EasyHandler Mac virus (Free Guide)

EasyHandler Mac virus Removal Guide

What is EasyHandler Mac virus?

EasyHandler is Mac malware that steals personal user information

EasyHandlerEasyHandler is a macOS virus that can violate your privacy

EasyHandler is a malicious application that you might install by accident – either after being tricked by a fake Flash Player update or after installing pirated software on your system. It belongs to a broad family of Adload, which is one of the most prominent strains targeting Mac machines and is commonly associated with other prevalent infections such as Shlayer.

Once installed, the EasyHandler virus uses elevated permissions to drop various malicious files on the system, which increase its persistence. As a result, users have a much harder time when trying to eliminate the app, as moving it to trash only results in it returning after a computer restart.

Users might not notice the infection symptoms until they open their browsers, as there is where the extension would reside – it would have a distinctive magnifying glass icon on a gray or green/teal background. Thanks to this component, EasyHandler can change the browser's homepage and new tab settings, ensuring that users would be forced to use an alternative search provider such as Safe Finder and insert ads into the search results.

Name EasyHandler Mac virus
Type Mac virus, adware, browser hijacker
Malware family Adload
Distribution Third-party websites distributing pirated software, software bundles, fake Flash Player updates
Symptoms A new extension is installed on the browser, along with an application of the same name; search and browsing settings altered to an alternative search provider; new profiles and login items set up on the account; intrusive ads and redirects
Removal Although not recommended to novice users, manual elimination of Mac malware is possible. We recommend performing a full system scan with SpyHunter 5Combo Cleaner and removing all the malicious components automatically
Security tips After you terminate the infection with all its associated components, we recommend you also scan your machine with ReimageIntego to clean your browsers and other leftover files from the virus

More about malware family

EasyHandler stems from one of the most prominent malware families out there – Adload. It was first spotted in the wild in 2017, and since then has released hundreds of versions, including FrequencyPlatform, UniversalKey, DirectNetwork, ProcesserGrid, and many others we previously covered.

Even though there are some minor changes between versions, the strain's operation and distribution remain relatively unchanged. It always uses the magnifying glass icon for both the main application and the browser extension – this is one of the easiest ways to recognize the infection.

While EasyHandler is categorized as adware,[1] its impact on the system is much more significant beyond just showing ads – its traits are considered malicious in many ways.

EasyHandler virusEasyHandler is spread via fake Flash Player installers

EasyHandler Mac capabilities

Adload uses rather simple distribution and operation techniques that are extremely effective for Mac devices – this is precisely the reason why so many Apple devices get infected by it. To avoid being infected, you should never download software from pirated application distribution websites and be aware of fake Flash Player updates.

While the main goal of the virus is to show advertisements and earn pay-per-click[2] revenue, plenty of other components support its main activities. For example, the usage of AppleScript allows the virus to completely avoid the detection of built-in Mac defenses like XProtext and Gatekeeper.

The browser extension component of the infection also helps it to fulfill its operations – not only can it insert advertisements when users browse the web but it can also read personal information from users, including passwords or credit card details. Of course, this functionality is particularly dangerous and might result in identity theft and other serious issues.

EasyHandler removal steps

You are likely won't be able to remove the browser extension or the application just like you do with regular apps. Thanks to the elevated permissions on the system, the app drops several malicious files, creates new profiles and login items. Therefore, we recommend getting rid of the infection automatically with Malwarebytes or SpyHunter 5Combo Cleaner security software, so you won't have to bother with the steps below. Regardless of which method of elimination you pick, we still recommend cleaning web browser caches[3] thoroughly to prevent issues in the future.

Once installed, the malware runs background processes to fulfill its duties. To remove the main application, you should first shit down these processes via the Activity Monitor:

  • Open Applications folder.
  • Select Utilities.
  • Double-click Activity Monitor.
  • Here, look for suspicious processes and use the Force Quit command to shut them down.
  • Go back to the Applications folder.
  • Find the malicious entry and place it in Trash.

Login items ensure that the app starts as soon as the computer boots, and Profiles are used to manage various account settings. Get rid of malware-related components:

  • Go to Preferences and pick Accounts.
  • Click Login items and delete everything suspicious.
  • Next, pick System Preferences > Users & Groups.
  • Find Profiles and remove unwanted profiles from the list.

Your next task is finding Plist files that hold various configuration data of the virus. You can do that as follows:

  • Select Go > Go to Folder.
  • Enter /Library/Application Support and click Go or press Enter.
  • In the Application Support folder, look for any dubious entries and then delete them.
  • Now enter /Library/LaunchAgents and /Library/LaunchDaemons folders the same way and delete all the related .plist files.Uninstall from Mac 2

Clean your browsers thoroughly

If you performed manual elimination, the browser might still be vulnerable for as long as the extension remains installed. Even if you choose the automatic removal method, we strongly recommend using the effective cleaning process, as tracking cookies[3] may remain. If you haven't yet, make sure you delete the extension from the browser:

  • Click Safari > Preferences…
  • In the new window, pick Extensions.
  • Select the unwanted extension and select Uninstall.Remove extensions from Safari

If you managed to get rid of the extension in a regular way, you should also clean your browser caches to prevent further data tracking. The easiest way to do this and remove all junk from the system is to employ ReimageIntego maintenance utility. Alternatively, you can proceed with the following instructions:

  • Click Safari > Clear History…
  • From the drop-down menu under Clear, pick all history.
  • Confirm with Clear History.Clear cookies and website data from Safari

If you are unable to delete the extension, a browser reset would work.

