IntranetLookup mac virus Removal Guide
What is IntranetLookup mac virus?
IntranetLookup mac virus can install PUPs and malware without the users' knowledge
Adload viruses have adware and hijacking capabilities
IntranetLookup is a virus that belongs to the Adload malware family. This means that it specifically targets mac machines. It has a wide variety of capabilities – causing ad spam, changing the browser settings, or even installing PUPs (potentially unwanted programs), and malware in the background.
It is safe to say that Adload viruses are similar to adware and browser hijackers. However, it is much more aggressive than adware developed to infect Windows machines. Crooks may be using rogue advertising networks that place ads leading to dangerous websites.
People can end up on scam pages that try to take advantage of them. The malicious program may also change the main browser settings, like the homepage, new tab address, and search engine, forcing people to use only selected channels for browsing. This raises many user privacy and security concerns.
Adload in general
We previously wrote about many other Adload variants, like PhantomRich, JourneyDrive, and AccessibleInput. All of their icons look very similar – a magnifier inside a green, teal, or grey background. The main file of the virus can always be found in the “Applications” folder. However, that does not mean that the intruder is easily removed.
Mac adware uses various evasion techniques to keep it undetected. It can bypass Apple's own security system XProtect. The unwanted program also generates multiple other files disguised as normal system files to prevent users from eliminating it quickly. That is why it is best to avoid such infections in the first place.
|TYPE||Adware, browser hijacker, mac virus|
|SYMPTOMS||Different homepage and new tab addresses; redirects to a fake search engine and shady websites; performance issues;|
|DISTRIBUTION||Fake software updates, deceptive ads, peer-to-peer file-sharing platforms|
|DANGERS||Altered search results can lead to dangerous websites; pop-up ads might be promoting scams; the virus can install other PUPs or even malware in the background|
|ELIMINATION||Eliminating this Mac virus manually can be quite complicated because of various persistence techniques. The easiest and most effective way would be to open a professional security tool and scan your system to delete every related file|
|FURTHER STEPS||ReimageIntego should be used to completely wipe out any data left and fix the remaining damage|
Fake Flash Player updates
One of the most common ways that users get infected with Adload is fake Flash Player updates. Even though Flash Player was discontinued in 2020, and replaced by HTML5, many do not know this. Crooks create deceptive sites that show various messages.
Sometimes they try to convince people that they need to update Flash Player to be able to proceed to the website, watch media content, play web games, etc. If you ever see such a message, exit the page immediately as it is definitely fake. To avoid such scams it is best to only visit pages that you know and trust.
Mac adware can sneak into the system through multiple channels
Peer-to-peer file-sharing platforms
Adload developers often use Torrent websites and peer-to-peer file-sharing platforms to spread their creations. These platforms are unregulated, so it is impossible to know if the packages you are downloading do not contain any malicious files. Besides, this activity is illegal and can result in serious consequences.
It is best to use official web stores and developer websites. Apps that get listed on legitimate digital marketplaces, have to go through an extensive review process. However, you should still do your research – read the reviews, look at the ratings and the number of users.
Keep your system updated
One of the most important things but often overlooked is keeping the operating system and software updated. Hackers can use software vulnerabilities to spread their malicious programs. Software developers regularly release security patches which should be installed immediately if you want to keep your device as secure as possible.
Removal of IntranetLookup mac virus
You should not do this yourself unless you know what you are doing and what kind of files you need to delete. Some of the files can have a .plist extension which is a normal settings file, also known as a “properties file,” used by macOS applications. It contains properties and configuration settings for various programs.
The app also uses various persistence techniques and drops many files across the system, making browser extension and application removal difficult. To keep your mind at peace, we recommend using professional anti-malware tools SpyHunter 5Combo Cleaner or Malwarebytes, which can detect unwanted programs and eradicate them.
You also do not know if the virus installed any additional malicious programs, so this is the safest way to ensure the system is clean. If you still want to try and delete it manually, proceed with these steps:
- Open Applications folder
- Select Utilities
- Double-click Activity Monitor
- Here, look for suspicious processes related to adware and use Force Quit command to shut them down
- Go back to the Applications folder
- Find IntranetLookup in the list and move it to Trash.
If you are unable to shut down the related processes or can't move the app to Trash, you should look for malicious profiles and login items:
- Go to Preferences and select Accounts
- Click Login items and delete everything suspicious
- Next, pick System Preferences > Users & Groups
- Find Profiles and remove unwanted profiles from the list.
There are likely to be more .plist files hiding in the following locations – delete them all:
- Select Go > Go to Folder.
- Enter /Library/Application Support and click Go or press Enter.
