How to eliminate the adware that’s plaguing your Mac

By

Don't get caught like this.
Don't get caught like this.
Photo: Stephen Smith/Cult of Mac

In addition to various viruses that can harm your Mac, there’s a different kind of annoyance you might have stumbled upon: adware.

This might manifest itself as a web page that tells you you’ve been infected, with an accompanying phone number to call or malicious website to visit, or it might even show up as an ostensibly helpful Mac app you don’t remember installing.

If you’re experiencing the pain of malicious adware, we’re here to help. Here’s how to eliminate the adware that’s plaguing your Mac.

Close all pop-up ads

First off, you’ll want to take some time and close any pop-up windows that appear. Don’t click on any of the buttons in the web page itself, but rather use the red X button in the upper left of the window to shut things down.

Close all pop-ups with the dreaded red x.
Close all pop-ups with the dreaded red x.
Photo: Rob LeFebvre/Cult of Mac

If you see a message on your Mac that says, “Don’t show more alerts from this webpage,” go ahead and check the box before closing the pop-up. If there’s a Block Alerts button after you dismiss a pop-up window on your iPhone or iPad, tap it to keep alerts from coming back.

If the pop-up won’t close, force quit your browser. On your Mac, you can hit the Command-Option-Escape keys at the same time to get the Force Quit window. Click on your browser in the list and then hit the Force Quit button. When you restart Safari, you can hold the Shift key down when you start to keep it from reopening any windows, including the pop-up.

Block all pop-ups

Many malicious adware uses pop-up windows to get your attention or to scare you into installing even more adware. Make sure your computer is pop-up free.

Check this box to block pop-ups in Safari.
Check this box to block pop-ups in Safari.
Photo: Rob LeFebvre/Cult of Mac

Both Safari and Chrome have pop-up blockers. Go to Safari preferences and click on the Security icon in the upper row, then click Block pop-up windows there. In Chrome, you simply click the Chrome menu (three horizontal lines) in the upper-right corner, click Settings, click Show advanced settings. Then, under Privacy, click Content Settings. Choose Do not allow any site to show pop-ups under the Pop-ups section. Click Done when finished.

Here's where you block pop-ups in Chrome.
Here’s where you block pop-ups in Chrome.
Photo: Rob LeFebvre/Cult of Mac

Both web browsers allow you to add exceptions if you need specific sites to open pop-ups.

Check homepage and search-engine settings

Sometimes, adware will change what homepage your browser starts up with or the search engine it uses to find stuff you want on the web. Check these settings to make sure they haven’t been changed.

Make sure you've got the right search engine selected in Safari.
Make sure you’ve got the right search engine selected in Safari.
Photo: Rob LeFebvre/Cult of Mac

In Safari, go to Preferences and click the General tab at the top. Look at the Homepage field and make sure it contains the site you want to start up with, or is empty. Click on the Search tab and make sure the default search engine there is one you want.

Set your home page in Chrome here.
Set your home page in Chrome here.
Photo: Rob LeFebvre/Cult of Mac

In Chrome, open the Settings page (with the three horizontal lines or by hitting Command-comma) and check the “On Startup” section. Choose an option there, or click through to “Open a specific page or set of pages” to make sure your browser opens to what you want it to, not some adware site.

Check Extensions

Safari and Chrome allow little programs called extensions to enrich your browsing experience, like Amazon Wishlist or Evernote. Check your extensions to make sure they’re all things you’ve installed. If you don’t know what an extension is or what it does, disable it.

Disable or delete Chrome extensions here.
Disable or delete Chrome extensions here.
Photo: Rob LeFebvre/Cult of Mac

In Chrome, go to the Settings menu again and click on Extensions. Uncheck the “Enabled” checkbox near any extension you don’t recognize, or delete it completely by clicking on the trash can icon to the far right.

Uninstall Safari extensions here.
Uninstall Safari extensions here.
Photo: Rob LeFebvre/Cult of Mac

In Safari, head into the Preferences, click on the Extensions icon in the top row and then the extension you want to uninstall on the left. Click the Uninstall button to the right to get rid of the suspicious extension. Here’s a list of extensions that Apple suggests looking for:

  • Amazon Shopping Assistant by Spigot Inc.
  • Cinema-Plus Pro or variations such as Cinema + HD, Cinema + Plus, and Cinema Ploos
  • Ebay Shopping Assistant by Spigot Inc.
  • FlashMall
  • GoPhoto.It
  • Omnibar
  • Searchme by Spigot, Inc
  • Slick Savings by Spigot Inc.
  • Shopy Mate

Find and remove adware from your Mac

Finally, you’ll need to dig into your Mac’s file system to root out any specific adware that may have been installed alongside legitimate Mac software. You can do this manually or with a third-party app, as below.

