ResolutionProduct Mac virus (Free Instructions)
ResolutionProduct Mac virus Removal Guide
What is ResolutionProduct Mac virus?
ResolutionProduct is a malicious Mac application that is a serious threat to one's privacy
ResolutionProduct is a dangerous Mac virus that can spy on your sensitive data via a browser extension installed on Safari, Firefox, or Chrome
ResolutionProduct is malware that was first observed making rounds in late July 2022. Belonging to the broad malware family of Adload, it is known to be distributed using fake Flash Player updates or cracked software installers, which makes users give permission to the virus to make system changes. As such, malware quickly takes over the device by installing multiple components on the system, all while avoiding all built-in Mac defenses.[1]
Once malware is installed, a browser extension named ResolutionProduct would be appended to the browser. This would change its operation, with the affected users seeing more and more ads, scam sites, and similar malicious content (changes to the homepage and the search provider are also likely).
Besides being relatively persistent, the ResolutionProduct virus can start gathering personal user information via the web browser – account credentials and credit card details may be among the harvested data. Without a doubt, it can pose serious security and privacy risk and also may result in further system infections.
Name | ResolutionProduct |
Type | Mac virus, adware, browser hijacker |
Malware family | Adload |
Distribution | Fake Flash Player installers or software bundles from malicious sources |
Symptoms | Installs a new extension and application on the system; changes homepage and new tab of the browser; inserts ads and malicious links; tracks sensitive user data via extension |
Removal | The easiest way to remove Mac malware is to perform a full system scan with SpyHunter 5Combo Cleaner security software. We also provide a manual guide below |
System optimization | After removal of unwanted software, make sure you clean your browsers from cookies and other trackers with FortectIntego |
Adload distribution
Adload malware family has been around since at least 2017, and to this day, it is not known who is behind it. Some parallels were found between the strain and other prevalent malware, such as Shlayer or Bundlore using the same distribution method and names of the malicious files.
To be more precise, adware is mostly spread via fake Flash Player installers that direct users to install various bloatware, and ResolutionProduct might be one of them. Flash used to be a very widespread plugin that was used to play various multimedia content on the web for many years. However, it had plenty of vulnerabilities,[2] its name was also commonly used in scam schemes, and more advanced technology already existed for a while, so Adobe terminated Flash forever back in 2020.[3]
Users might also get infected with the virus whenever they visit peer-to-peer networks and download torrents or other repacked files. Since people install these applications themselves, they automatically give permission for the virus to perform its malicious tasks freely. These places are dangerous in general and should be avoided as much as possible.
How does malware affect your Mac?
Users infected with the ResolutionProduct virus might not immediately understand what has happened, although the symptoms would be visible almost right away. Adload is considered to be a browser hijacker and adware by its functionality, as it immediately installs an extension that takes over Safari, Chrome, Firefox, or another web browser. Changes to the homepage/new tab might not be visible, although some variants might set it to Safe Finder or similar.
The main goal of the virus is to ensure that the constant flow of ads is being shown to users. These can come up in various forms; for example, those affected are more likely to encounter even more fake Flash Player update prompts or other phishing material while browsing the web.
ResolutionProduct might change browser's homepage automatically
To make matters worse, the installed extension can passively gather all the information typed into the web browser, including passwords or other sensitive details, and send them off to malware authors. The persistence, which is achieved by using the built-in AppleScript, is also quite effective, thus, people struggle with the removal of malicious apps and their components.
ResolutionProduct removal
It is not uncommon for several versions of Adload to be installed at the same time, so you may find SampleFormat, IndexerClient, DigitGuild, AnalyzerState, or similar versions running on your device as well. More suspicious applications running in the background means that there are more malicious files present on your systems; in general, the virus is relatively difficult to remove manually, even if only one version of it is running on the device.
Therefore, we recommend you run a system scan with SpyHunter 5Combo Cleaner or Malwarebytes security software, as malware won't affect these security apps and will be deleted automatically for you. One more important step in malware removal is cleaning the affected web browsers, as leftover files might still result in data tracking and other issues. If you prefer manual ResolutionProduct removal, you should follow the steps below.
Get rid of the main app and its components
Before you remove the main application, you should shut down the malicious processes that might hinder easy elimination.
- Open Applications folder
- Select Utilities
- Double-click Activity Monitor
- Here, look for suspicious processes and use the Force Quit command to shut them down
- Go back to the Applications folder
- Find the malicious entry and place it in Trash.
If you still can't eliminate the main app, you can try removing Login Items and unwanted User Profiles:
- Go to Preferences and pick Accounts
- Click Login items and delete everything suspicious
- Next, pick System Preferences > Users & Groups
- Find Profiles and remove unwanted profiles from the list.
The PLIST files are small config files, also known as “Properly list.” They hold various user settings and hold information about certain applications. In order to remove the virus, you have to find the related PLIST files and remove them.
