ProcessorProgression Mac virus Removal Guide
What is ProcessorProgression Mac virus?
ProcessorProgression is a malicious Mac application designed to profit from intrusive ads
ProcessorProgression is a potentially unwanted application that comes from the Adload family
ProcessorProgression is a Mac virus that was first spotted attacking users at the end of April 2022. Since it spreads via deceptive methods such as fake Flash Player updates or pirated software bundles, most users do not notice its presence for some time – at least until they open their web browser, where the changes are visible immediately.
Upon infiltration, ProcessorProgression appends a browser extension using a distinctive magnifying glass icon to Safari, Chrome, Firefox, or another web browser. With the help of that, the virus would alter the homepage of the browser and redirect all the searches to an alternative provider, such as Yahoo. Results would also be filled with various ads.
The malicious app would also result in an increased number of advertisements one encounter while browsing the web – pop-ups, banners, offers, and redirects would be a regular occurrence. With the help of this component, malware would be able to steal personal data, such as passwords or credit card details.
|Type||Mac virus, adware, browser hijacker|
|Distribution||Third-party websites distributing pirated software, software bundles, fake Flash Player updates|
|Symptoms||A new extension is installed on the browser, along with an application of the same name; search and browsing settings altered to an alternative search provider; new profiles and login items set up on the account; intrusive ads and redirects|
|Removal||Remove Mac malware with SpyHunter 5Combo Cleaner. Manual guidelines are provided below|
|Security tips||For best performance and system remediation, we recommend using ReimageIntego. Also, cleaning web browser caches is highly advised after the elimination of malware for better privacy and security|
The persistent malware family
ProcessorProgression belongs to a malware family known as Adload, which has been active since at least late 2017. So far, it has several hundreds of versions released – just recently, we described CapacityMegabyte, LoginCheck, DataCharacter, or ExecutiveBrowser.
It looking closely, you can notice a pattern in naming here: it usually consists of two words related to web browsing or/and computing. This is because these names are randomly generated, as they don't really matter much to cybercriminals, as their main goal is to retrieve benefits from infecting users.
All versions of Adload are distributed through fake Flash Player installers  or software bundlers downloaded from high-risk websites. Thus, users never install these malicious apps intentionally. During the installation, they are asked for their Apple ID, and once they enter it, the infection process begins.
Operation and traits
As soon as ProcessorProgression is installed, it uses the built-in Apple Script to make changes to macOS and install various malicious components. With it, it is very easy for the virus to run with elevated permissions and launch every time the computer is booted, so malware remains in operation at all times.
One of the most significant traits of this change is that Mac's built-in defense systems, such as Gatekeeper or XProtect, become relatively useless after it breaks through. Established Login items and new Profiles, and various configuration files ensure that the virus runs on the device for as long as possible.
ProcessorProgression changes homepage and new tab to Safe Finder or another address
As already mentioned, the browser extension component of ProcessorProgression serves the primary purpose of delivering continuous advertisements to users via altered browser settings. This guarantees that malware authors receive financial benefits from the activity, and the more users are infected, the larger the profits.
Stolen personal data, such as passwords, credit card details, or contact information, can be later used for further phishing campaigns or might even be sold to the highest bidder on the Dark Web. Thus, as long as you have it installed on your system, you should not disclose any sensitive information via your browser.
ProcessorProgression is not a complex malware sample, although its obfuscation and persistence techniques work very well in the macOS environment. Since it drops many files and consists of several components, we strongly recommend you use SpyHunter 5Combo Cleaner or Malwarebytes to remove malicious software from your Mac automatically.
Manual malware elimination is also possible, although success is not guaranteed. Regardless of which method you choose (we recommend a combination of both), you should make sure you clean your browsers properly, which you can choose to do with the ReimageIntego maintenance utility.
Once installed, the malware runs background processes to fulfill its duties. To remove the main application, you should first shit down these processes via the Activity Monitor:
- Open Applications folder.
- Select Utilities.
- Double-click Activity Monitor.
- Here, look for suspicious processes and use the Force Quit command to shut them down.
- Go back to the Applications folder.
- Find the malicious entry and place it in Trash.
Login items ensure that the app starts as soon as the computer boots, and Profiles are used to manage various account settings. Thus, get rid of malware-related items:
- Go to Preferences and pick Accounts.
- Click Login items and delete everything suspicious.
- Next, pick System Preferences > Users & Groups.
