ComputingInvolve Mac virus (Free Instructions)

What is ComputingInvolve Mac virus?

ComputingInvolve is a malicious Mac virus that installs other apps behind your back

ComputingInvolve is a member of the broad adware family

If you have never heard of Adload, it is a Mac malware family that has been extremely prevalent for the past five years, and ComputingInvolve is yet another version. First spotted in early August 2022, it does not differ much from its previous versions, and the main goal of cybercriminals behind it remains the same – to earn ad revenue using illegal methods. Just like its predecessors, this variant spreads using fake Flash Player updates and pirated software or cracks.

Upon infiltration, the application would install several components that would allow it to operate freely. One of the most visible signs of the infection is the browser extension that should be visible on Safari, Chrome, Firefox, or another used browser – a distinctive magnifying glass is its icon and should be recognizable immediately.

The add-on fulfills a variety of functions, including changing the default homepage and the search engine of the browser, inserting sponsored links into search results, rerouting users to malicious websites, and increasing the number of pop-ups, in-text links, auto-play, and other ads they see regularly. The worst part is that ComputingInvolve is programmed to harvest various valuable user data, including passwords and credit card details, which can be a serious privacy threat to anyone.

Malware's distribution and operation

Adload is one of the most effective and widespread Mac malware strains out there. First discovered in 2017, its developers continue to produce new versions, numerous of which we have already talked about before (AllocateClassics, ResolutionProduct, SampleFormat, and many others). According to numerous research, the malware continues to evolve and adapt, even though its operational principles remain relatively unchanged.^[1]

Just like any other adware version, ComputingInvolve spreads via the most common Mac malware distribution methods:

• Fake Flash Player installers are one of the most common ways of infecting users' Macs with potentially unwanted or malicious software. People are told that Flash is outdated, and a new version needs to be installed to proceed – this happens on various specially-crafted websites users get accidentally redirected to). In reality, the plugin is already unsupported by Adobe^[2] and was replaced by newer technologies a while ago.
• Repacked installers and cracked software could also be the reason you have infected your system with not only Adload variants but also other malware designed for Macs. Pirated software is illegal and very dangerous, as cybercriminals can inject their malicious installers into peer-to-peer networks^[3] or similar sites without any repercussions, as these websites have little to no security measures. Stay away from places like these.

ComputingInvolve words as an adware, although also has plenty of malicious qualities

The main goal of the ComputingInvolve virus is to ensure that a constant flow of ads is distributed to the affected users, which allows an uninterrupted monetization via the advertising schemes. For app creators, it doesn't matter whether the methods used are fair or even legal – they only care about receiving the ad revenue. Unfortunately, this also means that the ads people are exposed to are of low quality, and some may even be malicious, thus, interacting with them is not recommended.

Remove ComputingInvolve effectively

Upon infiltration, the virus takes over any Mac it affects. Before it can enter, users need to provide their Apple ID, which allows the usage of the built-in AppleScript. With the help of it, malware can then drop more malicious files on the device without being detected by the built-in Mac defenses – login items, new profiles, the browser extension, and other components are implemented in such a way.

To get rid of the infection effectively, we recommend you employ automatic removal tools for the job, for example, SpyHunter 5Combo Cleaner or Malwarebytes. Since third-party tools are not affected by the ComputingInvolve evasion techniques, it can be easily found and eliminated automatically.

If you would still prefer performing manual removal instead, you can find every detail of the process below. Keep in mind that this method is less effective and may not result in the full removal of malware. That being said, we recommend checking the browser even if you choose to get rid of the infection automatically.

Remove the main app and its components

The first task is to make sure that background processes are terminated.

• Open the Applications folder and go to Utilities
• Double-click the Activity Monitor and shut down all the suspicious processes.
• From the menu bar, select Go > Applications.
• In the Applications folder, look for all related entries.
• Click on the app and drag it to Trash (or right-click and pick Move to Trash)

Your next target is the Login Items and Profiles created by the virus. These components might ensure persistence if not removed properly:

• Go to Preferences and pick Accounts
• Click Login items and delete everything suspicious
• Next, pick System Preferences > Users & Groups
• Find Profiles and remove unwanted profiles from the list.

The PLIST files are small config files, also known as “Properly list.” They hold various user settings and hold information about certain applications. To remove the virus, you should find the related PLIST files and delete them as follows:

• Select Go > Go to Folder.
• Enter /Library/Application Support and click Go or press Enter.
• In the Application Support folder, look for any dubious entries and then delete them.
• Now enter /Library/LaunchAgents and /Library/LaunchDaemons folders the same way and terminate all the related .plist files.

Clear Safari or another used browser

If you don't clear cookies and other trackers from your browser, third parties will continue tracking you. Thus, it is vital to make sure that these items are eliminated from your system as soon as adware is removed from your device. The simplest way to do this is by employing a powerful maintenance tool FortectIntego, although it can also be done manually. If you haven't yet deleted the browser extension (if using manual removal), please do so first.

Safari

• Click Safari > Preferences…
• In the new window, pick Extensions.
• Select the unwanted extension and select Uninstall.

Google Chrome

• Open Google Chrome, click on the Menu (three vertical dots at the top-right corner) and select More tools > Extensions.
• In the newly opened window, you will see all the installed extensions. Uninstall all the suspicious plugins that might be related to the unwanted program by clicking Remove.

Clear cookies and other web data from your browsers:

Safari

• Click Safari > Clear History…
• From the drop-down menu under Clear, pick all history.
• Confirm with Clear History.

Google Chrome

• Click on Menu and pick Settings.
• Under Privacy and security, select Clear browsing data.
• Select Browsing history, Cookies and other site data, as well as Cached images and files.
• Click Clear data.

In some cases, resetting the browser is the best choice once all adware is deleted from your Mac:

Safari

• Click Safari > Preferences…
• Go to the Advanced tab.
• Tick the Show Develop menu in the menu bar.
• From the menu bar, click Develop, and then select Empty Caches.

Google Chrome

• Click on Menu and select Settings.
• In the Settings, scroll down and click Advanced.
• Scroll down and locate Reset and clean up section.
• Now click Restore settings to their original defaults.
• Confirm with Reset settings.