GuideService Mac adware (virus)

GuideService Mac adware Removal Guide

What is GuideService Mac adware?

GuideService is a malicious Mac application designed to show intrusive ads via the web browser

GuideServiceGuideService is a malicious app designed for Mac systems

GuideService is an adware-type program with browser-hijacking elements that stems from a well-established family known as Adload, which has been active for several years now. Since its release in 2018, several hundred variants of the virus has released, and it has become one of the most prevalent strains out there that target Mac users.

The virus gets into the system without users' direct approval, although they grant the permission to install it themselves. This happens because fake Flash Player updates or pirated software installers are used as the primary methods of distribution.

Once on the system, GuideService would import its own files to bypass the security and removal of built-in Mac defenses,[1] which would allow it to stay on the device much longer. There are two parts to the infection – they consist of an app that is installed on the system level and an extension attached to the web browser. The activities that this variant can perform include:

  • Changing browser settings such as homepage and new tab address
  • Producing alternative search results with plenty of sponsored links and ads
  • Harvesting sensitive user information, including passwords
  • Establishing persistence mechanisms to prevent removal
  • Showing intrusive ads on most websites that users visit
  • Making users more prone to encountering phishing,[2] scam, or malware-laden websites.

If you have spotted an app that uses a magnifying glass icon, you should immediately take care of its removal. In this article, we will provide all the needed information to do that.

Name GuideService
Type Mac virus, adware
Family Adload
Distribution Fake Flash Player updates, software bundles, torrent sites, illegal software installers
Symptoms An extension installed on the browser with elevated permissions, along with an application of the same name; new profiles and login items set up on the account; malicious ads shown during web browsing activities; search and browsing settings altered to Safe Finder or another search provider
Dangers Personal information disclosure to cybercriminals, installation of other adware/malware, monetary losses
Removal Although not recommended to novice users, manual elimination of Mac malware is possible. We recommend performing a full system scan with SpyHunter 5Combo Cleaner and removing all the malicious components automatically
Other tips To stop unwanted data tracking, you should clean your browsers from cookies and other data. Use ReimageIntego to do this quickly

How Adload spreads and how to avoid it

No users would intentionally install malicious applications on their systems, and it is the case of Adload variants. Users are tricked into installing them via fake updates or illegal software installers. Here are a few tips to avoid the installation of such malicious software in the future (note that many other malware strains use similar methods of distribution):

  1. Flash Player is an old plugin that has been used on various websites to play multimedia content. For many years now, the technology has been replaced by HTML 5 and a few others and is usually built into web browsers. Adobe discontinued Flash at the start of 2021, so all requests to download it can be dismissed as fakes.
  2. Illegal software distribution sites allow people to download otherwise paid applications for free. Not only is that illegal, but it carries heavy risks of infecting a system with malware. Therefore, you should stay away from suck websites in the first place.

GuideService virusGuideService spreads via fake Flash Player updates

The main task of GuideService – make users click on ads

The main monetization method of the virus is to make users view and click on ads. While plenty of applications uses advertisements for monetization, intrusive and inappropriate advertisements are never a sign of a legitimate app. To be more precise, when the app's main function is to monetize user clicks, it is no longer considered desirable. Not to mention that GuideService does not have any useful features in the first place.

The ads that the virus produces can often be malicious; hence affected people are more likely to encounter ads promoting other potentially unwanted or malicious software, or they might be asked to subscribe to push notifications on sites like Check-the-weather.com, which consequently would bring even more unwanted content directly to suers' screens.

Browser-hijacking element is also intrusive and annoying, as it makes people browse through an alternative search provider and turn top results into ads. To make matters worse, the installed extension can also collect personal information such as passwords or credit card details, putting users' privacy and security at risk.

Effective GuideService removal methods

Mac malware development has been steadily increasing, with threats like Shlayer Trojan or CrescentCore infecting hundreds of thousands of users worldwide. It is important for people to realize that the threats are very real, and staying careful online is extremely important.

