WideCluster Mac virus (Free Instructions)
WideCluster Mac virus Removal Guide
What is WideCluster Mac virus?
WideCluster – dangerous adware that targets Mac users
WideCluster is a malicious application that targets Mac users
WideCluster is an application you may find running on your system and browser one day. The unexpected appearance is always something that users were wondering about, but it is easily explained. In most cases, people install it along with other software they download from illegitimate sources (typically, torrent and software crack sites) or are tricked by fake Flash Player or other software updates.
WideCluster is a rather simple but effective malware that stems from a massive family of Adload. Even though its main goal can be described to be the same as that of adware, its underlying processes and activities on the device warrant its catheterization of a Trojan or, simply, malware.
Just as in its previous versions, the app uses a distinctive magnifying glass icon, which is used for the browser extension and the app itself. The effects of the extension can be found as soon as Safari, Google Chrome, Mozilla Firefox, or another web browser is opened, like the homepage and the search provider no longer would be the same. Even those who prefer Google.com would be forced to browse the web via an alternative tool, such as Safe Finder or SearchLee.
This simple change would warrant that users are exposed to sponsored links; they would also encounter pop-ups, banners, redirects, and other disruptive browser activity more frequently. Some of the ads might be of scam content (further fake virus or update alerts), while others might lead to malware-laden pages.
However, this is just the tip of the iceberg, as WideCluster drops dozens of malicious files that prevent its easy elimination, spies on users' activities, and might even be capable of installing other malware in the background without consent.
name | WideCluster |
---|---|
Type | Mac virus, adware, browser hijacker |
Family | Adload |
Distribution | Usually spread via fake Flash Player updates or software bundles downloaded from pirated software sites |
Symptoms | Installs an extension to the browser that can not be removed; changes homepage/new tab to something else; redirects lead to potentially malicious or scam sites, promotes suspicious software, etc. |
Risks | Unknown extension installed on the web browser and can't be removed; homepage and new tab address altered to Safe Finder or another provider; increased amount of advertisements |
Elimination | The easiest way to eliminate unwarned and malicious software on Macs is by performing a full system scan with SpyHunter 5Combo Cleaner security software. Alternatively, you can attempt to terminate the infection manually |
System fix | After you terminate the infection with all its associated components, we recommend you also scan your machine with FortectIntego for best results |
While was is initially believed that Macs are singlehandedly immune to malware infections thanks to their ability to contain certain apps in segregated space and built-in defenses, it is inherently not true. These machines, while more resistant to high-risk threats such as ransomware are still vulnerable to infections. As the study in 2019 showed,[1] the volume of Mac malware was actually higher than that of Windows, which is a rather alarming conclusion.
In this article, we are talking about WideCluster – one of the newer Adload versions that has been spreading around the web. While initially, these apps might seem like your typical adware ones, it is not the case at all, as they have plenty of malicious traits that can put users' safety and computer security in danger.
What is Adload and what can it do?
Adload is one of the most prominent malware families out there – new versions are released every week, and we described many of them already, with the most recent ones being CompactFilter, LinkSet, ProductionElements, and many others. There are plenty of elements that makes this software much more malicious than your regular adware, although it includes its capabilities as well.
First of all, the main goal of malware is to make sure that the advertisements reach their victims. The more people get infected with it, the more profits can be generated through ad clicks and views. Unfortunately, a lot of content that is promoted is rather unsafe, and users might end up installing other malicious software. For example, many users were also infected with dangerous Shlayer Trojan as well.
Adload versions mainly spread via fake Flash Player updates
Another aspect of Adload is browser hijacking.[2] By taking over Safari or another web browser, the promoted search provider can guarantee more profits from ads. However, this function is more damaging than one might initially think – the extension is installed with advanced privileges, which allows it to gather passwords, credit card details, and other information. The risk of privacy issues due to this is very high.
Finally, the WideCluster virus uses various persistence mechanisms that bypass Gatekeeper and Xprotect defenses.[3] Many versions of the malware family are notorious for this trait – they use the built-in Applescript to implement this functionality. Below we explain how to get rid of the infection.
How to remove WideCluster effectively?
Once you notice the infection, you should remove it from your system as soon as possible. The problem is that malware drops its own files into various locations of the system, hence eliminating it manually might be difficult. Instead of proceeding with the tedious steps below, we recommend you instead employ SpyHunter 5Combo Cleaner, Malwarebytes, or another reputable anti-malware and eliminate the virus automatically.
If you want to try to look at these files manually, you are free to do so, but keep in mind that deletion of some files might result in problems. Likewise, there is no guarantee that all the remnants would be eliminated in this way.
1. Get rid of the main app
Before you proceed, try to force quick malware's background process.
