HerculesLookup Mac virus (Free Guide)

HerculesLookup Mac virus Removal Guide

What is HerculesLookup Mac virus?

HerculesLookup is a type of malware that delivers intrusive ads and spies on users' online activities

HerculesLookupHerculesLookup might change your homepage and new tab settings without asking

HerculesLookup is a member of a widespread Mac malware strain known as Adload, which has been spreading around since at least 2017. The infiltration of the virus usually begins with a fake Flash Player update, when people are tricked that they require the plugin for one reason or another. Alternatively, users may also get infected via illegal software bundled together with the malware installer.

Upon infiltration, the HerculesLookup virus installs plenty of components on the system, completely evading detection of Mac's built-in defenses. This allows it to dig deep into the system and take over some of its aspects. For example, those infected would notice that a browser add-on is now appended to Safari, Chrome, or another web browser, which becomes hijacked. Because of this, people would see plenty of ads and experience browser redirects to malicious sites.

The consequences of the HerculesLookup infection can be rather harsh, and not only because of a ruined browsing experience. Malware may also, in some cases, be capable of installing its other versions without user permission, tracking personal user information, and exposing them to malicious content online.

Name HerculesLookup
Type Mac virus, adware, browser hijacker
Malware family Adload
Distribution Third-party websites distributing pirated software, software bundles, fake Flash Player updates
Symptoms An extension installed on the browser with elevated permissions, along with an application of the same name; new profiles and login items set up on the account; malicious ads shown during web browsing activities; search and browsing settings altered to Safe Finder or another search provider
Removal Although not recommended to novice users, manual elimination of Mac malware is possible. We recommend performing a full system scan with SpyHunter 5Combo Cleaner and removing all the malicious components automatically
Security tips Malware and adware can meddle with your system, reducing its performance. If you want to quickly fix various issues, we recommend you try using automated tools like FortectIntego

The impact

Adload has been around for many years now, and its developers are hard at work – hundreds of versions of the virus have surfaced since then – AnalyzerSystem, ComputingInvolve, and AllocateClassics are just a few ones we've covered recently. Malware uses a particular naming pattern, where a few predetermined words are combined into a single name, it usually uses two and sometimes three words.

Users may notice the infection symptoms after they open their web browsers, as the HerculesLookup extension would be appended to the browser. This may also result in homepage changes, as well as search provider alterations. For example, previous versions were seen redirecting users to Safe Finder and similar unreliable providers.

Malware also installs the man-in-the-middle[1] proxy, which allows traffic to be rerouted through cybercriminals' servers. This is yet another way of monetizing traffic, all while exposing users to potentially dangerous websites and ads.

To make matters worse, malware is known to be able to track user information via the installed browser add-on. If you check the information about the app via your browser settings, it will show the following:

Permissions for “HerculesLookup”:

Webpage contents
Can read sensitive information from webpages, including passwords, phone numbers, and credit cards on: all pages

Browsing History
Can see when you visit: all pages

Thus, the infection of Adload can pose a serious threat to one's privacy, and with the details mentioned above stolen, users may suffer from financial losses or even identity theft. Do not delay and remove the virus from your Mac ASAP.

HerculesLookup virusHerculesLookup is Mac virus that spies on users' personal data

Removal of HerculesLookup

Upon installation, malware implements various components into the device, preventing its easy removal. For example, its usage of AppleScript allows it to completely bypass the detection of XProtect and GateKeeper[2] and continue its operations undisturbed. Thus, we recommend employing automatic solutions instead – using SpyHunter 5Combo Cleaner or Malwarebytes is an excellent choice.

If you rather do the cleaning process yourself, you can rely on the instructions below, although keep in mind that manual elimination might not be as effective.

Remove the app and get rid of its files

Upon installation, malware would start running background processes in order to keep it running. Therefore, before proceeding with the removal of the main app, you should access Activity Monitor and shut down related processes.

  • Open Applications folder
  • Select Utilities
  • Double-click Activity Monitor
  • Here, look for suspicious processes related to the virus and use the Force Quit command to shut them down
  • Go back to the Applications folder
  • Find the malicious app in the list and move it to Trash.

Login Items ensure that the malicious app is started every time the Mac is booted – this entry is essential to remove. Profiles belonging to the virus should also be eliminated.

  • Go to Preferences and pick Accounts
  • Click Login items and delete everything suspicious
  • Next, pick System Preferences > Users & Groups
  • Find Profiles and remove unwanted profiles from the list.