Because Adload variants can effectively bypass Gatekeeper and Xprotect security measures, it is important to keep an alternative security application running in the background, for example, SpyHunter 5Combo Cleaner or Malwarebytes. These apps can also be used to effectively remove all malicious software from the system automatically.

If you would rather look for manual elimination steps, you should proceed with the instructions below. Keep in mind that it might not be as effective as the automatic option, and the virus might return.

First off, you should shut down the related malware processes and remove the main application from the system. If that does not work, proceed with the next solution.

  • Open Applications folder
  • Select Utilities
  • Double-click Activity Monitor
  • Here, look for suspicious processes and use the Force Quit command to shut them down
  • Go back to the Applications folder
  • Find the malicious entry and place it in Trash.Uninstall from Mac 1

Login Items and unwanted Profiles might prevent the removal of malicious applications. Remove them as follows:

  • Go to Preferences and select Accounts
  • Click Login items and delete everything suspicious
  • Next, pick System Preferences > Users & Groups
  • Find Profiles and remove unwanted profiles from the list.
  • Go to Preferences > Accounts > Login items and remove the malicious entries.

Finally, you should remove the remaining files of the virus, which can be found as follows:

  • Select Go > Go to Folder.
  • Enter /Library/Application Support and click Go or press Enter.
  • In the Application Support folder, look for any dubious entries and then delete them.
  • Now enter /Library/LaunchAgents and /Library/LaunchDaemons folders the same way and terminate all the related .plist files.Uninstall from Mac 2

Clean your browser

Without cleaning cookies[3] and other web data, your browser could remain vulnerable and prone to collecting your personal information. Thus, you should clean your browsers after eliminating the main application and extension – we recommend employing ReimageIntego for the quick and easy solution.

Using this method, you can remove the GuideService extension, although it might not always be possible as the option to do so might be grayed out. If so, skip this step.

  1. Click Safari > Preferences…
  2. In the new window, pick Extensions.
  3. Select the unwanted extension and select Uninstall.Remove extensions from Safari

If you can't eliminate the extension, you should simply reset Safari:

  • Click Safari > Preferences…
  • Go to the Advanced tab.
  • Tick the Show Develop menu in the menu bar.
  • From the menu bar, click Develop, and then select Empty Caches.Reset Safari

If you successfully removed the extension, you should clean browser history and other leftover settings as follows:

  1. Click Safari > Clear History…
  2. From the drop-down menu under Clear, pick all history.
  3. Confirm with Clear History.Clear cookies and website data from Safari

If you use Chrome or Firefox as your main browser, check for the instructions below.

You may remove virus damage with a help of ReimageIntego. SpyHunter 5Combo Cleaner and Malwarebytes are recommended to detect potentially unwanted programs and viruses with all their files and registry entries that are related to them.

Offer
do it now!
Download
Reimage Happiness
Guarantee
Download
Intego Happiness
Guarantee
Compatible with Microsoft Windows Compatible with macOS
What to do if failed?
If you failed to fix virus damage using Reimage Intego, submit a question to our support team and provide as much details as possible.
Reimage Intego has a free limited scanner. Reimage Intego offers more through scan when you purchase its full version. When free scanner detects issues, you can fix them using free manual repairs or you can decide to purchase the full version in order to fix them automatically.
Alternative Software
Different software has a different purpose. If you didn’t succeed in fixing corrupted files with Reimage, try running SpyHunter 5.
Alternative Software
Different software has a different purpose. If you didn’t succeed in fixing corrupted files with Intego, try running Combo Cleaner.