- Find Profiles and remove unwanted profiles from the list.
Your next task is finding Plist files that hold various configuration data of the virus. You can do that as follows:
- Select Go > Go to Folder.
- Enter /Library/Application Support and click Go or press Enter.
- In the Application Support folder, look for any dubious entries and then delete them.
- Now enter /Library/LaunchAgents and /Library/LaunchDaemons folders the same way and delete all the related .plist files.
Remove the extension and clean your browsers
The browser extension should be removed from your browser as well. In many cases, this might not work for you, as it simply is grayed out.
- Click Safari > Preferences…
- In the new window, pick Extensions.
- Select the unwanted extension and select Uninstall.
If you managed to get rid of the extension in a regular way, you should also clean your browser caches to prevent further data tracking.
- Click Safari > Clear History…
- From the drop-down menu under Clear, pick all history.
- Confirm with Clear History.
If you are unable to delete the extension, a browser reset would work for you.
- Click Safari > Preferences…
- Go to the Advanced tab.
- Tick the Show Develop menu in the menu bar.
- From the menu bar, click Develop, and then select Empty Caches.
Getting rid of ProcessorProgression Mac virus. Follow these steps
Remove from Google Chrome
Delete malicious extensions from Google Chrome:
- Open Google Chrome, click on the Menu (three vertical dots at the top-right corner) and select More tools > Extensions.
- In the newly opened window, you will see all the installed extensions. Uninstall all the suspicious plugins that might be related to the unwanted program by clicking Remove.
Clear cache and web data from Chrome:
- Click on Menu and pick Settings.
- Under Privacy and security, select Clear browsing data.
- Select Browsing history, Cookies and other site data, as well as Cached images and files.
- Click Clear data.
Change your homepage:
- Click menu and choose Settings.
- Look for a suspicious site in the On startup section.
- Click on Open a specific or set of pages and click on three dots to find the Remove option.
Reset Google Chrome:
If the previous methods did not help you, reset Google Chrome to eliminate all the unwanted components:
- Click on Menu and select Settings.
- In the Settings, scroll down and click Advanced.
- Scroll down and locate Reset and clean up section.
- Now click Restore settings to their original defaults.
- Confirm with Reset settings.
Remove from Mozilla Firefox (FF)
Remove dangerous extensions:
- Open Mozilla Firefox browser and click on the Menu (three horizontal lines at the top-right of the window).
- Select Add-ons.
- In here, select unwanted plugin and click Remove.
Reset the homepage:
- Click three horizontal lines at the top right corner to open the menu.
- Choose Options.
- Under Home options, enter your preferred site that will open every time you newly open the Mozilla Firefox.
Clear cookies and site data:
- Click Menu and pick Options.
- Go to Privacy & Security section.
- Scroll down to locate Cookies and Site Data.
- Click on Clear Data…
- Select Cookies and Site Data, as well as Cached Web Content and press Clear.
Reset Mozilla Firefox
If clearing the browser as explained above did not help, reset Mozilla Firefox:
- Open Mozilla Firefox browser and click the Menu.
- Go to Help and then choose Troubleshooting Information.
- Under Give Firefox a tune up section, click on Refresh Firefox…
- Once the pop-up shows up, confirm the action by pressing on Refresh Firefox.
How to prevent from getting adware
Do not let government spy on you
The government has many issues in regards to tracking users' data and spying on citizens, so you should take this into consideration and learn more about shady information gathering practices. Avoid any unwanted government tracking or spying by going totally anonymous on the internet.
You can choose a different location when you go online and access any material you want without particular content restrictions. You can easily enjoy internet connection without any risks of being hacked by using Private Internet Access VPN.
Control the information that can be accessed by government any other unwanted party and surf online without being spied on. Even if you are not involved in illegal activities or trust your selection of services, platforms, be suspicious for your own security and take precautionary measures by using the VPN service.
Backup files for the later use, in case of the malware attack
Computer users can suffer from data losses due to cyber infections or their own faulty doings. Ransomware can encrypt and hold files hostage, while unforeseen power cuts might cause a loss of important documents. If you have proper up-to-date backups, you can easily recover after such an incident and get back to work. It is also equally important to update backups on a regular basis so that the newest information remains intact – you can set this process to be performed automatically.
When you have the previous version of every important document or project you can avoid frustration and breakdowns. It comes in handy when malware strikes out of nowhere. Use Data Recovery Pro for the data restoration process.