It was Homer who first introduced the term “trojan horse” into our vocabulary. The wooden horse that helped the Greeks invade the city of Troy has become a well-known legend around the world. But now, the term commonly refers to malware that disguises itself as something harmless and legitimate.
Once opened, the malware hidden inside a trojan horse virus, sometimes referred to simply as a “trojan,” is released and quickly infects the target operating system. If you need to remove a trojan virus from your Mac, taking action is crucial to protect your device and your data.
What to do if your Mac gets infected with a trojan horse virus
If you get a trojan horse virus, there are some steps you must immediately take to remove it.
Disconnect from the internet immediately
Malware needs an internet connection in order to do its job. While it’s sucking up your data, it needs a way to transport it to their own server. So the first best thing you should do is firmly shut that door.
Disconnect from your Wi-Fi immediately. This alone severely hobbles the malware from carrying out its intended purpose.
Shut down and eliminate suspicious running programs
The next step is to open Activity Monitor and look for suspicious programs and processes. If they are malware-related, they will likely be taking up a huge amount of your CPU and memory. Filter the list to bring the CPU guzzlers to the top.
If you see any processes you don’t recognize, run a web search for them to make sure you’re not stopping an essential function. You can then forcibly shut them down. However, some malware processes tend to restart if they are closed.
Identify and remove the app that brought you the malware
The next step is to identify the app or program that introduced the trojan horse to your machine by checking your MacBook’s Applications folder.
If the trojan virus just arrived, it will likely be the most recent app or program you installed. If you can pinpoint when you first noticed the malware symptoms, you can narrow down the culprit.
Delete the rogue app or program immediately. You can securely delete it, along with all associated files, by using CleanMyMac. We’ll be providing a fuller how-to on CleanMyMac later in the article.
Run a full antivirus scan and delete everything it finds
On the subject of CleanMyMac, your next step will be to run a full antivirus scan and delete the trojan virus from the Mac. We’ll be covering this later in the article. But this is an essential step.
Check your device settings
Next, you need to do some extensive checking to see if the trojan malware has changed any of your device settings. This means going to the Apple menu > System Settings, and working your way through each section.
Pay particular attention to the Privacy & Security settings. The trojan virus may have been trying to disable the Mac’s built-in firewall, for example.
You may find it helpful, after rechecking all the settings, to take screenshots of each section so you have something to compare them to next time.
Check browser extensions and clear data
Your browser may also have been targeted, depending on how fast you were to kill the virus. Checking your browser is next on the to-do list.
Check things like extensions, the password manager, your homepage and search engine settings, and the built-in security features of the browser.
Change passwords to important and sensitive accounts
If the trojan malware was on your machine long enough, it may have captured passwords and made your online accounts vulnerable to being breached.
Identify your most sensitive accounts — email, social media, banking, and anything with your payment details in it — and change the passwords. Also, enable 2-factor authentication if it isn’t already turned on.
Consider wiping and resetting your machine
It’s not always necessary to do this, but in some serious cases of virus infection, wiping and resetting your MacBook to factory settings may be the only option.
Always be sure to have a backup of your files. Backing up after malware has hit may potentially back up the malware along with your files.
Modern MacBooks have a much faster and more simplified reset process, making it a breeze to do. The setup is the most annoying part, even with an iCloud backup on hand.
How to remove a trojan virus from a Mac
If you have a trojan horse virus on your computer, here are some tips to effectively remove trojans and destroy them.
Trojan virus removal on a Mac with CleanMyMac
As promised, here’s our top tip for removing malware from your Mac — CleanMyMac powered by Moonlock Engine, the ultimate trojan horse remover.
This is a specialized antivirus software platform that is able to find all kinds of malware. Not just trojan viruses but also other common forms such as spyware and remote access trojans.
- Open CleanMyMac and select the Protection module on the left.
- If it’s your first time using the software, select Configure Scan to select what you want to be scanned. We recommend selecting everything, as well as selecting Deep Scan.
- Click Scan, and CleanMyMac will start methodically searching your Mac, looking for all traces of the trojan virus as well as any other threats on your MacBook.
When the trojan horse virus has been found, CleanMyMac will present it to you in a comprehensive list. Select everything and click Remove.
How do you manually remove trojans from a Mac?
Trojan virus removal on a Mac is a very tricky and unpredictable business if you choose to do it manually. You may be able to defeat the biggest culprits like the app it came in, but getting all of the smaller associated files is difficult and time-consuming, with no guarantee of success.
This is why we strongly recommend using CleanMyMac instead. Its powerful tools are able to identify all aspects of a virus and quarantine anything resembling a threat.
Saying that, if you want to do this the manual way, the usual method would be to do what’s outlined in the first section of this article:
- Find the offending app and delete it.