- Select Go > Go to Folder.
- Enter /Library/Application Support and click Go or press Enter.
- In the Application Support folder, look for any dubious entries and then delete them.
- Now enter /Library/LaunchAgents and /Library/LaunchDaemons folders the same way and terminate all the related .plist files.
Make a browser check
This step might not be easy to accomplish, as the extension might be grayed out within the web browser, preventing it from being removed. If that is the case for you, ignore the steps on the extension removal and head directly to the browser reset section under it.
- Click Safari > Preferences…
- In the new window, pick Extensions.
- Select the unwanted extension and select Uninstall.
Now clean your browser caches and web data. This would prevent third parties from tracking you with the help of cookies and other technologies. It is overall recommended to clean web browsers from time to time for better security and privacy. Instead of doing it manually, you can employ a maintenance application FortectIntego.
- Click Safari > Clear History…
- From the drop-down menu under Clear, pick all history.
- Confirm with Clear History.
If the above was not possible for you, reset the browser altogether:
- Click Safari > Preferences…
- Go to the Advanced tab.
- Tick the Show Develop menu in the menu bar.
- From the menu bar, click Develop, and then select Empty Caches.
Note: if you use Google Chrome or Mozilla Firefox, follow the instructions below.
Getting rid of ResolutionProduct Mac virus. Follow these steps
Remove from Mozilla Firefox (FF)
Remove dangerous extensions:
- Open Mozilla Firefox browser and click on the Menu (three horizontal lines at the top-right of the window).
- Select Add-ons.
- In here, select unwanted plugin and click Remove.
Reset the homepage:
- Click three horizontal lines at the top right corner to open the menu.
- Choose Options.
- Under Home options, enter your preferred site that will open every time you newly open the Mozilla Firefox.
Clear cookies and site data:
- Click Menu and pick Settings.
- Go to Privacy & Security section.
- Scroll down to locate Cookies and Site Data.
- Click on Clear Data…
- Select Cookies and Site Data, as well as Cached Web Content and press Clear.
Reset Mozilla Firefox
If clearing the browser as explained above did not help, reset Mozilla Firefox:
- Open Mozilla Firefox browser and click the Menu.
- Go to Help and then choose Troubleshooting Information.
- Under Give Firefox a tune up section, click on Refresh Firefox…
- Once the pop-up shows up, confirm the action by pressing on Refresh Firefox.
Remove from Google Chrome
Delete malicious extensions from Google Chrome:
- Open Google Chrome, click on the Menu (three vertical dots at the top-right corner) and select More tools > Extensions.
- In the newly opened window, you will see all the installed extensions. Uninstall all the suspicious plugins that might be related to the unwanted program by clicking Remove.
Clear cache and web data from Chrome:
- Click on Menu and pick Settings.
- Under Privacy and security, select Clear browsing data.
- Select Browsing history, Cookies and other site data, as well as Cached images and files.
- Click Clear data.
Change your homepage:
- Click menu and choose Settings.
- Look for a suspicious site in the On startup section.
- Click on Open a specific or set of pages and click on three dots to find the Remove option.
Reset Google Chrome:
If the previous methods did not help you, reset Google Chrome to eliminate all the unwanted components:
- Click on Menu and select Settings.
- In the Settings, scroll down and click Advanced.
- Scroll down and locate Reset and clean up section.
- Now click Restore settings to their original defaults.
- Confirm with Reset settings.
How to prevent from getting adware
Access your website securely from any location
When you work on the domain, site, blog, or different project that requires constant management, content creation, or coding, you may need to connect to the server and content management service more often. The best solution for creating a tighter network could be a dedicated/fixed IP address.
If you make your IP address static and set to your device, you can connect to the CMS from any location and do not create any additional issues for the server or network manager that needs to monitor connections and activities. VPN software providers like Private Internet Access can help you with such settings and offer the option to control the online reputation and manage projects easily from any part of the world.
Recover files after data-affecting malware attacks
While much of the data can be accidentally deleted due to various reasons, malware is one of the main culprits that can cause loss of pictures, documents, videos, and other important files. More serious malware infections lead to significant data loss when your documents, system files, and images get encrypted. In particular, ransomware is is a type of malware that focuses on such functions, so your files become useless without an ability to access them.
Even though there is little to no possibility to recover after file-locking threats, some applications have features for data recovery in the system. In some cases, Data Recovery Pro can also help to recover at least some portion of your data after data-locking virus infection or general cyber infection.
- ^ Phil Stokes. Massive New AdLoad Campaign Goes Entirely Undetected By Apple’s XProtect. SentinelOne. Security research blog.
- ^ Thomas Holt. What Are Software Vulnerabilities, and Why Are There So Many of Them?. Scientific American. Science Magazine.
- ^ Tim Brookes. Adobe Flash is Dead: Here’s What That Means. How-to Geek. Site that explains technology.