How to remove unwanted pop-ups and homepage redirects from Mac?

How to remove pop-up ads and browser redirects from a Mac computer?

When developing the macOS, Apple included many security features allowing users to feel safe when working online. In the past, no serious malware or adware infections targeted Mac computers. Now, however, cyber criminals are increasingly developing malicious code targeting these systems. Many users report annoying pop-up ads, homepage redirects, Internet search engine hijackers, and reduced system performance. One of the most frequent infections on Mac computers is adware, including searchpulse.net redirectAny Search Manager browser hijacker, and MyShopcoupon. As well as adware, Mac computer users are also targeted by potentially unwanted applications (PUAs) also known as potentially unwanted programs (PUPs). Some examples of PUPs include Mac Keeper, Advanced Mac Cleaner, and Mac Mechanic.

Adware is often proliferated using free downloads - most free software download websites require use of a 'download client' to download their free applications. These download managers offer installation of advertised browser plug-ins (usually adware) with the chosen freeware. Another distribution method is intrusive ads including, for example, fake flash player update websites. Once clicked, some advertisements offer installation of additional plug-ins, whilst others simply run scripts designed to download and install adware without users' consent.

adware-introduction2

Table of Contents:

Adware types and symptoms

There are number of adware types, the most common of which display pop-up ads. Others sometimes apply various redirects to the browser. Some adware remains hidden but tracks users' browsing history, such as URLs visited, pages viewed, search queries entered, IP addresses, unique identifier numbers, operating systems, browser information, etc.

Adware symptoms:

  • Reduced web browser performance
  • Annoying ads (searches, banners, text links, transitional, interstitial, and full page advertisements)
  • Browser redirects

Some common adware examples that infect Mac computers:

[Back to Table of Contents]

Close tabs containing ads

First, close any pop-ups displayed, being careful not to click any buttons on the pop-up. Choose between closing the tab or the whole browser by clicking the red 'x' in the top left corner. Clicking on a pop-up can result in even more adware installed on the computer. If your browser displays a message offering the option, 'Don't show more alerts from this webpage', enable it before closing. If the Block alerts button appears once you have closed a pop-up window on your iPhone or iPad, tap it to prevent future pop-ups. If you cannot close the pop-up, shut down the browser through 'force quit' window. On Mac computers, you can access the force quit window by pressing the keyboard shortcut of Command, Option and Escape. When the window appears, select your browser from the list, and then click Force quit button at the bottom. If you have enabled the option whereby the browser starts with the same tabs as the last session, hold down the Shift key when launching Safari to prevent it booting malicious websites and annoying pop-ups.

force-quit-browser

[Back to Table of Contents]

Block incoming pop-up adverts

One of the basic adware methods is pop-up advertisements. These windows often display information that generates currency for developers or encourages you to install even more malicious software. To prevent your browser from displaying pop-up messages, manually enable the blocking option. Most browsers offers the 'block pop-ups' option in  preferences. To enable this useful feature on Safari, launch the browser, click Safari in the menu at top of the screen, select Preferences, and then choose the Security tab. You will see a check box beside 'Block pop-up windows' - enable it and the browser will no longer show any pop-up messages, including advertisements.

safari-pop-ups

If you are using Google Chrome, click the three dots menu at the top right corner and select Settings. Expand the advanced settings section. Look for Content settings, select the open Popups menu, and choose to block them.

chrome-pop-ups

For Mozilla Firefox users, click the three bars icon to open the menu and choose Preferences. Select Privacy & Security from the list on the left side and scroll down until you find the Permissions section. There you will see the Block pop-up windows option - enable the check box to prevent Firefox producing advertisements.

firefox-block-pop-ups

[Back to Table of Contents]


Inspect your homepage and default search engine settings

Adware can sometimes affect some (or all) of these preferences by replacing the homepage or changing the default search engine. As a result, the browser will display the website set by the adware when starting up. Furthermore, the browser will not use Google search by default. To check these settings on the Safari browser, open Preferences and select the General tab. You will find the homepage field. Ensure the website address has not changed.

safari-homepage

To check the default search engine, select the Search tab and ensure that Google is selected in the drop-down menu.

safari-search-engine

To adjust search settings on Google Chrome, open preferences and click the three bars icon at the top left corner, select the On start-up section, and choose your preferred option. If you are using a homepage, check that the website address is correct. To manage the search engine, choose Search engine from the sidebar.

chrome-search-engine

If you are using Mozilla Firefox, open preferences. Under the General section you will find the home page field - check that the address is correct.

firefox-homepage

To adjust search engine preferences, simply click the search section. Here, you will find the Default Search Engine option.

firefox-search-engine

[Back to Table of Contents]

Disable unnecessary Extensions

Today, browsers allow attachment of small programs called extensions to improve software functionality. These are useful features, but also provide developers with the opportunity to hide adware. Often, installation of a single fake extension will result in a number of different software applications being applied to the browser. We recommend that you disable all extensions whose purpose is unknown (extensions without proper name are usually malicious). Disabling them will not remove them, so this will allow you to assess whther they are legitimate before removing or re-enabling them. To check extensions attached to Safari, open preferences and select the extensions tab.

safari-extensions

You will see a list with all remaining additional programs. The check box enables/disables the extension, whilst the uninstall button removes it completely. Apple has created a list of the most common malicious extensions. This help users to quickly locate unwanted/rogue software. Study the list closely - if you find any in your Safari extensions list, remove them immediately.

