InitialMethod Mac virus (Free Guide)

InitialMethod Mac virus Removal Guide

What is InitialMethod Mac virus?

InitialMethod is Mac malware that can compromise your device in many ways

InitialMethodInitialMethod uses a variety of evasion mechanisms to bypass detection of XProtect, the built-in Mac anti-malware

The InitialMethod Mac virus is one of the many Adload malware variants. It seeks to take control of your browser, reroute you to malicious websites, and steal your personal information, which can then be sold on underground forums for malicious purposes. To protect your computer, you should remove this virus immediately.

Unfortunately, because it has numerous components and makes use of a number of persistence techniques, the InitialMethod virus is not that simple to get rid of. Therefore, if the infection is not properly removed, it can reappear and carry out further destructive activities. All the necessary details regarding the virus and the most efficient ways to permanently remove it are provided here.

Name InitialMethod
Type Mac virus, adware, browser hijacker
Malware family Adload
Distribution Fake Flash Player installers or bundled software from malicious sources
Symptoms An extension installed on the browser with elevated permissions, along with an application of the same name; new profiles and login items set up on the account; malicious ads shown during web browsing activities; search and browsing settings altered to Safe Finder or another search provider
Removal You can remove Mac malware with the help of powerful security tools, such as SpyHunter 5Combo Cleaner. If you want to attempt to get rid of the infection yourself, check the manual instructions below
Security tips Third parties can employ cookies to continue tracking your online activities, so we recommended clearing browser caches and other leftover files with FortectIntego

InitialMethod is a version of Adload – one of the most prominent malware families plaguing Mac and has been around since 2017. With hundreds of variants, such as EditInstruction, IronBrowse, or RealInfo, under its belt, this strain has become a major headache for many Mac users and security experts alike.


Malware usually spreads using deceptive distribution tactics such as fake Flash Player installers. The plugin has been around for decades, and that's why so many people still associate it with multimedia player capabilities. The truth is that Flash has been discontinued by Adobe due to its unreliability and numerous vulnerabilities that had to be patched.

In most cases, users would encounter requests to install Flash on an unreliable website that uses some sort of phishing[1] messaging. For example, you may be told that you need to update the plugin to view a site. In other cases, the fake versions may be included along with other software, which is usually illegal, downloaded from pirated app distributors.

Users would often see the malicious payload of InitialMethod or another variant of Adload being delivered as “,” which is also the name used to distribute malware such as Shlayer Trojan. Please be aware that all the requests to update Flash are fake and should be ignored.

InitialMethod virusMalware may change the homepage and other browser settings to deliver intrusive ads

What it does and how it works

Adload uses a predetermined pattern for its version naming and often employs words like “system,” “Info,” “Analyzer,” “Unit,” and more. These are random words generated from a pool of words – the names are made by combining two or three of those. All variants use a magnifying glass icon placed on a green, teal, or, most recently, gray background.

If you notice any of the symptoms below after opening your web browser, it's likely that you have been infected with InitialMethod:

  • The extension is added to your web browser, resulting in browser hijacking.[2]
  • Your homepage changes.
  • Your search provider is altered. For example, previous versions were seen redirecting users to Safe Finder and similar unreliable providers.

Additionally, the malware sets up a man-in-the-middle proxy,[3] which enables traffic to be diverted through the servers of cybercriminals. This illegal traffic monetization is extremely common as it provides crooks with an easy way to obtain a lot of money through advertising.

The loaded browser add-on is known to allow malware to track user data, which only makes the situation worse. If you look up the app's information in the browser's settings, you'll see that the extension is capable of dreading data like credit card details or passwords, which can be an extremely damaging activity, putting users' privacy at risk.

How to remove malware effectively

Anti-malware software is the most reliable way to remove InitialMethod and other malicious files from your system. Not only does it removes all changes made by malware, but using anti-malware software will also protect you against future infections. This is because your system will always be up-to-date with the latest security patches.

For a reliable anti-malware solution, we recommend either SpyHunter 5Combo Cleaner or Malwarebytes. These applications will locate all the malicious files for you and get rid of them in only a few minutes. Or, if you prefer, you can select manual elimination; however, we always suggest clearing your browser's caches regardless of which method is used.

Remove the app and its components from the system

To fulfill its malicious deeds, Adload runs background processes at all times – these are launched immediately after the system is booted. To prevent issues with removal, you should find these processes and terminate them:

  • Open Applications folder
  • Select Utilities
  • Double-click Activity Monitor
  • Here, look for suspicious processes and use the Force Quit command to shut them down
  • Go back to the Applications folder
  • Find the malicious entry and place it in Trash.Uninstall from Mac 1

Login Items ensure that the malicious app is started every time the Mac is booted – this entry is essential to remove. Profiles belonging to the virus should also be removed.

  • Go to Preferences and pick Accounts
  • Click Login items and delete everything suspicious
  • Next, pick System Preferences > Users & Groups
  • Find Profiles and remove unwanted profiles from the list.

The PLIST files are small config files, also known as “Properly list.” They hold various user settings and hold information about certain applications. In order to remove the virus, you have to find the related PLIST files and remove them.

  • Select Go > Go to Folder.
  • Enter /Library/Application Support and click Go or press Enter.
  • In the Application Support folder, look for any dubious entries and then delete them.
  • Now enter /Library/LaunchAgents and /Library/LaunchDaemons folders the same way and terminate all the related .plist files.Uninstall from Mac 2

Getting rid of the extension and removing browser caches

Once the virus has been installed, Safari or another common browser will have an extension added. This add-on would alter the homepage and introduce a new tab functionality, exposing visitors to sponsored links or advertisements. With the help of this malware component, various personal information can be gathered about users, which can put their security and privacy at risk.

