Skip to comments.PSA: Here’s how to check for – and remove – the Mac malware mshelper
Posted on 05/18/2018 2:19:08 PM PDT by Swordmaker
If your Mac seems to be running at high fan rates or you’re seeing reduced battery-life for no apparent reason, you may want to check for some Mac malware that seems to be going around …
A couple of support threads have described people finding a process called mshelper using a lot of CPU usage.
From the little that’s known about it so far, it seems this is either adware or a cryptocurrency miner. Despite the heading in the Reddit thread, there’s no evidence that it’s a virus, so the most likely explanation for its spread is a sketchy download which installs it alongside some other app.
You can check for it by launching Activity Monitor and then clicking on the CPU tab to sort by highest CPU usage. Look for a process called mshelper at or close to the top.
If you find it, killing the process doesn’t help as it restarts itself. But you can remove it by deleting two files:
It’s likely that Apple will add mshelper to the macOS blacklist shortly to disable it, but the above will reportedly resolve it in the meantime.
If you want on or off the Mac Ping List, Freepmail me.
Macs don't get viruses, unless you download them yourself.
My kids download a lot of crap games and apps, many of which have this "Mac Helper" and other similar garbage bundled along with it. Seems I'm constantly trying to search out this stuff and remove it.
Parents, be aware of what your kids download!
Anyone know how to get rid of the MacKeeper virus?
Been trying to leave it behind.
“Macs don’t get viruses, unless you download them yourself.”
That’s pretty much how most computers get malware to begin with... They most commonly rely on users to provide a root user/admin authority to install by faking themselves as something legitimate or hiding inside a real executable.
Thank for the clear instructions.
I’ve been a Mac user for almost 30 years. It took that long for me to get a virus!
And all it does is pop up every few hours and beeps ... no porn, no re-direction.
It's been true for me since I bought my first Mac in 2007. Never had a virus. Got some crappy malware but that's only because my kids (or myself) let it in. Never anything I couldn't get rid of, even if it was a slight PITA.
That qualifies you as an expert on computer viruses?
Show us a self-installing virus for a modern Mac. Matter of fact, show us any true computer virus for a modern Mac.
Nope. Qualifies me as a happy Mac owner who doesn't have to deal with them.
I have never been able to get rid of it. It has been a pain in my patootie ever since I downloaded it.
It is a nasty piece of work.
“Show us a self-installing virus for a modern Mac. “
You are the expert. Are you staking your reputation on the above statement?
Technically, it's not a virus. It's just really nasty "helper" ware that does everything macOS already does for itself but wants to charge you to do it. . . and nag you about it. Thirty-seven state Attorney's General sued the publisher to force the publisher of MacKeeper to refund the money for their fraudulent sales practices, but they are back doing the exact same thing all over again.
You DO have to download and install it. In fact, Bunny, you have to buy it.
Are you certain you actually have it on your system or are you just seeing a pop-up advertising claiming your Mac is infected and you need to use MacKeeper of MacCLeaner to get rid of it? That ad is being spread by Google Ads on random websites. It has a script in the ad that takes over the entire website it is on and the only way to get our of it is to force quit Safari and restart Safari while holding down the Shift key to assure you don't open the same tab with that ad still there. This is actually Google's fault for allowing this advertising on their rotation.
I occasionally get annoying MacKeeper pop-under ads. Would that be due to an adware infection on my Mac or just coming from websites?
Please disregard my #18. You just answered it.
Or just buy a Mac they don’t get malware. Oh wait that lie no longer works.
Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.