How to Scan Mac for Malware. Scanning your Mac for malware should never require pulling out your credit card. Unfortunately, Mac malware can disguise itself as a removal tool, demand payment in exchange for protecting your computer.

Though it's not easy to hack into or break through a Mac's security, it is possible, especially if someone accidentally installs malware without realizing it. If your Mac is running slow or you're seeing unusual advertisements within your web browser you might have accidentally installed malware at some point. Don't worry. It happens to the best of us (not me, of course). There are things you can do without having to burn it all down.

The problem: Mac malware in the Library folder

Serenity Caldwell writing for iMore in 2017:

My father-in-law's MacBook Pro had been running into curious slowdowns for a two-year-old laptop and he kept on seeing weird sites taking over his Safari and Firefox search bars. It was clear to me that his browser had been hijacked.

We got rid of the browser hijack pretty quickly — I suggest using Cella's excellent how-to if you ever run into a browser hijack yourself — but the slowdowns were more curious. Upon further investigation, I found a couple of self-professed 'Mac security programs' that popped up, demanding money to 'clean your Mac from junk'.

Spoiler: These programs were the junk. And worst of all, they'd seemingly added a bunch of nonsense files into this computer's Library folder, with random folder names like 'prestidigitation' and 'beeswax'.

Now, I want to preface: I'd never seen an attack like this on a Mac before in my life, and finding this kind of full-Mac hijack is very rare. It's likely that he accidentally installed one of these 'security' programs (or had it installed), which spiraled out of control from there.

These hijacks didn't appear to be able to do much beyond slow down his machine with endless failed attempts to run a program — the process didn't have admin permissions, so it couldn't execute a thing from the library. But because they were there, they were constantly crashing aspects of his Mac. I knew I had a malfunctioning laptop on my hands, so I turned to my age-old troubleshooting checklist.

How to fix a corrupted Mac

If you're working on a computer that has slowed down beyond reasonable aging or is otherwise acting beyond the pale, here are my favorite tactics you can take to try and restore it to its former glory. Boom for mac serial number.

Update the system software

This is almost always the first thing I do when troubleshooting Macs: Chances are, the user hasn't installed a security update or other software updates that may be slowing their computer to a crawl.

1. Click on the Apple menu icon in the upper left corner of the screen.

2. Select App Store to open the Mac App Store.

3. Click on the Updates tab at the top of the Mac App Store window.

4. Install all relevant updates. (You may need the Apple ID and password for the machine.)

If the computer is running macOS Sierra, you can avoid having to do this troubleshooting step in the future by turning on Automatic Install in System Preferences, which can automatically download newly available updates in the background, and install them overnight.

1. With the Mac App Store open, click on App Store in the upper left corner of the Menu bar.

2. Click on Preferences.

3. Under Automatically check for updates, check the following boxes:

   • Download newly available updates in the background
   • Install app updates
   • Install macOS updates
   • Install system data files and security updates

Check the disk for errors

If software updates aren't doing the trick, the next thing to check is the hard drive itself. With Apple's Internet Recovery partition, fixing a cranky drive is an easy process.

1. Restart your Mac.
2. During reboot, hold down Command-R until it starts up.
3. Once rebooted, you should be in the Internet Recovery Partition. Select Disk Utility.

4. Click Continue.

5. In Disk Utility, click on the First Aid button,

6. Click on Run to execute.

Your Mac will then run a cursory check on its hard drive to determine if there's anything wrong — and if so — if it can fix it.

Reset the NVRAM/PRAM and SMC

If neither app updates nor disk repair are helping, sometimes a good cache flush can get your Mac running just a bit more smoothly.

To reset the NVRAM (or, on older Macs, PRAM), reboot the Mac and hold down the following keyboard command during startup for at least twenty seconds: Command-Option-P-R.

After you reset your NVRAM, you may be required to reconfigure some system settings (like sound and time zones), which are stored in that cache.

An SMC reset is a bit more complicated, and Apple recommends it only after all other troubleshooting avenues have been exhausted.

If you're using a laptop:

1. Shut down your Mac and plug it in.
2. Restart the computer by pressing the Power button along with the keyboard command Shift-Control-Option.
3. Release these keys, then just press the Power button to properly start your computer.

If you're using a desktop:

1. Shut down your Mac.
2. Unplug it and wait for at least 20 seconds.
3. Plug the Mac back in and wait 5-10 seconds.
4. Restart your Mac with the Power button.

