BasicLocator Mac virus (Free Guide)
BasicLocator Mac virus Removal Guide
What is BasicLocator Mac virus?
BasicLocator – a Mac virus that can hijack your device and steal your data
BasicLocator is a type of adware similar to others that have been present online for several years. It often reaches users’ devices through misleading prompts, such as fake updates for essential software or installers obtained from unreliable websites.
After being installed, BasicLocator secures elevated permissions on the affected system, allowing it to stay operational over a long period. It creates persistence mechanisms by modifying system settings, including adding Login Items and other entries. A key sign of its presence is the installation of a browser extension, which may affect popular browsers like Safari, Chrome, or Firefox.
This adware disrupts browsing experiences by altering search results to include intrusive advertisements and possibly dangerous links. Users might face an increase in phishing attempts, exposing them to further risks like malware infections or financial scams.
A particularly concerning feature of BasicLocator is its potential to monitor users’ browsing activities and collect sensitive data. This can include personal details such as login credentials or banking information. Removing this adware promptly is essential to safeguard both your data and your device.
Name | BasicLocator |
Type | Mac virus, adware, browser hijacker |
Malware family | Adload |
Distribution | Fake Flash Player installers or pirated software from high-risk sources |
Symptoms | Installs an extension to the browser that can not be deleted easily; changes homepage/new tab to Safe Finder, Akamaihd, or something else; redirects lead to potentially malicious or scam sites, promotes suspicious software, etc. |
Removal | You can remove Mac malware with the help of powerful security tools, such as SpyHunter 5Combo Cleaner or Malwarebytes. We also provide manual removal steps below |
System optimization | Potentially unwanted programs often leave traces within web browsers – cookies, for example, are used for tracking. You should get rid of these leftovers with FortectIntego or employ our manual guide |
Techniques used by cybercriminals to spread BasicLocator
BasicLocator is a type of malicious software designed to specifically target macOS users. Cybercriminals use various tactics to distribute this malware, with some of the most common methods involving fake software updates and downloads from unofficial platforms.
One of the primary techniques involves counterfeit Flash Player updates. Cybercriminals set up deceptive websites that closely imitate official pages, often using logos and designs to mimic trusted brands. These sites prompt users to download a supposed Flash Player update, but the file they install is actually malware. In some cases, these pages employ scare tactics, such as warnings about system vulnerabilities or restricted access to content, to pressure users into downloading the update.
Another method of spreading the virus involves pirated software distributed on untrustworthy websites. These packages often claim to offer free versions of premium programs, such as VPNs, Adobe products, or antivirus software. However, these downloads are bundled with malicious software.
Users who download from unofficial sources may be attempting to avoid paying for licensed software, but this choice comes with significant risks. Besides BasicLocator, they could unknowingly install additional threats, such as spyware or trojans, further compromising their system's security.
BasicLocator: a threat to Mac users
The rising popularity of Macs has shattered the misconception that they are immune to malware. Over the past few years, there has been a sharp increase in malware targeting macOS, drawing the focus of cybercriminals globally.
Although Macs are generally less susceptible to severe threats like ransomware or rootkits, they have become a prime target for adware. Mac-specific adware is often more aggressive and disruptive compared to similar programs designed for Windows systems.
BasicLocator, a persistent and invasive adware variant, exemplifies this trend. Known for its distinct icon – featuring a magnifying glass against backgrounds in colors like teal, green, blue, or gray – this malware has plagued Mac users for years. The presence of this icon in an app or browser extension is a common sign of the infection.
One of its defining traits is its ability to evolve and bypass macOS security measures. Using advanced techniques, BasicLocator employs tools like AppleScript to circumvent Gatekeeper and XProtect, which are critical defense mechanisms for Macs.
Once it infiltrates the system, it installs extensions and other components with elevated permissions, enabling it to harvest personal information and download additional malicious software. This often results in a cascade of infections, with multiple malware variants complicating the cleanup process. Removing BasicLocator can be a difficult task, but proper measures can restore the device's security.