  • Click Safari > Preferences…
  • Go to the Advanced tab.
  • Tick the Show Develop menu in the menu bar.
  • From the menu bar, click Develop, and then select Empty Caches.Reset Safari

Offer
do it now!
Download
Reimage Happiness
Guarantee
Download
Intego Happiness
Guarantee
Compatible with Microsoft Windows Compatible with macOS
What to do if failed?
If you failed to fix virus damage using Reimage Intego, submit a question to our support team and provide as much details as possible.
Reimage Intego has a free limited scanner. Reimage Intego offers more through scan when you purchase its full version. When free scanner detects issues, you can fix them using free manual repairs or you can decide to purchase the full version in order to fix them automatically.
Alternative Software
Different software has a different purpose. If you didn’t succeed in fixing corrupted files with Reimage, try running SpyHunter 5.
Alternative Software
Different software has a different purpose. If you didn’t succeed in fixing corrupted files with Intego, try running Combo Cleaner.

Getting rid of EasyHandler Mac virus. Follow these steps

ChromeFirefox

Remove from Google Chrome

Delete malicious extensions from Google Chrome:

  1. Open Google Chrome, click on the Menu (three vertical dots at the top-right corner) and select More tools > Extensions.
  2. In the newly opened window, you will see all the installed extensions. Uninstall all the suspicious plugins that might be related to the unwanted program by clicking Remove. Remove extensions from Chrome

Clear cache and web data from Chrome:

  1. Click on Menu and pick Settings.
  2. Under Privacy and security, select Clear browsing data.
  3. Select Browsing history, Cookies and other site data, as well as Cached images and files.
  4. Click Clear data. Clear cache and web data from Chrome

Change your homepage:

  1. Click menu and choose Settings.
  2. Look for a suspicious site in the On startup section.
  3. Click on Open a specific or set of pages and click on three dots to find the Remove option.

Reset Google Chrome:

If the previous methods did not help you, reset Google Chrome to eliminate all the unwanted components:

  1. Click on Menu and select Settings.
  2. In the Settings, scroll down and click Advanced.
  3. Scroll down and locate Reset and clean up section.
  4. Now click Restore settings to their original defaults.
  5. Confirm with Reset settings. Reset Chrome 2
ChromeFirefox

Remove from Mozilla Firefox (FF)

Remove dangerous extensions:

  1. Open Mozilla Firefox browser and click on the Menu (three horizontal lines at the top-right of the window).
  2. Select Add-ons.
  3. In here, select unwanted plugin and click Remove. Remove extensions from Firefox

Reset the homepage:

  1. Click three horizontal lines at the top right corner to open the menu.
  2. Choose Options.
  3. Under Home options, enter your preferred site that will open every time you newly open the Mozilla Firefox.

Clear cookies and site data:

  1. Click Menu and pick Options.
  2. Go to Privacy & Security section.
  3. Scroll down to locate Cookies and Site Data.
  4. Click on Clear Data…
  5. Select Cookies and Site Data, as well as Cached Web Content and press Clear. Clear cookies and site data from Firefox

Reset Mozilla Firefox

If clearing the browser as explained above did not help, reset Mozilla Firefox:

  1. Open Mozilla Firefox browser and click the Menu.
  2. Go to Help and then choose Troubleshooting Information. Reset Firefox 1
  3. Under Give Firefox a tune up section, click on Refresh Firefox…
  4. Once the pop-up shows up, confirm the action by pressing on Refresh Firefox. Reset Firefox 2

How to prevent from getting adware

Protect your privacy – employ a VPN

There are several ways how to make your online time more private – you can access an incognito tab. However, there is no secret that even in this mode, you are tracked for advertising purposes. There is a way to add an extra layer of protection and create a completely anonymous web browsing practice with the help of Private Internet Access VPN. This software reroutes traffic through different servers, thus leaving your IP address and geolocation in disguise. Besides, it is based on a strict no-log policy, meaning that no data will be recorded, leaked, and available for both first and third parties. The combination of a secure web browser and Private Internet Access VPN will let you browse the Internet without a feeling of being spied or targeted by criminals. 

No backups? No problem. Use a data recovery tool

If you wonder how data loss can occur, you should not look any further for answers – human errors, malware attacks, hardware failures, power cuts, natural disasters, or even simple negligence. In some cases, lost files are extremely important, and many straight out panic when such an unfortunate course of events happen. Due to this, you should always ensure that you prepare proper data backups on a regular basis.

If you were caught by surprise and did not have any backups to restore your files from, not everything is lost. Data Recovery Pro is one of the leading file recovery solutions you can find on the market – it is likely to restore even lost emails or data located on an external device.

About the author
Olivia Morelli
Olivia Morelli - Ransomware analyst

If this free guide helped you and you are satisfied with our service, please consider making a donation to keep this service alive. Even a smallest amount will be appreciated.

Contact Olivia Morelli
About the company Esolutions

References