Skip to content
  • Active
  • Severity: Medium
  • Adware
  • Windows
  • Verified · Mar 2023

How to remove DeskActivity mac virus

A step-by-step removal guide for affected devices. Follow the verified procedure below — most readers complete it in under 10 minutes.

Alice Woods · Likes to teach users about virus prevention

DeskActivity is an adware-based virus that specifically targets Mac systems

DeskActivity is a Mac virus from the Adload malware family. It is capable of hijacking and adware,[1] which means it can alter the main browser settings such as the homepage, new tab address, and search engine. It may also result in an increase in commercial content such as pop-ups, banners, and redirects.

Adload adware, on the other hand, is far more aggressive than adware designed to infect Windows machines. It can also download potentially unwanted programs (PUPs) or even malware without the users' knowledge. Many people do not notice the infection until it has already begun to cause problems.

The virus's main file can be found in the “Applications” folder. Adload variants such as RadianceChecked, LinearResearch, and AccessUnit have previously been discussed. They all appear to be the same – a magnifier inside a green, teal, or grey circle background.

NAME DeskActivity
TYPE Adware, mac virus, browser hijacker
MALWARE FAMILY Adload
SYMPTOMS Users get infected with the virus by installing free software from unofficial sources, fake updates, and clicking on deceptive ads
DISTRIBUTION Homepage changed from default to some other search engine; increased amount of advertisements; unexpected redirects to shady websites; unseen files appear in the machine, and it becomes slower
DANGERS Altered search results can lead to dangerous websites; pop-up ads might be promoting scams; the virus can automatically install other PUPs or even malware
ELIMINATION Eliminating this Mac virus manually can be very tricky if you do not have experience. The easiest and most effective way would be to deploy a professional security tool to scan your system and delete every unwanted file
FURTHER STEPS FortectIntego should be used to completely wipe out any data left and fix the remaining damage

Evasion strategies

The fact that the mac virus can be found in the “Applications” folder does not imply that it is simple to remove. It can use a variety of evasion techniques. For example, it creates a slew of other files disguised as normal system files and scatters them throughout the machine to make removal more difficult for the average user.

Many people may be wondering how it got into the system in the first place. The truth is that the idea that Macs cannot be infected is out of date. Adload developers are constantly looking for new ways to circumvent Apple's XProtect[2] security system. That is why it is critical to take every precaution to avoid virus infections.

Methods of distribution

It is best to only visit websites you know and trust if you want to avoid Adload infections. Use Torrent websites or peer-to-peer file-sharing platforms sparingly, and avoid installing “cracked” software.[3] Because these platforms are unregulated, they provide an ideal breeding ground for all types of malware.

Fake Flash Player[4] updates are another way users could have become infected with the DeskActivity mac virus. Many people are unaware that Flash Player was retired in 2020 and replaced by HTML5. If you come across a page that says you need to update or install Flash Player, you should leave it immediately.

Hackers also enjoy exploiting software flaws to distribute malicious software. It is critical to keep your operating system and software up to date. Security patches are regularly released by software developers, and you should install them as soon as they are available if you want to ensure the security of your device.

DeskActivity removal

Some of the files may have a.plist extension, indicating that they are standard settings files, also known as “properties files,” used by macOS applications. It contains program properties and configuration settings, so you should not delete it unless you know what you're doing and what kind of.plist files you're deleting. The app employs a variety of persistence techniques and drops numerous files throughout the system, making browser extension and application removal difficult.

To keep your mind at peace, we recommend using professional anti-malware tools SpyHunterCombo Cleaner or MalwarebytesMalwarebytes, which can detect unwanted programs and eradicate them. You also do not know if the virus installed any additional malicious programs so this is the safest method to ensure the system will be clean. If you still want to try and delete it manually, proceed with these steps:

  • Open Applications folder
  • Select Utilities
  • Double-click Activity Monitor
  • Here, look for suspicious processes related to adware and use Force Quit command to shut them down
  • Go back to the Applications folder
  • Find DeskActivity in the list and move it to Trash.

If you are unable to shut down the related processes or can't move the app to Trash, you should look for malicious profiles and login items:

  • Go to Preferences and select Accounts
  • Click Login items and delete everything suspicious
  • Next, pick System Preferences > Users & Groups
  • Find Profiles and remove unwanted profiles from the list.

