Cybersecurity, Removing macOS Spam Malware

There is a new piece of malware going around that infects Apple devices. It uses a small amount of your computer's processing power and internet connection to send out spam emails. It isn't known to hijack accounts or compromise your University mailbox, but it will usually lead to your device being banned from IllinoisNet.

Before you begin, run an antivirus scan from a program such as MalwareBytes to be sure there is not anything else malicious in your computer, and take a screenshot of a 'clean' result.

Then follow these steps to locate the newer virus, which is not yet reliably detected by MalwareBytes:

  1. Empty your Trash.
  2. Open a Finder window (blue/gray face icon).
  3. In the menu bar at the top of the screen, click Go and then choose Go to Folder to open a dialog box.
  4. Input ~/Library and then press Enter. Be sure to include the tilde and forward slash; simply typing Library may lead to the wrong folder. This will open a Finder window to a folder named Library in your home directory.
  5. In Library, navigate to the Application Support folder and locate and delete the following:
    1. A folder whose name is random characters, usually a long string of digits or letters that do not form a word, containing files named helper and pcyx.ver
    2. A folder whose name is the letters org. followed by another string of random characters in the same fashion, containing a file named app_assistant
      Note that these files may be contained in a subfolder, and may not be named exactly as above.
  6. In Library, navigate to the LaunchAgents folder, and locate and delete a .plist file whose name is another string of random characters.
  7. Once these two folders and .plist file have been found and moved to Trash, take a screenshot of the Trash folder (so that Technology Services can see that you were successful) and then empty it again.
  8. Restart your computer, and check the Library folders described above to be sure the virus' files have not returned.
  9. Ask the Technology Services Help Desk or Security group to remove the block from your device, and show the screenshots of a clean antivirus scan and the Trash folder with the extra removed virus files.

If you have any questions, need any assistance with the above steps, or have successfully removed the virus and need your device to be unblocked from IllinoisNet, please contact the Help Desk by email at consult@illinois.edu or by phone at 217-244-7000.


KeywordsmacOS, spam, malware, virus, trojan, security, mac, apple, blocked, email, clearpass   Doc ID120871
OwnerJackson M.GroupUniversity of Illinois Technology Services
Created2022-08-23 15:33:19Updated2024-01-23 15:06:49
SitesUniversity of Illinois Technology Services
Feedback  6   5