How to Remove Unwanted Pop-Ups and Homepage Redirects From Mac?

How to Remove Pop-Up Ads and Browser Redirects From a Mac computer?

Many users report annoying pop-up ads, homepage redirects, Internet search engine hijackers, and reduced system performance. One of the most frequent infections on Mac computers is adware, including searchpulse.net redirectAny Search Manager browser hijacker, and MyShopcoupon.


Mac computer users are also targeted by potentially unwanted applications (PUAs), also known as potentially unwanted programs (PUPs). Some examples of PUPs include Mac Keeper, Advanced Mac Cleaner, and Mac Mechanic.

Adware is often proliferated using free downloads - most free software download websites require a 'download client' to download their free applications. These download managers offer installation of advertised browser plug-ins (usually adware) with the chosen freeware.

Another distribution method is intrusive ads, including, for example, fake flash player update websites. Once clicked, some advertisements offer to install additional plug-ins, while others simply run scripts designed to download and install adware without users' consent.

Video showing How to Remove Malicious Software From a Mac Computer?

Table of Contents:

Adware types and symptoms

There are several adware types, the most common one which displays pop-up ads. Others sometimes apply various redirects to the browser. Some adware remains hidden but tracks users' browsing history, such as visited URLs, viewed pages, search queries entered, IP addresses, unique identifier numbers, operating systems, browser information, etc.

Adware symptoms:

Reduced web browser performance
Annoying ads (searches, banners, text links, transitional, interstitial, and full-page advertisements
Browser redirects

Some common adware examples that infect Mac computers:

[Back to Table of Contents]

Close tabs containing ads

First, close any pop-ups displayed, being careful not to click any buttons on the pop-up. Choose between closing the tab or the whole browser by clicking the red 'x' in the top left corner. Clicking on a pop-up can result in even more adware installed on the computer.

If your browser displays a message offering the option, 'Don't show more alerts from this webpage', enable it before closing. If the Block alerts button appears once you have closed a pop-up window on your iPhone or iPad, tap it to prevent future pop-ups. If you cannot close the pop-up, shut down the browser through the 'force quit' window.

You can access the force quit window on Mac computers by pressing the keyboard shortcut of Command, Option, and Escape. Select your browser from the list when the window appears, and then click the Force quit button at the bottom.

If you have enabled the browser to start with the same tabs as the last session, hold down the Shift key when launching Safari to prevent it from booting malicious websites and annoying pop-ups.


[Back to Table of Contents]

Block incoming pop-up adverts

One of the basic adware methods is pop-up advertisements. These windows often display information that generates currency for developers or encourages you to install even more malicious software. To prevent your browser from showing pop-up messages, manually enable the blocking option. Most browsers offer the 'block pop-ups' option in preferences.

1. Launch the browser and click Safari in the menu at the top of the screen.
2. Select Preferences, and choose the Security tab to enable this useful feature on Safari.
3. You will see a check box beside 'Block pop-up windows' - enable it, and the browser will no longer show any pop-up messages, including advertisements.


4. Using Google Chrome, click the three dots menu at the top right corner and select Settings.
5. Expand the advanced settings section. Look for Content settings, select the open Pop-ups menu, and choose to block them.


For Mozilla Firefox users:

1. Click the three bars icon to open the menu and choose Preferences.
2. Select Privacy & Security from the list on the left side and scroll down until you find the Permissions section.
3. There you will see the Block pop-up windows option - enable the check box to prevent Firefox from producing advertisements.


[Back to Table of Contents]

Inspect your homepage and default search engine settings

Adware can sometimes affect some (or all) of these preferences by replacing the homepage or changing the default search engine. As a result, the browser will display the website set by the adware when starting up. Furthermore, the browser will not use Google search by default.

1. To check these settings on the Safari browser, open Preferences and select the General tab.
2. You will find the homepage field. Ensure the website address has not changed.


3. Select the Search tab and ensure that Google is selected in the drop-down menu to check the default search engine.


To adjust search settings on Google Chrome:

1. Open preferences and click the three bars icon at the top left corner.
2. Select the On start-up section, and choose your preferred option.
3. If you are using a homepage, check that the website address is correct. To manage the search engine, select a Search engine from the sidebar.


If you are using Mozilla Firefox:

1. Open preferences.
2. Under the General section, you will find the home page field - check that the address is correct.


3. To adjust search engine preferences, simply click the search section. Here, you will find the Default Search Engine option.


[Back to Table of Contents]

Disable unnecessary Extensions

Today, browsers allow the attachment of small programs called extensions to improve software functionality. These are useful features but also provide developers with the opportunity to hide adware. Often, installing a single fake extension will result in several different software applications being applied to the browser.

We recommend that you disable all extensions whose purpose is unknown (extensions without a proper name are usually malicious). Disabling them will not remove them, so this will allow you to assess whether they are legitimate before removing or re-enabling them.

1. To check extensions attached to Safari, open preferences and select the Extensions tab.


2. You will see a list with all remaining additional programs. The check box enables/disables the extension, while the uninstall button removes it completely. Study the list closely - if you find any malicious extensions in your Safari extensions list, remove them immediately.