There are likely to be more .plist files hiding in the following locations – delete them all:

  • Select Go > Go to Folder.
  • Enter /Library/Application Support and click Go or press Enter.
  • In the Application Support folder, look for any dubious entries and then delete them.
  • Now enter /Library/LaunchAgents and /Library/LaunchDaemons folders the same way and terminate all the related .plist files.Uninstall from Mac 2

The manual elimination process might not always result in full virus removal. Therefore, we still strongly suggest you perform a scan with security software.

Repair your browser

DeskActivity may also collect browsing-related and sensitive information. Several scripts could be sending data to tracking servers. Your IP address, user name, macOS and browser versions, computer ID, items in the Applications folder, a list of installed agents, daemons, and system configuration profiles are all examples of data that could be exposed.

DeskActivity adware also employs an unwelcome add-on that messes with the settings. After the dangerous files are eliminated from your system, you should take care of your browsers. You can get rid of cookies and cache automatically with the help of FortectIntego. It will also fix any damaged files and system errors so you should notice an improvement in the machine's performance.

If you prefer doing this yourself without additional help, here are the instructions. Steps for other browsers you will find at the bottom of this article.

  1. Click Safari > Preferences…
  2. In the new window, pick Extensions.
  3. Select the unwanted extension and select Uninstall.Remove extensions from Safari

Cookies and website data:

  1. Click Safari > Clear History…
  2. From the drop-down menu under Clear, pick all history.
  3. Confirm with Clear History.Clear cookies and website data from Safari

The simplest and quickest solution to this is completely resetting Safari:

  • Click Safari > Preferences…
  • Go to Advanced tab.
  • Tick the Show Develop menu in menu bar.
  • From the menu bar, click Develop, and then select Empty Caches.Reset Safari

Remove from Mozilla Firefox (FF)

Remove dangerous extensions:

  1. Open Mozilla Firefox browser and click on the Menu (three horizontal lines at the top-right of the window).
  2. Select Add-ons.
  3. In here, select the unwanted extension and click Remove.Remove extensions from Firefox

Reset the homepage:

  1. Click three horizontal lines at the top right corner to open the menu.
  2. Choose Settings.
  3. Under Home, set your preferred homepage and new tab settings.

Clear cookies and site data:

  1. Click Menu and pick Settings.
  2. Go to Privacy & Security section.
  3. Scroll down to locate Cookies and Site Data.
  4. Click on Clear Data...
  5. Select Cookies and Site Data and Temporary cached files and pages, then click Clear.Clear cookies and site data from Firefox

Reset Mozilla Firefox

If clearing the browser as explained above did not help, reset Mozilla Firefox:

  1. Open Mozilla Firefox browser and click the Menu.
  2. Go to Help and then choose Troubleshooting Information.Reset Firefox 1
  3. Under Give Firefox a tune up section, click on Refresh Firefox...
  4. Once the pop-up shows up, confirm the action by pressing on Refresh Firefox.Reset Firefox 2

Remove from Google Chrome

Delete malicious extensions from Google Chrome:

  1. Open Google Chrome, click on the Menu (three vertical dots at the top-right corner) and select More tools > Extensions.
  2. In the newly opened window, you will see all the installed extensions. Uninstall all suspicious extensions related to the unwanted program by clicking Remove.Remove extensions from Chrome

Clear cache and web data from Chrome:

  1. Click on Menu and pick Settings.
  2. Under Privacy and security, select Clear browsing data.
  3. Select Browsing history, Cookies and other site data, as well as Cached images and files.
  4. Click Clear data.Clear cache and web data from Chrome

Change your homepage:

  1. Click menu and choose Settings.
  2. Look for a suspicious site in the On startup section.
  3. Click on Open a specific or set of pages and click on three dots to find the Remove option.

Reset Google Chrome:

If the previous methods did not help you, reset Google Chrome to eliminate all the unwanted components:

  1. Click on Menu and select Settings.
  2. In the Settings, scroll down and click Advanced.
  3. Scroll down and locate Reset and clean up section.
  4. Now click Restore settings to their original defaults.
  5. Confirm with Reset settings.Reset Chrome 2

Be the first to comment

Spyware news
Privacy preferences

We use cookies to improve your experience and analyze traffic. Some cookies enable embedded content like videos and social posts. Choose what you allow — you can change this anytime.