The PLIST files are small config files, also known as “Properly list.” They hold various user settings and hold information about certain applications. In order to remove the virus, you have to find the related PLIST files and remove them.

  • Select Go > Go to Folder.
  • Enter /Library/Application Support and click Go or press Enter.
  • In the Application Support folder, look for any dubious entries and then delete them.
  • Now enter /Library/LaunchAgents and /Library/LaunchDaemons folders the same way and terminate all the related .plist files.Uninstall from Mac 2

Get rid of the extension

Typically, Adload versions install a browser extension with elevated permissions by dropping malicious files on the system. If you managed to delete them successfully, as explained in the previous section, you should be able to eliminate the extension without any issues.


  1. Click Safari > Preferences…
  2. In the new window, pick Extensions.
  3. Select the unwanted extension and select Uninstall.Remove extensions from Safari

Google Chrome

  1. Open Google Chrome, click on the Menu (three vertical dots at the top-right corner) and select More tools > Extensions.
  2. In the newly opened window, you will see all the installed extensions. Uninstall all the suspicious plugins that might be related to the unwanted program by clicking Remove.Remove extensions from Chrome

If you still can't remove the HerculesLookup extension from the browser, you should simply reset it. Follow these steps:


  • Click Safari > Preferences…
  • Go to the Advanced tab.
  • Tick the Show Develop menu in the menu bar.
  • From the menu bar, click Develop, and then select Empty Caches.Reset Safari

Google Chrome

  1. Click on Menu and select Settings.
  2. In the Settings, scroll down and click Advanced.
  3. Scroll down and locate Reset and clean up section.
  4. Now click Restore settings to their original defaults.
  5. Confirm with Reset settings.Reset Chrome 2

Delete trackers and other leftover files for better privacy

Data tracking is, in general, a huge business in the internet sphere, and all potentially unwanted applications tend to track users to some extent, as it generates passive income. Therefore, it is advisable removing data trackers such as cookies[3] after the removal of adware. The quickest way of doing that is by employing FortectIntego, although you can check out the manual steps below if you prefer this option.


  1. Click Safari > Clear History…
  2. From the drop-down menu under Clear, pick all history.
  3. Confirm with Clear History.Clear cookies and website data from Safari

Google Chrome

  1. Click on Menu and pick Settings.
  2. Under Privacy and security, select Clear browsing data.
  3. Select Browsing history, Cookies and other site data, as well as Cached images and files.
  4. Click Clear data.Clear cache and web data from Chrome
do it now!
Fortect Happiness
Intego Happiness
Compatible with Microsoft Windows Compatible with macOS
What to do if failed?
If you failed to fix virus damage using Fortect Intego, submit a question to our support team and provide as much details as possible.
Fortect Intego has a free limited scanner. Fortect Intego offers more through scan when you purchase its full version. When free scanner detects issues, you can fix them using free manual repairs or you can decide to purchase the full version in order to fix them automatically.
Alternative Software
Different software has a different purpose. If you didn’t succeed in fixing corrupted files with Fortect, try running SpyHunter 5.
Alternative Software
Different software has a different purpose. If you didn’t succeed in fixing corrupted files with Intego, try running Combo Cleaner.

How to prevent from getting adware

Protect your privacy – employ a VPN

There are several ways how to make your online time more private – you can access an incognito tab. However, there is no secret that even in this mode, you are tracked for advertising purposes. There is a way to add an extra layer of protection and create a completely anonymous web browsing practice with the help of Private Internet Access VPN. This software reroutes traffic through different servers, thus leaving your IP address and geolocation in disguise. Besides, it is based on a strict no-log policy, meaning that no data will be recorded, leaked, and available for both first and third parties. The combination of a secure web browser and Private Internet Access VPN will let you browse the Internet without a feeling of being spied or targeted by criminals. 

No backups? No problem. Use a data recovery tool

If you wonder how data loss can occur, you should not look any further for answers – human errors, malware attacks, hardware failures, power cuts, natural disasters, or even simple negligence. In some cases, lost files are extremely important, and many straight out panic when such an unfortunate course of events happen. Due to this, you should always ensure that you prepare proper data backups on a regular basis.

If you were caught by surprise and did not have any backups to restore your files from, not everything is lost. Data Recovery Pro is one of the leading file recovery solutions you can find on the market – it is likely to restore even lost emails or data located on an external device.

About the author
Julie Splinters
Julie Splinters - Anti-malware specialist

If this free guide helped you and you are satisfied with our service, please consider making a donation to keep this service alive. Even a smallest amount will be appreciated.

Contact Julie Splinters
About the company Esolutions