  • Amazon Shopping Assistant by Spigot Inc.
  • Cinema-Plus Pro or variations such as Cinema + HD, Cinema + Plus, and Cinema Ploos,
  • Ebay Shopping Assistant by Spigot Inc.,
  • FlashMall,
  • GoPhoto.it,
  • Omnibar,
  • Searchme by Spigot, Inc,
  • Slick Savings by Spigot Inc.
  • Shopy Mate.

If you are using Google Chrome, click the three dots menu in the top right corner, locate More tools, and choose Extensions. Here, you will find a list of items with a remove button and toggle, which enables/disables the extension.

chrome-extensions

To manage programs attached to the Mozilla Firefox browser, click the three bars menu button and then select Add-ons. Choose Extensions from the list in the left side and check if there is any software installed. Each add-on will have buttons to Disable or Remove them. We recommend that you disable them first to check for any important changes. If the add-ons are not required, remove them.

firefox-add-ons

[Back to Table of Contents]

Detect and remove adware from your Mac

Finally, the most important step is to check the Mac hard drive for any malicious software hiding within legitimate files and software. There are two methods to clear the Mac from malicious adware: 1) search for and delete files manually; 2) use third-party software.

Remove adware files manually

First, close the browser and check the hard drive for specific destinations/files known as adware. Launch Finder, click on Go in the menu at the top of the screen and select Go to Folder. Alternatively, use the keyboard shortcut Shift, Command, and G. Type the destinations and file names listed below and click Go - this will check if the file exists in your file system. If you find any of the files listed below, drag them to Trash. Note: move only files from the list.

finder-framework

Once you have checked all list items, restart the Mac computer, and only then will you be able to empty the trash. Once the Trash bin is clear, start the web browser, but remember to hold down the Shift key on the keyboard to prevent it from booting any malicious websites. The list of files known as adware:

  • /System/Library/Frameworks/v.framework
  • /System/Library/Frameworks/VSearch.framework
  • /Library/PrivilegedHelperTools/Jack
  • /Library/InputManagers/CTLoader/
  • /Library/Application Support/Conduit/
  • ~/Library/Internet Plug-Ins/ConduitNPAPIPlugin.plugin
  • ~/Library/Internet Plug-Ins/TroviNPAPIPlugin.plugin
  • /Applications/SearchProtect.app
  • /Applications/WebTools.app
  • /Applications/cinemapro1-2.app
  • ~/Applications/cinemapro1-2.app

Next, check the system using Activity Monitor, which is under the Utilities folder. In the process list, look for Genieo or InstallMac processes. If your Mac runs many processes, use the search field to easily find them. If you find at least one, select it and click the force quit (x) button in the top left corner. Once you have closed both processes, restart the Mac.

activity-genieo

When the computer has booted, open finder and use the Go to Folder function. Look for the files listed below. If you find any, remove them as in the step above.

  • /Applications/Genieo
  • /Applications/InstallMac
  • /Applications/Uninstall Genieo
  • /Applications/Uninstall IM Completer.app
  • /usr/libgenkit.dylib
  • /usr/libgenkitsa.dylib
  • /usr/libimkcit.dylib
  • /usr/libimckitsa.dylib
  • /Library/PrivilegegHelperTools/com.genieoinnovation.macextension.client
  • ~/Library/Application Support/Genieo/
  • ~/Library/Application Support/com.genioinnovation.Installer/

Once you have checked and removed all files from the list, restart the Mac. Finally, when the computer boots, search for /Library/Frameworks/GenieoExtra.framework and, if found, delete it. Once the file is removed, restart the Mac one more time.

[Back to Table of Contents]

Use Combo Cleaner to remove adware and other malicious software

Combo Cleaner contains two virus scan engines. The first checks for Mac-based malware infections, while the second searches for Windows computer security threats. This tool not only detects and removes malicious software from your computer, but also checks email attachments. If it detects any threats (whether on Mac or PC-based computers) it removes them to ensure they do not spread to other emails. To clean up the computer, first download this antivirus software from the website. Install it on the Mac and then run the program.

combo-cleaner-1

Select Antivirus in the left sidebar and choose between three types of computer scan. Quick scan checks destinations most commonly used to store infected files, Full Scan check the entire hard drive for any malicious software. The last option is a Custom Scan - Combo Cleaner checks only folders that the user has selected. Additionally, this software can clear the system of junk files and optimize hard drive storage.

combo-cleaner-2

[Back to Table of Contents]

Video Showing how to remove malicious software from a Mac computer:

[Back to Top]

About the author:

Tomas Meskauskas

I am passionate about computer security and technology. I have an experience of 10 years working in various companies related to computer technical issue solving and Internet security. I have been working as an editor for pcrisk.com since 2010. Follow me on Twitter to stay informed about the latest tech news or online security threats. Contact Tomas Meskauskas.

Our guides are free. However, if you want to support us you can send us a donation.