- Open Applications folder
- Select Utilities
- Double-click Activity Monitor
- Here, look for suspicious processes and use the Force Quit command to shut them down
- Go back to the Applications folder
- Find the malicious entry and place it in Trash.
2. Delete related files
Small configuration files known as PLIST can hold various settings information. They might prevent the virus from being removed properly.
- Select Go > Go to Folder.
- Enter /Library/Application Support and click Go or press Enter.
- In the Application Support folder, look for any dubious entries and then delete them.
- Now enter /Library/LaunchAgents and /Library/LaunchDaemons folders the same way and delete all the related .plist files.
3. Remove Login items and Profiles
Malware might create Login items and Profiles to dominate the computer. These can be removed in the following way (look for icons or names that resemble the name of the app):
- Go to Preferences and pick Accounts
- Click Login items and delete everything suspicious
- Next, pick System Preferences > Users & Groups
- Find Profiles and remove unwanted profiles from the list.
4. Get rid of the extension and other browser files
Finally, make sure you remove the browser extension and clean the browser from cookies and other leftovers. If you are using another browser, refer to the instructions at the bottom of this post. Likewise, if you want an effective software that would automatically do this step for you, employ FortectIntego.
- Click Safari > Preferences…
- In the new window, pick Extensions.
- Select the unwanted extension and select Uninstall.
Next, you should focus on cleaning cookies and other web data by following these steps:
- Click Safari > Clear History…
- From the drop-down menu under Clear, pick all history.
- Confirm with Clear History.
You can also reset the browser if nothing else works:
- Click Safari > Preferences…
- Go to the Advanced tab.
- Tick the Show Develop menu in the menu bar.
- From the menu bar, click Develop, and then select Empty Caches.
How to avoid Mac malware?
Malicious applications live and die by their distribution methods. While developers of legitimate apps use marketing or other distribution methods, WideCluster authors are cybercriminals, hence they don't really care about how the app is installed on the system.
However, there is no way that the virus suddenly appeared on the device in question, so users always install Adload versions and other Mac malware themselves, even though it might be hard to believe for them. It all comes down to a lack of knowledge within the IT field or even pure negligence. Here are two ways that you could have been infected:
- Fake Flash Player updates
- Torrent and similar sites.
When it comes to Flash Player, you should be aware that this software has been long discontinued and is no longer required to play multimedia on websites. In fact, Adobe shut it down because of its vulnerabilities that were constantly exploited by cybercriminals, as well as its name's usage in various scams.
Likewise, you might also get infected after being tricked by another ad that asks you to install something: it might claim that your device is infected and needs fixing, or that your browser can't show you the page correctly – here are many tricks that are used by malicious actors. To avoid this, make sure you employ ad-blocking software and only install software updates from its official sources.
Finally, please stay away from torrent, software crack, warez, and similar websites that offer cracked versions of otherwise paid apps. Not only is this activity illegal, but it can easily end up in malware infection, as is the case with Adload versions.
You may remove virus damage with a help of FortectIntego. SpyHunter 5Combo Cleaner and Malwarebytes are recommended to detect potentially unwanted programs and viruses with all their files and registry entries that are related to them.
Getting rid of WideCluster Mac virus. Follow these steps
Remove from Google Chrome
Delete malicious extensions from Google Chrome:
- Open Google Chrome, click on the Menu (three vertical dots at the top-right corner) and select More tools > Extensions.
- In the newly opened window, you will see all the installed extensions. Uninstall all the suspicious plugins that might be related to the unwanted program by clicking Remove.
Clear cache and web data from Chrome:
- Click on Menu and pick Settings.
- Under Privacy and security, select Clear browsing data.
- Select Browsing history, Cookies and other site data, as well as Cached images and files.
- Click Clear data.
Change your homepage:
- Click menu and choose Settings.
- Look for a suspicious site in the On startup section.
- Click on Open a specific or set of pages and click on three dots to find the Remove option.
Reset Google Chrome:
If the previous methods did not help you, reset Google Chrome to eliminate all the unwanted components:
- Click on Menu and select Settings.
- In the Settings, scroll down and click Advanced.
- Scroll down and locate Reset and clean up section.
- Now click Restore settings to their original defaults.
- Confirm with Reset settings.
Remove from Mozilla Firefox (FF)
Remove dangerous extensions:
- Open Mozilla Firefox browser and click on the Menu (three horizontal lines at the top-right of the window).
- Select Add-ons.
- In here, select unwanted plugin and click Remove.
Reset the homepage:
- Click three horizontal lines at the top right corner to open the menu.
- Choose Options.
- Under Home options, enter your preferred site that will open every time you newly open the Mozilla Firefox.
Clear cookies and site data:
- Click Menu and pick Settings.
