The Safe Mac

Follow The Safe Mac on Twitter to stay advised of the latest Mac security news!


Adware Removal Guide

Published November 7th, 2013 at 3:36 PM EST, modified December 14th, 2014 at 8:42 AM EST

adware

Adware has been a plague on the Windows world for years. Unfortunately, this plague has begun to spread to the Mac as well. There are a number of different programs out there that serve no useful purpose except to shove ads in your face, all just to make money for the developer of the adware. Because it lives in the borderline between malware and legit software, though, detection by anti-virus software can be very hit-or-miss. This can make removal difficult.

Where does it come from?

Adware often comes packaged in installers for other software. Most often, this is because something was downloaded illegally from a torrent or piracy site. Sometimes it is because it has been added to a legit piece of software by an unscrupulous download site. (Even well-known download sites, such as Download.com and Softonic, have resorted to this kind of unethical behavior, and should never be used.) Other times it is because a developer has opted to use an adware-riddled installer, provided with incentives from the adware creator, to distribute their software. It could even be installed through deceit, by pretending to be something that it is not in order to trick the user into installing it. (This last type is usually the only type that is detected as malware by anti-virus software.)

What are the symptoms?

The most typical symptom of such adware is the display of advertisements on your Mac where none should exist. Adware also will often change your browser’s home page and search engine settings, and may even cause redirects from legit sites to sites constructed for the financial benefit of the adware developer. It can also cause secondary problems, such as web pages displaying incorrectly (due to insertion of foreign HTML code) or browser crashes.

However, problems with unwanted ads in the web browser are not necessarily caused by adware on your computer. They could also be caused by a compromised network or a problem with the site itself.

Step 1: Scan with AdwareMedic

Download and run AdwareMedic. (AdwareMedic requires Mac OS X 10.7 or later. If you are using Mac OS X 10.6.8 or older, you will need to follow the manual instructions. See step 1b below.)

AdwareMedic will scan your system and help you remove any known adware automatically. Please read the AdwareMedic documentation, which can also be found by clicking the Get Help button in the app. Be sure to pay attention to any prompts, as you may need to decide whether or not to delete certain preference files, or may need to restart the computer and then do another scan. Read the prompts carefully, and be sure you understand and follow all instructions.

If you are unable to download AdwareMedic because the Download button redirects you to other sites (such as the MacKeeper site) or because the AdwareMedic site pops open for a fraction of a second before being replaced with a page that says your browser can’t find the server, you are infected with the Downlite adware. It is actively trying to prevent you from downloading AdwareMedic. See Adware blocking AdwareMedic downloads!, or if that page also is blocked, see:

https://discussions.apple.com/docs/DOC-7792

Step 1b: Manual Removal

If you are willing and able to run AdwareMedic, there is no reason to try manual removal.

However, if you feel uncomfortable running an app downloaded from a website that you may not have ever heard of before today (which is perfectly reasonable), or if your system is too old to run AdwareMedic, then you can try the manual removal instructions instead. If you opt for manual removal, be sure to follow the directions very carefully! Be aware that, for some adware, there is some risk involved with manual removal if you accidentally delete the wrong thing or don’t follow the instructions carefully. Some adware can cause your system to crash and be unable to start back up if the instructions aren’t followed carefully!

Step 2: Check for other causes

If you don’t find any signs of adware, your problems may not actually be caused by adware at all. You may be on a compromised network, or an ad-supported wifi network. You may also be looking at a site that has been hacked, or even just an ordinary bad site. For help figuring out where the problem might be, see the Other Causes page in this guide.

Step 3: Report new adware

If you have followed the instructions in the first two steps carefully, but you found no adware in step 1 and the tests in step 2 indicate that the problem is due to adware, choose Take System Snapshot from the Scanner menu in AdwareMedic to take a snapshot your system and send me a report. This is important for detecting new adware.

Don’t be shy about sending reports if you think you may have something new. However, please do not send me reports if you have not completed both steps 1 and 2! I get a lot of reports from people who have not done so, and those reports often show adware that would have been removed by AdwareMedic or the manual removal instructions. You will save yourself (and me) a lot of time by following the directions the first time, rather than waiting for a response from me telling you to go back and follow the directions!


This page and all contents (unless otherwise noted) copyright 2011-2014 by Thomas Reed.
For questions or comments, please contact me.