You should uninstall the extension that uses the magnifying glass icon to restore your browser functions and recover control. Keep in mind that depending on the virus's methods for persistence, this may or may not be possible. Proceed to the following section if it doesn't succeed.

  • Click Safari > Preferences…
  • In the new window, pick Extensions.
  • Select the unwanted extension and select Uninstall.Remove extensions from Safari

If you were unable to uninstall the extension in a regular way, you can reset Safari instead. It is easy to do:

  • Click Safari > Preferences…
  • Go to the Advanced tab.
  • Tick the Show Develop menu in the menu bar.
  • From the menu bar, click Develop, and then select Empty Caches.Reset Safari

Your last task is to clean the browser caches of Safari. Note that you don't have to do it manually if you employ the FortectIntego maintenance utility, it can quickly and easily get rid of various junk files and trackers.

  • Click Safari > Clear History…
  • From the drop-down menu under Clear, pick all history.
  • Confirm with Clear History.Clear cookies and website data from Safari

If you are using Google Chrome or Mozilla Firefox browser, proceed with the instructions below.

do it now!
Fortect Happiness
Intego Happiness
Compatible with Microsoft Windows Compatible with macOS
What to do if failed?
If you failed to fix virus damage using Fortect Intego, submit a question to our support team and provide as much details as possible.
Fortect Intego has a free limited scanner. Fortect Intego offers more through scan when you purchase its full version. When free scanner detects issues, you can fix them using free manual repairs or you can decide to purchase the full version in order to fix them automatically.
Alternative Software
Different software has a different purpose. If you didn’t succeed in fixing corrupted files with Fortect, try running SpyHunter 5.
Alternative Software
Different software has a different purpose. If you didn’t succeed in fixing corrupted files with Intego, try running Combo Cleaner.

Getting rid of InitialMethod Mac virus. Follow these steps


Remove from Google Chrome

Delete malicious extensions from Google Chrome:

  1. Open Google Chrome, click on the Menu (three vertical dots at the top-right corner) and select More tools > Extensions.
  2. In the newly opened window, you will see all the installed extensions. Uninstall all the suspicious plugins that might be related to the unwanted program by clicking Remove. Remove extensions from Chrome

Clear cache and web data from Chrome:

  1. Click on Menu and pick Settings.
  2. Under Privacy and security, select Clear browsing data.
  3. Select Browsing history, Cookies and other site data, as well as Cached images and files.
  4. Click Clear data. Clear cache and web data from Chrome

Change your homepage:

  1. Click menu and choose Settings.
  2. Look for a suspicious site in the On startup section.
  3. Click on Open a specific or set of pages and click on three dots to find the Remove option.

Reset Google Chrome:

If the previous methods did not help you, reset Google Chrome to eliminate all the unwanted components:

  1. Click on Menu and select Settings.
  2. In the Settings, scroll down and click Advanced.
  3. Scroll down and locate Reset and clean up section.
  4. Now click Restore settings to their original defaults.
  5. Confirm with Reset settings. Reset Chrome 2

Remove from Mozilla Firefox (FF)

Remove dangerous extensions:

  1. Open Mozilla Firefox browser and click on the Menu (three horizontal lines at the top-right of the window).
  2. Select Add-ons.
  3. In here, select unwanted plugin and click Remove. Remove extensions from Firefox

Reset the homepage:

  1. Click three horizontal lines at the top right corner to open the menu.
  2. Choose Options.
  3. Under Home options, enter your preferred site that will open every time you newly open the Mozilla Firefox.

Clear cookies and site data:

  1. Click Menu and pick Settings.
  2. Go to Privacy & Security section.
  3. Scroll down to locate Cookies and Site Data.
  4. Click on Clear Data…
  5. Select Cookies and Site Data, as well as Cached Web Content and press Clear. Clear cookies and site data from Firefox

Reset Mozilla Firefox

If clearing the browser as explained above did not help, reset Mozilla Firefox:

  1. Open Mozilla Firefox browser and click the Menu.
  2. Go to Help and then choose Troubleshooting Information. Reset Firefox 1
  3. Under Give Firefox a tune up section, click on Refresh Firefox…
  4. Once the pop-up shows up, confirm the action by pressing on Refresh Firefox. Reset Firefox 2

How to prevent from getting mac viruses

Access your website securely from any location

When you work on the domain, site, blog, or different project that requires constant management, content creation, or coding, you may need to connect to the server and content management service more often. The best solution for creating a tighter network could be a dedicated/fixed IP address.

If you make your IP address static and set to your device, you can connect to the CMS from any location and do not create any additional issues for the server or network manager that needs to monitor connections and activities. VPN software providers like Private Internet Access can help you with such settings and offer the option to control the online reputation and manage projects easily from any part of the world.


Recover files after data-affecting malware attacks

While much of the data can be accidentally deleted due to various reasons, malware is one of the main culprits that can cause loss of pictures, documents, videos, and other important files. More serious malware infections lead to significant data loss when your documents, system files, and images get encrypted. In particular, ransomware is is a type of malware that focuses on such functions, so your files become useless without an ability to access them.

Even though there is little to no possibility to recover after file-locking threats, some applications have features for data recovery in the system. In some cases, Data Recovery Pro can also help to recover at least some portion of your data after data-locking virus infection or general cyber infection. 


About the author
Jake Doevan
Jake Doevan - Computer technology expert

If this free guide helped you and you are satisfied with our service, please consider making a donation to keep this service alive. Even a smallest amount will be appreciated.

Contact Jake Doevan
About the company Esolutions