CompactFilter Mac virus Removal Guide
What is CompactFilter Mac virus?
CompactFilter is a dangerous Mac application that can cause security and privacy issues
CompactFilter is a potentially unwanted application that has plenty of malicious traits
CompactFilter is a potentially unwanted application that was created for macOS systems. When looking at its functionality, it may seem like it's your typical adware – it alters browser settings to display alternative search results and ads. However, when a more detailed analysis is performed, it becomes clear that its core functions are much more harmful than that of potentially unwanted applications to any computer user. It belongs to a broad Adload malware category that was started circulating the web several years ago.
While there are several ways how users might infect their devices with the CompactFilter virus, they never do it on purpose. The most common tactics to spread the app is via illegal software bundles, so users who frequent torrent and similar sites are more likely to be affected. Likewise, fake Flash Player install or update prompts also work well against users who are less familiar with the peculiarities of various components used on the internet.
Once installed on the system, the virus appends a distinctive extension to Safari, Google Chrome, or Mozilla Firefox which affects the browser much more than one might think. It changes the homepage and new tab web address to an alternative (for example, Safe Finder) and redirects all searches to another provider, such as Yahoo. During this process, multiple ads are placed at the top of search results, which might sometimes be dangerous.
The main goal of CompactFilter and other Adload versions is to monetize users' clicks on ads. To achieve this goal, the app uses plenty of malicious techniques that prevent users from removing it. Likewise, it promotes other potentially unwanted applications and was previously spotted being spread along with dangerous Mac infections such as Shlayer Trojan. Thus, if you have found traces of this app installed on your device, you should take your time to remove it properly; otherwise, you risk your personal security and computer safety.
|Type||Mac virus, adware|
|Installation||Fake Flash Player installers or bundled software from malicious sources|
|Symptoms||An extension installed on the browser with elevated permissions, along with an application of the same name; new profiles and login items set up on the account; malicious ads shown during web browsing activities; search and browsing settings altered to Safe Finder or another search provider|
|Removal||You can get rid of Mac malware with the help of powerful security tools, such as SpyHunter 5Combo Cleaner or Malwarebytes. If you want to attempt to get rid of the infection yourself, check the manual instructions below|
|System optimization||Malware and adware can meddle with your system, reducing its performance. If you want to quickly fix various issues, we recommend you try using automated tools like ReimageIntego|
Adload malware: an increasing problem for Macs
Mac machines have been increasing in popularity in recent years and, while the growth is not extreme, it is significant enough that cybercriminals started paying more attention to less saturated marked of malicious software created for it. In 2019, it was revealed that Mac malware even outpaced that one created for Windows machines, which is alarming statistics overall.
Adload is one of the most prominent malware families that target Macs since at least 2018. Based on the goals of the app, it may seem like it's your very typical adware, although many security vendors brand it as malicious and categorize it as a Trojan. When looking at the Virus Total analysis, one can quickly spot the naming pattern for CompactFilter:
- MacOS:Adload-AG [Adw]
- Malicious (score: 99)
- Trojan.Adware.MAC.AdLoad.13, etc.
This is not surprising at all because of the capabilities of the threat. As soon as the infection spreads through the system, it implements plenty of changes that are invisible. For example, it establishes new Login items, creates new Profiles, drops its own PLIST files, and even employs the built-in AppleScript to avoid detection and removal by Gatekeeper and X-Protect. This is another reason why third-party security software, such as SpyHunter 5Combo Cleaner or Malwarebytes, should be implemented for extra protection.
Adload is commonly detected as a Trojan
While the browser extension might seem harmless initially (many browser hijackers change browser settings upon installation – the behavior is usually relatively harmless) everything changes when people realize that they can't remove CompactFilter from Safari or another browser – the option is simply grayed out.
To make matters worse, the app is also capable of collecting various sensitive information as is shown in the description of the browser extension:
Permissions for “XXX”:
Can read sensitive information from webpages, including passwords, phone numbers, and credit cards on all webpages
Can see when you visit all webpages
As long as the virus is installed on your system, you are more likely to encounter various phishing content online, which can put your privacy at risk. You might lose money to scams or expose your personal data to cybercriminals.