- Check your device settings for changes.
- Check your browser settings — extensions, passwords, security settings, homepage and search engine, and so on.
- Change your passwords.
This may get rid of most of the threat, but there’s always the chance that some files will be missed. If you don’t use an antivirus platform, then wiping and resetting your MacBook may be the next best option.
How do trojans typically spread to Mac devices?
There are some common scenarios for how trojan horse viruses usually spread. It’s helpful to know them so you can do your part to limit their advance.
- Email attachments: The old method is still the most effective. Whether it’s a PDF file, a Word document, or another file format, email attachments are perfect for smuggling through malware infections.
- Infected web links: Another tried and tested method. When someone gets a web link sent to them, their first instinct is to click it, but what is the link’s ultimate destination?
- Malicious downloads: There are many places where you might encounter downloads infected with trojan malware. Pirated software has to take first place, followed by free software sites.
- Removable media: It’s simple to put the trojan horse virus on, say, a USB drive and leave it lying around for somebody to pick up and plug it into their machine.
- Unpatched software and apps: Viruses and other malware also rely on security vulnerabilities in software and apps, especially browsers. The app developer should be providing patches and updates as soon as the threat is known, but it all depends on how fast you install it.
How to prevent trojan attacks on Mac in the future
Fortunately, it’s possible to remove trojans from a Mac. But once you do, you obviously don’t want to go through the process again. Here are some ways to prevent it happening in the future.
Use the best antivirus software on the market
CleanMyMac is probably the best investment you can make for your MacBook. It’s a powerful, 24/7, all-seeing sentry.
Be wary of email links
If a family member sends you a web link, it’s fair to say that you can trust them and can click that link. But what about a work colleague you don’t know so well? Or a complete stranger who has emailed you or sent a chat message with that link?
As we were taught when we were kids, don’t talk to strangers.
Think before opening email attachments
Email attachments are hard not to fall for. We get a lot of things via email attachments — paychecks, invoices, payment confirmations for online shopping, images, and so much more.
As with email links, decide who you can trust and who you can’t. If in doubt, delete it and remain on the safe side.
Don’t plug in unknown removable media
As we said, it’s a no-brainer for a cybercriminal to put a trojan virus on a USB stick, “accidentally” leave it lying in a coffee shop, and wait for an unsuspecting victim to get curious and plug it into their laptop. Suddenly, the trojan virus is off on its mission.
If you see a USB stick or other removable lying around, don’t touch it. It could be harmless, but do you want to take the chance?
Don’t download pirated software or apps
We get it. Apps and software are expensive, and there they are, sitting on a sketchy website ripe for the taking. Who’s going to know?
Apart from the fact that serial keys can be reported as stolen and then tracked, software from pirate sites can easily be infected with malware. It’s not worth the risk. Instead, save up to buy it.
Be careful when installing legitimate software
You even have to be careful when installing legitimate software. As we said at the start, the very definition of a trojan horse virus is one that hides inside legitimate software to lower your defenses.
This is why the Mac App Store is your friend. All the apps are vetted and scanned for threats. You can be almost certain that what you get there is perfectly safe.
Disable AirDrop
AirDrop is a fantastic and stress-free way to transfer files from one device to another. But that can also be a dangerous vulnerability. If you set AirDrop to accept files from outside your contacts, anyone can try to send you a file.
The best thing to do is disable AirDrop if you’re not using it.
Keep your devices and apps updated
As we’ve said more than once, malware like trojans on Mac rely heavily on unpatched software vulnerabilities. It’s like leaving your front door open and letting anyone walk in and make themselves at home.
When your Macbook says it has an update, install it as quickly as possible. You can also use CleanMyMac to check if any of your installed apps are waiting for updates.
Don’t disable built-in macOS security tools
Some of the built-in macOS security tools — such as XProtect — can’t be disabled. But others, such as Apple’s Firewall, FileVault, and GateKeeper, can. They may annoy you with their precautions, but disabling them is strongly not advised.
These tools are there for a reason. Let them do their job.
Be careful about what you share with others
Finally, most people who pass viruses on to others are unaware that they are doing it. Before sharing a link, file, or USB drive, ask yourself if it’s strictly necessary. And if you have to, maybe run a check on VirusTotal or put the USB drive through CleanMyMac?
It can be a pretty straightforward process to remove a trojan horse virus from a Mac. But you need to know the infection signs, what to delete, and what to check. Hopefully, this article has given you some valuable pointers. Now you know what to do if the dreaded moment happens to you.
This is an independent publication, and it has not been authorized, sponsored, or otherwise approved by Apple Inc. Mac and macOS are trademarks of Apple Inc.
