ThinDev Mac virus (Free Guide)
ThinDev Mac virus Removal Guide
What is ThinDev Mac virus?
ThinDev is a malicious application that bypasses all built-in system defenses
ThinDev belongs to the broad family of adware designed for Macs known as Adload. It usually gains access to users' devices after they are tricked by a fake Flash Player update[1] or after they download illegitimate software installers from pirated websites. The infection happens as soon as users enter the Apple ID to let the app be installed.
Once on the system, ThinDev would establish a browser extension on Safari or another browser, which would be used for major operations of the virus. For example, it may change the browser's homepage and set the search provider to an alternative one, such as Search Finder or Yahoo. Besides these changes, users would be exposed to numerous ads when using their browsers, most of which would be of poor quality (and some of which may be dangerous).
Besides, malware may also track personal user information and install additional versions of Adload, as well as other malicious software in some cases. If you are infected, you should take action to get rid of the ThinDev Mac virus as soon as possible – we provide all the needed information below.
| Name | ThinDev |
| Type | Mac virus, adware, browser hijacker |
| Malware family | Adload |
| Distribution | Fake Flash Player updates, third-party domains distributing pirated software, software bundles, |
| Symptoms | Installs an extension to the browser that can not be deleted easily; changes homepage/new tab to Safe Finder, Akamaihd, or something else; redirects lead to potentially malicious or scam sites, promotes suspicious software, etc. |
| Removal | The easiest way to eliminate unwarned and malicious software on Macs is by performing a full system scan with SpyHunter 5Combo Cleaner security software. Alternatively, you can attempt to terminate the infection manually |
| System optimization | It is important to clean your browsers after removing potentially unwanted programs from your system – use FortectIntego for quick and reliable results |
Dangers of Adload
As mentioned, the ThinDev virus stems from an established malware family known as Adload, which began spreading in 2017, making it a relatively long-running strain. Since its debut, hundreds of variants have been delivered by its authors (which remain unknown to this day), infecting thousands of users worldwide. It is known to have connections with other popular Mac malware, such as Shlayer Trojan, for example.
The core objective of the virus and its variants is to ensure a regular income from ads that are inserted into the browsers of infected users without their knowledge. These ads are poorly made and often low quality because malware creators depend on ad networks that aren't trustworthy.
Malware also installs the man-in-the-middle[2] proxy, which allows traffic to be rerouted through cybercriminals' servers. By doing this, they are able to make money off of website traffic while also exposing users to potentially dangerous websites and ads.
Since the virus is installed with elevated permissions, its browser extension component can collect personal user data like credit card information or login details. This could threaten users' privacy and cause significant problems down the line – think financial losses or identity fraud.[3]
How to remove the virus effectively
SpyHunter 5Combo Cleaner and Malwarebytes are both reputable anti-malware software that we recommend using to remove the ThinDev virus and its malicious components automatically. Security software is designed to easily remove and prevent malware from being executed, so you should never ignore warnings coming from it – it is unlikely to be a false positive.
If you want to remove the malware yourself, be aware that it is composed of different parts. If even one part remains, your system can become reinfected after restarting. Regardless of whether you choose the manual or automatic solution, we recommend checking the instructions on how to clean browser caches to prevent data tracking by third parties.
The virus consists of several components that could be scattered across the system, and they all can be connected to one another. For this reason, several steps below might be impossible without eliminating certain elements first. Let's start with the main app.
- Open Applications folder
- Select Utilities
- Double-click Activity Monitor
- Here, look for suspicious processes related to adware and use the Force Quit command to shut them down
- Go back to the Applications folder
- Find it in the list and move it to Trash.
![Uninstall from Mac 1]( "Uninstall from Mac 1")
Login Items ensure that the malicious app is started every time the Mac is booted – this entry is essential to remove. Profiles belonging to the virus should also be eliminated.
- Go to Preferences and pick Accounts
- Click Login items and delete everything suspicious
- Next, pick System Preferences > Users & Groups
- Find Profiles and remove unwanted profiles from the list.
