuck and the Force Quit option doesn’t work. In that case, press control+option and click on Safari from the dock and select Force Quit. That stops the annoying ad in Safari. The same steps work for Firefox and other browsers on the Mac.
Need to Force Quit a Mac Application?: Check out other ways of stopping any Macintosh application. As ads get more sophisticated, it may be harder to quit Safari or other browsers. Some browsers are set to re-open the last window that was active before closing, so you’ll face the same problem again. To fix that in Safari, hold down the shift key while opening up Safari. That prevents any previous windows from coming up. With Firefox, holding down the option key opens it in safe mode and disables the start screen. With Chrome, you’ll need to start in incognito mode, but you may need a program to help with that. Then you can move onto removal.
Download Adware Medic to Remove the Infections
When you have a working browser, the best program for removing Mac adware is Adware Medic. It’s designed to remove browser plugins that redirect search results and inject ads. The program is free. It requires Mac OS X Lion 10.7 or higher. Users of 10.6.8 Snow Leopard or below will need do a manual removal. Adware Medic’s site has a great guide for manual removal. For Snow Leopard, the Sophos Anti-Virus for Mac Home Edition does a good job of removing malware and is also free.
Apple’s Removal Guide: Apple has its own guide for removing Mac adware, but it’s hard to follow and covers just the operating system and Safari.
Prevent Future Infections with Smart Browsing
Mac infections don’t usually come from the same sources as PC infections. They’re unlikely to be attached to an email or embedded in a pdf. They’ll either be part of what appears to be a legitimate download or otherwise trick a user in download the payload with an ad. Software that automatically installs by just going to a website is pretty rare. The most popular trick I see is an ad that convinces the user that Adobe Flash Player is out of date. I almost fell for that trick once. My Mac warned me before I installed it.
If you need to download software for your Mac that isn’t available in the App store, surf directly to the manufacturer’s website. Avoid searching for the product name since that may bring up ads. Search for the manufacturer and then find the product on their website. As an example, instead of searching for Adobe Flash Player, search for Adobe. Apple’s Antivirus is Built-in: Apple’s Xprotect keeps your Mac from getting infected most of the time. It updates itself when Apple updates the MacOS.
Install Blocking Software
Scamzapper is a Safari Extension designed to prevent ads from locking up the browser. It blocks those JavaScript windows that prevent the user from moving forward in the browser. If you or someone you know keeps getting hit by those ads, Scamzapper will keep you clean. Otherwise, blocking ads and Flash whenever possible reduces the risk you’ll be tricked into downloading something you didn’t intend to. Two extensions I recommend are ClickToFlash and Adblock Plus. They prevent the annoying ads from coming through, including infected ads.
Safe Than Sorry
Malware and scams will continue on the Mac because the criminals are successful with it. A few programs installed in advance can protect you and your family from these internet nasties.