Manually
You’ll need to quit Safari or Chrome, then start checking your system for specific files known to be adware.

Search for these files and root out any malware.
Search for these files and root out any malware.
Photo: Rob LeFebvre/Cult of Mac

In the Finder, you’ll need to go to the Go menu and select Go to Folder, or hit Shift-Command-G. Type or copy/paste one of the lines below into the resulting Go to Folder field to see if you have the offending file. If you get no result, you’re free of that specific adware file. If you do see something with this type of search, simply drag the file (and only that file) to the trash. Once you’ve removed all the files you need to, restart your Mac, then empty the trash. Start your web browser up again with Shift held down to prevent it from opening any previous windows.

  • /System/Library/Frameworks/v.framework
  • /System/Library/Frameworks/VSearch.framework
  • /Library/PrivilegedHelperTools/Jack
  • /Library/InputManagers/CTLoader/
  • /Library/Application Support/Conduit/
  • ~/Library/Internet Plug-Ins/ConduitNPAPIPlugin.plugin
  • ~/Library/Internet Plug-Ins/TroviNPAPIPlugin.plugin
  • /Applications/SearchProtect.app
  • /Applications/WebTools.app
  • /Applications/cinemapro1-2.app
  • ~/Applications/cinemapro1-2.app
Quit any malicious process with this X button in Activity Monitor.
Quit any malicious process with this X button in Activity Monitor.
Photo: Rob LeFebvre/Cult of Mac

You’ll also want to check your Activity Monitor app (in your Utilities folder) for a process called Genieo or InstallMac; you can use the Search field to find them. If you find either one, click on them, one at a time, and hit the Force Quit button (it looks like an X in the upper left). Restart your Mac.

Then, use the Go to Folder procedure as above to search for the following files in the Finder:

  • /Applications/Genieo
  • /Applications/InstallMac
  • /Applications/Uninstall Genieo
  • /Applications/Uninstall IM Completer.app
  • /usr/lib/libgenkit.dylib
  • /usr/lib/libgenkitsa.dylib
  • /usr/lib/libimckit.dylib
  • /usr/lib/libimckitsa.dylib
  • /Library/PrivilegedHelperTools/com.genieoinnovation.macextension.client
  • ~/Library/Application Support/Genieo/
  • ~/Library/Application Support/com.genieoinnovation.Installer/

Delete any files from this list that you find, and then you’ll want to restart your Mac again here.

Finally, search for /Library/Frameworks/GenieoExtra.framework and remove it if you find it. Restart your Mac again.

Use an app

Malware Bytes is a well-reviewed anti-malware app for Mac or PC that you can use to check your system for any adware that might have been installed. The advantage of using it is mostly due to convenience and a constantly updated list of malware. It’s not an anti-virus solution, however, so be sure to grab something else to search for computer viruses.

Now you’ve got a whole set of tools to use to get adware off of your Mac and keep it from getting there in the first place. If you have any questions, feel free to hit us up on Twitter, Facebook, or in the comments below.

Deals of the Day

  • poikkeus

    Great info, and excellent pics!

    • Rob LeFebvre

      Glad you dig it!

  • http://www.demarca.pl Marek Moi

    Thanks for the coffee, @roblef ;)
    And I’m very glad to see my app in action here.

    • Rob LeFebvre

      It’s an awesome app – any plans to add to it? Would love to see the ability to mix and match the callout tools, like add an arrow and a loupe, for example.

  • freq

    …or stop reading Cult of Mac. The adware they serve has taken over my iOS. I am giving up on their site. It has gotten so bad that they had very NSFW ads take over my phone while I was on my work network. Not cool Cult of Mac. Practice what you preach.

    • vikassaraswat

      You are so darn right cult of Mac is
      Most spyware website among all the Mac blog websites

      Install ABP app on iOS

  • STL

    “In addition to various viruses that can harm your Mac, . . ”
    I’ve been using Apple products since 1981. Have not ever read that Mac’s have viruses except in the OS flame threads.

    You will be doing the entire Mac community a favor by naming the viruses to which you refer in your post.
    Likewise you will be doing the Mac community a favor by disavowing your statement on viruses that I quoted above.

  • vikassaraswat

    Well I have 2 suggestion to add
    Click on edit bookmark while that silly pop page showing your Mac infected and it will not let you close the safari page.
    Once you click on edit bookmark and than close the page minute you close. Safari will go back to edit book mark that way you do not have to force quit …
    2nd install ABP ext and it freak the sh** out of all the pops including cult of Mac and MIND you cult of Mac

    You guys bring so much spyware …. I mean it

    Stop it ….

  • WGFinley

    Why list getting an app last? The best offense is a good defense, get a decent app to protect yourself and skip all the work. I’ve been using Webroot for a few years and it’s fantastic.