Getting rid of GuideService Mac adware. Follow these steps

ChromeFirefox

Remove from Google Chrome

Delete malicious extensions from Google Chrome:

  1. Open Google Chrome, click on the Menu (three vertical dots at the top-right corner) and select More tools > Extensions.
  2. In the newly opened window, you will see all the installed extensions. Uninstall all the suspicious plugins that might be related to the unwanted program by clicking Remove. Remove extensions from Chrome

Clear cache and web data from Chrome:

  1. Click on Menu and pick Settings.
  2. Under Privacy and security, select Clear browsing data.
  3. Select Browsing history, Cookies and other site data, as well as Cached images and files.
  4. Click Clear data. Clear cache and web data from Chrome

Change your homepage:

  1. Click menu and choose Settings.
  2. Look for a suspicious site in the On startup section.
  3. Click on Open a specific or set of pages and click on three dots to find the Remove option.

Reset Google Chrome:

If the previous methods did not help you, reset Google Chrome to eliminate all the unwanted components:

  1. Click on Menu and select Settings.
  2. In the Settings, scroll down and click Advanced.
  3. Scroll down and locate Reset and clean up section.
  4. Now click Restore settings to their original defaults.
  5. Confirm with Reset settings. Reset Chrome 2
ChromeFirefox

Remove from Mozilla Firefox (FF)

Remove dangerous extensions:

  1. Open Mozilla Firefox browser and click on the Menu (three horizontal lines at the top-right of the window).
  2. Select Add-ons.
  3. In here, select unwanted plugin and click Remove. Remove extensions from Firefox

Reset the homepage:

  1. Click three horizontal lines at the top right corner to open the menu.
  2. Choose Options.
  3. Under Home options, enter your preferred site that will open every time you newly open the Mozilla Firefox.

Clear cookies and site data:

  1. Click Menu and pick Options.
  2. Go to Privacy & Security section.
  3. Scroll down to locate Cookies and Site Data.
  4. Click on Clear Data…
  5. Select Cookies and Site Data, as well as Cached Web Content and press Clear. Clear cookies and site data from Firefox

Reset Mozilla Firefox

If clearing the browser as explained above did not help, reset Mozilla Firefox:

  1. Open Mozilla Firefox browser and click the Menu.
  2. Go to Help and then choose Troubleshooting Information. Reset Firefox 1
  3. Under Give Firefox a tune up section, click on Refresh Firefox…
  4. Once the pop-up shows up, confirm the action by pressing on Refresh Firefox. Reset Firefox 2

After uninstalling this potentially unwanted program (PUP) and fixing each of your web browsers, we recommend you to scan your PC system with a reputable anti-spyware. This will help you to get rid of GuideService Mac registry traces and will also identify related parasites or possible malware infections on your computer. For that you can use our top-rated malware remover: ReimageIntego, SpyHunter 5Combo Cleaner or Malwarebytes.

How to prevent from getting adware

Choose a proper web browser and improve your safety with a VPN tool

Online spying has got momentum in recent years and people are getting more and more interested in how to protect their privacy online. One of the basic means to add a layer of security – choose the most private and secure web browser. Although web browsers can't grant full privacy protection and security, some of them are much better at sandboxing, HTTPS upgrading, active content blocking, tracking blocking, phishing protection, and similar privacy-oriented features. However, if you want true anonymity, we suggest you employ a powerful Private Internet Access VPN – it can encrypt all the traffic that comes and goes out of your computer, preventing tracking completely.

 

Lost your files? Use data recovery software

While some files located on any computer are replaceable or useless, others can be extremely valuable. Family photos, work documents, school projects – these are types of files that we don't want to lose. Unfortunately, there are many ways how unexpected data loss can occur: power cuts, Blue Screen of Death errors, hardware failures, crypto-malware attack, or even accidental deletion.

To ensure that all the files remain intact, you should prepare regular data backups. You can choose cloud-based or physical copies you could restore from later in case of a disaster. If your backups were lost as well or you never bothered to prepare any, Data Recovery Pro can be your only hope to retrieve your invaluable files.

About the author
Lucia Danes
Lucia Danes - Virus researcher

If this free guide helped you and you are satisfied with our service, please consider making a donation to keep this service alive. Even a smallest amount will be appreciated.

Contact Lucia Danes
About the company Esolutions

References