Remove CompactFilter core components
It goes without saying that a computer infection is undesirable, thus its removal is a necessary step for better security and privacy. Unfortunately, due to extensive changes made to the system users struggle with the removal process, and this is one of the main reasons why SpyHunter 5Combo Cleaner or another powerful security software should be used instead.
Anti-malware can automatically find and eliminate the malicious files, remediating your system immediately. There are also steps that can be undertaken in order to ensure that the system is clean – we recommend you check the instructions below for that. Keep in mind that using a manual guide alone might still leave your computer vulnerable and damaged.
First of all, let's try to stop the background processes and move the main app to Trash:
- Open Applications folder
- Select Utilities
- Double-click Activity Monitor
- Here, look for suspicious processes related to adware and use the Force Quit command to shut them down
- Go back to the Applications folder
- Find UpgradedPlatform in the list and move it to Trash.
If the steps above were unsuccessful, you can proceed by eliminating Login items and malicious profiles – proceed with the steps below:
- Go to Preferences and select Accounts
- Click Login items and delete everything suspicious
- Next, pick System Preferences > Users & Groups
- Find Profiles and remove unwanted profiles from the list.
- Go to Preferences > Accounts > Login items and remove the malicious entries.
The PLIST files are small config files, also known as “Properly list.” They hold various user settings and hold information about certain applications. In order to remove the virus, you have to find the related PLIST files and remove them.
- Select Go > Go to Folder.
- Enter /Library/Application Support and click Go or press Enter.
- In the Application Support folder, look for any dubious entries and then delete them.
- Now enter /Library/LaunchAgents and /Library/LaunchDaemons folders the same way and terminate all the related .plist files.
Remove the extension and clean browsers
Adload consists of two main components – the application installed on the system level and the extension installed with the help of elevated permissions in the macOS environment. Therefore, you should make sure that your browsers are also cleaned properly: you should remove the unwanted extension(s) from it and then clean the browser caches.
As previously mentioned, the option to remove the add-on might be grayed out. In such a case, we recommend skipping the instructions below and simply opting to reset the browser altogether.
- Click Safari > Preferences…
- In the new window, pick Extensions.
- Select the unwanted extension and select Uninstall.
Next, clean cookies and other data from the browser:
- Click Safari > Clear History…
- From the drop-down menu under Clear, pick all history.
- Confirm with Clear History.
Let's remove the unwanted browser extension first:
- Open Google Chrome, click on the Menu (three vertical dots at the top-right corner) and select More tools > Extensions.
- In the newly opened window, you will see all the installed extensions. Uninstall all the suspicious plugins that might be related to the unwanted program by clicking Remove.
Clear cache and web data from Chrome:
- Click on Menu and pick Settings.
- Under Privacy and security, select Clear browsing data.
- Select Browsing history, Cookies and other site data, as well as Cached images and files.
- Click Clear data.
Note: you can also reset your browser without performing the above steps. Likewise, you can employ ReimageIntego to do the cleaning process of your device for a much quicker and more efficient result.
How to prevent from getting adware
Stream videos without limitations, no matter where you are
There are multiple parties that could find out almost anything about you by checking your online activity. While this is highly unlikely, advertisers and tech companies are constantly tracking you online. The first step to privacy should be a secure browser that focuses on tracker reduction to a minimum.
Even if you employ a secure browser, you will not be able to access websites that are restricted due to local government laws or other reasons. In other words, you may not be able to stream Disney+ or US-based Netflix in some countries. To bypass these restrictions, you can employ a powerful Private Internet Access VPN, which provides dedicated servers for torrenting and streaming, not slowing you down in the process.
Data backups are important – recover your lost files
Ransomware is one of the biggest threats to personal data. Once it is executed on a machine, it launches a sophisticated encryption algorithm that locks all your files, although it does not destroy them. The most common misconception is that anti-malware software can return files to their previous states. This is not true, however, and data remains locked after the malicious payload is deleted.
While regular data backups are the only secure method to recover your files after a ransomware attack, tools such as Data Recovery Pro can also be effective and restore at least some of your lost data.