How to remove malicious software from your Mac
The easiest and most practical way to remove malicious software from your Mac is by running a scan with an anti-malware app like SpyHunter 5Combo Cleaner, Malwarebytes, and related ones. These programs will automatically locate and delete the harmful components of the malware, which the user running the scan cannot do, and reduces any chances of leaving any stray files behind that might reignite the malware. It's a lot faster than doing this manually.
If you want to remove the malware manually, you need to do it very carefully because incomplete removal may lead to reinfection. Start with the following steps:
- Open Applications folder.
- Select Utilities.
- Double-click Activity Monitor.
- Here, look for suspicious processes and use the Force Quit command to shut them down.
- Go back to the Applications folder.
- Find the malicious entry and place it in Trash.
To effectively remove the malware from your Mac, you need to address two critical components that it manipulates: Login Items and Profiles. Both play a significant role in the persistence and functionality of the malware.
- Go to Preferences and pick Accounts.
- Click Login items and delete everything suspicious.
- Next, pick System Preferences > Users & Groups.
- Find Profiles and remove unwanted profiles from the list.
Finally, you should get rid of Launch Daemons and other configuration data left by malware. Proceed with the following:
- Select Go > Go to Folder.
- Enter /Library/Application Support and click Go or press Enter.
- In the Application Support folder, look for any dubious entries and then delete them.
- Now enter /Library/LaunchAgents and /Library/LaunchDaemons folders the same way and delete all the related .plist files.
Taking care of the web browser components
The BasicLocator adware uses its accompanying browser extension to modify browser settings and flood Safari, Chrome, or other browsers with intrusive advertisements. These ads appear every time the browser is opened, ensuring a steady stream of revenue for the attackers from clicks and impressions.
What makes this extension particularly concerning is its elevated permissions, which enable it to collect sensitive information such as login credentials and credit card details. This poses a significant risk to user privacy and financial security. Removing the browser extension is essential and should be done using the following steps:
Safari
- Click Safari > Preferences…
- In the new window, pick Extensions.
- Select the unwanted extension and select Uninstall.
Google Chrome
- Open Google Chrome, click on the Menu (three vertical dots at the top-right corner) and select More tools > Extensions.
- In the newly opened window, you will see all the installed extensions. Uninstall all the suspicious plugins that might be related to the unwanted program by clicking Remove.
It is crucial to delete all leftover components from your browser after removing the BasicLocator extension. If any remnants are left behind, the adware may continue tracking your data or reintroduce intrusive advertisements.
For a quicker and more efficient cleanup, consider using FortectIntego. This tool can help identify and remove residual files that might otherwise go unnoticed, ensuring your browser is free from malicious components. Taking this step will enhance your privacy and prevent the reappearance of unwanted ads.
Safari
- Click Safari > Clear History…
- From the drop-down menu under Clear, pick all history.
- Confirm with Clear History.
Google Chrome
- Click on Menu and pick Settings.
- Under Privacy and security, select Clear browsing data.
- Select Browsing history, Cookies and other site data, as well as Cached images and files.
- Click Clear data.
At times, the persistence mechanisms employed by the virus can make it impossible to remove the extension. In such cases, it is advisable to reset the web browser entirely, following the instructions provided below:
Safari
- Click Safari > Preferences…
- Go to Advanced tab.
- Tick the Show Develop menu in menu bar.
- From the menu bar, click Develop, and then select Empty Caches.
Google Chrome
- Click on Menu and select Settings.
- In the Settings, scroll down and click Advanced.
- Scroll down and locate Reset and clean up section.
- Now click Restore settings to their original defaults.
- Confirm with Reset settings.
Getting rid of BasicLocator Mac virus. Follow these steps
Remove from Mozilla Firefox (FF)
Remove dangerous extensions:
- Open Mozilla Firefox browser and click on the Menu (three horizontal lines at the top-right of the window).
- Select Add-ons.
- In here, select unwanted plugin and click Remove.
Reset the homepage:
- Click three horizontal lines at the top right corner to open the menu.
- Choose Options.
- Under Home options, enter your preferred site that will open every time you newly open the Mozilla Firefox.