Amazon Shopping Assistant by Spigot Inc.
Cinema-Plus Pro or variations such as Cinema + HD, Cinema + Plus, and Cinema Ploos,
eBay Shopping Assistant by Spigot Inc.,
Search by Spigot, Inc,
Slick Savings by Spigot Inc.
Shop Mate.

If you are using Google Chrome:

1. Click the three dots menu in the top right corner.
2. Locate More tools and choose Extensions. Here, you will find a list of items with a remove button and toggle, enabling/disables the extension.


3. To manage programs attached to the Mozilla Firefox browser, click the three bars menu button and select Add-ons.
4. Choose Extensions from the list on the left side and check if there is any software installed.
5. Each add-on will have buttons to Disable or Remove. We recommend that you disable them first to check for any critical changes. If the add-ons are not required, remove them.


[Back to Table of Contents]

Detect and remove adware from your Mac

Finally, the most important step is to check the Mac hard drive for any malicious software hiding within legitimate files and software. There are two methods to clear the Mac from malicious adware:

1) search for and delete files manually;
2) use third-party software.

Remove adware files manually.

First, close the browser and check the hard drive for specific destinations/files known as adware.

1. Launch Finder, click on Go in the menu at the top of the screen and select Go to Folder. Alternatively, use the keyboard shortcut Shift, Command, and G.
2. Type the destinations and file names listed below and click Go - this will check if the file exists in your file system.
3. If you find any of the files listed below, drag them to Trash.

Note: move only files from the list.


4. Once you have checked all list items, restart the Mac computer, and only then will you be able to empty the trash.
5. Once the Trash bin is clear, start the web browser, but remember to hold down the Shift key on the keyboard to prevent it from booting any malicious websites. The list of files known as adware:

  • /System/Library/Frameworks/v.framework
  • /System/Library/Frameworks/VSearch.framework
  • /Library/PrivilegedHelperTools/Jack
  • /Library/InputManagers/CTLoader/
  • /Library/Application Support/Conduit/
  • ~/Library/Internet Plug-Ins/ConduitNPAPIPlugin.plugin
  • ~/Library/Internet Plug-Ins/TroviNPAPIPlugin.plugin
  • /Applications/SearchProtect.app
  • /Applications/WebTools.app
  • /Applications/cinemapro1-2.app
  • ~/Applications/cinemapro1-2.app

6. Next, check the system using Activity Monitor, which is in the Utilities folder
7. In the process list, look for Genieo or InstallMac processes. If your Mac runs many operations, use the search field to easily find them.
8. Select it and click the force quit (x) button in the top left corner if you find at least one.
9. Once you have closed both processes, restart the Mac.


10. When the computer has booted, open Finder and use the Go to Folder function.
11. Look for the files listed below. If you find any, remove them as in the step above.

  • /Applications/Genieo
  • /Applications/InstallMac
  • /Applications/Uninstall Genieo
  • /Applications/Uninstall IM Completer.app
  • /usr/libgenkit.dylib
  • /usr/libgenkitsa.dylib
  • /usr/libimkcit.dylib
  • /usr/libimckitsa.dylib
  • /Library/PrivilegegHelperTools/com.genieoinnovation.macextension.client
  • ~/Library/Application Support/Genieo/
  • ~/Library/Application Support/com.genioinnovation.Installer/

12. Once you have checked and removed all files from the list, restart the Mac.
13. Finally, when the computer boots, search for /Library/Frameworks/GenieoExtra.framework and, if found, delete it.
14. Once the file is removed, restart the Mac one more time.

[Back to Table of Contents]

Use Combo Cleaner to remove adware and other malicious software

Combo Cleaner contains two virus scan engines. The first checks for Mac-based malware infections during the second search for Windows computer security threats. This tool not only detects and removes malicious software from your computer but also checks email attachments.

If it detects any threats (whether on Mac or PC-based computers), it removes them to ensure they do not spread to other emails. To clean up the computer, first, download this antivirus software from the website.

1. Install it on the Mac and then run the program.


2. Select Antivirus in the left sidebar and choose between three types of computer scans.

Quick Scan checks destinations most commonly used to store infected files. Full Scan checks the entire hard drive for any malicious software. The last option is a Custom Scan - Combo Cleaner checks only folders that the user has selected.

Additionally, this software can clear the system of junk files and optimize hard drive storage.


[Back to Top]

▼ Show Discussion

About the author:

Karolina Peistariene

Author of how-to guides for Mac users. Responsible for collecting, analyzing, and presenting problem-solving solution articles related to macOS issues. Years of macOS experience combined with solid research and analyzing skills help Karolina provide readers with working and helpful solutions as well as introduce various features Mac has to offer. Contact Karolina Peistariene.

Our guides are free. However, if you want to support us you can send us a donation.

About PCrisk

PCrisk is a cyber security portal, informing Internet users about the latest digital threats. Our content is provided by security experts and professional malware researchers. Read more about us.

Read this article in other languages
Malware activity

Global malware activity level today:

Medium threat activity

Increased attack rate of infections detected within the last 24 hours.