Partition your disk (or erase it)

After exhausting all other avenues, this was the solution we came across to properly fix the broken laptop. The hard drive had been so corrupted by these 'security' programs that there was nothing I could do to fix it. When Safari launched over the login screen after a reboot, I knew my usual fixes wouldn't work: It was time to bring out the big guns.

In most cases, I'd grab an external drive, back up the corrupted disk, then wipe the drive clean with the Internet Recovery partition and start over. But there were a couple of reasons that wouldn't work here:

• We were on vacation, and lacking any sort of external media.
• With a semi-corrupted disk, we couldn't just clone the user folder and restore the new disk from a backup — we'd have to do a clean install, which meant moving files over one by one. If we'd missed something and moved all the old files to an external drive, my father-in-law would have had to carry it everywhere just in case.

Given that this laptop had a 500GB hard drive — only 40GB of which was being used — I had an alternate idea: I'd partition the drive, again using Internet Recovery, and install macOS Sierra on the new partition. Essentially, it would be a 'clean' new computer for my father-in-law to work on, but all the original data would still exist on the old partition in case he needed to grab a file.

Note: In order to partition your drive, you'll need enough free space on your drive to do so — at least 30GB. If you're light on space, you may want to back up your corrupted disk to a USB drive, instead.

How to create a partition on your Mac

1. Open Finder from your dock.

2. Select Applications.

3. Scroll down and open the Utilities folder.

4. Double-click to open Disk Utility.

5. Select your hard drive in the Disk Utility window. It will be the first drive on the list. It might be named 'Fusion,' or 'Macintosh HD.'
6. Click on the Partition tab.

7. Click the plus (+) button.

8. Change the size of the partition you wish to use by dragging the resize controls. The used space is represented in blue.
9. Name the new partition.

10. Click apply.

Disk Utility will check the disk and make changes. This will take several minutes.Disk Utility will then make the changes. After that's completed, quit Disk Utility to return to the main Internet Recovery menu.

1. Click on Reinstall macOS.

2. Click Continue.

3. Click Agree to agree to Apple's licensing agreements.
4. Choose the New Mac hard drive as the disk you'd like to install macOS onto.

5. Press Install.

6. The Mac will download a fresh copy of your operating system from the App Store and will install it. The speed of this process entirely depends on your Mac's connection speed to the Internet. You can wait an hour or longer on a slower connection.
7. Your Mac will restart automatically into the new partition once the software has downloaded, then the installation of the operating system will continue.

After you finish setting up the new hard drive, it's time to move your files over. Because of the way partitioning works, your old hard drive partition will show up next to your currently-active partition, just like an external drive; you can then grab any files you need from it.

1. Launch a Finder window.
2. Under Devices in the sidebar, locate your original Macintosh HD.

3. Copy any files you'd like to keep from your old hard drive to the new machine.

Note: If you want to copy over applications, I'd strongly suggest redownloading them from the source — the Mac App Store or the company's website — rather than trying to copy them over from the old partition.

From here, you can follow instructions for setting a Mac up from scratch when it comes to installing and customizing anything else.

I generally recommend keeping the old drive partition around for at least a few months in case you or your family member forgets to move something over; after that period, however, you can easily delete the old partition and move to the new partition full time.

Consider additional anti-malware protection

While malware on the Mac is rare, it does crop up, as we've demonstrated. Having the right tools to get rid of malware can be an important part of keeping your Mac safe and secure. There are a number of tools that you can choose from, including popular programs like BitDefender and Kaspersky, that will help you keep malware from infecting your Mac.

Questions?

Do you have any must-follow troubleshooting steps? Let us know in the comments.

Updated July 2019: Added a sub-section regarding anti-malware protection.

Serenity Caldwell contributed to an earlier version of this guide.

Keep yourself secure on the web

Main

We may earn a commission for purchases using our links. Learn more.

U.S. and Afghan forces successfully captured insurgents using an iPhone app

When their specialist kit failed, soldiers turned to an iPhone to get the job done.

In more recent years, one of the most common ways for a virus to spread itself has been through the autorun.inf file that resides on the root of your removable device such as a USB stick or hard drive. When you insert the device into a computer, the autorun file then executes the program it’s told to which in many cases can be malicious file, and then you have a problem on your hands.

Thankfully in Windows XP and above the Autorun.inf virus issue is now pretty much redundant as the inf file no longer gets executed by default in Windows when it’s inserted and so the malicious file cannot get launched. The problem with removable USB devices is they are so portable that the drive could have been plugged into several other computers before it comes back to you. And with that in mind, there’s always a chance that it could have been infected and other types of malicious files might have been transferred onto it along the way.

