Despite common belief, Macs are not immune to viruses. Signs that your Mac could be compromised include sluggish performance, unexpected application crashes, or unfamiliar programs running in the background.

If there’s a chance your Mac is infected, this guide lays out the essential steps to diagnose and eliminate the threat.

Step 1: Disconnect from the Internet

Keeping your Mac connected online can facilitate the spread of malware to other devices and allow communication with cybercriminals, complicating your efforts to remove the infection. To limit damage, disconnect from the internet immediately.

Should you need to download protective software, do so quickly. Avoid signing into any accounts that contain sensitive information, as some malware has keylogging features designed to capture your passwords.

Step 2: Boot in Safe Mode

By starting your Mac in Safe Mode, you prevent unnecessary software from launching and initiate a check on your startup disk. The process differs based on whether your Mac is powered by Intel or Apple silicon. If uncertain, click the Apple logo in the top left corner and select About This Mac for clarification. Apple silicon Macs will display the chip type (M1 or M2), while Intel Macs will show the processor details.

To enter Safe Mode on Apple silicon, open the Apple menu > Shut Down. Once off, hold the power button until you see Loading startup options. Choose a volume, likely Macintosh HD, and hold Shift while clicking Continue in Safe Mode. You should see “Safe Boot” in the menu bar when the system restarts.

For Intel-based Macs, reboot and hold Shift until the login window appears. After logging in, “Safe Boot” will also appear in the menu bar.

To confirm you’re in Safe Mode, hold the Option key, then navigate to Apple Menu > System Information > Software. Look for Boot Mode: Safe. If it states Boot Mode: Normal, you’re not in Safe Mode.

Step 3: Perform a Malware Scan

macOS includes built-in malware protection known as XProtect, but it lacks manual scanning options. Utilizing an external malware removal tool can help detect, quarantine, and eliminate threats that XProtect may not catch. PCMag recommends BitDefender as a top choice for Mac antivirus. For free tools, options like Avast and Malwarebytes are also effective against malware.

Step 4: Check Your Mac’s Activity

The Activity Monitor app on macOS provides real-time insights into the processes running on your machine, including memory usage and networking activity. This can help reveal suspicious programs linked to malware.

To access it, search for Activity Monitor using the Launchpad. Investigate any unfamiliar names or processes consuming excessive CPU or memory. If identified, double-click to quit them. Also, close any currently running applications until you determine the source of the issue.

Step 5: Reset Your Browser

Malware can alter web browser settings, so resetting to default configurations is essential. Safari doesn’t offer a single reset option, but you can manually revert its settings by clearing browsing history and data.

For Chrome, navigate to Settings via the three dots in the upper-right corner, then click Reset Settings in the left menu, followed by Restore settings to their original default. Confirm with the Reset settings button. In Firefox, go to Menu > Help > More Troubleshooting Information and select Refresh Firefox > Refresh Firefox > Finish.

Also, consider disabling or removing any unfamiliar extensions that may hinder your browser’s performance. You’ll find these under Settings > Extensions (or Extensions & Themes in Firefox).

Step 6: Delete Temporary Files

Malware may create temporary files on your Mac to aid its operation or conceal itself. While an efficient malware scanner should automatically identify these files, manual deletion is an option if desired. Exercise caution when doing this, as you might inadvertently remove essential files that assist your Mac’s performance.

To manually delete temporary files, open a Finder window and press Shift + Command + G. Enter ~/Library/Caches in the dialogue box to access temporary files. Choose any files to delete, then use Command + Delete (or Control + click > Move to Trash) to place them in the Trash. Remember to empty the Trash afterward to completely remove these files.

Step 7: Restart or Reinstall macOS

Once assurance that malware has been eradicated is attained, restart your Mac normally. However, if lingering malware concerns persist, consider reinstalling macOS via Recovery for a clean slate.

While restoring from a backup is an option to return your system to its previous state, ensure that this backup was created prior to the malware infection. Avoid recovering from a backup that might harbor the malware threat.