- Go to Privacy & Security section.
- Scroll down to locate Cookies and Site Data.
- Click on Clear Data…
- Select Cookies and Site Data, as well as Cached Web Content and press Clear.
Reset Mozilla Firefox
If clearing the browser as explained above did not help, reset Mozilla Firefox:
- Open Mozilla Firefox browser and click the Menu.
- Go to Help and then choose Troubleshooting Information.
- Under Give Firefox a tune up section, click on Refresh Firefox…
- Once the pop-up shows up, confirm the action by pressing on Refresh Firefox.
Remove from Microsoft Edge
Delete unwanted extensions from MS Edge:
- Select Menu (three horizontal dots at the top-right of the browser window) and pick Extensions.
- From the list, pick the extension and click on the Gear icon.
- Click on Uninstall at the bottom.
Clear cookies and other browser data:
- Click on the Menu (three horizontal dots at the top-right of the browser window) and select Privacy & security.
- Under Clear browsing data, pick Choose what to clear.
- Select everything (apart from passwords, although you might want to include Media licenses as well, if applicable) and click on Clear.
Restore new tab and homepage settings:
- Click the menu icon and choose Settings.
- Then find On startup section.
- Click Disable if you found any suspicious domain.
Reset MS Edge if the above steps did not work:
- Press on Ctrl + Shift + Esc to open Task Manager.
- Click on More details arrow at the bottom of the window.
- Select Details tab.
- Now scroll down and locate every entry with Microsoft Edge name in it. Right-click on each of them and select End Task to stop MS Edge from running.
If this solution failed to help you, you need to use an advanced Edge reset method. Note that you need to backup your data before proceeding.
- Find the following folder on your computer: C:\\Users\\%username%\\AppData\\Local\\Packages\\Microsoft.MicrosoftEdge_8wekyb3d8bbwe.
- Press Ctrl + A on your keyboard to select all folders.
- Right-click on them and pick Delete
- Now right-click on the Start button and pick Windows PowerShell (Admin).
- When the new window opens, copy and paste the following command, and then press Enter:
Get-AppXPackage -AllUsers -Name Microsoft.MicrosoftEdge | Foreach {Add-AppxPackage -DisableDevelopmentMode -Register “$($_.InstallLocation)\\AppXManifest.xml” -Verbose
Instructions for Chromium-based Edge
Delete extensions from MS Edge (Chromium):
- Open Edge and click select Settings > Extensions.
- Delete unwanted extensions by clicking Remove.
Clear cache and site data:
- Click on Menu and go to Settings.
- Select Privacy, search and services.
- Under Clear browsing data, pick Choose what to clear.
- Under Time range, pick All time.
- Select Clear now.
Reset Chromium-based MS Edge:
- Click on Menu and select Settings.
- On the left side, pick Reset settings.
- Select Restore settings to their default values.
- Confirm with Reset.
After uninstalling this potentially unwanted program (PUP) and fixing each of your web browsers, we recommend you to scan your PC system with a reputable anti-spyware. This will help you to get rid of WideCluster Mac registry traces and will also identify related parasites or possible malware infections on your computer. For that you can use our top-rated malware remover: FortectIntego, SpyHunter 5Combo Cleaner or Malwarebytes.
How to prevent from getting adware
Access your website securely from any location
When you work on the domain, site, blog, or different project that requires constant management, content creation, or coding, you may need to connect to the server and content management service more often. The best solution for creating a tighter network could be a dedicated/fixed IP address.
If you make your IP address static and set to your device, you can connect to the CMS from any location and do not create any additional issues for the server or network manager that needs to monitor connections and activities. VPN software providers like Private Internet Access can help you with such settings and offer the option to control the online reputation and manage projects easily from any part of the world.
Recover files after data-affecting malware attacks
While much of the data can be accidentally deleted due to various reasons, malware is one of the main culprits that can cause loss of pictures, documents, videos, and other important files. More serious malware infections lead to significant data loss when your documents, system files, and images get encrypted. In particular, ransomware is is a type of malware that focuses on such functions, so your files become useless without an ability to access them.
Even though there is little to no possibility to recover after file-locking threats, some applications have features for data recovery in the system. In some cases, Data Recovery Pro can also help to recover at least some portion of your data after data-locking virus infection or general cyber infection.
- ^ Mikey Campbell. Mac malware outpaced Windows PCs threats for first time in 2019, report says. AppleInsider. Apple News, Rumors, Reviews, Prices & Deals.
- ^ Browser hijacking. Wikipedia. The free encyclopedia.
- ^ Phil Stokes. Massive New AdLoad Campaign Goes Entirely Undetected By Apple’s XProtect. SentinelOne Labs. Security research blog.