DigitGuild Mac virus Removal Guide
What is DigitGuild Mac virus?
DigitGuild is a virus that successfully avoids detection and removal by Mac's built-in defenses
DigitGuild is a malicious application designed for Mac systems
DigitGuild is a malicious software example that has been spreading around in the recent week. It only affects Mac operating systems and belongs to a relatively expansive malware family known as Adload. While it does not spread automatically, users are typically tricked into installing it due to various phishing techniques used by its developers.
Once on the system, it appends a browser extension on Safari, Chrome, Firefox, or another web browser, which helps the DigitGuild virus to perform its malicious duties: it changes the homepage, new tab, search provider, and similar settings (although this may vary from version to version). This helps the virus to push sponsored links and ads, which profits its authors. The extension is also used to harvest various personal details, including credit card and account information.
Since malware performs several changes on the system and implements its own components, its impact can be pretty significant; for example, it may install additional payloads without asking user permission first. We strongly recommend you get rid of DigitGuild as soon as possible, as it will be a threat to your personal safety and computer security for as long as it is running on your Mac.
|Type||Mac virus, adware, browser hijacker|
|Installation||Fake Flash Player update prompts and pirated program installers|
|Symptoms||Installs an extension to the browser that can not be deleted easily; changes homepage/new tab to Safe Finder, Akamaihd, or something else; redirects lead to potentially malicious or scam sites, promotes suspicious software, etc.|
|Removal||The easiest way to remove unwarned and malicious software on Macs is by performing a full system scan with SpyHunter 5Combo Cleaner. Alternatively, you can attempt to terminate the infection manually|
|System optimization||Third parties can employ cookies to continue tracking your online activities, so we recommended clearing browser caches and other leftover adware files with FortectIntego|
Adload: the persistent threat to Macs
Adload is one of the most active Mac threats there, successfully distributed via fake Flash Player installers or pirated software installers. It has been active since at least 2017 and has hundreds of variants released so far, including AnalyzerState, SagaDynasty, ManagerTemplate, and many others.
Malware uses a unique naming pattern – its titles usually consist of two or three predetermined words that are picked randomly. All versions also use the exact same magnifying glass icon, although the background might vary (we have seen it using blue, teal, green, red, and, most recently, gray colors).
In essence, when it comes to Adload functions, versions do not differ much from another, although its authors are constantly changing some modules and improving persistence mechanisms to avoid Mac's built-in security measures.
Initially classified as adware, DigitGuild and other Adload versions have a lot going on for them. The main goal of the cybercriminals behind it is to earn passive revenue from various ads that can show up as pop-ups, deals, offers, banners, and other forms. Since rogue advertising networks are used, the quality of these ads might be appalling, and the chances of encountering phishing and other malicious content are much higher.
Adload malware can break into Mac's system and avoid detection by Xprotect
How to effectively remove DigitGuild
Versions of Adload are known for their relatively simple but effective method of infiltration and persistence. Since people are tricked into installing them, they enter their AppleID prior to installation, which allows it to run with elevated privileges. At this point, the virus excludes its elf from built-in Apple defenses such as XProteect or Gatekeeper and continues its operation without interruption.
It installs several components on the system that help it function well. For example, new Login items ensure that malware would run automatically as soon as the system is booted. PLIST files and other components ensure configuration for the app does not get altered, and settings remain unchanged from those set by the virus.
Step 1. Remove the main program
The virus consists of several components scattered across the system, which are all intertwined. Due to this, some of the steps below might simply not be possible without eliminating certain elements first. Let's start with the main application.
- Open Applications folder
- Select Utilities
- Double-click Activity Monitor
- Here, look for suspicious processes and use the Force Quit command to shut them down
- Go back to the Applications folder
- Find the malicious entry and place it in Trash.
Step 2. Get rid of persistence components
Deleting unwanted profiles and Login Items is necessary when trying to eliminate malware from a Mac.
- Go to Preferences and pick Accounts
- Click Login items and delete everything suspicious
- Next, pick System Preferences > Users & Groups
- Find Profiles and remove unwanted profiles from the list.
Step 3. Delete leftover files
The PLIST files are small config files, also known as “Properly list.” They hold various user settings and hold information about certain applications. To remove the virus, you have to find the related PLIST files and delete them.
- Select Go > Go to Folder.
- Enter /Library/Application Support and click Go or press Enter.
- In the Application Support folder, look for any dubious entries and then delete them.
- Now enter /Library/LaunchAgents and /Library/LaunchDaemons folders the same way and delete all the related .plist files.
Step 4. Don't forget to clean your browser
Regardless of whether you pick a manual or automatic DigitGuild Mac virus removal method, you should always check your web browser to ensure that it's clean. Cookies, for example, might remain on your browser for years if not removed and continue tracking activities by unwanted parties. Besides, since the extension might start gathering sensitive information such as passwords or credit card details, you should make sure all its elements are eliminated.
- Click Safari > Preferences…
- In the new window, pick Extensions.
- Select the unwanted extension and select Uninstall.
- Open Google Chrome, click on the Menu (three vertical dots at the top-right corner) and select More tools > Extensions.
- In the newly opened window, you will see all the installed extensions. Uninstall all the suspicious plugins that might be related to the unwanted program by clicking Remove.
You might not be able to remove the extension due to persistence mechanisms used by malware. If that is true for you, you should simply opt for browser reset:
- Click Safari > Preferences…
- Go to the Advanced tab.
- Tick the Show Develop menu in the menu bar.
- From the menu bar, click Develop, and then select Empty Caches.
- Click on Menu and select Settings.
- In the Settings, scroll down and click Advanced.
- Scroll down and locate Reset and clean up section.
- Now click Restore settings to their original defaults.
- Confirm with Reset settings.
If the extension was removed successfully, make sure you clean the web browser's caches to prevent tracking cookies from doing their job. You can also opt for automatic system cleaning with FortectIntego or refer to these instructions if you prefer the manual method:
- Click Safari > Clear History…
- From the drop-down menu under Clear, pick all history.
- Confirm with Clear History.
- Click on Menu and pick Settings.
- Under Privacy and security, select Clear browsing data.
- Select Browsing history, Cookies and other site data, as well as Cached images and files.
- Click Clear data.
How to prevent from getting adware
Choose a proper web browser and improve your safety with a VPN tool
Online spying has got momentum in recent years and people are getting more and more interested in how to protect their privacy online. One of the basic means to add a layer of security – choose the most private and secure web browser. Although web browsers can't grant full privacy protection and security, some of them are much better at sandboxing, HTTPS upgrading, active content blocking, tracking blocking, phishing protection, and similar privacy-oriented features. However, if you want true anonymity, we suggest you employ a powerful Private Internet Access VPN – it can encrypt all the traffic that comes and goes out of your computer, preventing tracking completely.
Lost your files? Use data recovery software
While some files located on any computer are replaceable or useless, others can be extremely valuable. Family photos, work documents, school projects – these are types of files that we don't want to lose. Unfortunately, there are many ways how unexpected data loss can occur: power cuts, Blue Screen of Death errors, hardware failures, crypto-malware attack, or even accidental deletion.
To ensure that all the files remain intact, you should prepare regular data backups. You can choose cloud-based or physical copies you could restore from later in case of a disaster. If your backups were lost as well or you never bothered to prepare any, Data Recovery Pro can be your only hope to retrieve your invaluable files.