- In the Application Support folder, look for any dubious entries and then delete them.
- Now enter /Library/LaunchAgents and /Library/LaunchDaemons folders the same way and terminate all the related .plist files.
The manual elimination process might not always result in full virus removal. Therefore, we still strongly suggest you perform a scan with security software.
Remove the browser hijacker
An extension to your browser is also added by IntranetLookup which starts performing all sorts of unwanted tasks. It possibly collects sensitive data and sends it to tracking servers. Some of the data that could be exposed is – IP address, user name, macOS version, browser versions, computer ID, items in the “Applications” folder, a list of agents, daemons, and system configuration profiles.
You should eliminate the add-on as soon as possible after the dangerous files are eliminated from your system. You can delete cookies and cache automatically with the help of ReimageIntego. It will also fix any damaged files and system errors, so you should notice an improvement in the machine's performance.
If you prefer doing this yourself without additional help, here are the instructions. You will find guides for Google Chrome and Mozilla Firefox at the bottom of this article:
- Click Safari > Preferences…
- In the new window, pick Extensions.
- Select the unwanted extension and select Uninstall.
Cookies and website data:
- Click Safari > Clear History…
- From the drop-down menu under Clear, pick all history.
- Confirm with Clear History.
The simplest and quickest solution to this is completely resetting Safari:
- Click Safari > Preferences…
- Go to Advanced tab.
- Tick the Show Develop menu in menu bar.
- From the menu bar, click Develop, and then select Empty Caches.
Getting rid of IntranetLookup mac virus. Follow these steps
Remove from Mozilla Firefox (FF)
Remove dangerous extensions:
- Open Mozilla Firefox browser and click on the Menu (three horizontal lines at the top-right of the window).
- Select Add-ons.
- In here, select unwanted plugin and click Remove.
Reset the homepage:
- Click three horizontal lines at the top right corner to open the menu.
- Choose Options.
- Under Home options, enter your preferred site that will open every time you newly open the Mozilla Firefox.
Clear cookies and site data:
- Click Menu and pick Settings.
- Go to Privacy & Security section.
- Scroll down to locate Cookies and Site Data.
- Click on Clear Data…
- Select Cookies and Site Data, as well as Cached Web Content and press Clear.
Reset Mozilla Firefox
If clearing the browser as explained above did not help, reset Mozilla Firefox:
- Open Mozilla Firefox browser and click the Menu.
- Go to Help and then choose Troubleshooting Information.
- Under Give Firefox a tune up section, click on Refresh Firefox…
- Once the pop-up shows up, confirm the action by pressing on Refresh Firefox.
Remove from Google Chrome
Delete malicious extensions from Google Chrome:
- Open Google Chrome, click on the Menu (three vertical dots at the top-right corner) and select More tools > Extensions.
- In the newly opened window, you will see all the installed extensions. Uninstall all the suspicious plugins that might be related to the unwanted program by clicking Remove.
Clear cache and web data from Chrome:
- Click on Menu and pick Settings.
- Under Privacy and security, select Clear browsing data.
- Select Browsing history, Cookies and other site data, as well as Cached images and files.
- Click Clear data.
Change your homepage:
- Click menu and choose Settings.
- Look for a suspicious site in the On startup section.
- Click on Open a specific or set of pages and click on three dots to find the Remove option.
Reset Google Chrome:
If the previous methods did not help you, reset Google Chrome to eliminate all the unwanted components:
- Click on Menu and select Settings.
- In the Settings, scroll down and click Advanced.
- Scroll down and locate Reset and clean up section.
- Now click Restore settings to their original defaults.
- Confirm with Reset settings.
How to prevent from getting adware
Stream videos without limitations, no matter where you are
There are multiple parties that could find out almost anything about you by checking your online activity. While this is highly unlikely, advertisers and tech companies are constantly tracking you online. The first step to privacy should be a secure browser that focuses on tracker reduction to a minimum.
Even if you employ a secure browser, you will not be able to access websites that are restricted due to local government laws or other reasons. In other words, you may not be able to stream Disney+ or US-based Netflix in some countries. To bypass these restrictions, you can employ a powerful Private Internet Access VPN, which provides dedicated servers for torrenting and streaming, not slowing you down in the process.
Data backups are important – recover your lost files
Ransomware is one of the biggest threats to personal data. Once it is executed on a machine, it launches a sophisticated encryption algorithm that locks all your files, although it does not destroy them. The most common misconception is that anti-malware software can return files to their previous states. This is not true, however, and data remains locked after the malicious payload is deleted.
While regular data backups are the only secure method to recover your files after a ransomware attack, tools such as Data Recovery Pro can also be effective and restore at least some of your lost data.