![Uninstall from Mac 1]( "Uninstall from Mac 1")
Once you have removed the main app, you should then take care of leftover components. Plist files especially are important to eliminate correctly, as they can help reinstate the virus afterward.
- Select Go > Go to Folder.
- Enter /Library/Application Support and click Go or press Enter.
- In the Application Support folder, look for any dubious entries and then delete them.
- Now enter /Library/LaunchAgents and /Library/LaunchDaemons folders the same way and delete all the related .plist files.
![Uninstall from Mac 2]( "Uninstall from Mac 2")
Adload usually installs a browser extension with more permissions than necessary by dropping infected files onto the system. If you managed to get rid of them as described in the section before this, then you shouldn't have any problems getting rid of the extension too.
Safari
- Click Safari > Preferences…
- In the new window, pick Extensions.
- Select the unwanted extension and select Uninstall.
![Remove extensions from Safari]( "Remove extensions from Safari")
Google Chrome
- Open Google Chrome, click on the Menu (three vertical dots at the top-right corner) and select More tools > Extensions.
- In the newly opened window, you will see all the installed extensions. Uninstall all the suspicious plugins that might be related to the unwanted program by clicking Remove.
![Remove extensions from Chrome]( "Remove extensions from Chrome")
Potentially unwanted applications usually insert various components within the web browser environment. If you already removed the virus with our help from the previous section, now it is time to clean your web browsers. The steps below can also be replaced by using our FortectIntego maintenance tool.
Safari
- Click Safari > Clear History…
- From the drop-down menu under Clear, pick all history.
- Confirm with Clear History.
![Clear cookies and website data from Safari]( "Clear cookies and website data from Safari")
Google Chrome
- Click on Menu and pick Settings.
- Under Privacy and security, select Clear browsing data.
- Select Browsing history, Cookies and other site data, as well as Cached images and files.
- Click Clear data.
![Clear cache and web data from Chrome]( "Clear cache and web data from Chrome")
You can always reset your browser if the browser extension is grayed out. Do not worry, all your settings will remain intact once you connect your account back to it.
Safari
- Click Safari > Preferences…
- Go to the Advanced tab.
- Tick the Show Develop menu in the menu bar.
- From the menu bar, click Develop, and then select Empty Caches.
![Reset Safari]( "Reset Safari")
Google Chrome
- Click on Menu and select Settings.
- In the Settings, scroll down and click Advanced.
- Scroll down and locate Reset and clean up section.
- Now click Restore settings to their original defaults.
- Confirm with Reset settings.
![Reset Chrome 2]( "Reset Chrome 2")
How to prevent from getting adware
Protect your privacy – employ a VPN
There are several ways how to make your online time more private – you can access an incognito tab. However, there is no secret that even in this mode, you are tracked for advertising purposes. There is a way to add an extra layer of protection and create a completely anonymous web browsing practice with the help of Private Internet Access VPN. This software reroutes traffic through different servers, thus leaving your IP address and geolocation in disguise. Besides, it is based on a strict no-log policy, meaning that no data will be recorded, leaked, and available for both first and third parties. The combination of a secure web browser and Private Internet Access VPN will let you browse the Internet without a feeling of being spied or targeted by criminals.
No backups? No problem. Use a data recovery tool
If you wonder how data loss can occur, you should not look any further for answers – human errors, malware attacks, hardware failures, power cuts, natural disasters, or even simple negligence. In some cases, lost files are extremely important, and many straight out panic when such an unfortunate course of events happen. Due to this, you should always ensure that you prepare proper data backups on a regular basis.
If you were caught by surprise and did not have any backups to restore your files from, not everything is lost. Data Recovery Pro is one of the leading file recovery solutions you can find on the market – it is likely to restore even lost emails or data located on an external device.
If this free guide helped you and you are satisfied with our service, please consider making a donation to keep this service alive. Even a smallest amount will be appreciated.
- ^ TotalResults AdLoad Clone Spread Through Fake Adobe Installer. Cyclonis. Backup and security.
- ^ Man-in-the-middle attack. Wikipedia. The free encyclopedia.
- ^ Identity fraud. Met Police.