Clear cookies and site data:
- Click Menu and pick Settings.
- Go to Privacy & Security section.
- Scroll down to locate Cookies and Site Data.
- Click on Clear Data…
- Select Cookies and Site Data, as well as Cached Web Content and press Clear.
Reset Mozilla Firefox
If clearing the browser as explained above did not help, reset Mozilla Firefox:
- Open Mozilla Firefox browser and click the Menu.
- Go to Help and then choose Troubleshooting Information.
- Under Give Firefox a tune up section, click on Refresh Firefox…
- Once the pop-up shows up, confirm the action by pressing on Refresh Firefox.
Remove from Microsoft Edge
Delete unwanted extensions from MS Edge:
- Select Menu (three horizontal dots at the top-right of the browser window) and pick Extensions.
- From the list, pick the extension and click on the Gear icon.
- Click on Uninstall at the bottom.
Clear cookies and other browser data:
- Click on the Menu (three horizontal dots at the top-right of the browser window) and select Privacy & security.
- Under Clear browsing data, pick Choose what to clear.
- Select everything (apart from passwords, although you might want to include Media licenses as well, if applicable) and click on Clear.
Restore new tab and homepage settings:
- Click the menu icon and choose Settings.
- Then find On startup section.
- Click Disable if you found any suspicious domain.
Reset MS Edge if the above steps did not work:
- Press on Ctrl + Shift + Esc to open Task Manager.
- Click on More details arrow at the bottom of the window.
- Select Details tab.
- Now scroll down and locate every entry with Microsoft Edge name in it. Right-click on each of them and select End Task to stop MS Edge from running.
If this solution failed to help you, you need to use an advanced Edge reset method. Note that you need to backup your data before proceeding.
- Find the following folder on your computer: C:\\Users\\%username%\\AppData\\Local\\Packages\\Microsoft.MicrosoftEdge_8wekyb3d8bbwe.
- Press Ctrl + A on your keyboard to select all folders.
- Right-click on them and pick Delete
- Now right-click on the Start button and pick Windows PowerShell (Admin).
- When the new window opens, copy and paste the following command, and then press Enter:
Get-AppXPackage -AllUsers -Name Microsoft.MicrosoftEdge | Foreach {Add-AppxPackage -DisableDevelopmentMode -Register “$($_.InstallLocation)\\AppXManifest.xml” -Verbose
Instructions for Chromium-based Edge
Delete extensions from MS Edge (Chromium):
- Open Edge and click select Settings > Extensions.
- Delete unwanted extensions by clicking Remove.
Clear cache and site data:
- Click on Menu and go to Settings.
- Select Privacy, search and services.
- Under Clear browsing data, pick Choose what to clear.
- Under Time range, pick All time.
- Select Clear now.
Reset Chromium-based MS Edge:
- Click on Menu and select Settings.
- On the left side, pick Reset settings.
- Select Restore settings to their default values.
- Confirm with Reset.
How to prevent from getting adware
Choose a proper web browser and improve your safety with a VPN tool
Online spying has got momentum in recent years and people are getting more and more interested in how to protect their privacy online. One of the basic means to add a layer of security – choose the most private and secure web browser. Although web browsers can't grant full privacy protection and security, some of them are much better at sandboxing, HTTPS upgrading, active content blocking, tracking blocking, phishing protection, and similar privacy-oriented features. However, if you want true anonymity, we suggest you employ a powerful Private Internet Access VPN – it can encrypt all the traffic that comes and goes out of your computer, preventing tracking completely.
Lost your files? Use data recovery software
While some files located on any computer are replaceable or useless, others can be extremely valuable. Family photos, work documents, school projects – these are types of files that we don't want to lose. Unfortunately, there are many ways how unexpected data loss can occur: power cuts, Blue Screen of Death errors, hardware failures, crypto-malware attack, or even accidental deletion.
To ensure that all the files remain intact, you should prepare regular data backups. You can choose cloud-based or physical copies you could restore from later in case of a disaster. If your backups were lost as well or you never bothered to prepare any, Data Recovery Pro can be your only hope to retrieve your invaluable files.