Several Antivirus packages these days will offer to scan USB devices when inserted, but sometimes this option is buried in the settings and not automatically enabled. Some others don’t offer this function or only scan the Autorun.inf file to see if it has been infected and you would have to run a manual scan yourself which can easily be forgotten. Here we have a way to automatically scan the USB flash drive whenever it is inserted or plugged in to a Windows computer.

USBVirusScan is a small program that will launch any program you provide as a command line parameter each time a USB drive is inserted. As you might guess, the author uses it to start a full virus scan on the inserted USB drive, and named it as such. But the program can actually be used to launch any program, batch file or script you tell it to and isn’t limited to just running security software.

USBVirusScan isn’t really a tool for beginners though because it doesn’t have graphical user interface (GUI). The configuration and launching is done from a batch file called Start.bat and the tool itself only has an About screen that looks like the image below which shows the command line options.

The only thing you need is an Antivirus package installed. If you don’t have one and don’t want to pay for one, have a look at our comprehensive list of free Antivirus software. Then you’ll need to find out the commands that need to be on the line that can perform a scan when you insert a USB drive. Once you have the command line, just edit the Start.bat file in the USBVirusScan folder.

The command line options can be a bit confusing for some users and finding the correct syntax and commands is not always easy because every antivirus software is different. So for your convenience we’ve provided a few command lines for some popular antivirus software. If you’re using a 64-bit Windows, you may need to change the Program Files entries to Program Files (x86) depending on which folder your Antivirus uses. The simplest way to check is to browse and see which folder the Antivirus is in and use the correct one in the batch file.

Place “Start USBVirusScan.exe” without the quotes at the beginning of Start.bat and add one of the commands to the line depending on the Antivirus software package you have. Then simply execute the bat file and the program will sit in the system tray waiting for a USB drive to be inserted. Memory usage is small occupying only 1MB on our Windows 7 64-bit test system, so can easily sit in the background all the time if you come into contact with lots of USB flash drives.

On the next page we’ll show you the command line options required for USBVirusScan in 15 popular antivirus and internet security packages.

12Next › View All

You might also like:

3 Free Online AntiVirus Scanners to Scan for Malware from Web Browser5 Free Software to Scan your Computer with Multiple Antivirus EnginesManually Update AntiVirus Virus Definition Signatures Without Internet5 Solutions for Kaspersky Installation Ended Prematurely Because of an ErrorUnable to Remotely Control or Configure Kaspersky using Remote Access Software

C:Program FilesMicrosoft Security ClientMpCmdRun.exe” -Scan -ScanType 3 -File %%c:

if i insert a usb drive can be letter d e f g h … ?
how you can understand the letter to must use ?

Reply

and why you use %% ?

%%c:

Reply

Great program idea, but I have to ask, why is it that Antivirus suites don’t do this automatically. It just seems like common senses, you shouldn’t have to use another program and then program it to use your antivirus. This is beyond stupid in my thinking about how antivirus utilities work, they should be protecting flash drives automatically.

Reply

Its good to find the virus scan in pc system

Thank u
praveenkumar

Reply

will this auto scan utility work with Bitdefender free edition? if so, how should do that? please send me the procedure.

Reply

is it possible to revert back after changes made (automatic scan)? can you show how.

Reply

How to do this usb auto scan for comodo internet security premium 2013?

Reply

Although Comodo do have what is believed to be a command line scanner called Cavscan.exe in the Comodo folder, it seems they haven’t bothered to tell anyone how to use it.

The output from Cavscan is always blank whatever arguments you put into it. Comodo’s forums have loads of people asking how to utilize this tool, no-one ever seems to come back with useful answers.

Reply

Very useful program, indeed.
As I use Norton AV, one problem is that the path of NAVW32.exe changes when updated automatically.
So I wrote following bat file which finds the path and kick USBVirusScan.

Content of USBChkStart.bat :
—————– snip ——————
setlocal
reg query “HKLMsoftwaremicrosoftwindowscurrentversionapp pathsnavw32.exe” find “:” >–AA–.txt
for /f “tokens=3,4,5,6” %%p in (–AA–.txt) do set nortonpath=%%p %%q %%r %%s
start /b USBVirusScan.exe %nortonpath% %%c: /S+ /B+
endlocal
——————snip ——————

Another bat file (USBChkStop.bat) to stop is:
usbvirusscan -q

Place them anywhere you want (desktop for example). Works great.
Tak

Reply

Thanks mate appreciate a lot

Reply

Thanks raymond

Reply

Neat program. Thanks for the info raymond, I’m gonna introduce this program to all my mates :)

Reply