Mac Virus

CrescentCore Malware



Parasite may reinstall itself multiple times if you don't delete its core files. We recommend downloading ComboCleaner to scan for malicious programs installed with it. This may save you hours and cut down your time to about 15 minutes. 

Download ComboCleaner Anti-Malware

More information about ComboCleaner and steps to uninstall. Please review ComboCleaner's EULA and Privacy Policy. Keep in mind, only ComboCleaner’s scanner is free. If it detects a malware, you'll need to purchase its full version to remove it.


CrescentCore is a Trojan horse application on a .dmg disk image, meant to look like Adobe Flash Player installer. Although, unlike the normal fake Flash Player updater, CrescentCore has been modified so that most antivirus programs have difficulty detecting the application as a Trojan.

How to remove CrescentCore Malware

The CrescentCore Malware will mask itself to look like you are agreeing to install Adobe Flash Player.

The Trojans, as we all know, are very malicious programs that attack your computer secretly and try to hide in different ways in order not to be detected. To enter your system and act according to the way they have been programmed, those threats use a lot of camouflage and stealthy infecting methods. For example, a Trojan-based virus such as CrescentCore“We have Installed One RAT Software”Genieo may hide in an executable file, pretending to be the real file or application that we require. Or it may appear like a harmless email attachment, a link, an ad or even a video that looks attractive and prompt us to click on it. For that reason, it is necessary to know how to avoid these infections and, most importantly, how to effectively protect against them and remove them on time.

If your computer has secretly been compromised by a Trojan and if that Trojan is CrescentCore particularly, the information in this article may help you to quickly detect and remove the infection, hopefully, before it has revealed its full malicious potential.  That’s why we suggest you stick with us till the end where you will find a detailed removal guide and a professional CrescentCore Malware removal tool for automatic assistance.

Trojans are known for their ability to hide deep in the system, therefore, detecting them without the help of a trusted removal program may be difficult even for an experienced user. Unfortunately, another dreadful characteristic of this type of infections is the fact that they do not reveal their presence and can silently wait for days, weeks or even months for the hackers to give them an order to be activated in our computer. Once they receive the harmful commands, they immediately start to operate and secretly launch different malicious activities such as espionage, theft of sensitive information, system corruption, file deletion and more. Trojans such as CrescentCore can downgrade the security of any computer they compromise by creating backdoors which could easily be exploited by other nasty viruses, including Ransomware and Rootkits. For this reason, it is highly recommended that you remove those threats as soon as you detect them and invest in reliable antimalware protection.

How can you get infected?

Trojans can enter your system the moment we interact with one of their numerous transmitters. Unfortunately, there are many transmitters which can deliver an infection like CrescentCore Malware to us. Some of the most common are usually the spam messages which spread in different messaging service apps, or email. In this relation, here are a few tips on what to do to avoid getting infected:

  • Do not accept files from unknown people –  these files can be of a different nature (documents, music or video files among others) and may look attractive but there is a great chance that they may contain an infection like CrescentCore if you don’t know who is sending them.
  • Many downloads form the Internet  may contain viruses, so if you need to download something stick to official sources and reputed developers and avoid cracked software or pirated materials.
  • As trivial this may sound, always have your antivirus and your OS updated and run regular system scans.

These are some prevention tips which, together with the information mentioned at the beginning, can help you a lot to avoid Trojans and other nasty infections.


Name CrescentCore
Type Trojan
Danger Level High (Trojans are often used as a backdoor for Ransomware)
Symptoms Trojans usually don’t show visible symptoms and are very difficult to detect without a professional security program.
Distribution Method Spam, malicious email attachments, fake ads, illegal websites, torrents, cracked software, pirated content.
Detection Tool

Remove CrescentCore Malware


We get asked this a lot, so we are putting it here: Removing parasite manually may take hours and damage your system in the process. We recommend downloading ComboCleaner to see if it can detect parasite files for you.

The first thing you need to do is to Quit Safari (if it is opened). If you have trouble closing it normally, you may need to Force Quit Safari:

You can choose the Apple menu and click on Force Quit.

Alternatively you can simultaneously press (the Command key situated next to the space bar), Option (the key right next to it) and Escape (the key located at the upper left corner of your keyboard).

If you have done it right a dialog box titled Force Quit Applications will open up.

In this new dialog window select Safari, then press the Force Quit button, then confirm with Force Quit again.

Close the dialog box/window.



To remove parasite on your own, you may have to meddle with system files and registries. If you were to do this, you need to be extremely careful, because you may damage your system.

If you want to avoid the risk, we recommend downloading ComboCleaner
a professional malware removal tool.

More information on ComboCleaner, steps to uninstallEULA, and Privacy Policy.

Start Activity Monitor by opening up Finder, then proceed to activity-monitor

Once there, look at all the processes: if you believe any of them are hijacking your results, or are part of the problem, highlight the process with your mouse, then click the “i” button at the top. This will open up the following box:


Now click on Sample at the bottom:


Do this for all processes you believe are part of the threat, and run any suspicious files in our online virus scanner, then delete the malicious files:

Drag and Drop Files Here to Scan
Maximum file size: 128MB.

This scanner is free and will always remain free for our website's users. You can find its full-page version at:

Scan Results

Virus Scanner Result


The next step is to safely launch Safari again. Press and hold the Shift key while relaunching Safari. This will prevent Safari’s previously opened pages from loading again. Once Safari is opened up, you can release the Shift key.

On the off chance that you are still having trouble with scripts interrupting the closing of unwanted pages in Safari, you may need to take some additional measures.

First, Force Quit Safari again.

Now if you are using a Wi-Fi connection turn it off by selecting Wi-Fi off in you Mac’s Menu. If you are using a cable internet (Ethernet connection), disconnect the Ethernet cable.


Re-Launch Safari but don’t forget to press and hold the Shift button while doing it, so no previous pages can be opened up. Now, Click on Preferences in the Safari menu,

Preferences in Safari

and then again on the Extensions tab,

extensions in safari

Select and Uninstall any extensions that you don’t recognize by clicking on the Uninstall button. If you are not sure and don’t want to take any risks you can safely uninstall all extensions, none are required for normal system operation.

The threat has likely infected all of your browsers. The instructions below need to be applied for all browsers you are using.

Again select Preferences in the Safari Menu, but this time click on the Privacy tab,
Privacy in Safari

Now click on Remove All Website Data, confirm with Remove Now. Keep in mind that after you do this all stored website data will be deleted. You will need to sign-in again for all websites that require any form of authentication.

Still in the Preferences menu, hit the General tab

General Tab in Safari

Check if your Homepage is the one you have selected, if not change it to whatever you prefer.
Default Home Page

Select the History menu this time, and click on Clear History. This way you will prevent accidentally opening a problematic web page again.

firefox-512 How to Remove CrescentCore From Firefox in OSX:

Open Firefoxclick on mozilla menu (top right) ——-> Add-onsHit Extensions next.

pic 6

The problem should be lurking somewhere around here –  Remove it. Then Refresh Your Firefox Settings.

chrome-logo-transparent-backgroundHow to Remove CrescentCore From Chrome in OSX:

 Start Chrome, click chrome menu icon —–>More Tools —–> Extensions. There,  find the malware and  select  chrome-trash-icon.

pic 8

 Click chrome menu icon again, and proceed to Settings —> Search, the fourth tab, select Manage Search Engines.  Delete everything but the search engines you normally use. After that Reset Your Chrome Settings.

If the guide doesn’t help, download the anti-virus program we recommended or try our free online virus scanner. Also, you can always ask us in the comments for help!

Leave a Comment